[
]("Word Lists, Attack Strings, Miscellaneous Datasets and a PoC Wiki for Penetration Testing")
This project consists of word lists, dictionary files, attack strings, miscellaneous datasets and a PoC wiki for penetration testers
This project is a collection of word lists--they are mostly whitespace-delimited
or line-based. Although the passes-dicts folder contains inputs for password cracking,
overall the files amassed here are intended to be useful in facilitating
the creation of insecure program state (with the help of a black-box fuzzer or scanning
utility, for example.) The vast majority of files are simply ASCII with the UNIX
style newline.
| ย ย ย ย Folderย Nameย ย ย ย | Description of Contents |
|---|---|
| dns-hostnames | ๐ The host name part of an FQDN (Fully Qualified Domain Name) |
| http-security | ๐ HTTP (Hyper Text Transfer Protocol security info, i.e. CSP (Content Security Policy) |
| unix-data | ๐ป Data associated with various flavors of the UNIX operating system and its clones |
| telco-data | โ๏ธ PSTN (Public Switched Telephone Network) a.k.a. POTS (Plain Old Telephone Service) dialing codes and related information |
| webapp-paths | ๐ Path names related to web-based applications |
If you're already familiar with established repositories such as
fuzzdb and
SecLists,
then werdlists is quite similar in mission as it's a centralized attack strings
and input data resource with its own unique style, organization,
original hand-crafted contents, verification/management scripts, expanded concepts, etc.
SecLists is maintained by my colleague and co-worker at IOActive, Daniel Miessler.
The scripts folder consists of shell scripts used for repository maintenance.
All scripts use bash syntax and some data files were generated with a script.
Folder names are outlined in the INDEX.md file in the repository's root
directory. All files in each folder are detailed in the local README.md file,
but these lowercased index files describe the contents of each data file, as
opposed to directory contents. Each folder has a subject name and storage
type which are separated by a dash.
Most files have the *.txt extension signifying the text/plain MIME type
Other file extensions in use are: *.asc, *.csv, *.xml, *.html, and *.yml
These are for Comma-Separated Values (text/csv),
Extended Markup Language (application/xml),
Hyper Text Markup Language (application/html), etc.
Any file that is larger than 1MB uncompressed should be compressed with xz
according to the commands in the scripts/compress-large-files bash script. In
spite of the fact that this is a word lists project, I'm striving to restrict the
size of each file to a healthy maximum for manageability purposes.
The index file in the root folder (INDEX.md), as well as the indices in each
data directory (README.md) are formatted with GitHub Flavored Markdown.
arpa-headers: ๐ง Header fields transmitted over RFC2822 style protocols like SMTP
ascii-art: ๐จ "Low bit" a.k.a. 7-bit ASCII art items without control characters
biology-info: ๐ฌ Reference information useful in the study of biological issues
browser-data: ๐ช Data related to GUI browser software like Chrome, FireFox, etc.
cert-data: ๐ Information commonly utilized by cryptographic certificate materials
char-encodes: ๐ Various character encodings provided by different locales/charsets
chat-data: ๐ฎ Additional data on IRC, XMPP and other such messaging protocols
cipher-data: ๐ก Data denoting or used by cryptographic algorithm implementations
cmd-usage: ๐จ Help text shown in a terminal when attempting to execute CLI programs
cms-errors: โ Error codes and/or messages rendered by a CMS
code-keywords: โ Computer language identifiers declared in defining standards such as reserved words
cpu-arch: ๐ญ Low-level computer architecture and hardware subjects
crypt-output: โจ Cipher text string outputs created by cryptographic hash functions
database-strs: ๐พ Strings often encountered when working with database software
dialup-modems: ๐ Info about analog modems on POTS
dns-commands:
dns-domains: ๐ A list of domains that may or may not be found in the live DNS tree
dns-hostnames: ๐ฆ The host name part of an FQDN
dns-records: ๐ซ Data specific to RR's in the DNS system
dns-servers: ๐ Data provided to, produced by or related to DNS name servers
dns-toplevel: ๐ TLD's or Top Level Domains are the uppermost part of DNS hierarchy
environ-names: โบ Environment variable names, settings, etc.
exploit-info: ๐ฑ Technical information on exploitation of security vulnerabilities
file-extens: โ Anything concerning Filename extension, i.e. the part after the period in a file name
file-specs: ๐ File format specifications as distributed by vendor(s)/author(s)
ftp-data: ๐ค Various FTP datum from RFC's and elsewhere
glibc-data: โ๏ธ Data taken from the source code of the GNU C Library
html-words: โจ๏ธ Words not uncommon to come across when parsing HTML dialects
http-agents: ๐ Software version banners for HTTP User Agents also known as browsers
http-headers: ๐ช Header fields sent in requests and responses by browsers/servers
http-methods:
http-params: ๐ก Parameters browsers sometimes send when requesting server URI paths
http-paths: ๐พ Path names that browsers include in queries to servers
http-queries: โ The object syntax that appears after the question mark in URI's
http-security: ๐ฎ Hyper Text Transfer Protocol security info, i.e. CSP
http-servers: ๐ข Information related to the usage of web server software
http-status: ๐ฐ Numeric HTTP status codes that denote the status of a web server during reply as specified in RFC7231, Section 6
inet-addrs: ๐ Numeric Internet addresses a.k.a. IP addresses--mostly version 4
inet-routes: โ๏ธ Data useful in the maintenance and use of an Internet routing table
inet-services: โฒ Lists of Internet protocols/daemons--similar to /etc/services
infosec-people: 
Noteworthy individuals within the information security community
iso-codes: โ๏ธ ISO code numbers and such
java-data: โ๏ธ Data found in or related to source code of programs written with Java
libc-data: ๐ญ data for or about programming with the C standard library
linux-data: ๐ Data identifiers and such from the Linux operating system
linux-paths: :linked_paperclips: Pathnames found on file systems created by Linux installations
malware-iocs: ๐ IOC for identification of malware infections
mobile-dev: ๐ฑ Mobile device development for "handheld" form factors
net-attacks: โจ๏ธ Info about attacks on telecommunications and Internetworks
net-ifaces: :three-networked-computers: Detailed information which can be extracted from network interfaces
ntfs-paths: ๐ File paths expected to be seen in NTFS folders
nvd-data: ๐๏ธ Datum utilized by NIST's NVD
owasp-data: ๐ Data from or for OWASP
passes-dicts: ๐ Dictionary files used in brute-force attacks against account passwords
passes-sites: ๐ Password lists that were publicized after major site compromises
perl-data: ๐ซ Data often seen in PERL (Practical Extraction and Report Language)
php-data: :page-facing-up: Files containing information about the PHP programming language
postal-data: ๐ฌ United States Postal Service information
python-data: ๐ Data used by the Python scripting language interpreter at runtime
radio-data: ๐ป Things commonly used in radio frequency transmissions
regex-data: ๐ฌ Regular expression patterns to mount attacks and match strings
ruby-data: ๐ Data typically seen within the syntax of the Ruby scripting language
search-dorks: ๐ General purpose search-engine queries likely to find insecure sites
smtp-messages: โ๏ธ Messages (i.e. signatures, auto-replies, etc.) sent by SMTP servers
soap-messages: ๐จ SOAP (Simple Object Access Protocol) messages
social-data: ๐ Sociological or social media related data sets
software-strs: ๐ฝ Strings that describe software engineering, programming languages, etc.
string-enums: ๐ก Enumerations of values that aren't too terribly unusual
system-admin: ๐ System administration and BOFH related materials
system-notices:
telco-data: ๐ Data on voice-based telecommunications technologies: POTS, PCS, VoIP, SMS etc.
text-files: ๐ a special kind of "text file" as in those archived at textfiles.com, i.e. old school zine articles
text-words: โ๏ธ Lists of words likely to be found in an actual hard copy dictionary
top-secret: ๐ฝ Files and/or data related to documents that were/are classified
unicode-art: ๐ญ Unicode art pieces (i.e. requires wide character symbols)
unicode-data: ๐ฃ Unicode character usage and representation
unix-data: ๐ Data associated with various flavors of the UNIX OS and its clones
unix-paths: ๐๏ธ File path names found in various UNIX file systems
uri-attacks: ๐ฅ Malicious URI materials specially crafted for attack targets
uri-schemes: ๐ Lists containing references for URI schemes (part before colon)
uri-data: ๐ Universal Resource Identifier related data
vuln-data: ๐ Information about security vulnerabilities found in server software
webapp-attacks: ๐ Security Proof-of-concept samples demonstrating various styles of web application attacks
webapp-data: ๐ผ Data associated with applications hosted on web servers
webapp-dirs: Directories related to applications running on a web server
webapp-files: ๐ Files related to applications running on a web server
webapp-paths: ๐ Path names related to applications running on a web server
webapp-words: ๐ญ Words related to applications running on a web server
web-sites: ๐ Addresses to and/or information on well known/organized WWW sites
wifi-networks: ๐ก IEEE 802.11 Wi-Fi network information
windows-data: ๐ผ Data only found within the Microsoft Windows series of OSes