Rockyou for web fuzzing
This is a project to generate huge wordlists for web fuzzing, if you just want to fuzz with a good wordlist use the file onelistforallmicro.txt.
The wordlists mentioned at the bottom of this pages are merged by technology/type and differenced by _sort and _long suffixes. So you can search by any technology or software and fuzz the target site with a small list or the long one. Also, this projects provides three of all-in-one wordlists:
- onelistforall.txt (everything merged, both _sort.txt and _long.txt files, cleaned and deduplicated)
- onelistforallshort.txt (merged only _sort.txt files, cleaned and deduplicated)
- onelistforallmicro.txt (my favorite, manually crafted and constantly updated, with interesting files and low-hanging fruits findings)
ffuf -c -w onelistforall.txt -u [target.com]/FUZZ
Build your own wordlists!
-
Add your wordlists to dict/ folder with suffix _short.txt for short wordlist and _long.txt for the full wordlist.
-
Run ./olfa.sh (olfa -> One List For All) and you will have onelistforall.txt file and onelistforallshort.txt.
-
Fuzz with the best tool ffuf :)
ffuf -c -w onelistforall.txt -u [target.com]/FUZZ
- onelistforallmicro.txt manally crafted wordlist for low hanging fruits: 18109 lines, 298K
- onelistforallshort.txt a shortened version, it also contains a lot of things, but in a more affordable way: 892361 lines, 15M
- onelistforall.txt basically everything, launch it and go to sleep. 59076819 lines, 1.2G
This is a wordlists project for fuzzing purposes made from the best word lists currently available,merged and deduplicated later with duplicut, adding cleaner from BonJarber. The lists used have been selected from these repositories:
- fuzzdb
- SecLists
- xmendez
- minimaxir
- TheRook
- danielmiessler
- swisskyrepo
- 1N3
- cujanovic
- lavalamp
- ics-default
- jeanphorn
- j3ers3
- nyxxxie
- dirbuster
- dotdotpwn
- hackerone_wordlist
- commonspeak2
- bruteforce-list
- assetnote
- brutas
- werdlists
Feel free to contribute, PR are welcomed.