Curated collection of wordlists for penetration testing, security research, and ethical hacking
Payload lists for testing XSS, SQLi, LFI, and other vulnerabilities
A short list of Content-Types for header issue discovery.
A short list of payloads for XXE discovery.
A short list of payloads for LFI discovery.
A short list of payloads for SQLi discovery.
A short list of payloads for XSS discovery.
Directory, file path, subdomain, and parameter lists for web content discovery
A list of 9996122 lines to use for more complete subdomain discovery.
A list of 2441323 lines to use for fast subdomain discovery.
A list of 307740 lines to use for parameter discovery.
A list of 290546 lines to use for API route discovery.
A list of 692777 lines to use for more complete content discovery.
A list of 128347 lines to use for fast content discovery.
Password lists and rules for authentication testing and credential attacks
A rule created using the top 25% performing rules
The best rule for quick password cracking.
Password cracking rules for Hashcat based on statistics and industry patterns
The only password list you will ever need. Use this with the rules below for maximum password cracking potential.