logo

Home

Tools

Content

Wordlists

logo

Browse Wordlists

Discover the best pentesting and infosec wordlists.

Credential Brute Forcing

The best password cracking wordlists and rules.

d3adhob0 Rule

Password cracking rules for Hashcat based on statistics and industry patterns

OneWordlistToListThemAll Passwords

The only password list you will ever need. Use this with the rules below for maximum password cracking potential.

Best66 Rule

The best rule for quick password cracking.

OneRuleToRuleThemStill Rule

A rule created using the top 25% performing rules

Directory and Path Fuzzing

The best web and API discovery wordlists.

Web Content Discovery - Small List

A list of 128347 lines to use for fast content discovery.

Web Content Discovery - Large List

A list of 692777 lines to use for more complete content discovery.

API Route Discovery

A list of 290546 lines to use for API route discovery.

Parameter Discovery

A list of 307740 lines to use for parameter discovery.

Subdomains Discovery - Medium List

A list of 2441323 lines to use for fast subdomain discovery.

Subdomains Discovery - Large List

A list of 9996122 lines to use for more complete subdomain discovery.

Vulnerability Fuzzing

The best wordlists for finding vulnerabilities.

XSS Payloads

A short list of payloads for XSS discovery.

SQLi Payloads

A short list of payloads for SQLi discovery.

LFI Payloads

A short list of payloads for LFI discovery.

XXE Payloads

A short list of payloads for XXE discovery.

Content-Type Payloads

A short list of Content-Types for header issue discovery.

indiedex-logo

Pentest List is a curation of the latest top-rated tools and content in penetration testing and security defense. Discover cutting-edge tools, blogs, and more, covering port scanning, SQL injection, and a wide range of other vulnerability exploits.

Links

Wiki

Blog

Security

Contributors

Vulnerability Disclosure Policy

Legal

Terms of service

Privacy policy

Tools by Category

Web / API

Blue Team

Red Team

Purple Team

Cloud

Mobile

Compiled Application

Code Review

OSINT

Infrastructure

Other

Content by Category

CVE

Web

Infrastructure

Active Directory

Malware

Cloud

Other

Bug Bounty

2024 Pentest List, All Rights Reserved.