Skip to content

Dictionaries

Lists of my most used dictionaries

Dictionary Link Description Intended for
Dotdotpwn https://github.com/wireghoul/dotdotpwn It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Traversal directory
Payload all the things https://github.com/swisskyrepo/PayloadsAllTheThings many different resources and cheat sheets for payload generation and general methodology.
Rockyou /usr/shared/wordlists/rockyou.txt.gz RockYou was a company that developed widgets for MySpace and implemented applications for various social networks and Facebook. Since 2014, it has engaged primarily in the purchases of rights to classic video games; it incorporates in-game ads and re-distributes the games.
User agents Seclist Intended to bypass rate limiting (in an API) User-agent headers
Windows Files My dictionaty repo To read interesting files from windows machines Intended for information disclosure
Default Credential Cheat sheets https://github.com/ihebski/DefaultCreds-cheat-sheet Install and run "python3.11 creds search <service>"
Insidetruest Statistically Likelly Usernames This resource contains wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks.

Installing wordlists in your kali

# This package contains the rockyou.txt wordlist and has an installation size of 134 MB.
sudo apt install wordlists

You will be adding:

/usr/share/wordlists
|-- amass -> /usr/share/amass/wordlists
|-- brutespray -> /usr/share/brutespray/wordlist
|-- dirb -> /usr/share/dirb/wordlists
|-- dirbuster -> /usr/share/dirbuster/wordlists
|-- dnsmap.txt -> /usr/share/dnsmap/wordlist_TLAs.txt
|-- fasttrack.txt -> /usr/share/set/src/fasttrack/wordlist.txt
|-- fern-wifi -> /usr/share/fern-wifi-cracker/extras/wordlists
|-- john.lst -> /usr/share/john/password.lst
|-- legion -> /usr/share/legion/wordlists
|-- metasploit -> /usr/share/metasploit-framework/data/wordlists
|-- nmap.lst -> /usr/share/nmap/nselib/data/passwords.lst
|-- rockyou.txt.gz
|-- seclists -> /usr/share/seclists
|-- sqlmap.txt -> /usr/share/sqlmap/data/txt/wordlist.txt
|-- wfuzz -> /usr/share/wfuzz/wordlist
`-- wifite.txt -> /usr/share/dict/wordlist-probable.txt

Installing seclist

git clone https://github.com/danielmiessler/SecLists

sudo apt install seclists -y

Dictionary generators

More dictionaries

Default credentials

Install app "Cred" from: https://github.com/ihebski/DefaultCreds-cheat-sheet

pip3 install defaultcreds-cheat-sheet

python3.11 creds search tomcat
Last update: 2024-11-17
Created: January 17, 2023 20:12:35