Lists for Fuzzing

Below we will show different list we can be useful when fuzzing an web application.

Common

/usr/share/wordlists/seclists/Discovery/Web-Content/common.txt

We have the same list with other languages.

Directory Lists 2.3

/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt 
/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt 
/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt

We have the same lists but in lowercase.

Raft List

/usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-directories.txt
/usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-extensions.txt
/usr/share/wordlists/seclists/Discovery/raft-medium-files.txt
/usr/share/wordlists/seclists/Discovery/raft-medium-words.txt

We have the same lists in different sizes.

APIs

/usr/share/wordlists/seclists/Discovery/Web-Content/api/actions.txt
/usr/share/wordlists/seclists/Discovery/Web-Content/api/api-endpoints.txt

Subdomains

/usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt

Usernames

/usr/share/seclists/Usernames/xato-net-10-million-usernames.txt

PreviousToolsNextCommon Web Application Attacks

Last updated