Seclists.org

Disclaimer: SecLists is intended for educational purposes and authorized security testing only. Using these lists against systems you do not own or have permission to test is illegal.

| Feature | Description | |---------|-------------| | | RockYou, 10-million password list, common passwords, default credentials | | Usernames | Top usernames, common admin names, names from breaches | | Subdomains | Massive subdomain lists (from DNS dumpster, common names, etc.) | | Fuzzing | SQLi, XSS, LFI, XXE, and other injection payloads | | Web Content | Directory/file brute-force lists (common directories, backup files, logs, etc.) | | Pattern Matching | Regex patterns for credit cards, SSNs, API keys, etc. | | Misc | User-agents, fuzzing strings, secrets, and RT (real-time) wordlists | seclists.org

SecLists remains the most balanced choice for all-around testing. | | Misc | User-agents, fuzzing strings, secrets,