Dictionaries
Lists of my most used dictionaries
Dictionary | Link | Description | Intended for | |
---|---|---|---|---|
Dotdotpwn | https://github.com/wireghoul/dotdotpwn | It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. | Traversal directory | |
Payload all the things | https://github.com/swisskyrepo/PayloadsAllTheThings | many different resources and cheat sheets for payload generation and general methodology. | ||
Rockyou | /usr/shared/wordlists/rockyou.txt.gz | RockYou was a company that developed widgets for MySpace and implemented applications for various social networks and Facebook. Since 2014, it has engaged primarily in the purchases of rights to classic video games; it incorporates in-game ads and re-distributes the games. | ||
User agents | Seclist | Intended to bypass rate limiting (in an API) | User-agent headers | |
Windows Files | My dictionaty repo | To read interesting files from windows machines | Intended for information disclosure | |
Default Credential Cheat sheets | https://github.com/ihebski/DefaultCreds-cheat-sheet | Install and run "python3.11 creds search <service>" |
||
Insidetruest | Statistically Likelly Usernames | This resource contains wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks. |
Installing wordlists in your kali
# This package contains the rockyou.txt wordlist and has an installation size of 134 MB.
sudo apt install wordlists
You will be adding:
/usr/share/wordlists
|-- amass -> /usr/share/amass/wordlists
|-- brutespray -> /usr/share/brutespray/wordlist
|-- dirb -> /usr/share/dirb/wordlists
|-- dirbuster -> /usr/share/dirbuster/wordlists
|-- dnsmap.txt -> /usr/share/dnsmap/wordlist_TLAs.txt
|-- fasttrack.txt -> /usr/share/set/src/fasttrack/wordlist.txt
|-- fern-wifi -> /usr/share/fern-wifi-cracker/extras/wordlists
|-- john.lst -> /usr/share/john/password.lst
|-- legion -> /usr/share/legion/wordlists
|-- metasploit -> /usr/share/metasploit-framework/data/wordlists
|-- nmap.lst -> /usr/share/nmap/nselib/data/passwords.lst
|-- rockyou.txt.gz
|-- seclists -> /usr/share/seclists
|-- sqlmap.txt -> /usr/share/sqlmap/data/txt/wordlist.txt
|-- wfuzz -> /usr/share/wfuzz/wordlist
`-- wifite.txt -> /usr/share/dict/wordlist-probable.txt
Installing seclist
Dictionary generators
- crunch.
- cewl.
- Common User Password Profiler: CUPP.
- Username Anarchy.
More dictionaries
- Dictionaries for cracking passwords: https://wiki.skullsecurity.org/index.php/Passwords.
- [Wordlist from wfuzz](https://github.com/xmendez/wfuzz/tree/master/wordlist.
Default credentials
Install app "Cred" from: https://github.com/ihebski/DefaultCreds-cheat-sheet
Last update: 2024-11-17 Created: January 17, 2023 20:12:35