SecLists – Security Tester’s Companion

November 8, 2018 Hacking, Security Leave a comment

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed.

SecLists Usage Example

root@kali:~# ls -lh /usr/share/seclists/
total 40K
drwxr-xr-x  6 root root 4.0K Mar 23 09:56 Discovery
drwxr-xr-x  3 root root 4.0K Mar 23 09:56 Fuzzing
drwxr-xr-x  2 root root 4.0K Mar 23 09:56 IOCs
drwxr-xr-x  2 root root 4.0K Mar 23 09:56 Miscellaneous
drwxr-xr-x 11 root root 4.0K Mar 23 09:56 Passwords
drwxr-xr-x  2 root root 4.0K Mar 23 09:56 Pattern-Matching
drwxr-xr-x  7 root root 4.0K Mar 23 09:56 Payloads
-rwxr-xr-x  1 root root 3.5K Mar  7 16:02 README.md
drwxr-xr-x  4 root root 4.0K Mar 23 09:56 Usernames
drwxr-xr-x  7 root root 4.0K Mar 23 09:56 Web-Shells
root@kali:~#
root@kali:~# tree -d /usr/share/seclists/
/usr/share/seclists/
├── Discovery
│   ├── DNS
│   ├── Infrastructure
│   ├── SNMP
│   └── Web-Content
│       ├── CMS
│       ├── SVNDigger
│       │   ├── cat
│       │   │   ├── Conf
│       │   │   ├── Database
│       │   │   ├── Language
│       │   │   └── Project
│       │   └── context
│       ├── URLs
│       └── Web-Services
├── Fuzzing
│   └── Polyglots
├── IOCs
├── Miscellaneous
├── Passwords
│   ├── Common-Credentials
│   ├── Cracked-Hashes
│   ├── Default-Credentials
│   ├── Honeypot-Captures
│   ├── Leaked-Databases
│   ├── Malware
│   ├── Permutations
│   ├── Software
│   └── WiFi-WPA
├── Pattern-Matching
├── Payloads
│   ├── Anti-Virus
│   ├── File-Names
│   ├── Images
│   ├── PHPInfo
│   └── Zip-Bombs
├── Usernames
│   ├── Honeypot-Captures
│   └── Names
└── Web-Shells
    ├── FuzzDB
    ├── JSP
    ├── laudanum-0.8
    │   ├── asp
    │   ├── aspx
    │   ├── cfm
    │   ├── jsp
    │   │   └── warfiles
    │   │       ├── META-INF
    │   │       └── WEB-INF
    │   └── php
    ├── PHP
    └── WordPress

53 directories
root@kali:~#

Source:

Author: Daniel Miessler & Jason Haddix

License: MIT

Check Also

SamSam Ransomware

SamSam Ransomware

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the …

New Exploits for Unsecure SAP Systems - blackMORE Ops

New Exploits for Unsecure SAP Systems

A presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet, as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit tools, termed “10KBLAZE.” The presentation detailed the new exploit tools and reports on systems exposed to the internet.

Use WordPress.com, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed). Leave your solution to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Designed by blackMORE Ops
© Copyright 2023, All Rights Reserved

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.

Facebook