跳到主內容

【Data】SecLists

SecLists(安全列表)是一個包含多種類型的列表的集合,用於安全評估。這些列表包括用戶名、密碼、URL、敏感數據的grep字符串、fuzzing載荷等等。

其目標是使安全測試人員能夠將這個存儲庫拉到新的測試機上,並獲得可能需要的每種類型的列表。這些列表可以用於不同的測試情境,幫助安全專業人員進行渗透测试、漏洞分析和安全評估。它是一個極有價值的工具,可節省安全專業人員的時間和努力,同時提供了有關可能的安全漏洞和攻擊面的重要信息。 SecLists是開源的,可以自由使用,是許多安全專業人員在其測試工作中的寶貴資源。

安裝

/iusr/share/seclists

# 安裝
sudo apt update
sudo apt install -y seclists

cd /usr/share/wordlists
sudo gzip -d rockyou.txt.gz

┌──(kali㉿kali)-[~]
└─$ ls -al /usr/share/seclists
total 56
drwxr-xr-x  11 root root  4096 Nov  4 04:51 .
drwxr-xr-x 349 root root 12288 Nov  4 04:51 ..
drwxr-xr-x   9 root root  4096 Nov  4 04:51 Discovery
drwxr-xr-x   9 root root  4096 Nov  4 04:51 Fuzzing
drwxr-xr-x   2 root root  4096 Nov  4 04:51 IOCs
drwxr-xr-x   8 root root  4096 Nov  4 04:51 Miscellaneous
drwxr-xr-x  12 root root  4096 Nov  4 04:51 Passwords
drwxr-xr-x   3 root root  4096 Nov  4 04:51 Pattern-Matching
drwxr-xr-x   8 root root  4096 Nov  4 04:51 Payloads
-rw-r--r--   1 root root  2117 Aug 15 17:43 README.md
drwxr-xr-x   4 root root  4096 Nov  4 04:51 Usernames
drwxr-xr-x  10 root root  4096 Nov  4 04:51 Web-Shells

密碼檔

 

# 字典檔
┌──(kali㉿kali)-[~]
└─$ tree /usr/share/seclists/Passwords
/usr/share/seclists/Passwords
├── 2020-200_most_used_passwords.txt
├── 500-worst-passwords.txt
├── 500-worst-passwords.txt.bz2
├── BiblePass
│   ├── BiblePass_part01.txt
│   ├── BiblePass_part02.txt
│   ├── BiblePass_part03.txt
│   ├── BiblePass_part04.txt
│   ├── BiblePass_part05.txt
│   ├── BiblePass_part06.txt
│   ├── BiblePass_part07.txt
│   ├── BiblePass_part08.txt
│   ├── BiblePass_part09.txt
│   ├── BiblePass_part10.txt
│   ├── BiblePass_part11.txt
│   ├── BiblePass_part12.txt
│   ├── BiblePass_part13.txt
│   ├── BiblePass_part14.txt
│   ├── BiblePass_part15.txt
│   ├── BiblePass_part16.txt
│   └── BiblePass_part17.txt
├── bt4-password.txt
├── cirt-default-passwords.txt
├── citrix.txt
├── clarkson-university-82.txt
├── common_corporate_passwords.lst
├── Common-Credentials
│   ├── 100k-most-used-passwords-NCSC.txt
│   ├── 10k-most-common.txt
│   ├── 10-million-password-list-top-1000000.txt
│   ├── 10-million-password-list-top-100000.txt
│   ├── 10-million-password-list-top-10000.txt
│   ├── 10-million-password-list-top-1000.txt
│   ├── 10-million-password-list-top-100.txt
│   ├── 10-million-password-list-top-500.txt
│   ├── 1900-2020.txt
│   ├── 500-worst-passwords.txt
│   ├── best1050.txt
│   ├── best110.txt
│   ├── best15.txt
│   ├── common-passwords-win.txt
│   ├── four-digit-pin-codes-sorted-by-frequency-withcount.csv
│   ├── medical-devices.txt
│   ├── SplashData-2014.txt
│   ├── SplashData-2015-1.txt
│   ├── SplashData-2015-2.txt
│   ├── top-20-common-SSH-passwords.txt
│   ├── top-passwords-shortlist.txt
│   └── worst-passwords-2017-top100-slashdata.txt
├── Cracked-Hashes
│   └── milw0rm-dictionary.txt
├── darkc0de.txt
├── darkweb2017-top10000.txt
├── darkweb2017-top1000.txt
├── darkweb2017-top100.txt
├── darkweb2017-top10.txt
├── days.txt
├── Default-Credentials
│   ├── avaya_defaultpasslist.txt
│   ├── cryptominers.txt
│   ├── db2-betterdefaultpasslist.txt
│   ├── default-passwords.csv
│   ├── default-passwords.txt
│   ├── ftp-betterdefaultpasslist.txt
│   ├── mssql-betterdefaultpasslist.txt
│   ├── mysql-betterdefaultpasslist.txt
│   ├── oracle-betterdefaultpasslist.txt
│   ├── Oracle EBS passwordlist.txt
│   ├── Oracle EBS userlist.txt
│   ├── postgres-betterdefaultpasslist.txt
│   ├── scada-pass.csv
│   ├── ssh-betterdefaultpasslist.txt
│   ├── telnet-betterdefaultpasslist.txt
│   ├── telnet-phenoelit.txt
│   ├── tomcat-betterdefaultpasslist_base64encoded.txt
│   ├── tomcat-betterdefaultpasslist.txt
│   ├── vnc-betterdefaultpasslist.txt
│   └── windows-betterdefaultpasslist.txt
├── der-postillon.txt
├── dutch_common_wordlist.txt
├── dutch_passwordlist.txt
├── dutch_wordlist
├── german_misc.txt
├── Honeypot-Captures
│   ├── multiplesources-passwords-fabian-fingerle.de.txt
│   ├── python-heralding-sep2019.txt
│   ├── Sucuri-Top-Wordpress-Passwords.txt
│   └── wordpress-attacks-july2014.txt
├── Keyboard-Combinations.txt
├── Leaked-Databases
│   ├── 000webhost.txt
│   ├── adobe100.txt
│   ├── alleged-gmail-passwords.txt
│   ├── Ashley-Madison.txt
│   ├── bible.txt
│   ├── bible-withcount.txt
│   ├── carders.cc.txt
│   ├── elitehacker.txt
│   ├── elitehacker-withcount.txt
│   ├── faithwriters.txt
│   ├── faithwriters-withcount.txt
│   ├── fortinet-2021.txt
│   ├── hak5.txt
│   ├── hak5-withcount.txt
│   ├── honeynet2.txt
│   ├── honeynet.txt
│   ├── honeynet-withcount.txt
│   ├── hotmail.txt
│   ├── izmy.txt
│   ├── Lizard-Squad.txt
│   ├── md5decryptor-uk.txt
│   ├── muslimMatch.txt
│   ├── muslimMatch-withcount.txt
│   ├── myspace.txt
│   ├── myspace-withcount.txt
│   ├── NordVPN.txt
│   ├── phpbb-cleaned-up.txt
│   ├── phpbb.txt
│   ├── phpbb-withcount.txt
│   ├── porn-unknown.txt
│   ├── porn-unknown-withcount.txt
│   ├── rockyou-05.txt
│   ├── rockyou-10.txt
│   ├── rockyou-15.txt
│   ├── rockyou-20.txt
│   ├── rockyou-25.txt
│   ├── rockyou-30.txt
│   ├── rockyou-35.txt
│   ├── rockyou-40.txt
│   ├── rockyou-45.txt
│   ├── rockyou-50.txt
│   ├── rockyou-55.txt
│   ├── rockyou-60.txt
│   ├── rockyou-65.txt
│   ├── rockyou-70.txt
│   ├── rockyou-75.txt
│   ├── rockyou.txt.tar.gz
│   ├── rockyou-withcount.txt.tar.gz
│   ├── singles.org.txt
│   ├── singles.org-withcount.txt
│   ├── tuscl.txt
│   ├── youporn2012-raw.txt
│   └── youporn2012.txt
├── Malware
│   ├── conficker.txt
│   └── mirai-botnet.txt
├── months.txt
├── Most-Popular-Letter-Passes.txt
├── mssql-passwords-nansh0u-guardicore.txt
├── openwall.net-all.txt
├── Permutations
│   ├── 1337speak.txt
│   ├── korelogic-password.txt
│   └── password-permutations.txt
├── PHP-Magic-Hashes.txt
├── probable-v2-top12000.txt
├── probable-v2-top1575.txt
├── probable-v2-top207.txt
├── README.md
├── richelieu-french-top20000.txt
├── richelieu-french-top5000.txt
├── SCRABBLE-hackerhouse.tgz
├── scraped-JWT-secrets.txt
├── seasons.txt
├── Software
│   ├── cain-and-abel.txt
│   └── john-the-ripper.txt
├── stupid-ones-in-production.txt
├── twitter-banned.txt
├── unkown-azul.txt
├── UserPassCombo-Jay.txt
├── WiFi-WPA
│   ├── probable-v2-wpa-top447.txt
│   ├── probable-v2-wpa-top4800.txt
│   └── probable-v2-wpa-top62.txt
├── xato-net-10-million-passwords-1000000.txt
├── xato-net-10-million-passwords-100000.txt
├── xato-net-10-million-passwords-10000.txt
├── xato-net-10-million-passwords-1000.txt
├── xato-net-10-million-passwords-100.txt
├── xato-net-10-million-passwords-10.txt
├── xato-net-10-million-passwords-dup.txt
└── xato-net-10-million-passwords.txt


#目錄內容
┌──(kali㉿kali)-[/usr/share/wordlists]
└─$ tree
.
├── amass -> /usr/share/amass/wordlists
├── dirb -> /usr/share/dirb/wordlists
├── dirbuster -> /usr/share/dirbuster/wordlists
├── fasttrack.txt -> /usr/share/set/src/fasttrack/wordlist.txt
├── fern-wifi -> /usr/share/fern-wifi-cracker/extras/wordlists
├── john.lst -> /usr/share/john/password.lst
├── legion -> /usr/share/legion/wordlists
├── metasploit -> /usr/share/metasploit-framework/data/wordlists
├── nmap.lst -> /usr/share/nmap/nselib/data/passwords.lst
├── rockyou.txt
├── seclists -> /usr/share/seclists
├── sqlmap.txt -> /usr/share/sqlmap/data/txt/wordlist.txt
├── wfuzz -> /usr/share/wfuzz/wordlist
└── wifite.txt -> /usr/share/dict/wordlist-probable.txt
回到頂端