Seclists | [top]

| File | Use | |------|-----| | Discovery/Web_Parameters/parameters.txt | Common parameter names | | Discovery/Web_Parameters/param_mini.txt | Small, fast list |

| File | Use | |------|-----| | Discovery/Web_Content/common.txt | General directory brute-force | | Discovery/Web_Content/directory-list-2.3-medium.txt | Medium-sized dir fuzzing | | Discovery/Web_Content/raft-*.txt | Large wordlists (from old raft tools) | | Discovery/Web_Content/api/ | API endpoint discovery | seclists

| Task | Command / Path | |------|----------------| | Install SecLists | sudo apt install seclists | | Common dirs | Discovery/Web_Content/common.txt | | Big dirs | Discovery/Web_Content/directory-list-2.3-medium.txt | | XSS payloads | Fuzzing/XSS.txt | | SQLi payloads | Fuzzing/sql-injection.txt | | Top 10k passwords | Passwords/Common-Credentials/10k-most-common.txt | | Rockyou | Passwords/rockyou.txt (extract) | | Subdomains | Discovery/DNS/subdomains-top1million-5000.txt | | Parameters | Discovery/Web_Parameters/parameters.txt | | User agents | Miscellaneous/user-agents.txt | seclists

wfuzz -c -z file,/usr/share/seclists/Fuzzing/XSS.txt http://target.com/search?q=FUZZ seclists