Rockyou for web fuzzing

V2 released! Now you can build your own wordlists with the same method and this release includes a short wordlist. Base wordlists provided in /dict folder. See Method 3

1. Go to releases and download

2. Fuzz with the best tool ffuf :)

ffuf -c -w onelistforall.txt -u [target.com]/FUZZ

1. Git clone and extract:

git clone https://github.com/six2dez/OneListForAll && cd OneListForAll
7z x onelistforall.7z.001

2. Fuzz with the best tool ffuf :)

ffuf -c -w onelistforall.txt -u [target.com]/FUZZ

Build your own wordlists!

1. Add your wordlists to dict/ folder with suffix _short.txt for short wordlist and _long.txt for the full wordlist.

2. Run ./olfa.sh (olfa -> One List For All) and you will have onelistforall.txt file and onelistforallshort.txt.

3. Fuzz with the best tool ffuf :)

ffuf -c -w onelistforall.txt -u [target.com]/FUZZ

In the fields that both lists coincide, the short one has the content but in less quantity, only the most relevant.

Both lists have:

• First slash (/) removed, lines that have it is on purpose.
• Removed special chars or crash chars such as `' sqlis, xss, etc
• Trimmed trailing whitespaces
• Removed comments (lines starting with #)
• Removed lines with % cuz cause crashes in ffuf

This is a wordlist for fuzzing purposes made from the best wordlists currently available, lowercased and deduplicated later with duplicut, added cleaner from BonJarber. The lists used have been some selected within these repositories:

• fuzzdb
• SecLists
• xmendez
• minimaxir
• TheRook
• danielmiessler
• swisskyrepo
• 1N3
• cujanovic
• lavalamp
• ics-default
• jeanphorn
• j3ers3
• nyxxxie
• dirbuster
• dotdotpwn
• hackerone_wordlist
• commonspeak2
• bruteforce-list
• assetnote

Feel free to contribute, PR are welcomed.

You can support this work buying me a coffee: