DEV Community

Merrell Vineza
Merrell Vineza

Posted on

Wordlists

#cybersecurity

Passwords 

# starter, small
/usr/share/wordlists/fasttrack.txt
/usr/share/seclists/Passwords/Common-Credentials/top-passwords-shortlist.txt

# generic, medium
/usr/share/seclists/Passwords/darkweb2017-top1000.txt

# big
/usr/share/wordlists/rockyou.txt

# linux, ssh (can also be used on windows boxes)
/usr/share/seclists/Passwords/Common-Credentials/top-20-common-SSH-passwords.txt

# windows
/usr/share/seclists/Passwords/Common-Credentials/common-passwords-win.txt

# big, windows
/usr/share/seclists/Passwords/Common-Credentials/common-passwords-win.txt
Enter fullscreen mode Exit fullscreen mode

Usernames 

# starter, small
/usr/share/seclists/Usernames/top-usernames-shortlist.txt

# linux, unix
/usr/share/wordlists/metasploit/unix_users.txt
Enter fullscreen mode Exit fullscreen mode

Passwords + Usernames 

# ftp
/usr/share/legion/wordlists/ftp-betterdefaultpasslist.txt
Enter fullscreen mode Exit fullscreen mode

Directory Fuzzing and Bruteforcing 

# starter, small
/usr/share/wordlists/dirb/common.txt

# medium
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

# big
/usr/share/wordlists/dirbuster/directory-list-1.0.txt
/usr/share/wordlists/dirb/big.txt

# version control (git)
/usr/share/seclists/Fuzzing/fuzz-Bo0oM.txt
/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt

# web extensions (.php, .html, etc ..)
/usr/share/seclists/Discovery/Web-Content/web-extensions.txt

# lfi, windows
https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/file_inclusion_windows.txt

# lfi, linux
/home/kali/data/tools/wordlists/file_inclusion_linux.txt
https://raw.githubusercontent.com/tennc/fuzzdb/master/dict/BURP-PayLoad/LFI/LFI-InterestingFiles.txt

# iis, windows
/usr/share/seclists/Discovery/Web-Content/SVNDigger/cat/Language/aspx.txt
/usr/share/seclists/Discovery/Web-Content/SVNDigger/cat/Language/asp.txt
/usr/share/seclists/Discovery/Web-Content/CommonBackdoors-ASP.fuzz.txt

# backups
/usr/share/seclists/Discovery/Web-Content/Common-DB-Backups.txt

# crawlers
/usr/share/seclists/Discovery/Web-Content/RobotsDisallowed-Top500.txt
/usr/share/seclists/Discovery/Web-Content/RobotsDisallowed-Top100.txt
/usr/share/seclists/Discovery/Web-Content/RobotsDisallowed-Top1000.txt
/usr/share/seclists/Discovery/Web-Content/RobotsDisallowed-Top10.txt
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

swayam_248 profile image

Brute Force Attacks and CAPTCHA

Swayam Patnaik -

mukulbindal profile image

Understanding HTTP and HTTPS: How They Work and Secure Data Transmission

Mukul Bindal -

pixelgig profile image

Learning Cyber Security Day 4 - Integrating Encryption in Your Code🔐

Gaurav Chaudhary -

sainsec profile image

Information Disclosure

Hussain -