【字典合集】SecLists-更全面的渗透测试字典 v2025.3

简介

SecLists 是一个为网络安全人员准备的超实用工具库,里面收集了各种常用的列表和字典,帮助安全研究人员、渗透测试员更轻松地进行漏洞挖掘。比如,它包含常见的用户名和密码组合、常用网址路径、SQL注入的代码段、网络扫描用的字典等等。这些资源让测试人员能够更快速地发现系统的薄弱环节,比如用常见密码入侵、寻找隐藏的敏感文件或路径等。SecLists 是由安全专家们一起维护的,内容覆盖面广,更新频繁,因此成为了安全测试工作中的必备工具。无论是初学者还是经验丰富的安全专家,都可以从中受益,提升工作效率。

这个字典是Github上53K✨的高分项目,文件大小约1.1G,字典十分的精致与全面,本文三言两语无法概括该项目的强大!

目录预览

图片[1] - 【字典合集】SecLists-更全面的渗透测试字典 v2025.3 - 极核GetShell

更新日志

📛 Deprecated DirBuster wordlists
The dirbuster wordlists were made in 2007, and are now considered obsolete. Instead, these wordlists are recommended for testing modern web environments:

Discovery/Web-Content/combined_words.txt
Discovery/Web-Content/combined_directories.txt
Both of these wordlists are composed of various other wordlists in that same directory, and are automatically updated whenever one of their components is modified. For more information see the README.md for Discovery/Web-Content.

The dirbuster wordlists will remain contained in SecLists, but they now have the DirBuster-2007 prefix to highlight their age.

📛 Dangerous SQLi payloads
The SQL Injection wordlists contained in Fuzzing/Databases/SQLi are not safe to use on production environments. Many of those wordlists contain potentially destructive queries which may permanently delete data on any databases they're used on. A warning has been added to the README.md for that directory. For more information see issue #1011

New content
✨ feat(wordlist): Created Active Directory wordlist (PR #1224)
✨ feat(docs): Added "GENOVEVA" tool to readme (PR #1200)
✨ feat(docs): Added alternative reference to docs
✨ feat(docs): Added documentation for the 'cirt-net_collection.txt' wordlist
✨ feat(docs): Added documentation for the 'Java-Spring-Boot.txt' wordlist
✨ feat(docs): Added documentation for the 'xato-net-10-million-passwords' wordlists
✨ feat(wordlist): Added 'encryptionkeys' directory to 'common_directories.txt'
✨ feat(wordlist): Added /etc/apache2/.htpasswd to LFI fuzzing lists (PR #1223)
✨ feat(wordlist): Added a dictionary for Model Context Protocol server discovery. (PR #1216)
✨ feat(wordlist): Added common Spanish names and words (PR #1199)
✨ feat(wordlist): Added default SSH password "padmin:padmin" for IBM Power Systems (PR #1211)
✨ feat(wordlist): Added IANA mime-types to "web-all-content-types.txt" (PR #1204)
✨ feat(wordlist): Added mcp-server.txt entries to common.txt
✨ feat(wordlist): Added more OBEX common filenames and cleaned OBEX wordlists (PR #1249)
✨ feat(wordlist): Added more permutations to 'common_directories.txt'
✨ feat(wordlist): Added more swagger endpoints (PR #1219)
✨ feat(wordlist): Added new payload to 'SAP' wordlist (PR #1196)
✨ feat(wordlist): Added prefixes to deal with Java-Spring-Boot being behind spring-cloud-gateway (PR #1220)
✨ feat(wordlist): Added Quectel to default-passwords.csv + updated default-passwords.txt (PR #1208)
✨ feat(wordlist): Added readme.md to "Discovery/Web-Content/big.txt" (PR #1248)
✨ feat(wordlist): Added YYYY-MM-DD dates wordlists (PR #1217)
Other changes
🐛 fix(wordlist): Added 'DirBuster-2007' prefix to all DirBuster wordlists
🐛 fix(cicd): Removed trailing spaces from wordlist-updater_default-passwords.yml (PR #1243)
🐛 fix(cicd): Updated paths in the 'Wordlist Updater - Combined directories' pipeline
🐛 fix(docs): Updated filenames that compose 'combined_directories.txt'
🐛 fix(wordlist): Cleaned up '100k-most-used-passwords-NCSC.txt' (PR #1235)
🐛 fix(wordlist): Fixed encoding in "100k-most-used-passwords-NCSC.txt" (PR #1226)
🐛 fix(wordlist): Updated curl-protocols wordlist (PR #1237)
🔧 chore(wordlist): Moved 'curl-protocols.txt' wordlist to the 'Fuzzing' directory
New Contributors
@GoombaProgrammer made their first contribution in #1198
@joseaguardia made their first contribution in #1199
@theclayton made their first contribution in #1204
@rtfmkiesel made their first contribution in #1208
@DaddyBigFish made their first contribution in #1217
@psytester made their first contribution in #1219
@Jhayrolandero made their first contribution in #1223
@kennystrawnmusic made their first contribution in #1224
@liamjones made their first contribution in #1226
@evilgensec made their first contribution in #1235
@robinkarlberg made their first contribution in #1237
@Sh3b0 made their first contribution in #1243
@totobarbar made their first contribution in #1248

下载

✈️ 全球下载通道

🚀 极核加速通道

THE END
想说的话 1  QQ & 微信交流群: 点击查看加群方式
2  本站运营不易,以真心❤️换真心💕,如果帮助到你,可以 推荐给朋友 或者 开通金贝会员 支持一下本站!
3  请不要进行任何非授权的网络攻击,如果造成任何损失均由使用者本人负责,与本站和原作者无关!
点赞79 分享
【字典合集】SecLists-更全面的渗透测试字典 v2025.3 - 极核GetShell
【字典合集】SecLists-更全面的渗透测试字典 v2025.3
⭕此处是支付积分以获取极核加速下载通道,非强制购买!
💎您可以赞助本站,获取金贝会员畅享极核加速下载通道!
✔️在本文回复即可解锁全球下载通道!
10积分
付费阅读
茶谈区 共735条

请登录后发表评论