Lists for Fuzzing

Below we will show different list we can be useful when fuzzing an web application.

---

Common

/usr/share/wordlists/seclists/Discovery/Web-Content/common.txt

We have the same list with other languages.

---

Directory Lists 2.3

/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt 

/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt 

/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt

We have the same lists but in lowercase.

---

Raft List

/usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-directories.txt

/usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-extensions.txt

/usr/share/wordlists/seclists/Discovery/raft-medium-files.txt

/usr/share/wordlists/seclists/Discovery/raft-medium-words.txt

We have the same lists in different sizes.

---

APIs

/usr/share/wordlists/seclists/Discovery/Web-Content/api/actions.txt

/usr/share/wordlists/seclists/Discovery/Web-Content/api/api-endpoints.txt

---

Subdomains

/usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt

---

Usernames

/usr/share/seclists/Usernames/xato-net-10-million-usernames.txt