SecLists : SecLists 是安全测试员工作伴侣。该仓库整理了大量用于安全测试的清单集合，清单中包括弱口令，常用用户名，敏感数据特征码、模糊测试载荷等。

About SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

This project is maintained by Daniel Miessler, Jason Haddix, Ignacio Portal and g0tmi1k.

Repository details

Install

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip && unzip SecList.zip && rm -f SecList.zip

Git: No commit history (faster)

git clone --depth 1 https://github.com/danielmiessler/SecLists.git

Git: Complete

git clone https://github.com/danielmiessler/SecLists.git

Kali Linux (Tool Page)

apt -y install seclists

BlackArch (Tool Page)

sudo pacman -S seclists

Attribution

See CONTRIBUTORS.md

Contributing

See CONTRIBUTING.md

Similar Projects

Assetnote Wordlists: High quality wordlists for content and subdomain discovery which are automatically updated every month.
fuzz.txt: Wordlists of "potentially dangerous" files.
FuzzDB: Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
BiblePass: Wordlists compiled from Bible verses
SamLists: Data-driven wordlists containing HTTP parameter names, directory names and filenames.

Wordlist Tools

Cook: A wordlist framework. An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.
Wl: CLI utility for converting strings to a given casing style.
CeWL: Custom Word List generator.

Licensing

This project is licensed under the MIT license.

^{NOTE: Downloading this repository is likely to cause a false-positive alarm by your anti-virus or anti-malware software, the filepath should be whitelisted. There is nothing in SecLists that can harm your computer as-is, however it's not recommended to store these files on a server or other important system due to the risk of local file include attacks.}

MIT License Copyright (c) 2018 Daniel Miessler Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.