mirror of https://github.com/danielmiessler/SecLists synced 2026-02-16 20:44:55 +01:00

History

github-actions[bot] 973edcd757 [Github Action] Automated trickest wordlists update.		2025-04-17 11:03:25 +00:00
..
api
BurpSuite-ParamMiner
CMS	[Github Action] Automated trickest wordlists update.	2025-04-17 10:04:29 +00:00
Domino-Hunter
dutch
File-Extensions-Universal-SVNDigger-Project
LEGACY-SERVICES
Programming-Language-Specific
Service-Specific
trickest-robots-disallowed-wordlists	[Github Action] Automated trickest wordlists update.	2025-04-17 11:03:25 +00:00
URLs
Web-Servers
AdobeXML.fuzz.txt
big.txt
burp-parameter-names.txt
coldfusion.txt
combined_directories.txt	[Github Action] Updated combined_directories.txt	2025-03-21 22:31:27 +00:00
combined_words.txt	[Github Action] Updated combined_words.txt	2025-03-22 00:04:38 +00:00
common-and-dutch.txt
common-and-french.txt
common-and-italian.txt
common-and-portuguese.txt
common-and-spanish.txt
common-api-endpoints-mazen160.txt
Common-DB-Backups.txt
common.txt	chore(cicd): Removed manual trigger	2025-03-21 19:25:22 -03:00
common_directories.txt
default-web-root-directory-linux.txt
default-web-root-directory-windows.txt
directory-list-1.0.txt
directory-list-2.3-big.txt
directory-list-2.3-medium.txt
directory-list-2.3-small.txt
directory-list-lowercase-2.3-big.txt
directory-list-lowercase-2.3-medium.txt
directory-list-lowercase-2.3-small.txt
domino-dirs-coldfusion39.txt
domino-endpoints-coldfusion39.txt
dsstorewordlist.txt
graphql.txt
hashicorp-consul-api.txt
hashicorp-vault.txt
JavaScript-Miners.txt
JavaServlets-Common.fuzz.txt
LinuxFileList.txt
Logins.fuzz.txt
Microsoft-Frontpage.txt
netware.txt
ntlm-directories.txt
oauth-oidc-scopes.txt
Oracle9i.fuzz.txt
OracleAppServer.fuzz.txt
Passwords.fuzz.txt
Proxy-Auto-Configuration-Files.txt
Public-Source-Repo-Issues.json
quickhits.txt
raft-large-directories-lowercase.txt
raft-large-directories.txt
raft-large-extensions-lowercase.txt
raft-large-extensions.txt
raft-large-files-lowercase.txt
raft-large-files.txt
raft-large-words-lowercase.txt
raft-large-words.txt
raft-medium-directories-lowercase.txt
raft-medium-directories.txt
raft-medium-extensions-lowercase.txt
raft-medium-extensions.txt
raft-medium-files-lowercase.txt
raft-medium-files.txt
raft-medium-words-lowercase.txt
raft-medium-words.txt
raft-small-directories-lowercase.txt
raft-small-directories.txt
raft-small-extensions-lowercase.txt
raft-small-extensions.txt
raft-small-files-lowercase.txt
raft-small-files.txt
raft-small-words-lowercase.txt
raft-small-words.txt
README.md	fix(docs): Fixed bad formatting on Discovery/Web-Content readme	2025-04-16 18:11:52 -03:00
reverse-proxy-inconsistencies.txt
Roundcube-123.txt
rssfeed-files.txt
sap-analytics-cloud.txt
SAP-NetWeaver.txt
SOAP-functions.txt
tftp.fuzz.txt
UnixDotfiles.fuzz.txt
uri-from-top-55-most-popular-apps.txt
url-params_from-top-55-most-popular-apps.txt
versioning_metafiles.txt
vulnerability-scan_j2ee-websites_WEB-INF.txt
web-all-content-types.txt	Update web-all-content-types.txt	2025-04-11 15:12:45 +02:00
web-extensions-big.txt
web-extensions.txt
web-mutations.txt
wso2-enterprise-integrator.txt

README.md

Web discovery wordlists

AdobeXML.fuzz.txt

Use for: Discovering sensitive filepaths of Adobe ColdFusion

Creation date: Aug 27, 2012

No updates have been made to this wordlist since its creation.

raft-* wordlists

Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications.

Source: Google's RAFT

combined_words.txt

Use for: discovering files
This list is automatically updated by a github action whenever any of the lists it's composed by is modified.

This list is a combination of the following wordlists:

big.txt
common.txt
raft-large-words-lowercase.txt
raft-large-words.txt
raft-medium-words-lowercase.txt
raft-medium-words.txt
raft-small-words-lowercase.txt
raft-small-words.txt

combined_directories.txt

Use for: discovering files and directories

This list is automatically updated by a github action whenever any of the lists it's composed by is modified.

These are the wordlists that compose this wordlist:

apache.txt
combined_words.txt
directory-list-1.0.txt
directory-list-2.3-big.txt
directory-list-2.3-medium.txt
directory-list-2.3-small.txt
raft-large-directories-lowercase.txt
raft-large-directories.txt
raft-medium-directories-lowercase.txt
raft-medium-directories.txt
raft-small-directories-lowercase.txt
raft-small-directories.txt
common_directories.txt

dsstorewordlist.txt

Use for: discovering files and directories

This wordlist was collected by parsing Alexa top-million sites for .DS_Store files, extracting all the found files, and then extracting found file and directory names from around 300k real websites. The files were then sorted by probability and one-occurrence strings were removed.

Source: https://github.com/aels/subdirectories-discover

vulnerability-scan_j2ee-websites_WEB-INF.txt

Use for: discovering sensitive j2ee files exploiting a lfi

References:

Microsoft-Frontpage.txt

Use for: Fuzzing for common filepaths in webpages designed with Microsoft Frontpage

Year of the first release of Microsoft Frontpage: 1997

Year of the last release of Microsoft Frontpage: 2003

Date of last update: Oct 14, 2010

graphql.txt

Use for: Fuzzing for common filepaths in webpages that use the GraphQL Query Language

reverse-proxy-inconsistencies.txt

Use for: Detecting the backend admin/console interfaces and tomcat manager interfaces hiding behind reverse proxies by leveraging inconsistencies in how certain requests are handled.

See: A fresh look on reverse proxy related attacks | acunetix.com | Aleksei Tiurin | 2019-01-22