New
2025.1
๐ The first release of 2025! ๐ Lead Contributor: @ItsIgnacioPortal
Highlights
This release adds new documentation for many wordlists. Duplicate and obsolete wordlists have been removed, and the following new wordlist has been incorporated into the project:
- ๐
2024-200_most_used_passwords.txt
The Discovery/Web-Content/trickest-robots-disallowed-wordlists/top-10000.txt wordlist has been fixed, which caused problems when cloning the project on Windows. (#397)
The .fuzz suffix has been removed from many more wordlists, improving clarity in the wordlist filenames.
A great number of wordlists have been properly categorized, improving the overall usability of Seclists.
Full Changelog
๐ New content
- ๐ feat(wordlist): Add filepaths for testing Single-page applications. (#1159)
- ๐ feat(wordlist): Add IIS default page and image files. (#1158)
- ๐ feat(wordlist): Added '2024-200_most_used_passwords.txt' wordlist
- ๐ feat(wordlist): Added 'daloradius' to common.txt
- ๐ feat(wordlist): Added 'Web-Server' prefix to wordlist filenames
- ๐ feat(wordlist): Added missing words in API 'actions' wordlists
- ๐ feat(wordlist): Added more endpoints to common.txt
- ๐ feat(wordlist): Added more LLM data-leakage payloads
- ๐ feat(wordlist): Added more subdomains to 'combined_subdomains.txt'
- ๐ feat(wordlist): Added protobuf mimetypes
- ๐ feat(wordlist): Expanded the List-Of-Swear-Words "fr-CA-u-sd-caqc.txt" wordlist
- ๐ feat(wordlist): Greatly improved "Amounts" wordlists
- ๐ feat(wordlist): Update spring-boot.txt to v2.1.7
๐ Fixes & Improvements
- ๐ feat(docs): Improved formatting of the PR template.
- ๐ feat(docs): Replace repository details with badges for better visibility.
- ๐ fix(cicd): Fixed line-ending normalization on "remote-wordlists-updater.yml"
- ๐ fix(wordlist): Fixed bad formatting in raft-* wordlists
- ๐ chore(docs): Removed '.fuzz' from multiple wordlist filenames
๐ Documentation
- ๐ feat(docs): Added documentation for 'AdobeCQ-AEM.txt' wordlist
- ๐ feat(docs): Added documentation for 'AdobeXML.fuzz.txt' wordlist
- ๐ feat(docs): Added documentation for 'Apache-Axis.txt' wordlist
- ๐ feat(docs): Added documentation for 'Apache.fuzz.txt' wordlist
- ๐ feat(docs): Added documentation for 'ApacheTomcat.fuzz.txt' wordlist
- ๐ feat(docs): Added documentation for 'CGI-HTTP-POST-Windows.fuzz.txt' wordlist
- ๐ feat(docs): Added documentation for 'CGI-HTTP-POST.fuzz.txt' wordlist
- ๐ feat(docs): Added documentation for 'CGI-Microsoft.fuzz.txt' wordlist
- ๐ feat(docs): Added documentation for 'Frontpage.fuzz.txt' wordlist
- ๐ feat(docs): Added documentation for 'fully-qualified-java-classes.txt' wordlist
- ๐ feat(docs): Added documentation for 'IIS-POST.txt'
- ๐ feat(docs): Added documentation for 'iis-systemweb.txt' wordlist
- ๐ feat(docs): Added documentation for 'iplanet.txt' wordlist
- ๐ feat(docs): Added documentation for 'JBoss.txt' wordlist
- ๐ feat(docs): Added documentation for 'Keycloak-Identity-Access-Management.txt'
- ๐ feat(docs): Added documentation for 'Microsoft-Forefront-Identity-Manager.txt' wordlist
- ๐ feat(docs): Added documentation for 'Oracle-EBS-wordlist.txt' wordlist
- ๐ feat(docs): Added documentation for 'Oracle-WebLogic.txt'
- ๐ feat(docs): Added documentation for 'raft-*' wordlists
- ๐ feat(docs): Added documentation for 'reverse-proxy-inconsistencies.txt'
- ๐ feat(docs): Added documentation for 'Web-Server-Glassfish-Sun-Microsystems.txt' wordlist
- ๐ feat(docs): Added documentation for the 'graphql.txt' wordlist
- ๐ feat(docs): Added note about outdated contents for the 'AdobeCQ-AEM.txt' wordlist
๐ชฆ Removed content
- ๐ชฆ chore(wordlist): Removed 'KitchensinkDirectories.fuzz.txt' wordlist
- ๐ชฆ chore(wordlist): Removed 'Randomfiles.fuzz.txt' wordlist
- ๐ชฆ chore(wordlist): Removed 'tests.txt' wordlist
- ๐ชฆ chore(wordlist): Removed 'Vignette.fuzz.txt' wordlist
- ๐ชฆ chore(wordlist): Removed BiblePass project
- ๐ชฆ chore(wordlist): Removed duplicate wordlist '500-worst-passwords.txt'
- ๐ชฆ chore(wordlist): Removed duplicate wordlist 'without_spaces.txt'
- ๐ชฆ chore(wordlist): Removed obsolete 'dirsearch.txt' wordlist
- ๐ชฆ chore(wordlist): Removed obsolete 'IBM Lotus iNotes' wordlist
- ๐ชฆ chore(wordlist): Removed obsolete hyperion wordlists
- ๐ชฆ chore(wordlist): Removed obsolete IOCs wordlists
- ๐ชฆ fix(wordlist): Removed 'FatwireCMS.fuzz.txt' wordlist
- ๐ชฆ fix(wordlist): Removed 'fnf-fuzz.txt' wordlist
- ๐ชฆ fix(wordlist): Removed duplicate wordlist 'iplanet.txt'
- ๐ชฆ fix(wordlist): Removed duplicate wordlist 'jrun.txt'
- ๐ชฆ fix(wordlist): Removed duplicate wordlist 'sunas.txt'
๐ Other changes
- ๐ chore(wordlist): Moved CGI wordlists into the 'LEGACY-SERVICES/CGIs' directory
- ๐ feat(docs): Moved programming-language-specific wordlists into their own directory
- ๐ feat(docs): Moved Web-Server wordlists into their own directory
- ๐ feat(docs): Removed mis-categorized 'Web-Services' folder
- ๐ feat(docs): Renamed 'axis.txt' to 'Apache-Axis.txt'
- ๐ feat(docs): Renamed 'SVNDigger' folder to a more descriptive folder name
- ๐ fix(cicd): Added automatic clean-up to wordlist updater
- ๐ fix(cicd): Fixed crash on "remote-wordlists-updater.yml"
- ๐ fix(docs): Added "Ignacio Portal" to the project credits.
- ๐ fix(docs): Moved 'AdobeCQ-AEM.txt' into the CMS directory
- ๐ fix(docs): Moved 'aem2.txt' into the CMS directory
- ๐ fix(docs): Moved 'axis.txt' into the Web-Servers directory
- ๐ fix(docs): Moved 'Confluence-Administration.txt' into the Service-Specific directory
- ๐ fix(docs): Moved 'forefront-identity-management.txt' into the Service-Specific directory
- ๐ fix(docs): Moved 'jboss.txt' into the Web-Servers directory
- ๐ fix(docs): Moved 'Jenkins-Hudson.txt' into the Service-Specific directory
- ๐ fix(docs): Moved 'nginx.txt' into the Web-Servers directory
- ๐ fix(docs): Moved 'Oracle-EBS-wordlist.txt' into the CMS directory
- ๐ fix(docs): Moved 'sharepoint-ennumeration.txt' into the CMS directory
- ๐ fix(docs): Moved 'spring-boot.txt' into the Programming-Language-Specific directory
- ๐ fix(docs): Moved 'swagger.txt' into the Service-Specific directory
- ๐ fix(wordlist): Merged duplicate 'Apache Tomcat' wordlists
- ๐ fix(wordlist): Merged duplicate Apache wordlists
- ๐ fix(wordlist): Merged duplicate Microsoft Frontpage wordlists
- ๐ fix(wordlist): Merged duplicate Oracle EBS wordlists
- ๐ fix(wordlist): Merged duplicate Sharepoint wordlists
- ๐ fix(wordlist): Moved 'HTTP-POST-Microsoft.fuzz.txt' into 'Web-Servers\IIS-POST.txt'
- ๐ fix(wordlist): Moved 'pulsesecure.txt' into 'Service-Specific\PulseSecure-VPN.txt'
- ๐ fix(wordlist): Moved 'websphere.txt' into 'Service-Specific\IBM-WebSphere-Application-Server.txt'
- ๐ fix(wordlist): Moved *200_most_used_passwords to Common-Credentials directory
- ๐ fix(wordlist): Removed duplicates from '2024-200_most_used_passwords.txt' wordlist
- ๐ fix(wordlist): Removed redundant linejumps from CommonAdminBase64.txt
- ๐ fix(wordlist): Renamed '2024-200_most_used_passwords.txt' to '2024-197_most_used_passwords.txt'
- ๐ fix(wordlist): Renamed 'hpsmh.txt' to 'HP-System-Management-Homepage.txt'
Shout-out to: @curiv, @emmanuelgautier, @goosvorbook, @guillermodotn, @eltociear, @ivan-sincek, @jorelpaddick, @jthack, @NihaoKangkang, @mtremr, @napz99, @ola456, @onurkarasalihoglu, @cosad3s, and @V0idSeek3r
๐ฅ Thank you everyone <3