SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
☆101Jun 24, 2026Updated last week
Alternatives and similar repositories for SecLists
Users that are interested in SecLists are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- The Last Web Recon Tool You'll Need☆17Nov 7, 2020Updated 5 years ago
- Directory/file & DNS busting tool written in Go☆15Nov 26, 2019Updated 6 years ago
- Crowbar is brute forcing tool that can be used during penetration tests. It is developed to support protocols that are not currently supp…☆22Jul 13, 2020Updated 5 years ago
- Homemade scripts to-do various vulnerable challenges☆81Jan 7, 2021Updated 5 years ago
- Personal fork of Kippo SSH honeypot.☆13May 25, 2014Updated 12 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Docker container for running CobaltStrike 4.7 and above☆25Mar 20, 2025Updated last year
- Android attempt at PoC CVE-2016-8655☆12Jul 1, 2017Updated 9 years ago
- ☆19Dec 8, 2014Updated 11 years ago
- MSFvenom Payload Creator (MSFPC)☆1,331May 9, 2021Updated 5 years ago
- AES-NI bruteforcer for bad Character Sets☆10Jan 17, 2021Updated 5 years ago
- Runs sshd as a unprivileged user for persistence☆10Jun 23, 2019Updated 7 years ago
- Deploy an "illegal" SOC to manage vulnerabilities on your city servers in minutes.☆20Dec 8, 2022Updated 3 years ago
- A modified version of TomNomNom's anew, allowing for multiple files to be defined as parameters.☆13Jun 17, 2023Updated 3 years ago
- 📨 Quick tool to finds and extract email addresses from a body of text☆12Apr 15, 2023Updated 3 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Serving files with conditions, serverside keying and more.☆18May 26, 2022Updated 4 years ago
- Kibana app for RedELK☆18Mar 19, 2023Updated 3 years ago
- Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.☆12Mar 14, 2018Updated 8 years ago
- Connect to Cisco AnyConnect VPN and open a Microsoft Remote Desktop (RDP) window☆12Apr 5, 2026Updated 2 months ago
- Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner☆12Apr 22, 2018Updated 8 years ago
- Carbon Black Response IR tool☆56Dec 10, 2020Updated 5 years ago
- Sniper. Passive Secrets Hunting.🚬☆13Jun 3, 2022Updated 4 years ago
- Vulnerable LLM Application☆14Jan 1, 2024Updated 2 years ago
- Florida Man 2017☆10Aug 3, 2017Updated 8 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Fuzz for hidden proxies, vhosts, and URLs☆15Apr 1, 2026Updated 3 months ago
- Convert Empire profiles to Apache mod_rewrite scripts☆29Sep 17, 2019Updated 6 years ago
- Quick and dirty reconnaissance hacks for BB and pentesting☆11Feb 20, 2023Updated 3 years ago
- Script for Kali that adds a bunch of tools and customizes it to be much better☆188Jan 26, 2021Updated 5 years ago
- Attempt zone transfers on domains☆18Jul 12, 2021Updated 4 years ago
- A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, al…☆2,192Dec 11, 2022Updated 3 years ago
- 各种安全相关思维导图整理收集☆12Feb 13, 2017Updated 9 years ago
- Python3 tool to perform password spraying using RDP☆17Aug 14, 2023Updated 2 years ago
- Some bash to make life easier after a new kali install..☆34Dec 11, 2022Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Purple Team Workshop by @jorgeorchilles☆12Apr 26, 2025Updated last year
- List of Google Dorks for sites that have responsible disclosure program / bug bounty program☆22Sep 8, 2019Updated 6 years ago
- Speeding up identifying which binaries with a SUID flag may lead to root access☆15Aug 26, 2024Updated last year
- Personnel scripts,projects notes,hacks,random thoughts,mindmap etc....☆35Feb 14, 2025Updated last year
- python wrapper to use tshark for file extraction from the command line.☆26Nov 15, 2018Updated 7 years ago
- Web Sight Front-end Community Edition☆24May 25, 2020Updated 6 years ago
- pinata-csrf-tool☆13Dec 20, 2019Updated 6 years ago