Awesome Wordlists

A curated list of wordlists for brute-forcing and fuzzing.

Contents

• Lists of Lists
• Enumeration
• Emails
• Passwords
• Usernames
• Vulnerabilities
• Portuguese Wordlists
• Other Non-English Wordlists
• Miscellaneous

Lists of Lists

• SecLists - Collection of useful wordlists grouped by context.
• Xajkep's Wordlists - Wordlists curated by Xajkep grouped by context.
• Bug-Bounty-Wordlists - A repository that includes all the important wordlists used while bug hunting.
• OneListForAll - Massive consolidated wordlist for multiple offensive security use cases.

Enumeration

• Dirbuster Wordlists - Dirbuster's default directories wordlists.
• Dirb Wordlists - Dirb's default wordlists.
• ws-dirs - Wfuzz webservices directories wordlist.
• ws-files - Wfuzz webservices files wordlist.
• Directories - Xajkep's directories wordlist.
• Backup files - Xajkep's backup files wordlist.
• Backup files with path - Xajkep's backup files with paths.
• n0kovo_subdomains - An extremely effective subdomain wordlist of 3,000,000 lines, crafted by harvesting SSL certs from the entire IPv4 space.
• api_wordlist - API endpoints and routes wordlist for API discovery.
• AWS S3 Bucket Wordlist - Wordlist for discovering AWS S3 bucket names.

Emails

• Xajkep's Email Providers - Email providers from Xajkep's repository.

Passwords

• RockYou - The go-to wordlist for passwords.
• WPA-Length Passwords - Passwords with WPA length.
• SecLists' Passwords - Password wordlists from SecLists.
• CrackStation - CrackStation's password wordlist.
• Active-Directory-Wordlists' Passwords - Most common Active Directory passwords.
• Weakpass - Collection of more than 1500 password wordlists with torrent links for faster downloads.
• vie_wpa2_pw - Regional (Vietnam) WPA2 wordlists and hashcat rules.

Usernames

• SecLists' Usernames - Username wordlists from SecLists.
• Active-Directory-Wordlists' Users - Most common Active Directory usernames.
• fbnames - Names of Facebook users from 2010.

Vulnerabilities

• NoSQL-Injection Wordlist - List of payloads to test NoSQL injections.
• FuzzDB - Large collection of attack patterns, predictable resources, and fuzzing payloads.
• PayloadsAllTheThings - Extensive payload collection for testing many vulnerability classes.

Portuguese Wordlists

• Dadoware - Regular Portuguese words.
• words-pt - Regular Portuguese words.
• br-wordlist - Brazilian password wordlist.
• BRDumps - Localized tools and wordlists for Brazilian Portuguese passwords.

Other Non-English Wordlists

• French Wordlists - Collection of French wordlists.
• danish-wordlists - Collection of Danish base wordlists.
• albanian-wordlist - Albanian wordlist with a mix of names, last names, and Albanian literature.
• medical-wordlist - Medical wordlists in English, French, and Ukrainian languages for spell checking.

Miscellaneous

• Probable-Wordlists - Research on several types of wordlists.
• Kali Wordlists - Kali Linux's default wordlists.
• Blog g0tmi1k - G0tmi1k's post on what makes a good dictionary.
• Skull Security Passwords - Skull Security's password lists.
• Trickest Wordlists - Real-world infosec wordlists, updated regularly.
• Assetnote Wordlists - Automated and manual wordlists provided by Assetnote.

Contributing

See contributing.md for guidelines on how to contribute.