danielmiessler / SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
☆61,107Updated this week
Alternatives and similar repositories for SecLists:
Users that are interested in SecLists are comparing it to the libraries listed below
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,411Updated last year
- Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren…☆8,835Updated last year
- Directory/File, DNS and VHost busting tool written in Go☆11,007Updated this week
- A list of useful payloads and bypass for Web Application Security and Pentest/CTF☆63,551Updated last week
- Impacket is a collection of Python classes for working with network protocols.☆13,959Updated this week
- A swiss army knife for pentesting networks☆8,608Updated last year
- PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)☆16,964Updated this week
- GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems☆11,291Updated 4 months ago
- Fast subdomains enumeration tool for penetration testers☆10,150Updated 7 months ago
- Attack Surface Management Platform☆8,499Updated this week
- Nishang - Offensive PowerShell for red team, penetration testing and offensive security.☆9,022Updated 10 months ago
- Scripted Local Linux Enumeration & Privilege Escalation Checks☆7,219Updated last year
- In-depth attack surface mapping and asset discovery☆12,547Updated this week
- Empire is a PowerShell and Python post-exploitation agent.☆7,555Updated 5 years ago
- A little tool to play with Windows security☆19,842Updated 7 months ago
- The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.☆17,291Updated this week
- Automated All-in-One OS Command Injection Exploitation Tool.☆4,748Updated last week
- A list of public penetration test reports published by several consulting firms and academic security groups.☆8,704Updated 8 months ago
- Nikto web server scanner☆8,974Updated last week
- The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb☆7,759Updated 2 years ago
- Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv…☆5,680Updated last month
- Six Degrees of Domain Admin☆10,072Updated 2 weeks ago
- A repository with 3 tools for pwn'ing websites with .git repositories available☆3,935Updated last year
- Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)☆7,325Updated 2 weeks ago
- Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv…☆4,614Updated 4 years ago
- EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.☆5,193Updated 4 months ago
- A toolkit for testing, tweaking and cracking JSON Web Tokens☆5,639Updated 7 months ago
- Fast web fuzzer written in Go☆13,491Updated 8 months ago
- A collection of awesome penetration testing resources, tools and other shiny things☆22,566Updated 2 months ago
- Web application fuzzer☆6,071Updated 6 months ago