Wordlists
Users Wordlists:
/usr/share/metasploit-framework/data/wordlists/namelist.txt
Passwords Wordlists:
- ALWAYS USE ROCKYOU.txt
/usr/share/metasploit-framework/data/wordlists/common_passwords.txt
/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
GoBuster Wordlists:
πΈ 1. Web Directory Wordlists:
π Recommended Wordlists:
-
/usr/share/wordlists/dirb/common.txtβ (classic, fast) -
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt𧨠(more extensive) -
SecLists/Discovery/Web-Content/raft-large-directories.txtπ (massive)
π 2. DNS Mode (Subdomain Enumeration)
π Recommended Wordlists:
-
/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txtβ (fast & solid) -
/usr/share/seclists/Discovery/DNS/namelist.txtπ§ -
/usr/share/seclists/Discovery/DNS/fierce-hostlist.txtπͺοΈ
π 3. VHOST Mode (Virtual Host Enumeration)
π Recommended Wordlists:
-
/usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txtπ -
/usr/share/seclists/Discovery/DNS/namelist.txt -
/usr/share/seclists/Discovery/DNS/virtual-hostnames.txtπ‘
π₯ 4. FUZZ Mode (Custom Fuzzing)
π Wordlists depend on what you're fuzzing:
-
Path fuzzing: same as
dirmode wordlists -
Param fuzzing:
-
/usr/share/seclists/Fuzzing/parameters.txt -
/usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt
-
-
Headers:
/usr/share/seclists/Discovery/Web-Content/burp-headers.txt