Skip to content

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

License

Notifications You must be signed in to change notification settings

SpycioKon/werdlists

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Twitter: @decalresponds Ask Me Anything! werdlists Apache License 2.0 repo-size made-with-bash Awesome


                                           _____      __
                   _      _____  _________/ / (_)____/ /______
                  | | /| / / _ \/ ___/ __  / / / ___/ __/ ___/
                  | |/ |/ /  __/ /  / /_/ / / (__  ) /_(__  )
                  |__/|__/\___/_/   \__,_/_/_/____/\__/____/

Brief Introduction to werdlists

This project is a collection of word lists--they are mostly whitespace-delimited or line-based. Although the passes-dicts folder contains inputs for password crackers, overall the files amassed here are intended to be useful in helping to create insecure software states (with the help of a black-box fuzzer or scanning utility, for example.) The vast majority of files are simply ASCII with UNIX style line feeds.

Descriptions of selected folders sampled from INDEX.md

  • cipher-data: Data denoting or used by cryptographic algorithm implementations
  • code-keywords: Identifiers known as reserved words in programming language specs
  • dns-hostnames: The host name part of an FQDN (Fully Qualified Domain Name)
  • http-security: Hyper Text Transfer Protocol security info, i.e. CSP
  • inet-addrs: Numeric Internet addresses a.k.a. IP addresses--mostly version 4
  • telco-data: Data associated with telecommunications companies and such..
  • webapp-attacks: Proof-of-concept samples for attacks on web applications

Inspiration Taken from Similar Projects

If you're already familiar with established repositories such as fuzzdb and SecLists, then werdlists is quite similar in mission as it's a centralized attack strings and input data resource--just with its own unique style and organization, original hand-crafted contents, verification/management scripts, expanded concepts, etc. SecLists is maintained by my colleague and co-worker at IOActive, Daniel Miessler.

Description of the Repository Directory Hierarchy

The scripts folder consists of shell scripts used for repository maintenance. All scripts use bash syntax and some data files were generated with a script. Folder names are outlined in the INDEX.md file in the repository's root directory. All files in each folder are detailed in the local index.md file, but these lowercased index files describe the contents of each data file, as opposed to directory contents. Each folder has a subject name and storage type which are separated by a dash.

Naming Scheme, Syntax and Meaning Associated With File Extensions

Most files have the *.txt extension signifying the text/plain MIME type Other file extensions in use are: *.csv, *.xml, *.html, and *.yml These are for Comma-Separated Values (text/csv), Extended Markup Language (application/xml), Hyper Text Markup Language (application/html), etc. Any file that is larger than 1MB uncompressed should be compressed with xz according to the commands in the scripts/compress-large-files bash script. In spite of the fact that this is a word lists project, I'm striving to restrict the size of each file to a healthy maximum for manageability purposes. The index file in the root folder (INDEX.md), as well as the indices in each data directory (index.md) are formatted with markdown.


About

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • HTML 74.7%
  • JavaScript 9.1%
  • Shell 7.1%
  • AGS Script 6.6%
  • C 1.6%
  • Python 0.4%
  • Other 0.5%