SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
The dirbuster wordlists were made in 2007, and are now considered obsolete. Instead, these wordlists are recommended for testing modern web environments:
Discovery/Web-Content/combined_words.txt
Discovery/Web-Content/combined_directories.txt
Both of these wordlists are composed of various other wordlists in that same directory, and are automatically updated whenever one of their components is modified. For more information see the README.md for Discovery/Web-Content.
The dirbuster wordlists will remain contained in SecLists, but they now have the DirBuster-2007 prefix to highlight their age.
๐ Dangerous SQLi payloads
The SQL Injection wordlists contained in Fuzzing/Databases/SQLi are not safe to use on production environments. Many of those wordlists contain potentially destructive queries which may permanently delete data on any databases they're used on. A warning has been added to the README.md for that directory. For more information see issue #1011
New content
โจ feat(wordlist): Created Active Directory wordlist (PR #1224)
โจ feat(docs): Added "GENOVEVA" tool to readme (PR #1200)
โจ feat(docs): Added alternative reference to docs
โจ feat(docs): Added documentation for the 'cirt-net_collection.txt' wordlist
โจ feat(docs): Added documentation for the 'Java-Spring-Boot.txt' wordlist
โจ feat(docs): Added documentation for the 'xato-net-10-million-passwords' wordlists
โจ feat(wordlist): Added 'encryptionkeys' directory to 'common_directories.txt'
โจ feat(wordlist): Added /etc/apache2/.htpasswd to LFI fuzzing lists (PR #1223)
โจ feat(wordlist): Added a dictionary for Model Context Protocol server discovery. (PR #1216)
โจ feat(wordlist): Added common Spanish names and words (PR #1199)
โจ feat(wordlist): Added default SSH password "padmin:padmin" for IBM Power Systems (PR #1211)
โจ feat(wordlist): Added IANA mime-types to "web-all-content-types.txt" (PR #1204)
โจ feat(wordlist): Added mcp-server.txt entries to common.txt
โจ feat(wordlist): Added more OBEX common filenames and cleaned OBEX wordlists (PR #1249)
โจ feat(wordlist): Added more permutations to 'common_directories.txt'
โจ feat(wordlist): Added more swagger endpoints (PR #1219)
โจ feat(wordlist): Added new payload to 'SAP' wordlist (PR #1196)
โจ feat(wordlist): Added prefixes to deal with Java-Spring-Boot being behind spring-cloud-gateway (PR #1220)