danielmiessler / SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
☆59,253Updated this week
Alternatives and similar repositories for SecLists:
Users that are interested in SecLists are comparing it to the libraries listed below
- Fast web fuzzer written in Go☆12,869Updated 5 months ago
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,287Updated last year
- Directory/File, DNS and VHost busting tool written in Go☆10,330Updated this week
- Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren…☆8,727Updated last year
- Web application fuzzer☆5,978Updated 4 months ago
- A swiss army knife for pentesting networks☆8,499Updated last year
- Scripted Local Linux Enumeration & Privilege Escalation Checks☆7,095Updated last year
- Fast passive subdomain enumeration tool.☆10,429Updated this week
- In-depth attack surface mapping and asset discovery☆12,185Updated last week
- A list of public penetration test reports published by several consulting firms and academic security groups.☆8,572Updated 6 months ago
- Impacket is a collection of Python classes for working with network protocols.☆13,664Updated this week
- E-mails, subdomains and names Harvester - OSINT☆11,609Updated this week
- Attack Surface Management Platform☆8,197Updated 2 weeks ago
- Fast subdomains enumeration tool for penetration testers☆9,953Updated 4 months ago
- Six Degrees of Domain Admin☆9,972Updated 5 months ago
- GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems☆11,002Updated last month
- Find, verify, and analyze leaked credentials☆17,597Updated this week
- PowerSploit - A PowerShell Post-Exploitation Framework☆11,981Updated 4 years ago
- EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.☆5,049Updated last month
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆7,852Updated 8 months ago
- Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv…☆5,530Updated 2 months ago
- Next generation web scanner☆5,593Updated 5 months ago
- Open Source Vulnerability Management Platform☆5,089Updated 3 weeks ago
- A Workflow Engine for Offensive Security☆5,397Updated 6 months ago
- Web path scanner☆12,317Updated 3 weeks ago
- The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topic…☆28,382Updated this week
- The Browser Exploitation Framework Project☆9,918Updated this week
- A collection of all the data i could extract from 1 billion leaked credentials from internet.☆3,071Updated 4 years ago
- Empire is a PowerShell and Python post-exploitation agent.☆7,476Updated 4 years ago
- PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)☆16,428Updated last week