下路路径
SecLists-更全面的渗透测试字典 v2024.1
简介
SecLists 是一个致力于收集各种安全字典的开源项目。这些字典包括但不限于:密码字典、用户名字典、网络扫描结果、漏洞利用载荷、web shells、可用于渗透测试的Payloads、以及其他各种安全相关的字典。
这个字典是Github上53K的高分项目,文件大小约1.1G,字典十分的精致与全面,本文三言两语无法概括该项目的强大!
目录预览
windows
kali-linux
SecLists
├─Discovery
│ ├─DNS
│ │ bitquark-subdomains-top100000.txt
│ │ deepmagic.com-prefixes-top500.txt
│ │ deepmagic.com-prefixes-top50000.txt
│ │ dns-Jhaddix.txt
│ │ fierce-hostlist.txt
│ │ namelist.txt
│ │ shubs-stackoverflow.txt
│ │ shubs-subdomains.txt
│ │ sortedcombined-knock-dnsrecon-fierce-reconng.txt
│ │ subdomains-top1million-110000.txt
│ │ subdomains-top1million-20000.txt
│ │ subdomains-top1million-5000.txt
│ │
│ ├─File-System
│ │ OBEX_common.txt
│ │ OBEX_rare.txt
│ │ windows-writable-locations.txt
│ │
│ ├─Infrastructure
│ │ common-http-ports.txt
│ │ common-router-ips.txt
│ │ nmap-ports-top1000.txt
│ │
│ ├─Mainframe
│ │ default_cics_transactions.txt
│ │
│ ├─SNMP
│ │ common-snmp-community-strings-onesixtyone.txt
│ │ common-snmp-community-strings.txt
│ │ snmp-onesixtyone.txt
│ │ snmp.txt
│ │
│ ├─Variables
│ │ secret-keywords.txt
│ │
│ └─Web-Content
│ │ AdobeCQ-AEM.txt
│ │ AdobeXML.fuzz.txt
│ │ Apache.fuzz.txt
│ │ apache.txt
│ │ ApacheTomcat.fuzz.txt
│ │ axis.txt
│ │ big.txt
│ │ burp-parameter-names.txt
│ │ CGI-HTTP-POST-Windows.fuzz.txt
│ │ CGI-HTTP-POST.fuzz.txt
│ │ CGI-Microsoft.fuzz.txt
│ │ CGI-XPlatform.fuzz.txt
│ │ CGIs.txt
│ │ coldfusion.txt
│ │ common-and-dutch.txt
│ │ common-and-french.txt
│ │ common-and-italian.txt
│ │ common-and-portuguese.txt
│ │ common-and-spanish.txt
│ │ common-api-endpoints-mazen160.txt
│ │ Common-DB-Backups.txt
│ │ Common-PHP-Filenames.txt
│ │ common.txt
│ │ CommonBackdoors-ASP.fuzz.txt
│ │ CommonBackdoors-JSP.fuzz.txt
│ │ CommonBackdoors-PHP.fuzz.txt
│ │ CommonBackdoors-PL.fuzz.txt
│ │ confluence-administration.txt
│ │ default-web-root-directory-linux.txt
│ │ default-web-root-directory-windows.txt
│ │ directory-list-1.0.txt
│ │ directory-list-2.3-big.txt
│ │ directory-list-2.3-medium.txt
│ │ directory-list-2.3-small.txt
│ │ directory-list-lowercase-2.3-big.txt
│ │ directory-list-lowercase-2.3-medium.txt
│ │ directory-list-lowercase-2.3-small.txt
│ │ dirsearch.txt
│ │ domino-dirs-coldfusion39.txt
│ │ domino-endpoints-coldfusion39.txt
│ │ FatwireCMS.fuzz.txt
│ │ fnf-fuzz.txt
│ │ Frontpage.fuzz.txt
│ │ frontpage.txt
│ │ golang.txt
│ │ graphql.txt
│ │ hpsmh.txt
│ │ HTTP-POST-Microsoft.fuzz.txt
│ │ Hyperion.fuzz.txt
│ │ hyperion.txt
│ │ IIS.fuzz.txt
│ │ iplanet.txt
│ │ JavaScript-Miners.txt
│ │ JavaServlets-Common.fuzz.txt
│ │ jboss.txt
│ │ Jenkins-Hudson.txt
│ │ JRun.fuzz.txt
│ │ jrun.txt
│ │ KitchensinkDirectories.fuzz.txt
│ │ LinuxFileList.txt
│ │ local-ports.txt
│ │ Logins.fuzz.txt
│ │ LotusNotes.fuzz.txt
│ │ netware.txt
│ │ nginx.txt
│ │ Oracle EBS wordlist.txt
│ │ oracle.txt
│ │ Oracle9i.fuzz.txt
│ │ OracleAppServer.fuzz.txt
│ │ Passwords.fuzz.txt
│ │ PHP.fuzz.txt
│ │ proxy-conf.fuzz.txt
│ │ Public-Source-Repo-Issues.json
│ │ quickhits.txt
│ │ raft-large-directories-lowercase.txt
│ │ raft-large-directories.txt
│ │ raft-large-extensions-lowercase.txt
│ │ raft-large-extensions.txt
│ │ raft-large-files-lowercase.txt
│ │ raft-large-files.txt
│ │ raft-large-words-lowercase.txt
│ │ raft-large-words.txt
│ │ raft-medium-directories-lowercase.txt
│ │ raft-medium-directories.txt
│ │ raft-medium-extensions-lowercase.txt
│ │ raft-medium-extensions.txt
│ │ raft-medium-files-lowercase.txt
│ │ raft-medium-files.txt
│ │ raft-medium-words-lowercase.txt
│ │ raft-medium-words.txt
│ │ raft-small-directories-lowercase.txt
│ │ raft-small-directories.txt
│ │ raft-small-extensions-lowercase.txt
│ │ raft-small-extensions.txt
│ │ raft-small-files-lowercase.txt
│ │ raft-small-files.txt
│ │ raft-small-words-lowercase.txt
│ │ raft-small-words.txt
│ │ Randomfiles.fuzz.txt
│ │ reverse-proxy-inconsistencies.txt
│ │ RobotsDisallowed-Top10.txt
│ │ RobotsDisallowed-Top100.txt
│ │ RobotsDisallowed-Top1000.txt
│ │ RobotsDisallowed-Top500.txt
│ │ ror.txt
│ │ Roundcube-123.txt
│ │ sap.txt
│ │ spring-boot.txt
│ │ SunAppServerGlassfish.fuzz.txt
│ │ sunas.txt
│ │ SuniPlanet.fuzz.txt
│ │ swagger.txt
│ │ tests.txt
│ │ tftp.fuzz.txt
│ │ tomcat.txt
│ │ UnixDotfiles.fuzz.txt
│ │ versioning_metafiles.txt
│ │ Vignette.fuzz.txt
│ │ web-all-content-types.txt
│ │ web-extensions.txt
│ │ web-mutations.txt
│ │ weblogic.txt
│ │ websphere.txt
│ │
│ ├─api
│ │ actions-lowercase.txt
│ │ actions-uppercase.txt
│ │ actions.txt
│ │ api-seen-in-wild.txt
│ │ api_endpoints.txt
│ │ objects-lowercase.txt
│ │ objects-uppercase.txt
│ │ objects.txt
│ │ README.md
│ │
│ ├─BurpSuite-ParamMiner
│ │ lowercase-headers
│ │ uppercase-headers
│ │
│ ├─CMS
│ │ caobox-cms.txt
│ │ ColdFusion.fuzz.txt
│ │ Django.txt
│ │ drupal-themes.fuzz.txt
│ │ Drupal.txt
│ │ flyspray-1.0RC4.txt
│ │ joomla-plugins.fuzz.txt
│ │ joomla-themes.fuzz.txt
│ │ kentico-cms-modules-themes.txt
│ │ modx-revolution-plugins
│ │ php-nuke.fuzz.txt
│ │ piwik-3.0.4.txt
│ │ SAP.fuzz.txt
│ │ Sharepoint.fuzz.txt
│ │ sharepoint.txt
│ │ shopware.txt
│ │ sitecore
│ │ Sitefinity-fuzz.txt
│ │ sitemap-magento.txt
│ │ SiteMinder.fuzz.txt
│ │ symfony-315-demo.txt
│ │ symphony-267-xslt-cms.txt
│ │ Umbraco.fuzz.txt
│ │ Umbraco.txt
│ │ wordpress.fuzz.txt
│ │ wp-plugins.fuzz.txt
│ │ wp-themes.fuzz.txt
│ │
│ ├─Domino-Hunter
│ │ Commands-Documents.txt
│ │ Commands-NSF.txt
│ │ Commands-Views.txt
│ │ dh.pl
│ │ Domino-Files.txt
│ │ LICENCE
│ │
│ ├─SVNDigger
│ │ │ all-dirs.txt
│ │ │ all-extensionless.txt
│ │ │ all.txt
│ │ │ Licence
│ │ │ ReadMe.txt
│ │ │ symfony.txt
│ │ │
│ │ ├─cat
│ │ │ ├─Conf
│ │ │ │ conf.txt
│ │ │ │ config.txt
│ │ │ │ htaccess.txt
│ │ │ │ properties.txt
│ │ │ │
│ │ │ ├─Database
│ │ │ │ inc.txt
│ │ │ │ ini.txt
│ │ │ │ mdb.txt
│ │ │ │ mdf.txt
│ │ │ │ sql.txt
│ │ │ │ xml.txt
│ │ │ │
│ │ │ ├─Language
│ │ │ │ ascx.txt
│ │ │ │ asp.txt
│ │ │ │ aspx.txt
│ │ │ │ c.txt
│ │ │ │ cfm.txt
│ │ │ │ cpp.txt
│ │ │ │ cs.txt
│ │ │ │ css.txt
│ │ │ │ html.txt
│ │ │ │ jar.txt
│ │ │ │ java.txt
│ │ │ │ js.txt
│ │ │ │ jsp.txt
│ │ │ │ jspf.txt
│ │ │ │ php.txt
│ │ │ │ php3.txt
│ │ │ │ php5.txt
│ │ │ │ phpt.txt
│ │ │ │ pl.txt
│ │ │ │ py.txt
│ │ │ │ rb.txt
│ │ │ │ sh.txt
│ │ │ │ swf.txt
│ │ │ │ tpl.txt
│ │ │ │ vb.txt
│ │ │ │ wsdl.txt
│ │ │ │
│ │ │ └─Project
│ │ │ csproj.txt
│ │ │ pdb.txt
│ │ │ resx.txt
│ │ │ sln.txt
│ │ │ suo.txt
│ │ │ vbproj.txt
│ │ │
│ │ └─context
│ │ admin.txt
│ │ debug.txt
│ │ error.txt
│ │ help.txt
│ │ index.txt
│ │ install.txt
│ │ log.txt
│ │ readme.txt
│ │ root.txt
│ │ setup.txt
│ │ test.txt
│ │
│ ├─URLs
│ │ README.md
│ │ urls-Drupal-7.20.txt
│ │ urls-joomla-3.0.3.txt
│ │ urls-SAP.txt
│ │ urls-wordpress-3.3.1.txt
│ │
│ └─Web-Services
│ README.md
│ SOAP-functions.txt
│
├─Fuzzing
│ │ 1-4_all_letters_a-z.txt
│ │ 3-digits-000-999.txt
│ │ 4-digits-0000-9999.txt
│ │ 5-digits-00000-99999.txt
│ │ 6-digits-000000-999999.txt
│ │ alphanum-case-extra.txt
│ │ alphanum-case.txt
│ │ big-list-of-naughty-strings.txt
│ │ char.txt
│ │ command-injection-commix.txt
│ │ doble-uri-hex.txt
│ │ email-top-100-domains.txt
│ │ extension-test.txt
│ │ extensions-Bo0oM.txt
│ │ extensions-compressed.fuzz.txt
│ │ extensions-most-common.fuzz.txt
│ │ extensions-skipfish.fuzz.txt
│ │ FormatString-Jhaddix.txt
│ │ fuzz-Bo0oM.txt
│ │ FuzzingStrings-SkullSecurity.org.txt
│ │ HTML5sec-Injections-Jhaddix.txt
│ │ http-request-methods.txt
│ │ JSON.Fuzzing.txt
│ │ LDAP-active-directory-attributes.txt
│ │ LDAP-active-directory-classes.txt
│ │ LDAP-openldap-attributes.txt
│ │ LDAP-openldap-classes.txt
│ │ LDAP.Fuzzing.txt
│ │ Metacharacters.fuzzdb.txt
│ │ numeric-fields-only.txt
│ │ special-chars.txt
│ │ SSI-Injection-Jhaddix.txt
│ │ template-engines-expression.txt
│ │ template-engines-special-vars.txt
│ │ Unicode.txt
│ │ UnixAttacks.fuzzdb.txt
│ │ URI-hex.txt
│ │ URI-XSS.fuzzdb.txt
│ │ Windows-Attacks.fuzzdb.txt
│ │ XML-FUZZ.txt
│ │ XSS-Fuzzing
│ │ XXE-Fuzzing.txt
│ │
│ ├─Databases
│ │ db2enumeration.fuzzdb.txt
│ │ MSSQL-Enumeration.fuzzdb.txt
│ │ MSSQL.fuzzdb.txt
│ │ MySQL-Read-Local-Files.fuzzdb.txt
│ │ MySQL-SQLi-Login-Bypass.fuzzdb.txt
│ │ MySQL.fuzzdb.txt
│ │ NoSQL.txt
│ │ Oracle.fuzzdb.txt
│ │ Postgres-Enumeration.fuzzdb.txt
│ │ sqli.auth.bypass.txt
│ │
│ ├─LFI
│ │ LFI-gracefulsecurity-linux.txt
│ │ LFI-gracefulsecurity-windows.txt
│ │ LFI-Jhaddix.txt
│ │ LFI-LFISuite-pathtotest-huge.txt
│ │ LFI-LFISuite-pathtotest.txt
│ │
│ ├─Polyglots
│ │ SQLi-Polyglots.txt
│ │ XSS-innerht-ml.txt
│ │ XSS-Polyglot-Ultimate-0xsobky.txt
│ │ XSS-Polyglots-Dmiessler.txt
│ │ XSS-Polyglots.txt
│ │
│ ├─SQLi
│ │ Generic-BlindSQLi.fuzzdb.txt
│ │ Generic-SQLi.txt
│ │ quick-SQLi.txt
│ │
│ ├─User-Agents
│ │ │ user-agents-whatismybrowserdotcom-large.txt
│ │ │ user-agents-whatismybrowserdotcom-mid.txt
│ │ │ user-agents-whatismybrowserdotcom-small.txt
│ │ │ UserAgents-IE.txt
│ │ │ UserAgents.fuzz.txt
│ │ │
│ │ ├─hardware-type-specific
│ │ │ billboard.txt
│ │ │ car.txt
│ │ │ computer.txt
│ │ │ ebook-reader.txt
│ │ │ game-console.txt
│ │ │ glasses.txt
│ │ │ handheld-game.txt
│ │ │ large-screen.txt
│ │ │ media-player.txt
│ │ │ mobile.txt
│ │ │ music-player.txt
│ │ │ pda.txt
│ │ │ phone.txt
│ │ │ server.txt
│ │ │ tablet.txt
│ │ │ tv.txt
│ │ │
│ │ ├─layout-engine-name
│ │ │ blink.txt
│ │ │ edgehtml.txt
│ │ │ gecko.txt
│ │ │ goanna.txt
│ │ │ khtml.txt
│ │ │ netfront.txt
│ │ │ presto.txt
│ │ │ trident.txt
│ │ │ webkit.txt
│ │ │
│ │ ├─operating-platform
│ │ │ admire.txt
│ │ │ android.txt
│ │ │ aopen-etile-19.txt
│ │ │ blackberry-10.txt
│ │ │ {此处省略4134个列表}
│ │ │ zte-z998.txt
│ │ │ zte-z999.txt
│ │ │
│ │ ├─operating-system-name
│ │ │ a-unix-based-os.txt
│ │ │ android.txt
│ │ │ bada.txt
│ │ │ beos.txt
│ │ │ blackberry-os.txt
│ │ │ chromeos.txt
│ │ │ darwin.txt
│ │ │ fire-os.txt
│ │ │ freebsd.txt
│ │ │ haiku.txt
│ │ │ hp-webos.txt
│ │ │ ios.txt
│ │ │ irix.txt
│ │ │ linux.txt
│ │ │ livearea.txt
│ │ │ mac-os-x.txt
│ │ │ mac.txt
│ │ │ macos.txt
│ │ │ openbsd.txt
│ │ │ palmos.txt
│ │ │ rim-tablet-os.txt
│ │ │ sunos.txt
│ │ │ symbian.txt
│ │ │ webos.txt
│ │ │ windows-mobile.txt
│ │ │ windows-phone.txt
│ │ │ windows.txt
│ │ │
│ │ ├─software-name
│ │ │ 126-browser.txt
│ │ │ 1337browser.txt
│ │ │ 1password.txt
│ │ │ 200pleasebot.txt
│ │ │ 360spider.txt
│ │ │ 3b-rooms-web-browser.txt
│ │ │ 80legs-web-crawler.txt
│ │ │ a-passion-for-jazz-media-crawler.txt
│ │ │ abacho-crawler.txt
│ │ │ accoona-ai-crawler.txt
│ │ │ accoona-business-crawler.txt
│ │ │ admantx-platform-semantic-analyzer.txt
│ │ │ adobe-air.txt
│ │ │ ahrefs-backlink-research-bot.txt
│ │ │ alertsite-monitoring-bot.txt
│ │ │ alexa-bot.txt
│ │ │ alexa-certification-scanner.txt
│ │ │ alexa-site-audit.txt
│ │ │ alienblue.txt
│ │ │ amaya.txt
│ │ │ amazon-api-gateway.txt
│ │ │ android-browser.txt
│ │ │ anyapex-web-directory-crawler.txt
│ │ │ aol-browser.txt
│ │ │ arachmo-download-manager.txt
│ │ │ arora.txt
│ │ │ avant-browser.txt
│ │ │ avantgo-browser.txt
│ │ │ awesomium.txt
│ │ │ baidu-box-app.txt
│ │ │ baidu-image-spider.txt
│ │ │ baidu-spider.txt
│ │ │ baidu-union-spider.txt
│ │ │ become-com-crawler.txt
│ │ │ beslist-shopping-crawler.txt
│ │ │ bingbot.txt
│ │ │ bingpreview.txt
│ │ │ bit-ly-link-checker.txt
│ │ │ blackberry-browser.txt
│ │ │ blazer.txt
│ │ │ blitzbot-crawler.txt
│ │ │ blue-chrome.txt
│ │ │ boitho-distributed-crawler.txt
│ │ │ bonecho.txt
│ │ │ brave.txt
│ │ │ broadsign-xpress.txt
│ │ │ browsershots-com-cross-browser-tester.txt
│ │ │ camino.txt
│ │ │ careerbot-search-crawler.txt
│ │ │ catchbot.txt
│ │ │ catchpoint-analyser.txt
│ │ │ charlotte.txt
│ │ │ chimera.txt
│ │ │ chrome.txt
│ │ │ chromeplus.txt
│ │ │ chromium.txt
│ │ │ clamav-website-scanner.txt
│ │ │ coda.txt
│ │ │ coder-nut.txt
│ │ │ cometbird.txt
│ │ │ comodo-dragon.txt
│ │ │ comodo-icedragon.txt
│ │ │ content-crawler-spider.txt
│ │ │ converacrawler.txt
│ │ │ coolnovo.txt
│ │ │ cosmos-crawler.txt
│ │ │ covario-spider.txt
│ │ │ curl.txt
│ │ │ dataparksearch-engine.txt
│ │ │ delphi-embedded-web-browser.txt
│ │ │ diffbot-scanner.txt
│ │ │ dillo.txt
│ │ │ discord-bot.txt
│ │ │ discovery-engine-crawler.txt
│ │ │ dlink-backdoor.txt
│ │ │ dolfin.txt
│ │ │ domain-re-animator-bot.txt
│ │ │ domaintools-surveybot.txt
│ │ │ dooble.txt
│ │ │ dorado-wap-browser.txt
│ │ │ dotcom-monitor-bot.txt
│ │ │ dotnetdotcomdotorg-crawler.txt
│ │ │ dragon.txt
│ │ │ duckduckgo-favicons-bot.txt
│ │ │ ea-origin-browser.txt
│ │ │ earthcom-crawler.txt
│ │ │ earthworm.txt
│ │ │ edge.txt
│ │ │ electron-application.txt
│ │ │ elinks.txt
│ │ │ embedded-web-browser.txt
│ │ │ emeraldshield-com-filter.txt
│ │ │ envolk-spider.txt
│ │ │ epiphany.txt
│ │ │ evaliant-impressions-bot.txt
│ │ │ eve-in-game-browser.txt
│ │ │ exalead-crawler.txt
│ │ │ exalead-image-crawler.txt
│ │ │ exb-language-crawler.txt
│ │ │ excel.txt
│ │ │ facebook-app.txt
│ │ │ facebook-bot.txt
│ │ │ fast-enterprise-crawler.txt
│ │ │ fast-fresh-crawler.txt
│ │ │ fennec.txt
│ │ │ findlinks-crawler-bot.txt
│ │ │ firebird.txt
│ │ │ firefox-focus.txt
│ │ │ firefox.txt
│ │ │ flashfire.txt
│ │ │ flock.txt
│ │ │ frontpage.txt
│ │ │ galeon.txt
│ │ │ genieo-bot.txt
│ │ │ gnip-unwindfetchor-crawler.txt
│ │ │ gomezagent.txt
│ │ │ google-app-engine-software.txt
│ │ │ google-earth-pro.txt
│ │ │ google-earth.txt
│ │ │ google-favicon-crawler.txt
│ │ │ google-image-proxy.txt
│ │ │ google-s-media-partners-system-adsense.txt
│ │ │ google-search-app.txt
│ │ │ google-site-verifier-bot.txt
│ │ │ google-snippet-fetcher.txt
│ │ │ google-structured-data-testing-tool.txt
│ │ │ google-weblight-proxy.txt
│ │ │ googlebot-mobile.txt
│ │ │ googlebot.txt
│ │ │ grapeshot-bot.txt
│ │ │ gtmetrix-analyser.txt
│ │ │ httpclient.txt
│ │ │ ibrowser.txt
│ │ │ icab.txt
│ │ │ iceape.txt
│ │ │ iceweasel.txt
│ │ │ internet-archiver-bot.txt
│ │ │ internet-channel.txt
│ │ │ internet-explorer-mobile.txt
│ │ │ internet-explorer.txt
│ │ │ internet-tv-browser.txt
│ │ │ iris.txt
│ │ │ itunes.txt
│ │ │ jakarta-commons-httpclient.txt
│ │ │ java-runtime-environment.txt
│ │ │ javafx-platform.txt
│ │ │ k-meleon.txt
│ │ │ kazehakase.txt
│ │ │ kindle-browser.txt
│ │ │ konqueror.txt
│ │ │ lb-browser.txt
│ │ │ library-for-www-in-perl.txt
│ │ │ light.txt
│ │ │ linkcheck-analyser.txt
│ │ │ links.txt
│ │ │ liquid-mt-browser.txt
│ │ │ lunascape.txt
│ │ │ lynx.txt
│ │ │ majestic-12-distributed-search-bot.txt
│ │ │ maxthon.txt
│ │ │ meanpath-bot.txt
│ │ │ mercury-browser.txt
│ │ │ microsoft-cryptoapi.txt
│ │ │ midori.txt
│ │ │ minefield.txt
│ │ │ mosaic.txt
│ │ │ motorola-internet-browser.txt
│ │ │ msn-bot.txt
│ │ │ msn-media-bot.txt
│ │ │ mvision-player.txt
│ │ │ naenara.txt
│ │ │ netcast.txt
│ │ │ netcraft-web-server-survey.txt
│ │ │ netfront-browser-nx.txt
│ │ │ netfront.txt
│ │ │ netscape-navigator.txt
│ │ │ netsurf.txt
│ │ │ nexplayer.txt
│ │ │ nintendo-browser.txt
│ │ │ nintendo-dsi-browser.txt
│ │ │ nokia-browser.txt
│ │ │ nook-web-browser.txt
│ │ │ nutraspace-search.txt
│ │ │ obigo.txt
│ │ │ office.txt
│ │ │ okhttp.txt
│ │ │ omniweb.txt
│ │ │ onebrowser.txt
│ │ │ onenote.txt
│ │ │ open-webkit-sharp-based-browser.txt
│ │ │ openwave-mobile-browser.txt
│ │ │ opera-mini.txt
│ │ │ opera.txt
│ │ │ orca.txt
│ │ │ outform-digital-display.txt
│ │ │ outlook.txt
│ │ │ ovi.txt
│ │ │ pale-moon.txt
│ │ │ phoenix.txt
│ │ │ pinterest-app.txt
│ │ │ pinterest-bot.txt
│ │ │ playbook-web-browser.txt
│ │ │ playstation-4-browser.txt
│ │ │ powerpoint.txt
│ │ │ pro-engineer-wildfire.txt
│ │ │ proximic-search.txt
│ │ │ puffin.txt
│ │ │ python-urllib.txt
│ │ │ qihoo-360.txt
│ │ │ qq-browser.txt
│ │ │ qqdownload-download-manager.txt
│ │ │ qt-based-browser.txt
│ │ │ qtcarbrowser.txt
│ │ │ qualys-ssl-assessment-scanner.txt
│ │ │ qupzilla.txt
│ │ │ raptr.txt
│ │ │ rekonq.txt
│ │ │ roccat.txt
│ │ │ rockmelt.txt
│ │ │ ruxitsynthetic.txt
│ │ │ safari.txt
│ │ │ safepay.txt
│ │ │ samsung-browser.txt
│ │ │ seamonkey.txt
│ │ │ secondlife.txt
│ │ │ shiretoko.txt
│ │ │ silk.txt
│ │ │ skyfire.txt
│ │ │ slackbot-link-checker.txt
│ │ │ sleipnir.txt
│ │ │ slimbrowser.txt
│ │ │ sogou-explorer.txt
│ │ │ sogou-search-dog.txt
│ │ │ songbird.txt
│ │ │ sony-web-browser.txt
│ │ │ sosospider-search-bot.txt
│ │ │ speedcurve-speed-tester.txt
│ │ │ splash.txt
│ │ │ spraycan.txt
│ │ │ squider-bot.txt
│ │ │ srware-iron.txt
│ │ │ teashark.txt
│ │ │ tencenttraveler.txt
│ │ │ tenfourfox.txt
│ │ │ theworld-browser.txt
│ │ │ thunderbird.txt
│ │ │ topsy-butterfly-robot.txt
│ │ │ tweetmeme-bot.txt
│ │ │ twitter-app.txt
│ │ │ twitterbot.txt
│ │ │ uc-browser.txt
│ │ │ valve-steam-game-overlay.txt
│ │ │ valve-steam-tenfoot-display.txt
│ │ │ vienna.txt
│ │ │ vision-mobile-browser.txt
│ │ │ visual-basic-project.txt
│ │ │ vivaldi.txt
│ │ │ voilabot-beta.txt
│ │ │ voilabot.txt
│ │ │ w3c-css-validator.txt
│ │ │ w3c-link-checker.txt
│ │ │ w3c-validator.txt
│ │ │ w3m.txt
│ │ │ waterfox.txt
│ │ │ webkit-based-browser.txt
│ │ │ weblink-preview.txt
│ │ │ weblink.txt
│ │ │ webos-browser.txt
│ │ │ webpositive.txt
│ │ │ webtv.txt
│ │ │ webview-based-browser.txt
│ │ │ wechat.txt
│ │ │ wget.txt
│ │ │ word.txt
│ │ │ wyzo.txt
│ │ │ yahoo-cache-system.txt
│ │ │ yahoo-slurp-web-crawler-bot.txt
│ │ │ yandex-browser.txt
│ │ │ yandex-search-bot.txt
│ │ │ yodaobot-search-bot.txt
│ │ │
│ │ └─software-type-specific
│ │ analyser.txt
│ │ application.txt
│ │ billboard.txt
│ │ crawler.txt
│ │ download-helper.txt
│ │ in-app-browser.txt
│ │ media-player.txt
│ │ proxy.txt
│ │ security-analyser.txt
│ │ site-monitor.txt
│ │ software-library.txt
│ │ tool.txt
│ │ web-browser.txt
│ │
│ └─XSS
│ XSS-BruteLogic.txt
│ XSS-Bypass-Strings-BruteLogic.txt
│ XSS-Cheat-Sheet-PortSwigger.txt
│ XSS-Jhaddix.txt
│ XSS-OFJAAAH.txt
│ XSS-RSNAKE.txt
│ XSS-Somdev.txt
│ XSS-Vectors-Mario.txt
│ XSS-With-Context-Jhaddix.txt
│ xss-without-parentheses-semi-colons-portswigger.txt
│
├─IOCs
│ kaspersky-careto-C2.txt
│ kaspersky-careto-domains.txt
│ kaspersky-careto-files-no-env-vars.txt
│ kaspersky-careto-files.txt
│ kaspersky-careto-registry.txt
│ README.md
│
├─Miscellaneous
│ │ control-chars.txt
│ │ curl-protocols.txt
│ │ dns-resolvers.txt
│ │ domains-1million-top.txt
│ │ ike-groupid.txt
│ │ lang-english.txt
│ │ lang-french-full.txt
│ │ lang-french-small.txt
│ │ lang-german.txt
│ │ lang-portuguese.txt
│ │ lang-spanish.txt
│ │ pi-large.txt
│ │ schemes.txt
│ │ top-domains-alexa.csv.zip
│ │ top-domains-majestic.csv.zip
│ │ us-cities.txt
│ │ wordlist-skipfish.fuzz.txt
│ │
│ ├─EFF-Dice
│ │ large.txt
│ │ large_words.txt
│ │ README.md
│ │ small_1.txt
│ │ small_1_words.txt
│ │ small_2.txt
│ │ small_2_words.txt
│ │
│ ├─security-question-answers
│ │ │ cities.txt
│ │ │ city-state-country.txt
│ │ │ common-surnames.txt
│ │ │ dates.txt
│ │ │ html-colors.txt
│ │ │ street-names.txt
│ │ │ url-to-download-books.md
│ │ │ zip-codes.txt
│ │ │
│ │ ├─us-colleges
│ │ │ Alabama.txt
│ │ │ Alaska.txt
│ │ │ American.txt
│ │ │ Arizona.txt
│ │ │ Arkansas.txt
│ │ │ Bloomington,.txt
│ │ │ California.txt
│ │ │ Colorado.txt
│ │ │ Connecticut.txt
│ │ │ Delaware.txt
│ │ │ District.txt
│ │ │ Federated.txt
│ │ │ Florida.txt
│ │ │ Georgia.txt
│ │ │ Guam.txt
│ │ │ Honolulu,.txt
│ │ │ Idaho.txt
│ │ │ Illinois.txt
│ │ │ Indiana.txt
│ │ │ Iowa.txt
│ │ │ Kansas.txt
│ │ │ Kentucky.txt
│ │ │ Las.txt
│ │ │ Louisiana.txt
│ │ │ Maine.txt
│ │ │ Marshall.txt
│ │ │ Maryland.txt
│ │ │ Massachusetts.txt
│ │ │ Mississippi.txt
│ │ │ Missouri.txt
│ │ │ Montana.txt
│ │ │ Nebraska.txt
│ │ │ New.txt
│ │ │ North.txt
│ │ │ Northern.txt
│ │ │ Ohio.txt
│ │ │ Oklahoma.txt
│ │ │ Oregon.txt
│ │ │ Palau.txt
│ │ │ Pennsylvania.txt
│ │ │ Provo,.txt
│ │ │ Puerto.txt
│ │ │ Rhode.txt
│ │ │ South.txt
│ │ │ Southfield,.txt
│ │ │ Tennessee.txt
│ │ │ Texas.txt
│ │ │ Vermont.txt
│ │ │ Virgin.txt
│ │ │ Virginia.txt
│ │ │ Washington.txt
│ │ │ West.txt
│ │ │ Wisconsin.txt
│ │ │ Wyoming.txt
│ │ │
│ │ ├─us-private-schools
│ │ │ Alabama-school.txt
│ │ │ Alaska-school.txt
│ │ │ Arizona-school.txt
│ │ │ Arkansas-school.txt
│ │ │ California-school.txt
│ │ │ Colorado-school.txt
│ │ │ Connecticut-school.txt
│ │ │ Delaware-school.txt
│ │ │ Florida-school.txt
│ │ │ Georgia-school.txt
│ │ │ Hawaii-school.txt
│ │ │ Idaho-school.txt
│ │ │ Illinois-school.txt
│ │ │ Indiana-school.txt
│ │ │ Iowa-school.txt
│ │ │ Kansas-school.txt
│ │ │ Kentucky-school.txt
│ │ │ Louisiana-school.txt
│ │ │ Maine-school.txt
│ │ │ Maryland-school.txt
│ │ │ Massachusetts-school.txt
│ │ │ Michigan-school.txt
│ │ │ Minnesota-school.txt
│ │ │ Missouri-school.txt
│ │ │ Montana-school.txt
│ │ │ Nebraska-school.txt
│ │ │ Nevada-school.txt
│ │ │ New-Hampshire-school.txt
│ │ │ New-Jersey-school.txt
│ │ │ New-Mexico-school.txt
│ │ │ New-York-school.txt
│ │ │ North-Carolina-school.txt
│ │ │ North-Dakota-school.txt
│ │ │ Ohio-school.txt
│ │ │ Oklahoma-school.txt
│ │ │ Oregon-school.txt
│ │ │ Pennslyvania-school.txt
│ │ │ Rhode-Island-school.txt
│ │ │ South-Carolina-school.txt
│ │ │ South-Dakota-school.txt
│ │ │ Tennessee-school.txt
│ │ │ Texas-school.txt
│ │ │ Utah-school.txt
│ │ │ Vermont-school.txt
│ │ │ Virginia-school.txt
│ │ │ Washington-DC-school.txt
│ │ │ Washington-school.txt
│ │ │ West-Virginia-school.txt
│ │ │ Wisconsin-school.txt
│ │ │ Wyoming-school.txt
│ │ │
│ │ └─us-public-schools
│ │ Alabama-school.txt
│ │ Alaska-school.txt
│ │ American-Samoa-school.txt
│ │ Arizona-school.txt
│ │ Arkansas-school.txt
│ │ Bureau-of-Indian-Affairs-school.txt
│ │ California-school.txt
│ │ Colorado-school.txt
│ │ Connecticut-school.txt
│ │ Delaware-school.txt
│ │ District-of-Columbia-school.txt
│ │ Florida-school.txt
│ │ Georgia-school.txt
│ │ Guam-school.txt
│ │ Hawaii-school.txt
│ │ Idaho-school.txt
│ │ Illinois-school.txt
│ │ Indiana-school.txt
│ │ Iowa-school.txt
│ │ Kansas-school.txt
│ │ Kentucky-school.txt
│ │ Louisiana-school.txt
│ │ Maine-school.txt
│ │ Maryland-school.txt
│ │ Massachusetts-school.txt
│ │ Michigan-school.txt
│ │ Minnesota-school.txt
│ │ Mississippi-school.txt
│ │ Missouri-school.txt
│ │ Montana-school.txt
│ │ Nebraska-school.txt
│ │ Nevada-school.txt
│ │ New-Hampshire-school.txt
│ │ New-Jersey-school.txt
│ │ New-Mexico-school.txt
│ │ New-York-school.txt
│ │ North-Carolina-school.txt
│ │ North-Dakota-school.txt
│ │ Ohio-school.txt
│ │ Oklahoma-school.txt
│ │ Oregon-school.txt
│ │ Other-school.txt
│ │ Pennsylvania-school.txt
│ │ Puerto-Rico-school.txt
│ │ Rhode-Island-school.txt
│ │ South-Carolina-school.txt
│ │ South-Dakota-school.txt
│ │ Tennessee-school.txt
│ │ Texas-school.txt
│ │ Utah-school.txt
│ │ Vermont-school.txt
│ │ Virgin-Islands-school.txt
│ │ Virginia-school.txt
│ │ Washington-school.txt
│ │ West-Virginia-school.txt
│ │ Wisconsin-school.txt
│ │ Wyoming-school.txt
│ │
│ └─web
│ │ content-type.txt
│ │ html-attributes.txt
│ │ html-events.txt
│ │ html-tags.txt
│ │ keyhacks-api.md
│ │ session-id.txt
│ │
│ └─http-request-headers
│ http-request-headers-common-ip-address.txt
│ http-request-headers-common-non-standard-examples.txt
│ http-request-headers-common-non-standard-fields.txt
│ http-request-headers-common-standard-examples.txt
│ http-request-headers-common-standard-fields.txt
│ http-request-headers-fields-large.txt
│
├─Passwords
│ │ 2020-200_most_used_passwords.txt
│ │ bt4-password.txt
│ │ cirt-default-passwords.txt
│ │ clarkson-university-82.txt
│ │ darkc0de.txt
│ │ darkweb2017-top10.txt
│ │ darkweb2017-top100.txt
│ │ darkweb2017-top1000.txt
│ │ darkweb2017-top10000.txt
│ │ der-postillon.txt
│ │ dutch_common_wordlist.txt
│ │ dutch_passwordlist.txt
│ │ dutch_wordlist
│ │ german_misc.txt
│ │ Keyboard-Combinations.txt
│ │ Most-Popular-Letter-Passes.txt
│ │ mssql-passwords-nansh0u-guardicore.txt
│ │ openwall.net-all.txt
│ │ PHP-Magic-Hashes.txt
│ │ probable-v2-top12000.txt
│ │ probable-v2-top1575.txt
│ │ probable-v2-top207.txt
│ │ README.md
│ │ richelieu-french-top20000.txt
│ │ richelieu-french-top5000.txt
│ │ SCRABBLE-hackerhouse.tgz
│ │ stupid-ones-in-production.txt
│ │ twitter-banned.txt
│ │ unkown-azul.txt
│ │ url-to-download-passwords.md
│ │ UserPassCombo-Jay.txt
│ │ xato-net-10-million-passwords-10.txt
│ │ xato-net-10-million-passwords-100.txt
│ │ xato-net-10-million-passwords-1000.txt
│ │ xato-net-10-million-passwords-10000.txt
│ │ xato-net-10-million-passwords-100000.txt
│ │ xato-net-10-million-passwords-1000000.txt
│ │ xato-net-10-million-passwords-dup.txt
│ │ xato-net-10-million-passwords.txt
│ │
│ ├─BiblePass
│ │ BiblePass_part01.txt
│ │ BiblePass_part02.txt
│ │ BiblePass_part03.txt
│ │ BiblePass_part04.txt
│ │ BiblePass_part05.txt
│ │ BiblePass_part06.txt
│ │ BiblePass_part07.txt
│ │ BiblePass_part08.txt
│ │ BiblePass_part09.txt
│ │ BiblePass_part10.txt
│ │ BiblePass_part11.txt
│ │ BiblePass_part12.txt
│ │ BiblePass_part13.txt
│ │ BiblePass_part14.txt
│ │ BiblePass_part15.txt
│ │ BiblePass_part16.txt
│ │ BiblePass_part17.txt
│ │
│ ├─Common-Credentials
│ │ 10-million-password-list-top-100.txt
│ │ 10-million-password-list-top-1000.txt
│ │ 10-million-password-list-top-10000.txt
│ │ 10-million-password-list-top-100000.txt
│ │ 10-million-password-list-top-1000000.txt
│ │ 10-million-password-list-top-500.txt
│ │ 100k-most-used-passwords-NCSC.txt
│ │ 10k-most-common.txt
│ │ 500-worst-passwords.txt
│ │ best1050.txt
│ │ best110.txt
│ │ best15.txt
│ │ common-passwords-win.txt
│ │ four-digit-pin-codes-sorted-by-frequency-withcount.csv
│ │ medical-devices.txt
│ │ SplashData-2014.txt
│ │ SplashData-2015-1.txt
│ │ SplashData-2015-2.txt
│ │ top-20-common-SSH-passwords.txt
│ │ top-passwords-shortlist.txt
│ │ worst-passwords-2017-top100-slashdata.txt
│ │
│ ├─Cracked-Hashes
│ │ milw0rm-dictionary.txt
│ │
│ ├─Default-Credentials
│ │ db2-betterdefaultpasslist.txt
│ │ default-passwords.csv
│ │ ftp-betterdefaultpasslist.txt
│ │ mssql-betterdefaultpasslist.txt
│ │ mysql-betterdefaultpasslist.txt
│ │ oracle-betterdefaultpasslist.txt
│ │ oracle-ebs-passwordlist.txt
│ │ oracle-ebs-userlist.txt
│ │ postgres-betterdefaultpasslist.txt
│ │ scada-pass.csv
│ │ ssh-betterdefaultpasslist.txt
│ │ telnet-betterdefaultpasslist.txt
│ │ telnet-phenoelit.txt
│ │ tomcat-betterdefaultpasslist.txt
│ │ vnc-betterdefaultpasslist.txt
│ │ windows-betterdefaultpasslist.txt
│ │
│ ├─Honeypot-Captures
│ │ multiplesources-passwords-fabian-fingerle.de.txt
│ │ python-heralding-sep2019.txt
│ │ Sucuri-Top-Wordpress-Passwords.txt
│ │ wordpress-attacks-july2014.txt
│ │
│ ├─Leaked-Databases
│ │ 000webhost.txt
│ │ adobe100.txt
│ │ alleged-gmail-passwords.txt
│ │ Ashley-Madison.txt
│ │ bible-withcount.txt
│ │ bible.txt
│ │ carders.cc.txt
│ │ elitehacker-withcount.txt
│ │ elitehacker.txt
│ │ faithwriters-withcount.txt
│ │ faithwriters.txt
│ │ hak5-withcount.txt
│ │ hak5.txt
│ │ honeynet-withcount.txt
│ │ honeynet.txt
│ │ honeynet2.txt
│ │ hotmail.txt
│ │ izmy.txt
│ │ Lizard-Squad.txt
│ │ md5decryptor-uk.txt
│ │ muslimMatch-withcount.txt
│ │ muslimMatch.txt
│ │ myspace-withcount.txt
│ │ myspace.txt
│ │ NordVPN.txt
│ │ phpbb-cleaned-up.txt
│ │ phpbb-withcount.txt
│ │ phpbb.txt
│ │ porn-unknown-withcount.txt
│ │ porn-unknown.txt
│ │ rockyou-05.txt
│ │ rockyou-10.txt
│ │ rockyou-15.txt
│ │ rockyou-20.txt
│ │ rockyou-25.txt
│ │ rockyou-30.txt
│ │ rockyou-35.txt
│ │ rockyou-40.txt
│ │ rockyou-45.txt
│ │ rockyou-50.txt
│ │ rockyou-55.txt
│ │ rockyou-60.txt
│ │ rockyou-65.txt
│ │ rockyou-70.txt
│ │ rockyou-75.txt
│ │ rockyou-withcount.txt.tar.gz
│ │ rockyou.txt.tar.gz
│ │ singles.org-withcount.txt
│ │ singles.org.txt
│ │ tuscl.txt
│ │ youporn2012-raw.txt
│ │ youporn2012.txt
│ │
│ ├─Malware
│ │ conficker.txt
│ │ mirai-botnet.txt
│ │
│ ├─Permutations
│ │ 1337speak.txt
│ │ korelogic-password.txt
│ │ password-permutations.txt
│ │
│ ├─Software
│ │ cain-and-abel.txt
│ │ john-the-ripper.txt
│ │
│ └─WiFi-WPA
│ probable-v2-wpa-top447.txt
│ probable-v2-wpa-top4800.txt
│ probable-v2-wpa-top62.txt
│
├─Pattern-Matching
│ │ dangerous-functions-angular.txt
│ │ errors.txt
│ │ grepstrings-auditing-php.md
│ │ grepstrings-basic.txt
│ │ malicious.txt
│ │ pcap-strings.txt
│ │ php-magic-hashes-whitehatsec.txt
│ │ README.md
│ │ repo-scan.txt
│ │ thickclient-basic.txt
│ │
│ └─Source-Code-(PHP)
│ php-auditing.txt
│
├─Payloads
│ │ README.md
│ │
│ ├─Anti-Virus
│ │ eicar-com.txt
│ │
│ ├─File-Names
│ │ ├─exec
│ │ │ Hello$(hostname)World.txt
│ │ │ Hello`hostname`World.txt
│ │ │
│ │ ├─max-length
│ │ │ make-255.sh
│ │ │
│ │ ├─null-byte
│ │ │ Hello%00World.txt
│ │ │ Hello.php%00World.txt
│ │ │
│ │ └─traversal
│ │ ..;
│ │ ..;_
│ │ .._;
│ │ ..__..__;
│ │ ..__;
│ │ .;
│ │ .;_
│ │ ._.._
│ │ ._.._;
│ │ ._;
│ │ ;
│ │ ;_
│ │ _.._;
│ │ _;
│ │ __..__;
│ │
│ ├─Flash
│ │ xssproject.swf
│ │
│ ├─Images
│ │ lottapixel.jpg
│ │ uber.gif
│ │
│ ├─PHPInfo
│ │ make-aio.sh
│ │ phpinfo-aio.tar
│ │ phpinfo-aio.zip
│ │ phpinfo-metadata.gif
│ │ phpinfo-metadata.jpg
│ │ phpinfo-shortsyntax.php
│ │ phpinfo.''gif
│ │ phpinfo.'gif
│ │ phpinfo.jpg.php
│ │ phpinfo.php
│ │ phpinfo.php-1.gif
│ │ phpinfo.php-2.gif
│ │ phpinfo.php.''gif
│ │ phpinfo.php.'gif
│ │ phpinfo.php._gif
│ │ phpinfo.php.__gif
│ │ phpinfo.php3
│ │ phpinfo.php4
│ │ phpinfo.php5
│ │ phpinfo.php7
│ │ phpinfo.php;.txt
│ │ phpinfo.phpt
│ │ phpinfo.pht
│ │ phpinfo.phtml
│ │ phpinfo.txt
│ │ phpinfo._gif
│ │ phpinfo.__gif
│ │
│ ├─Zip-Bombs
│ │ 338.zip
│ │ 42-password-42.zip
│ │ 42-passwordless.zip
│ │ droste.zip
│ │ r.gz
│ │ r.tar.gz
│ │ r.zip
│ │ zblg.zip
│ │ zbsm.zip
│ │ zbxl.zip
│ │ zip-bomb.zip
│ │
│ └─Zip-Traversal
│ depth-00.zip
│ depth-01.zip
│ depth-02.zip
│ depth-03.zip
│ depth-04.zip
│ depth-05.zip
│ depth-06.zip
│ depth-07.zip
│ depth-08.zip
│ depth-09.zip
│ depth-10.zip
│ index.php
│ make.py
│
├─Usernames
│ │ cirt-default-usernames.txt
│ │ CommonAdminBase64.txt
│ │ mssql-usernames-nansh0u-guardicore.txt
│ │ README.md
│ │ sap-default-usernames.txt
│ │ top-usernames-shortlist.txt
│ │ xato-net-10-million-usernames-dup.txt
│ │ xato-net-10-million-usernames.txt
│ │
│ ├─Honeypot-Captures
│ │ multiplesources-users-fabian-fingerle.de.txt
│ │
│ └─Names
│ familynames-usa-top1000.txt
│ femalenames-usa-top1000.txt
│ malenames-usa-top1000.txt
│ names.txt
│
└─Web-Shells
│ backdoor_list.txt
│
├─CFM
│ shell.cfm.html
│
├─FuzzDB
│ cmd-simple.php
│ cmd.aspx
│ cmd.jsp
│ cmd.php
│ cmd.sh
│ list.jsp
│ list.php
│ list.sh
│ nc.exe
│ reverse.jsp
│ up.php
│ up.sh
│
├─JSP
│ simple-shell.jsp
│
├─laudanum-0.8
│ │ CREDITS
│ │ GPL
│ │ README
│ │
│ ├─asp
│ │ dns.asp
│ │ file.asp
│ │ proxy.asp
│ │ shell.asp
│ │
│ ├─aspx
│ │ dns.aspx
│ │ file.aspx
│ │ shell.aspx
│ │
│ ├─cfm
│ │ shell.cfm
│ │
│ ├─jsp
│ │ │ cmd.war
│ │ │ makewar.sh
│ │ │
│ │ └─warfiles
│ │ │ cmd.jsp
│ │ │
│ │ ├─META-INF
│ │ │ MANIFEST.MF
│ │ │
│ │ └─WEB-INF
│ │ web.xml
│ │
│ └─php
│ dns.php
│ file.php
│ php-reverse-shell.php
│ proxy.php
│ shell.php
│
├─Magento
│ newadmin-Inchoo.php
│ newadmin-KINKCreative.php
│
├─PHP
│ obfuscated-phpshell.php
│
└─WordPress
bypass-login.php
plugin-shell.php
SecLists大小
Install
Zip
wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& unzip SecList.zip \
&& rm -f SecList.zip
Git (Small)
git clone --depth 1 \
https://github.com/danielmiessler/SecLists.git
Git (Complete)
git clone https://github.com/danielmiessler/SecLists.git
Kali Linux
apt -y install seclists
当然,有想了解更多或者遇到无法解决的问题的时候,欢迎各位进企鹅🐧聊天群交流讨论!615555402