back to home

danielmiessler / SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

68,992 stars
24,913 forks
9 issues
PHPPythonClassic ASP
Chat with CodebaseArchitecture ScanSecurity AuditExplain Codebase

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing danielmiessler/SecLists in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Click here to launch the interactive analysis workspace

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind-ai.vercel.app/repo/danielmiessler/SecLists)
Preview:Analyzed by RepoMind

Repository Summary (README)

Preview
<div align="center"> <a href="https://go.warp.dev/seclists" target="_blank"> <sup>Special thanks to:</sup> <br> <img alt="Warp sponsorship" width="400" src="https://github.com/warpdotdev/brand-assets/blob/main/Github/Sponsor/Warp-Github-LG-02.png"> <br> <h>Warp, built for coding with multiple AI agents</b> <br> <sup>Available for macOS, Linux and Windows</sup> </a> </div> </div>

Project logo

About SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

This project is maintained by Daniel Miessler, Jason Haddix, Ignacio Portal and g0tmi1k.

Repository details

Repo size

<!-- This badge is automatically updated by a GitHub Action. Do not edit manually. -->

Approx cloning time

Install

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip && unzip SecList.zip && rm -f SecList.zip

Git: No commit history (faster)

git clone --depth 1 https://github.com/danielmiessler/SecLists.git

Git: Complete

git clone https://github.com/danielmiessler/SecLists.git

Kali Linux (Tool Page)

apt -y install seclists

BlackArch (Tool Page)

sudo pacman -S seclists

Attribution

See CONTRIBUTORS.md

Contributing

See CONTRIBUTING.md

Similar Projects

  • Assetnote Wordlists: High quality wordlists for content and subdomain discovery which are automatically updated every month.
  • fuzz.txt: Wordlists of "potentially dangerous" files.
  • FuzzDB: Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
  • BiblePass: Wordlists compiled from Bible verses
  • SamLists: Data-driven wordlists containing HTTP parameter names, directory names and filenames.

Wordlist Tools

  • Cook: A wordlist framework. An overpowered wordlist generator, splitter, merger, finder and saver. Cook facilitates the creation of permutations and combinations with a variety of encodings and many more features.
  • Wl: CLI utility for converting strings to a given casing style.
  • CeWL: Custom Word List generator.
  • Genoveva: From a word list, it generates up to 17,335,754 combinations per word, mixing lowercase, capitalized, uppercase, full and partial L33T (for each vowel and "s"), reverse, numbers from 1 to 4 digits, dates in mmddyyyy format from 1950 to 2030, date format mmddyy, symbols at the end, symbols between name and date...

Also checkout the .bin directory in this repository. We have a number of wordlist generators and mutators there.

๐Ÿ’œ Support This Project

<div align="center">

<a href="https://github.com/sponsors/danielmiessler"><img src="https://img.shields.io/badge/Sponsor%20danielmiessler-โค๏ธ-EA4AAA?style=for-the-badge&logo=github-sponsors&logoColor=white" alt="Sponsor danielmiessler"></a> <a href="https://github.com/sponsors/ItsIgnacioPortal"><img src="https://img.shields.io/badge/Sponsor%20ItsIgnacioPortal-โค๏ธ-EA4AAA?style=for-the-badge&logo=github-sponsors&logoColor=white" alt="Sponsor ItsIgnacioPortal"></a>

We spend hundreds of hours a year on open source. If you'd like to help support this project, you can sponsor us here:
danielmiessler ยท ItsIgnacioPortal ๐Ÿ™๐Ÿผ

</div>

Licensing

This project is licensed under the MIT license.

MIT License

<sup>NOTE: Downloading this repository is likely to cause a false-positive alarm by your anti-virus or anti-malware software, the filepath should be whitelisted. There is nothing in SecLists that can harm your computer as-is, however it's not recommended to store these files on a server or other important system due to the risk of local file include attacks.</sup>