SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

Related tags

Security SecLists
Overview

seclists.png

About SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

This project is maintained by Daniel Miessler, Jason Haddix, and g0tmi1k.


Install

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
  && unzip SecList.zip \
  && rm -f SecList.zip

Git (Small)

git clone --depth 1 https://github.com/danielmiessler/SecLists.git

Git (Complete)

git clone https://github.com/danielmiessler/SecLists.git

Kali Linux (Tool Page)

apt -y install seclists

Attribution

See CONTRIBUTORS.md


Contributing

See CONTRIBUTING.md


Similar Projects


Licensing

This project is licensed under the MIT license.

MIT License

NOTE: Downloading this repository is likely to cause a false-positive alarm by your anti-virus or anti-malware software, the filepath should be whitelisted. There is nothing in SecLists that can harm your computer as-is, however it's not recommended to store these files on a server or other important system due to the risk of local file include attacks.

Comments
  • Build an API to check common passwords?

    Build an API to check common passwords?

    Hi,

    I was thinking about building a simple API to allow web developers to check a password provided by a user against the top-n list. It would be provided free to the community. As in, either me or my company would build and host it for free.

    It raises some important questions;

    1. You have put all this effort in to collating these lists, and I would not build anything like this without your explicit approval.
    2. I have been thinking about whether there is a downside to building this as an API and I would really like someone else's opinion on whether this could potentially be abused.

    If this API is indeed built, there are a couple of things to think about;

    • There is something unnerving about a site sending a user's new password to this random API on the internet to check whether it is in the most-commonly-used. If the API was nefarious, it could potentially store the data and correlate it to the site, thus providing an easier attack vector. That may be the thing that kills the idea dead :) Unless there is a way to ensure the data cannot be correlated and provide assurances around that.
    • The API would return the position on the list, i.e "1000th most commonly used". It is then up to the calling site to determine what they consider acceptable.

    This may be a stupid idea, but I thought I'd put it out there to see what other people think.

    question proposal 
    opened by flytzen 14
  • Seclist refusing to clone into my kali

    Seclist refusing to clone into my kali

    Good day Daniel Each time I try to git clone the seclist repo, it is extremely slow and then times out, leaving this error message as a result;

    ┌──(kali㉿kali)-[~/Documents/CTF] └─$ git clone https://github.com/danielmiessler/SecLists.git Cloning into 'SecLists'... remote: Enumerating objects: 11021, done. error: 1276 bytes of body are still expectedMiB | 181.00 KiB/s fetch-pack: unexpected disconnect while reading sideband packet fatal: early EOF fatal: fetch-pack: invalid index-pack output

    Please is there a solution to this?

    question 
    opened by KingTomasi 11
  • Adding nextcloud & owncloud to common.txt

    Adding nextcloud & owncloud to common.txt

    Hey 🙂

    Nextcloud & ownCloud are two famous software for creating and using file hosting service.

    PS: this adding might also be done on bigger discovery list because none of big list contains them

    enhancement 
    opened by clem9669 9
  • [Suggestion] List of Ports Sorted According to Frequency of Use

    [Suggestion] List of Ports Sorted According to Frequency of Use

    Hello,

    I've been searching around Google for a list of port numbers sorted according to their frequency of use, and so far, I've found no results corresponding to what I was looking for, so I wanted to suggest adding something like it to SecLists.

    Problems and Goals

    The goal that I have in mind for a list of such kind is to use it to quickly check if a host is alive in the fastest time possible while assuming that there are packet filtering devices on the way. The only workaround that I can think of regarding this problem is to establish connections to legit services being hosted on my targets, which packet filtering devices usually allow (I think so, I have very little experience with this so bear with me). But the thing is, I don't know which legit services are running on my targets.

    I'm aware that I can do a full 0-65535 port scan on my target hosts, but I think starting with the most frequently used port numbers will shorten my port scan time by a lot, considering that I'm looking for only 1 port to successfully be detected.

    Data Gathering Methodology

    One method that I could think of in the creation of such a list is to query Shodan (https://www.shodan.io/) for each of the 65536 port numbers using their port search filter (port:1, port:2, port:n). Each query will return a frequency value for each port and we can use this value to sort our list.

    I wanted to do this myself, but I've noticed that the use of the API is charged, so maybe this list could be compiled as a result of a mix of collaborative manual work, and (for those who are more charitable) automated work.

    I might start my own GitHub project regarding this possible contibution to SecLists. I'll update this post once I do.

    Disclaimer

    I'm new to this so I'm not sure if there are any better approaches or actual tools out there that will do this job, but I think that having this kind of list would lead to a faster way of checking for hosts that might be hiding behind packet filtering devices.

    enhancement 
    opened by penafieljlm 9
  • Create universally useful combined web discovery wordlists

    Create universally useful combined web discovery wordlists

    I think it would be immesely useful if SecLists had a wordlist for web discovery, which contained the unique entries from all other wordlists, sorted by commonness.

    I've already done this, and I could submit a pull request to add these to your repository. In the repository I linked, there are two wordlists: one for directories and one for words. They're composed entirely of SecLists' wordlists and have been extremely helpful for hackthebox.

    If you're worried about keeping them up to date, then I assume it's possible to create a github pipeline for creating these wordlists automatically.

    If you'd accept these combined wordlists into your repo, then I'd try to get AutoRecon to use these as well. People on /r/oscp have been complaining that AutoRecon isn't good enough, when in reality, it just uses too small wordlists by default.

    I think this small addition would make it much easier for people to have good web enumeration

    enhancement help wanted 
    opened by heinosasshallik 8
  • Stonecol and Stonecold are both common words?

    Stonecol and Stonecold are both common words?

    I find it hard to believe that Stonecol and Stonecold are, separately, among the 10k most commonly used words. Thoughts?

    https://github.com/danielmiessler/SecLists/blob/master/Passwords/10k_most_common.txt

    question 
    opened by aJetHorn 8
  • Add other possible types of SSH key files.

    Add other possible types of SSH key files.

    Hi,

    This PR (fix and replace the PR #745) add other possible types of SSH key files and variations on the extensions:

    • identity
    • id_dsa
    • id_ecdsa
    • id_ed25519
    • id_ecdsa_sk
    • id_ed25519_sk

    My sources were the following:

    1. The content of the sshd_config file:

    image

    1. The content of the configuration folder of a ssh server /etc/ssh:

    image

    1. The documentation of the ssh-keygen tool:

    image

    Thank you very much in advance 😃

    Note:

    In addition, I made a proposal for #760

    opened by righettod 7
  • PR for issue 654 (environment identifiers dict)

    PR for issue 654 (environment identifiers dict)

    Hi,

    This PR refer to the issue #654

    I have used the following command against several local (Luxembourg) domains:

    curl -sk "https://crt.sh/?q=[BASE_DOMAIN]&output=json" | jq -r ".[].name_value" | cut -d'.' -f1 | sort -u
    

    Domains used, as sources, were defined in each commits. You will find English and French identifiers depending on the companies owing the domains.

    Thank you very much in advance 😃

    enhancement proposal 
    opened by righettod 7
  • Dict with environment names

    Dict with environment names

    Hi,

    Do you think that a dictionary with the collection of environment names can be interesting/useful?

    A search on uat terms shown that this environment name is already present in plenty of files.

    The goal of the proposal is to have a central dictionary when someone wants to perform a targeted discovery operation for environments on a base domain/URL.

    Example of content of the dictionary :

    dev
    develop
    uat
    tuat
    test
    testing
    int
    staging
    pre-prod
    pprod
    prod
    

    If you find it useful, I can propose a PR 😃

    Thank a lot in advance for your feedback.

    enhancement help wanted 
    opened by righettod 7
  • Add specific

    Add specific "render" endpoints

    Hi,

    In this PR, I propose the adding of 2 "render" endpoint to detect the following dynamic rendering engines:

    • Rendertron
    • Prerender

    Information are based on this blog post.

    Thanks a lot in advance 😃

    enhancement 
    opened by righettod 7
  • Inconsistent leading slashes in Discovery/Web-Content wordlists

    Inconsistent leading slashes in Discovery/Web-Content wordlists

    Some wordlists in Web-Content include a leading slash, some do not. This leads to an additional step being required before using some wordlists (since some webservers treat /index.html and //index.html differently).

    It would be handy if all of these wordlists could follow the same pattern, either with or without the leading slash. Happy to make these changes and send a pull request, my preference would be no leading slash.

    Here are some examples:

    [email protected]:~/tools/SecLists/Discovery/Web-Content$ head aem2.txt 
    {0}.1.json
    .1.json
    .1.xml
    .4.2.1...json
    a.css
    admin
    adminui
    aem/apps.html/content/phonegap
    aem/forms.html/content/dam/formsanddocuments
    aem/publications.html/content/publications
    [email protected]:~/tools/SecLists/Discovery/Web-Content$ head AdobeCQ-AEM.txt 
    /libs/granite/core/content/login.html
    /libs/cq/core/content/login.html
    /crx/explorer/index.jsp
    /crx/packmgr/index.jsp
    /bin/querybuilder.json?type=rep:User&p.hits=selective&p.properties=rep:principalName%20rep:password&p.limit=100
    /.json
    /.1.json
    /.tidy.6.json
    /.tidy.infinity.json
    /bin.tidy.infinity.json
    [email protected]:~/tools/SecLists/Discovery/Web-Content$ head quickhits.txt 
    /!.gitignore
    /!.htaccess
    /!.htpasswd
    /%3f/
    /%ff/
    /.7z
    /.access
    /.addressbook
    /.adm
    /.admin
    [email protected]:~/tools/SecLists/Discovery/Web-Content$ head common.txt 
    .bash_history
    .bashrc
    .cache
    .config
    .cvs
    .cvsignore
    .forward
    .git
    .git-rewrite
    .git/HEAD
    
    opened by denandz 6
  • Add React Server Components  file extension

    Add React Server Components file extension

    Hi,

    This PR add the file extension .server.js that is used for React Server Components source code file.

    📚 Sources used were the following:

    • https://blog.logrocket.com/what-you-need-to-know-about-react-server-components/
    • https://blog.logrocket.com/react-server-components-nextjs-12/

    💡 To be consistent, I only added the extension in flavor of the raft-*-extensions.txt and raft-*-extensions-lowercase.txt dictionaries already containing .server.* extension, like .server.php for example.

    Thank you very much in advance 😃

    opened by righettod 0
  • Adding wordlist for DotNetNuke resources

    Adding wordlist for DotNetNuke resources

    List of DotNetNuke default resources from the DNN repo (https://raw.githubusercontent.com/dnnsoftware/Dnn.Platform/2b530d234439f4e9cb1e0719d76c2bacd475c2d8/DNN%20Platform/Website/DotNetNuke.Website.csproj)

    opened by veritysr 0
  • Update

    Update "common.txt" dict with common front end app files.

    Hi,

    This PR performed the following content on the file common.txt :

    1. Add the following entries, often seen in front end app using framework like Angular, ReactJS or Vue.js:
    .browserslistrc
    .env.development
    .env.production
    .eslintrc.js
    .gitignore
    .gitlab-ci.yml
    babel.config.js
    jest.config.js
    package.json
    tsconfig.json
    vue.config.js
    yarn.lock
    package.lock
    .svn/entries
    .svn/format
    .svn/wc.db
    .svn/wc.db-journal
    
    1. Perform a sort -u against the entire updated content to remove duplicate and sort entries alphabetically.

    Thanks in advance 😃

    opened by righettod 0
  • Add Trickest wordlists

    Add Trickest wordlists

    Inventory subdomains

    This wordlist is based on the subdomains dataset of ~70 public bug bounty programs collected on Inventory.

    Robots

    This one contains the raw data of 100, 1000, and 10000 websites' robots.txt files. [^1]

    Technologies

    These wordlists are based on the source code of the technologies listed here.

    There are two versions of each wordlist:

    • Base Lists the full paths of each file in the repository
    webapps/examples/WEB-INF/classes/websocket/echo/servers.json
    
    • All levels Includes all directory levels of the files in the base wordlist. This wordlist will be larger than the base wordlist, but it accounts for cases where the directory structure of the repository isn't mapped perfectly on the target.
    webapps/examples/WEB-INF/classes/websocket/echo/servers.json
    examples/WEB-INF/classes/websocket/echo/servers.json
    WEB-INF/classes/websocket/echo/servers.json
    websocket/echo/servers.json
    echo/servers.json
    servers.json
    

    The wordlists are sourced from trickest/wordlists.

    [^1]: Credit to the RobotsDisallowed and RAFT projects for the original concept.

    opened by mhmdiaa 0
Releases(2022.4)
Owner
Daniel Miessler
Exploring the fascinating intersection of security, technology, and humans.
Daniel Miessler
Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Sam Sanoop 416 Dec 17, 2022
Web Shells that can bypass system firewalls

No System Is Safe Summary Tsayou web shell is a backdoor built using the PHP programming language and designed to bypass multiple system firewalls on

22XploiterCrew 26 Jun 21, 2021
A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

Alan Woo 51 Nov 21, 2022
Easily anonymize sensitive data through eloquent queries

Laravel Encryptable This package allows you to anonymize sensitive data (like the name, surname and email address of a user) similarly to Laravel's En

H-FARM Innovation 93 Sep 6, 2022
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

PHPGGC: PHP Generic Gadget Chains PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatica

Ambionics Security 2.5k Jan 4, 2023
The Security component provides a complete security system for your web application.

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Symfony 1.2k Jan 1, 2023
Security advisories as a simple composer exclusion list, updated daily

Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa

Roave, LLC 2.5k Jan 5, 2023
Windows and macOS Hardening Interface to make security more accessible.

Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan

ataumo 24 Dec 5, 2022
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.

Floe design + technologies 654 Dec 28, 2022
Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8

Laravel Encrypt Database Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8. I'm yet building the tests. Important Note th

Wellington Barbosa 2 Dec 15, 2021
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
Web page performance/seo/security/accessibility analysis, browser-less for PHP

Web page performance/seo/security/accessibility analysis, browser-less for PHP

Lightship 5 Dec 15, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Jan 6, 2023
ChestRandomBP: This plugin generates chests in random places within a specific world. Where you can customize what each one of them contains, the time and the world of spawning.

ChestRandomBP ChestRandomBP: This plugin generates chests, it works PocketMine-MP and random places within a specific world. Where you can customize w

null 5 Sep 19, 2021
All in one tool for Information Gathering and Vulnerability Scanning

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

r3dhax0r 2.3k Jan 3, 2023
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

Current version: 1.3.5 PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted a

null 4.6k Jan 7, 2023
Test a method against a list of XSS known.

php-xss-tests Test a method against a list of XSS known. How to run Just execute "run.sh", it will start a docker container to do all stuff. How I kno

null 1 Oct 25, 2021