2016-01-21 10:05:53 -08:00
2016-01-21 10:00:25 -08:00
2014-05-16 13:33:53 -07:00
# About
2015-08-05 07:43:01 -07:00
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed.
2013-07-23 12:27:52 -07:00
2014-05-16 13:45:36 -07:00
This project is maintained by [Daniel Miessler ](http://www.danielmiessler.com/ "Daniel Miessler" ) and [Jason Haddix ](http://www.securityaegis.com "Jason Haddix" ).
2014-05-16 13:44:20 -07:00
2014-05-16 13:33:53 -07:00
## Contributing
2014-05-16 13:44:20 -07:00
If you have any ideas for things we should include, please use one of the following methods to submit them:
2015-08-05 07:42:18 -07:00
1. Send us pull requests
2. Create an issue in the project (right side)
3. Send us links through the issues feature, and we'll parse and incorporate them
2014-05-16 13:44:20 -07:00
3. Email daniel.miessler@owasp .org or jason.haddix@owasp .org with content to add
2012-02-20 17:50:41 -08:00
2015-08-05 07:42:18 -07:00
Significant effort is made to give attribution for these lists whenever possible, and if you are a list owner or know who the original author/curator is, please let us know so we can give proper credit.
2012-02-23 05:55:35 -08:00
2015-08-04 10:57:26 -07:00
### Attribution
2012-02-23 05:55:35 -08:00
2015-08-04 11:53:31 -07:00
- Adam Muntner and for the FuzzDB content, including all authors from the FuzzDB project
2012-02-23 06:11:13 -08:00
- Ron Bowes of SkullSecurity for collaborating and including all his lists here
2012-02-23 05:55:35 -08:00
- Clarkson University for their research that led to the Clarkson list
2013-03-15 16:42:54 -07:00
- All the authors listed in the XSS with context doc, which was found on pastebin and added to by us
- Ferruh Mavitina for the begginings of the LFI Fuzz list
- Kevin Johnson for laudnaum shells
2013-03-21 22:31:47 -07:00
- RSnake for fierce hostname list
2015-02-03 19:40:43 -08:00
- Charlie Campbell for Spanish word list, numerous other contributions
- Rob Fuller for the IZMY list
2015-08-13 07:43:49 -07:00
- Mark Burnett for the 10 million passwords list
2015-02-10 22:18:14 -08:00
- shipCod3 for an SSH user/pass list
- Steve Crapo for doing splitting work on a number of large lists
2015-06-11 15:24:10 -07:00
- Thanks to Blessen Thomas for recommending Mario's/cure53's XSS vectors
2015-09-08 21:20:23 -07:00
- Thanks to Danny Chrastil for submitting an anonymous JSON fuzzing list
2016-01-05 16:17:28 -08:00
- Many thanks to geekspeed, EricSB, lukebeer, patrickmollohan, g0tmi1k, albinowax, and Oweoqui for submitting via pull requests
- Special thanks to shipcod3 for MANY contributions!
2016-03-29 15:41:54 -07:00
- Thanks to Samar Dhwoj Acharya for allowing his Github Dorks content to be included!
2012-02-23 05:55:35 -08:00
2016-01-05 16:17:28 -08:00
This project stays great because of care and love from the community, and we will never forget that.
