SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments

Related tags

Frameworks SecLists
Overview

seclists.png

About SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

This project is maintained by Daniel Miessler, Jason Haddix, and g0tmi1k.


Install

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
  && unzip SecList.zip \
  && rm -f SecList.zip

Git (Small)

git clone --depth 1 \
  https://github.com/danielmiessler/SecLists.git

Git (Complete)

git clone https://github.com/danielmiessler/SecLists.git

Kali Linux (Tool Page)

apt -y install seclists

Attribution

See CONTRIBUTORS.md


Contributing

See CONTRIBUTING.md


Similar Projects


Licensing

This project is licensed under the MIT license.

MIT License

NOTE: Downloading this repository is likely to cause a false-positive alarm by your anti-virus or anti-malware software, the filepath should be whitelisted. There is nothing in SecLists that can harm your computer as-is, however it's not recommended to store these files on a server or other important system due to the risk of local file include attacks.

Comments
  • Build an API to check common passwords?

    Build an API to check common passwords?

    Hi,

    I was thinking about building a simple API to allow web developers to check a password provided by a user against the top-n list. It would be provided free to the community. As in, either me or my company would build and host it for free.

    It raises some important questions;

    1. You have put all this effort in to collating these lists, and I would not build anything like this without your explicit approval.
    2. I have been thinking about whether there is a downside to building this as an API and I would really like someone else's opinion on whether this could potentially be abused.

    If this API is indeed built, there are a couple of things to think about;

    • There is something unnerving about a site sending a user's new password to this random API on the internet to check whether it is in the most-commonly-used. If the API was nefarious, it could potentially store the data and correlate it to the site, thus providing an easier attack vector. That may be the thing that kills the idea dead :) Unless there is a way to ensure the data cannot be correlated and provide assurances around that.
    • The API would return the position on the list, i.e "1000th most commonly used". It is then up to the calling site to determine what they consider acceptable.

    This may be a stupid idea, but I thought I'd put it out there to see what other people think.

    question proposal 
    opened by flytzen 14
  • Seclist refusing to clone into my kali

    Seclist refusing to clone into my kali

    Good day Daniel Each time I try to git clone the seclist repo, it is extremely slow and then times out, leaving this error message as a result;

    ┌──(kali㉿kali)-[~/Documents/CTF] └─$ git clone https://github.com/danielmiessler/SecLists.git Cloning into 'SecLists'... remote: Enumerating objects: 11021, done. error: 1276 bytes of body are still expectedMiB | 181.00 KiB/s fetch-pack: unexpected disconnect while reading sideband packet fatal: early EOF fatal: fetch-pack: invalid index-pack output

    Please is there a solution to this?

    question 
    opened by KingTomasi 11
  • Adding nextcloud & owncloud to common.txt

    Adding nextcloud & owncloud to common.txt

    Hey 🙂

    Nextcloud & ownCloud are two famous software for creating and using file hosting service.

    PS: this adding might also be done on bigger discovery list because none of big list contains them

    enhancement 
    opened by clem9669 9
  • [Suggestion] List of Ports Sorted According to Frequency of Use

    [Suggestion] List of Ports Sorted According to Frequency of Use

    Hello,

    I've been searching around Google for a list of port numbers sorted according to their frequency of use, and so far, I've found no results corresponding to what I was looking for, so I wanted to suggest adding something like it to SecLists.

    Problems and Goals

    The goal that I have in mind for a list of such kind is to use it to quickly check if a host is alive in the fastest time possible while assuming that there are packet filtering devices on the way. The only workaround that I can think of regarding this problem is to establish connections to legit services being hosted on my targets, which packet filtering devices usually allow (I think so, I have very little experience with this so bear with me). But the thing is, I don't know which legit services are running on my targets.

    I'm aware that I can do a full 0-65535 port scan on my target hosts, but I think starting with the most frequently used port numbers will shorten my port scan time by a lot, considering that I'm looking for only 1 port to successfully be detected.

    Data Gathering Methodology

    One method that I could think of in the creation of such a list is to query Shodan (https://www.shodan.io/) for each of the 65536 port numbers using their port search filter (port:1, port:2, port:n). Each query will return a frequency value for each port and we can use this value to sort our list.

    I wanted to do this myself, but I've noticed that the use of the API is charged, so maybe this list could be compiled as a result of a mix of collaborative manual work, and (for those who are more charitable) automated work.

    I might start my own GitHub project regarding this possible contibution to SecLists. I'll update this post once I do.

    Disclaimer

    I'm new to this so I'm not sure if there are any better approaches or actual tools out there that will do this job, but I think that having this kind of list would lead to a faster way of checking for hosts that might be hiding behind packet filtering devices.

    enhancement 
    opened by penafieljlm 9
  • Stonecol and Stonecold are both common words?

    Stonecol and Stonecold are both common words?

    I find it hard to believe that Stonecol and Stonecold are, separately, among the 10k most commonly used words. Thoughts?

    https://github.com/danielmiessler/SecLists/blob/master/Passwords/10k_most_common.txt

    question 
    opened by aJetHorn 8
  • Add other possible types of SSH key files.

    Add other possible types of SSH key files.

    Hi,

    This PR (fix and replace the PR #745) add other possible types of SSH key files and variations on the extensions:

    • identity
    • id_dsa
    • id_ecdsa
    • id_ed25519
    • id_ecdsa_sk
    • id_ed25519_sk

    My sources were the following:

    1. The content of the sshd_config file:

    image

    1. The content of the configuration folder of a ssh server /etc/ssh:

    image

    1. The documentation of the ssh-keygen tool:

    image

    Thank you very much in advance 😃

    Note:

    In addition, I made a proposal for #760

    opened by righettod 7
  • PR for issue 654 (environment identifiers dict)

    PR for issue 654 (environment identifiers dict)

    Hi,

    This PR refer to the issue #654

    I have used the following command against several local (Luxembourg) domains:

    curl -sk "https://crt.sh/?q=[BASE_DOMAIN]&output=json" | jq -r ".[].name_value" | cut -d'.' -f1 | sort -u
    

    Domains used, as sources, were defined in each commits. You will find English and French identifiers depending on the companies owing the domains.

    Thank you very much in advance 😃

    enhancement proposal 
    opened by righettod 7
  • Add specific

    Add specific "render" endpoints

    Hi,

    In this PR, I propose the adding of 2 "render" endpoint to detect the following dynamic rendering engines:

    • Rendertron
    • Prerender

    Information are based on this blog post.

    Thanks a lot in advance 😃

    enhancement 
    opened by righettod 7
  • Create universally useful combined web discovery wordlists which auto-update

    Create universally useful combined web discovery wordlists which auto-update

    As I promised in issue #652, here's the pull request 😁

    Some very unlikely but possible issues in the future:

    • If both actions trigger simultaneously, only one will be able to finish, as the other one will fail with an error like ! [remote rejected] HEAD -> master (cannot lock ref 'refs/heads/master': is at 7271aab5abc3fcad4f61de3872dcee911b177156 but expected b2ee580771ed4195027759aa5d35f6e5728bf8e0) error: failed to push some refs to 'https://github.com/danielmiessler/SecLists.git'
    • If the wordlists at some point go past 100Mb, we will have to use Git Large File Storage

    Other than that, this should work without any intervention ╰(°▽°)╯

    enhancement proposal 
    opened by ItsIgnacioPortal 6
  • Is there a way for me NOT to download the Payloads folder of this repository?

    Is there a way for me NOT to download the Payloads folder of this repository?

    Hi, yes, I’d like to not download a bunch of ZIP bombs on my computer while I’m trying to do pen testing, thanks. I used WSL to clone the repository, and now Windows Defender is going apeshit with like 200 different virus detections

    question 
    opened by JohnMackYouTube05 6
  • Add a dict with OAUTH2/OIDC scopes.

    Add a dict with OAUTH2/OIDC scopes.

    Hi,

    This PR add a dictionary containing OAuth 2.0 / OpenID Connect scopes found using the procedure described below.

    This dictionary can be used to discover scope that can be used for a Client ID on a OAUTH Authorization Server / OpenID Provider if the file /.well-known/openid-configuration is not reachable or some scope are defined but not used by the Client ID.

    I have created this script to perform, among others, this kind of operation.

    The dictionary was created using the following steps.

    1. Get data from Shodan for IP hosting an instance of the Keycloak software.

    The following script was used:

    #!/bin/bash
    # Made an initial request without the page parameter and take the value of the "total" attribute
    # Then divide it by 100 to have the number of pages
    for p in {1..11}
    do
    	curl -X GET "https://api.shodan.io/shodan/host/search?key=[api_key]&query=keycloak&page=$p" --output "data$p.json"
    done
    

    Content of each JSON file:

    json-extract

    1. Extract of the Location header for every entry from all json files to create a first source of data (urls) named source1.txt.

    The following script was used, it leverage the JQ tool to extract data from JSON files:

    #!/bin/bash
    rm data1.txt 2>/dev/null
    for f in `ls data*.json`
    do
    	jq -r ".matches[].data" $f >> data1.txt
    done
    grep -Po "Location:\s.*" data1.txt | cut -d' ' -f2 > source1.txt
    
    1. Extraction of all hostnames header for every entry from all json files to create a second source of data (urls) named source2.txt.

    The following script was used, it adds a Keycloak url path to all hostnames, this one is normally present on a Keycloak instance:

    #!/bin/bash
    rm data2.txt 2>/dev/null
    for f in `ls data*.json`
    do
    	jq -r ".matches[].hostnames" $f | grep -Po '".*"' | tr -d '"' | sort -u >> data2.txt
    done
    awk 'NF{print "https://" $0 "/auth/realms/master/protocol/openid-connect/auth"}' data2.txt > source2.txt
    
    1. Merging of the two data sources via cat source1.txt source2.txt | sort -u > source.txt and fixing of invalid urls manually (find right urls to use via manual request against the hostname)

    2. Generation of the file scopes.txt and realms.txt via the following python script (dirty script non-optimised) named grab-scopes-realms.py:

    import requests
    # pip3 install requests
    # Very dirty script to create a dict of Scopes and Realms
    # Shodan query: https://www.shodan.io/search?query=%22keycloak%22
    requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
    with open("source.txt", "r") as f:
        urls = f.read().splitlines()
    scopes = []
    realms = []
    urls_processed = []
    urls_not_processed = []
    marker = "/protocol"
    c = 0
    t = len(urls)
    with requests.Session() as session:
        session.verify = False
        session.headers.update({"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0"})
        for u in urls:
            u = u.split("?")[0]
            c += 1
            if u in urls_processed or marker not in u:
                continue
            urls_processed.append(u)
            print(f"\rProcessing url {c}/{t}", end="", flush=True)
            base_url_realms = u[0:u.index(marker)]
            metadata_url = f"{base_url_realms}/.well-known/openid-configuration"
            realm = base_url_realms.split("/")[-1]
            try:
                http_response = session.get(url=metadata_url, allow_redirects=True, timeout=5)
            except requests.exceptions.RequestException:
                urls_not_processed.append(u)
                continue
            if (http_response.status_code == 200 and "Content-Type" in http_response.headers
                and "application/json" in http_response.headers["Content-Type"]
                    and "scopes_supported" in http_response.json()):
                scopes.extend(http_response.json()["scopes_supported"])
                if realm not in realms:
                    realms.append(realm)
        print(f"\r{len(urls_processed)} urls processed - {len(urls_not_processed)} urls not processed.", end="", flush=True)
    scopes = list(set(scopes))
    scopes.sort()
    realms.sort()
    urls_not_processed.sort()
    with open("scopes.txt", "w") as f:
        f.write("\n".join(scopes))
    with open("realms.txt", "w") as f:
        f.write("\n".join(realms))
    with open("urls-not-processed.txt", "w") as f:
        f.write("\n".join(urls_not_processed))
    

    Execution:

    $ python --version
    Python 3.7.5
    $ python grab-scopes-realms.py
    1080 urls processed - 404 urls not processed.
    

    The goal is to enrich it with the time when new scopes are identified.

    Thanks in advance 😃

    enhancement 
    opened by righettod 6
  • [spring-boot.txt] Add new endpoints

    [spring-boot.txt] Add new endpoints

    Hi,

    This PR use this documentation to add the prefix management/ to endpoints list from this documentation:

    image

    image

    Command used to extract endpoints:

    curl -sk https://docs.spring.io/spring-boot/docs/2.1.7.RELEASE/reference/html/production-ready-endpoints.html | grep -Po '<code class="literal">([a-z]+)</code>' | cut -d'>' -f2 | cut -d'<' -f1 | sort -u
    

    Thanks in advance 😃

    opened by righettod 2
  • Collection methodology for the dutch passwordlists

    Collection methodology for the dutch passwordlists

    Hello,

    Thank you very much for putting this repo together.

    I would like to ask for information please on what was the collection source and methodology for the following password lists:

    • https://github.com/danielmiessler/SecLists/blob/master/Passwords/dutch_common_wordlist.txt
    • https://github.com/danielmiessler/SecLists/blob/master/Passwords/dutch_passwordlist.txt
    • https://github.com/danielmiessler/SecLists/blob/master/Passwords/dutch_wordlist

    Are they related in any way? IE is one generated from the other?

    Thank you, Tamas

    opened by vorost 1
Releases(2022.3)
Owner
Daniel Miessler
Exploring the fascinating intersection of security, technology, and humans.
Daniel Miessler
Pods is a development framework for creating, extending, managing, and deploying customized content types in WordPress.

Pods Framework Pods is a development framework for creating, extending, managing, and deploying customized content types in WordPress. Description Che

Pods Foundation, Inc 975 Sep 12, 2022
Multi-process coroutine edition Swoole spider !! Learn about Swoole's network programming and the use of its related APIs

swoole_spider php bin/spider // Just do it !! Cache use Swoole\Table; use App\Table\Cache; $table = new Table(1<<20); // capacity size $table->column

null 3 Apr 22, 2021
🐘🎓📝 PHP Library providing an easy way to spellcheck multiple sources of text by many spellcheckers

PHP-Spellchecker Check misspellings from any text source with the most popular PHP spellchecker. About PHP-Spellchecker is a spellchecker abstraction

Philippe SEGATORI 245 Sep 19, 2022
An enhanced FileInput widget for Bootstrap 4.x/3.x with file preview, multiple selection, and more features (sub repo split from yii2-widgets)

yii2-widget-fileinput The FileInput widget is a customized file input widget based on Krajee's Bootstrap FileInput JQuery Plugin. The widget enhances

Kartik Visweswaran 228 Sep 12, 2022
TrailLamp is a lightweight, easy-to-use Php MVC framework that can be used to build web applications and REST APIs.

TrailLamp Introduction TrailLamp is a lightweight, easy-to-use Php MVC framework that can be used to build web applications and REST APIs. Installatio

Etorojah Okon 14 Jun 10, 2022
An Hydrator class that can be used for filling object from array and extracting data from objects back to arrays.

Hydrator namespace: Meow\Hydrator Library that can hydrate (fill object with data from array) and extract data from object back to array. Installation

Meow 2 Feb 3, 2022
Basic PHP app with Composer used in Microsoft Docs examples

page_type languages products description urlFragment sample php azure This sample demonstrates a tiny PHP app with Composer. php-basic-composer PHP sm

Azure Samples 3 Jul 14, 2022
Framework used for most of my PHP projects.

PHP boilerplate code that most of my php projects share. Requires php: >=7.3 ext-json: * ext-pdo: * ext-phalcon: >=4.0.0 ext-posix: * ext-

Dennis Stücken 1 Jan 12, 2022
Yii2 console application used to write our processors of methods to responsible to client calling.

Microservice Application Skeleton Yii2 console application used to write our processors of methods to responsible to client calling. This application

Jafaripur 0 Mar 10, 2022
Strict PSR-7 implementation used by the Slim Framework

Strict PSR-7 implementation used by the Slim Framework, but you may use it separately with any framework compatible with the PSR-7 standard.

Slim Framework 91 Jul 6, 2022
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

Daniel Miessler 42k Sep 30, 2022
TODOParrot is the companion project for the book

Welcome to TODOParrot TODOParrot (http://www.todoparrot.com) is the companion project to the book, Easy Laravel 5 (http://easylaravelbook.com), writte

Jason Gilmore 115 Nov 10, 2020
OPcodes's Log Viewer is a perfect companion for your Laravel app

Log Viewer Easy-to-use, fast, and beautiful Features | Installation | Configuration | Authorization | Troubleshooting | Credits OPcodes's Log Viewer i

null 1.8k Sep 23, 2022
Collection of value objects that represent the types of the PHP type system

sebastian/type Collection of value objects that represent the types of the PHP type system. Installation You can add this library as a local, per-proj

Sebastian Bergmann 990 Sep 23, 2022
PHP Kafka client is used in PHP-FPM and Swoole. PHP Kafka client supports 50 APIs, which might be one that supports the most message types ever.

longlang/phpkafka Introduction English | 简体中文 PHP Kafka client is used in PHP-FPM and Swoole. The communication protocol is based on the JSON file in

Swoole Project 223 Sep 23, 2022
Rules to detect game engines and other technologies based on Steam depot file lists

SteamDB File Detection Rule Sets This is a set of scripts that are used by SteamDB to make educated guesses about the engine(s) & technology used to b

Steam Database 100 Sep 29, 2022
Admin Columns allows you to manage and organize columns in the posts, users, comments, and media lists tables in the WordPress admin panel.

Admin Columns allows you to manage and organize columns in the posts, users, comments, and media lists tables in the WordPress admin panel. Transform the WordPress admin screens into beautiful, clear overviews.

Codepress 66 Sep 19, 2022
Laravel-Tasks is a Complete Build of Laravel 5.2 with Individual User Task Lists

An app of tasks lists for each individual user. Built on Laravel 5.2, using 5.2 authentication and middleware. This has robust verbose examples using Laravel best practices.

Jeremy Kenedy 26 Aug 27, 2022
This project lists all the mandatory steps I recommend to build a Website using Symfony, Twig, Doctrine.

{% raw %} <-- keep this for Jekyll to fully bypass this documents, because of the Twig tags. Symfony Website Checklist ?? Summary~~~~ Elevator pitch P

William Pinaud 6 Aug 31, 2022
A simple PHP API to make working with SharePoint lists easy.

PHP SharePoint Lists API The PHP SharePoint Lists API is designed to make working with SharePoint Lists in PHP a less painful developer experience. Ra

Carl Saggs 169 Sep 26, 2022