- Custom wordlists for fuzzing (forked from SecLists - credits: https://github.com/danielmiessler/SecLists).
- Also good to check out: https://wiki.skullsecurity.org/index.php?title=Passwords
- https://security.stackexchange.com/questions/1376/where-can-i-find-good-dictionaries-for-dictionary-attacks
- Alternative to seclists: https://wordlists.assetnote.io/
All of the combined wordlists are medium size: perfect for CTFs and regular pentesting, but not for bug bounty since they may be too short.
tidy 1.txt 2.txt -O -q -C -o dic_combinado.txtThere also exists https://s1gh.sh/tool-listcombine/ but is slower
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/big-list-of-naughty-strings.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/quickhits.txt
spanish_general.txt: https://github.com/JulianGR/dictionaries/blob/main/spanish_general.txt Dictionary with all words from spanish dictionary
Combination of:
- https://www.openwall.com/wordlists/
- https://security.stackexchange.com/questions/1376/where-can-i-find-good-dictionaries-for-dictionary-attacks
- https://web.archive.org/web/20120207113205/http://www.insidepro.com/eng/download.shtml
directories_combined.txt: https://github.com/JulianGR/dictionaries/blob/main/directories-combined.txt
Combination of:
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/dirsearch.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-medium-directories-lowercase.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/RobotsDisallowed-Top500.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common-and-spanish.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/directory-list-lowercase-2.3-small.txt
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/fuzz-Bo0oM.txt
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/fuzz-Bo0oM-friendly.txt
//TODO: combination of api file
spanish_directories.txt: https://github.com/JulianGR/dictionaries/blob/main/spanish_directories.txt
Combination of:
- Manual translation of directories_combined.txt
- https://web.archive.org/web/20120207113205/http://www.insidepro.com/eng/download.shtml
- https://github.com/xmendez/wfuzz/tree/master/wordlist/general
- https://github.com/v0re/dirb/blob/master/wordlists/spanish.txt
- https://github.com/fuzzdb-project/fuzzdb/blob/master/discovery/predictable-filepaths/filename-dirname-bruteforce/spanish.txt
- https://github.com/SooLFaa/fuzzing/blob/master/Dictionary-Lists-master/Dictionary-Lists/Wordlists/spanish.txt
sql_combined.txt: https://github.com/JulianGR/dictionaries/blob/main/sql-combined.txt
Combination of:
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/SQLi/Generic-SQLi.txt
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/SQLi/quick-SQLi.txt
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/SQLi/Generic-BlindSQLi.fuzzdb.txt
xss_combined.txt: https://github.com/JulianGR/dictionaries/blob/main/xss_combined.txt
Combination of:
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XSS-Fuzzing
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XSS/XSS-BruteLogic.txt
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XSS/XSS-Jhaddix.txt
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XSS/XSS-RSNAKE.txt
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XSS/XSS-Somdev.txt
- https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XSS/xss-without-parentheses-semi-colons-portswigger.txt
files-combined.txt: https://github.com/JulianGR/dictionaries/blob/main/files-combined.txt
//TODO
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/Common-PHP-Filenames.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/LinuxFileList.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/Randomfiles.fuzz.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/UnixDotfiles.fuzz.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-large-files-lowercase.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-large-files.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-medium-files-lowercase.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-medium-files.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-small-files-lowercase.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-small-files.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/versioning_metafiles.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/combined_words.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/combined_directories.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-medium-files.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-small-files.txt
api.txt: https://github.com/JulianGR/dictionaries/blob/main/api.txt
Combination of:
- /SecLists/blob/master/Discovery/Web-Content/api/objects-lowercase.txt (slash) /SecLists/blob/master/Discovery/Web-Content/api/actions-lowercase.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/api/actions-lowercase.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/api/objects-lowercase.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/api/api-seen-in-wild.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/api/api-endpoints-res.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/api/api-endpoints.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/api/salesforce-aura-objects.txt
- https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/api/ispsystem_billmanager_api.txt
passwords-combined.txt: https://github.com/JulianGR/dictionaries/blob/main/passwords-combined.txt
Combination of:
- First 30k lines of rockyou
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/xato-net-10-million-passwords-10000.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/2020-200_most_used_passwords.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-10000.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10k-most-common.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/best1050.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/common-passwords-win.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/top-20-common-SSH-passwords.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/top-passwords-shortlist.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/worst-passwords-2017-top100-slashdata.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/500-worst-passwords.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/default-passwords.txt
- https://github.com/Karmaz95/crimson/blob/master/words/10k_commons_and_keymap.txt
- https://github.com/Karmaz95/crimson/blob/master/words/credentials.txt
spanish_passwords.txt: https://ns2.elhacker.net/wordlists/rockealo.txt.gz Spanish version of rockyou
- https://cirt.net/passwords
- https://default-password.info/
- https://datarecovery.com/rd/default-passwords/
usernames-combined.txt: https://github.com/JulianGR/dictionaries/blob/main/usernames-combined.txt
Combination of:
- https://github.com/danielmiessler/SecLists/blob/master/Usernames/top-usernames-shortlist.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/UserPassCombo-Jay.txt
spanish_usernames.txt: //TODO
Massive dictionaries