This project is a collection of word lists--they are mostly whitespace-delimited
or line-based. Although the passes-dicts folder contains inputs for password cracking,
overall the files amassed here are intended to be useful in facilitating
the creation of insecure program state (with the help of a black-box fuzzer or scanning
utility, for example.) The vast majority of files are simply ASCII with the UNIX
style newline.
| Folder Name | Description of Contents |
|---|---|
| dns-hostnames | 📃 The host name part of an FQDN (Fully Qualified Domain Name) |
| http-security | 🔐 HTTP (Hyper Text Transfer Protocol security info, i.e. CSP (Content Security Policy) |
| unix-data | 💻 Data associated with various flavors of the UNIX operating system and its clones |
| telco-data | ☎️ PSTN (Public Switched Telephone Network) a.k.a. POTS (Plain Old Telephone Service) dialing codes and related information |
| webapp-paths | 🏄 Path names related to web-based applications |
If you're already familiar with established repositories such as
fuzzdb and
SecLists,
then werdlists is quite similar in mission as it's a centralized attack strings
and input data resource with its own unique style, organization,
original hand-crafted contents, verification/management scripts, expanded concepts, etc.
SecLists is maintained by my colleague and co-worker at IOActive, Daniel Miessler.
The scripts folder consists of shell scripts used for repository maintenance.
All scripts use bash syntax and some data files were generated with a script.
Folder names are outlined in the INDEX.md file in the repository's root
directory. All files in each folder are detailed in the local README.md file,
but these lowercased index files describe the contents of each data file, as
opposed to directory contents. Each folder has a subject name and storage
type which are separated by a dash.
Most files have the *.txt extension signifying the text/plain MIME type
Other file extensions in use are: *.asc, *.csv, *.xml, *.html, and *.yml
These are for Comma-Separated Values (text/csv),
Extended Markup Language (application/xml),
Hyper Text Markup Language (application/html), etc.
Any file that is larger than 1MB uncompressed should be compressed with xz
according to the commands in the scripts/compress-large-files bash script. In
spite of the fact that this is a word lists project, I'm striving to restrict the
size of each file to a healthy maximum for manageability purposes.
The index file in the root folder (INDEX.md), as well as the indices in each
data directory (README.md) are formatted with GitHub Flavored Markdown.