SecLists is a pentesting tool used by security professionals around the globe, it contains various types of lists consisting of things like common usernames/passwords, URLs, fuzzing payloads and much more. It is hosted on GitHub under an MIT License, created by Daniel Miessler, and maintained by himself along with Jason Haddix and Ben Wilson- both senior developers and Offensive security instructors.
If you have Kali Linux or ParrotSec you already have access to Seclists! For other linux distributions there are multiple ways to install SecLists. You can use wget to pull the zip file from github and git to clone, don’t forget to change mode to executable.
It is also available from kali repos and installed using apt-get. Also some people have reported anti-virus alarms when trying to download. Make sure you whitelist the file path and store them somewhere safe. In Kali and Parrot this directory is most commonly stored in /usr/share/wordlists.
wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \ && unzip SecList.zip \ && rm -f SecList.zip
git clone --depth 1 \ https://github.com/danielmiessler/SecLists.git
git clone https://github.com/danielmiessler/SecLists.git
Kali Linux (Tool Page)
apt -y install seclists
SecLists is used by security testers and on test boxes around the world and is one of the top rated security tools out there. The goal is to be able to have access to every type of list that can be used during a penetration test. The full list include Discovery, Fuzzing, IOCs, Passwords, grep strings, fuzzing payloads, web shells and usernames.
In terms of rating this tool gets a 4/5 bunnies in my book. While I cannot make any recommendations on how to improve the lists, I would like to see this tool on windows.
Want to learn more about ethical hacking?
We have a networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.