Home Free Hacking Tools SecLists – A Pentester’s BFF

SecLists – A Pentester’s BFF

by Tyler Loftus
written by Tyler Loftus

SecLists is a pentesting tool used by security professionals around the globe, it contains various types of lists consisting of things like common usernames/passwords, URLs, fuzzing payloads and much more. It is hosted on GitHub under an MIT License, created by Daniel Miessler, and maintained by himself along with Jason Haddix and Ben Wilson- both senior developers and Offensive security instructors.

 

 

 

 

 

 

If you have Kali Linux or ParrotSec you already have access to Seclists! For other linux distributions there are multiple ways to install SecLists. You can use wget to pull the zip file from github and git to clone, don’t forget to change mode to executable.

It is also available from kali repos and installed using apt-get. Also some people have reported anti-virus alarms when trying to download. Make sure you whitelist the file path and store them somewhere safe. In Kali and Parrot this directory is most commonly stored in /usr/share/wordlists.

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
  && unzip SecList.zip \
  && rm -f SecList.zip

Git (Small)

git clone --depth 1 \
  https://github.com/danielmiessler/SecLists.git

Git (Complete)

git clone https://github.com/danielmiessler/SecLists.git

Kali Linux (Tool Page)

apt -y install seclists

SecLists is used by security testers and on test boxes around the world and is one of the top rated security tools out there. The goal is to be able to have access to every type of list that can be used during a penetration test. The full list include Discovery, Fuzzing, IOCs, Passwords, grep strings, fuzzing payloads, web shells and usernames.

In terms of rating this tool gets a 4/5 bunnies in my book. While I cannot make any recommendations on how to improve the lists, I would like to see this tool on windows.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

I am a creative writer with a background in IT and Cybersecurity. I love playing CTFs, and crushing HTB rooms. I play on PC casually so if your interested in playing you know how to find me. In my free time I like the beach, the forest and hanging with my family

You may also like

BruteDum- A network attack bruteforce tool

MHDDoS – A DDoS Attack Script With Over...

A Review of DNS Enumeration Tool: DNSEnum

Harvest Subdomains with DNSHarvester

GRR Rapid Response Github Tool

Facebook Account Bruteforcer

WiFiDuck BadUSB Tester

cSploit – A Network Analyzer on Android

Minimalistic OffSec Scanner – A Powerful TCP and...

PuTTY SSH Bruteforce Login Script