GitXplorerGitXplorer
t

wordlists

public
1355 stars
167 forks
1 issues

Commits

List of commits on branch main.
Unverified
472d21fd42f38c84d284b25ce9bb292f6d8c3a90

Update Wed Sep 18 12:36:02 UTC 2024

ttrickest-workflows committed 2 days ago
Unverified
86897e92e198a19b7a12e80b7ef6104329582add

Update inventory wordlists Tue Sep 17 16:12:04 UTC 2024

ttrickest-workflows committed 2 days ago
Unverified
1215a7acef11771c79512e5ac6c6e583f279552c

Update Tue Sep 17 12:46:29 UTC 2024

ttrickest-workflows committed 3 days ago
Unverified
285f37bcbfb61d4a3bb490c49849bbbd05177ff5

Update Tue Sep 17 12:35:39 UTC 2024

ttrickest-workflows committed 3 days ago
Unverified
c94118164b956c7cc5b20198d51eb6f80c602e78

Update inventory wordlists Mon Sep 16 15:50:09 UTC 2024

ttrickest-workflows committed 4 days ago
Unverified
04816ed1586c8f65cf83d6c5c5513017c9a59942

Update Mon Sep 16 12:54:36 UTC 2024

ttrickest-workflows committed 4 days ago

README

The README file for this repository.

Wordlists Tweet

Real-world infosec wordlists, updated regularly

Trickest Wordlists

Current Wordlists

Technologies

These wordlists are based on the source code of the CMSes/servers/frameworks listed here. The current wordlists include:

  • Wordpress
  • Joomla
  • Drupal
  • Magento
  • Ghost
  • Tomcat

There are 2 versions of each wordlist:

  • Base (example tomcat.txt): Lists the full paths of each file in the repository
webapps/examples/WEB-INF/classes/websocket/echo/servers.json
  • All levels (example tomcat-all-levels.txt): Includes all directory levels of the files in the base wordlist - if you have tried dsieve, this is going to look familiar! This wordlist will be larger than the base wordlist but it accounts for cases where the directory structure of the repository isn't mapped perfectly on the target.
webapps/examples/WEB-INF/classes/websocket/echo/servers.json
examples/WEB-INF/classes/websocket/echo/servers.json
WEB-INF/classes/websocket/echo/servers.json
websocket/echo/servers.json
echo/servers.json
servers.json

Robots

Inspired by Daniel Miessler's RobotsDisallowed project, these wordlists contain the robots.txt Allow and Disallow paths in the top 100, top 1000, and top 10000 websites according to Domcop's Open PageRank dataset.

Inventory Subdomains

This wordlist contains the subdomains found for each target on the Inventory project. It consists of 1.4 million words generated from the subdomains of over 50 public bug bounty programs.

Cloud Subdomains

This wordlist contains the subdomains found through enumerating cloud assets. It consists of 940k words generated from the subdomains extracted from the Common Names and Subject Alternative Names of over 7 million SSL certificates.

And more wordlists to come!

How it Works

Technologies

A Trickest workflow clones the repositories in technology-repositories.json, lists the paths of all their files, removes non-interesting files, generates combinations, and pushes the wordlists to this repository. Trickest Workflow

Robots

Another Trickest workflow gets the top 100, 1000, and 1000 websites from Domcop's Open PageRank dataset, uses meg to fetch their robots.txt files (Thanks, @tomnomnom!), removes irrelevant entries, cleans up the paths, and pushes the wordlists to this repository. Trickest Workflow

Contribution

All contributions/suggestions/questions are welcome! Feel free to create a new ticket via GitHub issues, tweet at us @trick3st, or join the conversation on Discord.

Build your own workflows!

We believe in the value of tinkering. Sign up for a demo on trickest.com to customize this workflow to your use case, get access to many more workflows, or build your own from scratch!