Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trickest/wordlists

Real-world infosec wordlists, updated regularly
https://github.com/trickest/wordlists

bugbounty content-discovery directory-bruteforce hacking infosec penetration-testing pentesting reconnaissance security wordlist wordlist-generator wordlists wordlists-dictionary-collection

Last synced: about 1 month ago
JSON representation

Real-world infosec wordlists, updated regularly

Host: GitHub
URL: https://github.com/trickest/wordlists
Owner: trickest
License: mit
Created: 2022-08-10T11:26:18.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-10-29T12:56:39.000Z (3 months ago)
Last Synced: 2024-10-29T15:06:16.267Z (3 months ago)
Topics: bugbounty, content-discovery, directory-bruteforce, hacking, infosec, penetration-testing, pentesting, reconnaissance, security, wordlist, wordlist-generator, wordlists, wordlists-dictionary-collection
Homepage: https://trickest.com
Size: 1.43 GB
Stars: 1,388
Watchers: 28
Forks: 170
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-wordlists - Trickest Wordlists - Real-world infosec wordlists, updated regularly. (Miscellaneous)
awesome-hacking-lists - trickest/wordlists - Real-world infosec wordlists, updated regularly (Others)

README

        
Wordlists 



Real-world infosec wordlists, updated regularly


![Trickest Wordlists](images/cover.png "Trickest Wordlists")

## Current Wordlists

### Technologies

These wordlists are based on the source code of the CMSes/servers/frameworks listed [here](technology-repositories.json). The current wordlists include:

- Wordpress

- Joomla

- Drupal

- Magento

- Ghost

- Tomcat

There are 2 versions of each wordlist:

- Base (example [tomcat.txt](technologies/tomcat.txt)): Lists the full paths of each file in the repository

```

webapps/examples/WEB-INF/classes/websocket/echo/servers.json

```

- All levels (example [tomcat-all-levels.txt](technologies/tomcat-all-levels.txt)): Includes all directory levels of the files in the base wordlist - if you have tried [dsieve](https://github.com/trickest/dsieve), this is going to look familiar! This wordlist will be larger than the base wordlist but it accounts for cases where the directory structure of the repository isn't mapped perfectly on the target.

```

webapps/examples/WEB-INF/classes/websocket/echo/servers.json

examples/WEB-INF/classes/websocket/echo/servers.json

WEB-INF/classes/websocket/echo/servers.json

websocket/echo/servers.json

echo/servers.json

servers.json

```

### Robots

Inspired by Daniel Miessler's [RobotsDisallowed](https://github.com/danielmiessler/RobotsDisallowed) project, these wordlists contain the `robots.txt` `Allow` and `Disallow` paths in the top 100, top 1000, and top 10000 websites according to [Domcop's Open PageRank dataset](https://www.domcop.com/top-10-million-websites).

### Inventory Subdomains

This wordlist contains the subdomains found for each target on the [Inventory](https://github.com/trickest/inventory) project. It consists of 1.4 million words generated from the subdomains of over 50 public bug bounty programs.

### Cloud Subdomains

This wordlist contains the subdomains found through enumerating [cloud](https://github.com/trickest/cloud) assets. It consists of 940k words generated from the subdomains extracted from the `Common Name`s and `Subject Alternative Name`s of over 7 million SSL certificates.

And more wordlists to come!

## How it Works

### Technologies

A [Trickest](https://trickest.com) workflow clones the repositories in [technology-repositories.json](technology-repositories.json), lists the paths of all their files, removes non-interesting files, generates combinations, and pushes the wordlists to this repository.

![Trickest Workflow](images/technologies.png "Trickest Workflow - wordlists/technolgies")

### Robots

Another [Trickest](https://trickest.com) workflow gets the top 100, 1000, and 1000 websites from [Domcop's Open PageRank dataset](https://www.domcop.com/top-10-million-websites), uses [meg](https://github.com/tomnomnom/meg) to fetch their `robots.txt` files (Thanks, [@tomnomnom](https://github.com/tomnomnom)!), removes irrelevant entries, cleans up the paths, and pushes the wordlists to this repository.

![Trickest Workflow](images/robots.png "Trickest Workflow - wordlists/robots")

## Contribution

All contributions/suggestions/questions are welcome! Feel free to create a new ticket via [GitHub issues](https://github.com/trickest/wordlists/issues), tweet at us [@trick3st](https://twitter.com/trick3st), or join the conversation on [Discord](https://discord.gg/7HZmFYTGcQ).

## Build your own workflows!

We believe in the value of tinkering. Sign up for a demo on [trickest.com](https://trickest.com) to customize this workflow to your use case, get access to many more workflows, or build your own from scratch!

[](https://trickest.io/auth/register)