A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Automated & Manual Wordlists provided by Assetnote

Rockyou for web fuzzing

List of configuration files from WEB-INF and META-INF for use in Unvalidated Forwards and JSP Include vulnerabilities.

Some files for bruteforcing certain things.

List of periodically validated public DNS resolvers

Generates permutations, alterations and mutations of subdomains and then resolves them

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to …

List of fresh DNS resolvers updated daily

A repository that includes all the important wordlists used while bug hunting.

Gotator is a tool to generate DNS wordlists through permutations.

Fetch, install and search wordlist archives from websites and torrent peers.

Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)

Benchmarking repo for secrets scanning

Free, libre, effective, and data-driven wordlists for all!

The largest collection of wordlists in yaml for bug bounty tools

A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.

Default credentials list. 🐱‍💻 Leave a star if you like this project! (that motivates me)⭐️

CLI & library to search for default credentials among thousands of Products / Vendors

A default credential scanner.

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Potentially dangerous files

Default signature for Jaeles Scanner

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

You Know, For WEB Fuzzing !

Quickly generate context-specific wordlists for content discovery from lists of URLs or paths