Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/trickest/wordlists
Real-world infosec wordlists, updated regularly
https://github.com/trickest/wordlists
bugbounty content-discovery directory-bruteforce hacking infosec penetration-testing pentesting reconnaissance security wordlist wordlist-generator wordlists wordlists-dictionary-collection
Last synced: 8 days ago
JSON representation
Real-world infosec wordlists, updated regularly
- Host: GitHub
- URL: https://github.com/trickest/wordlists
- Owner: trickest
- License: mit
- Created: 2022-08-10T11:26:18.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-29T12:56:39.000Z (about 1 month ago)
- Last Synced: 2024-10-29T15:06:16.267Z (about 1 month ago)
- Topics: bugbounty, content-discovery, directory-bruteforce, hacking, infosec, penetration-testing, pentesting, reconnaissance, security, wordlist, wordlist-generator, wordlists, wordlists-dictionary-collection
- Homepage: https://trickest.com
- Size: 1.43 GB
- Stars: 1,388
- Watchers: 28
- Forks: 170
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-wordlists - Trickest Wordlists - Real-world infosec wordlists, updated regularly. (Miscellaneous)
- awesome-hacking-lists - trickest/wordlists - Real-world infosec wordlists, updated regularly (Others)
README
Wordlists
Real-world infosec wordlists, updated regularly
![Trickest Wordlists](images/cover.png "Trickest Wordlists")
## Current Wordlists
### Technologies
These wordlists are based on the source code of the CMSes/servers/frameworks listed [here](technology-repositories.json). The current wordlists include:
- Wordpress
- Joomla
- Drupal
- Magento
- Ghost
- TomcatThere are 2 versions of each wordlist:
- Base (example [tomcat.txt](technologies/tomcat.txt)): Lists the full paths of each file in the repository
```
webapps/examples/WEB-INF/classes/websocket/echo/servers.json
```
- All levels (example [tomcat-all-levels.txt](technologies/tomcat-all-levels.txt)): Includes all directory levels of the files in the base wordlist - if you have tried [dsieve](https://github.com/trickest/dsieve), this is going to look familiar! This wordlist will be larger than the base wordlist but it accounts for cases where the directory structure of the repository isn't mapped perfectly on the target.
```
webapps/examples/WEB-INF/classes/websocket/echo/servers.json
examples/WEB-INF/classes/websocket/echo/servers.json
WEB-INF/classes/websocket/echo/servers.json
websocket/echo/servers.json
echo/servers.json
servers.json
```### Robots
Inspired by Daniel Miessler's [RobotsDisallowed](https://github.com/danielmiessler/RobotsDisallowed) project, these wordlists contain the `robots.txt` `Allow` and `Disallow` paths in the top 100, top 1000, and top 10000 websites according to [Domcop's Open PageRank dataset](https://www.domcop.com/top-10-million-websites).### Inventory Subdomains
This wordlist contains the subdomains found for each target on the [Inventory](https://github.com/trickest/inventory) project. It consists of 1.4 million words generated from the subdomains of over 50 public bug bounty programs.### Cloud Subdomains
This wordlist contains the subdomains found through enumerating [cloud](https://github.com/trickest/cloud) assets. It consists of 940k words generated from the subdomains extracted from the `Common Name`s and `Subject Alternative Name`s of over 7 million SSL certificates.And more wordlists to come!
## How it Works
### Technologies
A [Trickest](https://trickest.com) workflow clones the repositories in [technology-repositories.json](technology-repositories.json), lists the paths of all their files, removes non-interesting files, generates combinations, and pushes the wordlists to this repository.
![Trickest Workflow](images/technologies.png "Trickest Workflow - wordlists/technolgies")### Robots
Another [Trickest](https://trickest.com) workflow gets the top 100, 1000, and 1000 websites from [Domcop's Open PageRank dataset](https://www.domcop.com/top-10-million-websites), uses [meg](https://github.com/tomnomnom/meg) to fetch their `robots.txt` files (Thanks, [@tomnomnom](https://github.com/tomnomnom)!), removes irrelevant entries, cleans up the paths, and pushes the wordlists to this repository.
![Trickest Workflow](images/robots.png "Trickest Workflow - wordlists/robots")## Contribution
All contributions/suggestions/questions are welcome! Feel free to create a new ticket via [GitHub issues](https://github.com/trickest/wordlists/issues), tweet at us [@trick3st](https://twitter.com/trick3st), or join the conversation on [Discord](https://discord.gg/7HZmFYTGcQ).## Build your own workflows!
We believe in the value of tinkering. Sign up for a demo on [trickest.com](https://trickest.com) to customize this workflow to your use case, get access to many more workflows, or build your own from scratch![](https://trickest.io/auth/register)