SecLists – A Pentester’s BFF

SecLists is a pentesting tool used by security professionals around the globe, it contains various types of lists consisting of things like common usernames/passwords, URLs, fuzzing payloads and much more. It is hosted on GitHub under an MIT License, created by Daniel Miessler, and maintained by himself along with Jason Haddix and Ben Wilson- both senior developers and Offensive security instructors.

 

 

 

 

 

 

If you have Kali Linux or ParrotSec you already have access to Seclists! For other linux distributions there are multiple ways to install SecLists. You can use wget to pull the zip file from github and git to clone, don’t forget to change mode to executable.

It is also available from kali repos and installed using apt-get. Also some people have reported anti-virus alarms when trying to download. Make sure you whitelist the file path and store them somewhere safe. In Kali and Parrot this directory is most commonly stored in /usr/share/wordlists.

Zip

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
  && unzip SecList.zip \
  && rm -f SecList.zip

Git (Small)

git clone --depth 1 \
  https://github.com/danielmiessler/SecLists.git

Git (Complete)

git clone https://github.com/danielmiessler/SecLists.git

Kali Linux (Tool Page)

apt -y install seclists

SecLists is used by security testers and on test boxes around the world and is one of the top rated security tools out there. The goal is to be able to have access to every type of list that can be used during a penetration test. The full list include Discovery, Fuzzing, IOCs, Passwords, grep strings, fuzzing payloads, web shells and usernames.

In terms of rating this tool gets a 4/5 bunnies in my book. While I cannot make any recommendations on how to improve the lists, I would like to see this tool on windows.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

Related posts

BruteDum- A network attack bruteforce tool

MHDDoS – A DDoS Attack Script With Over 50 Different Methods

A Review of DNS Enumeration Tool: DNSEnum