Home

Awesome

seclists.png

About

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed.

This project is maintained by Daniel Miessler and Jason Haddix.

Contributing

If you have any ideas for things we should include, please use one of the following methods to submit them:

  1. Send us pull requests
  2. Create an issue in the project (right side)
  3. Send us links through the issues feature, and we'll parse and incorporate them
  4. Email daniel.miessler@owasp.org or jason.haddix@owasp.org with content to add

Significant effort is made to give attribution for these lists whenever possible, and if you are a list owner or know who the original author/curator is, please let us know so we can give proper credit.

Attribution

This project stays great because of care and love from the community, and we will never forget that.

Licensing

This project is licensed under the MIT license.

MIT License

<sup>NOTE: Downloading this repository is likely to cause a false-positive alarm by your antivirus or antimalware software, the filepath should be whitelisted. There is nothing in Seclists or FuzzDB that can harm your computer as-is, however it's not recommended to store these files on a server or other important system due to the risk of local file include attacks.</sup>