【字典合集】SecLists-更全面的渗透测试字典 v2025.3

717692179

简介

SecLists 是一个为网络安全人员准备的超实用工具库,里面收集了各种常用的列表和字典,帮助安全研究人员、渗透测试员更轻松地进行漏洞挖掘。比如,它包含常见的用户名和密码组合、常用网址路径、SQL注入的代码段、网络扫描用的字典等等。这些资源让测试人员能够更快速地发现系统的薄弱环节,比如用常见密码入侵、寻找隐藏的敏感文件或路径等。SecLists 是由安全专家们一起维护的,内容覆盖面广,更新频繁,因此成为了安全测试工作中的必备工具。无论是初学者还是经验丰富的安全专家,都可以从中受益,提升工作效率。

这个字典是Github上53K✨的高分项目,文件大小约1.1G,字典十分的精致与全面,本文三言两语无法概括该项目的强大!

目录预览

图片[1] - 【字典合集】SecLists-更全面的渗透测试字典 v2025.3 - 极核GetShell

更新日志

📛 Deprecated DirBuster wordlists
The dirbuster wordlists were made in 2007, and are now considered obsolete. Instead, these wordlists are recommended for testing modern web environments:

Discovery/Web-Content/combined_words.txt
Discovery/Web-Content/combined_directories.txt
Both of these wordlists are composed of various other wordlists in that same directory, and are automatically updated whenever one of their components is modified. For more information see the README.md for Discovery/Web-Content.

The dirbuster wordlists will remain contained in SecLists, but they now have the DirBuster-2007 prefix to highlight their age.

📛 Dangerous SQLi payloads
The SQL Injection wordlists contained in Fuzzing/Databases/SQLi are not safe to use on production environments. Many of those wordlists contain potentially destructive queries which may permanently delete data on any databases they're used on. A warning has been added to the README.md for that directory. For more information see issue #1011

New content
✨ feat(wordlist): Created Active Directory wordlist (PR #1224)
✨ feat(docs): Added "GENOVEVA" tool to readme (PR #1200)
✨ feat(docs): Added alternative reference to docs
✨ feat(docs): Added documentation for the 'cirt-net_collection.txt' wordlist
✨ feat(docs): Added documentation for the 'Java-Spring-Boot.txt' wordlist
✨ feat(docs): Added documentation for the 'xato-net-10-million-passwords' wordlists
✨ feat(wordlist): Added 'encryptionkeys' directory to 'common_directories.txt'
✨ feat(wordlist): Added /etc/apache2/.htpasswd to LFI fuzzing lists (PR #1223)
✨ feat(wordlist): Added a dictionary for Model Context Protocol server discovery. (PR #1216)
✨ feat(wordlist): Added common Spanish names and words (PR #1199)
✨ feat(wordlist): Added default SSH password "padmin:padmin" for IBM Power Systems (PR #1211)
✨ feat(wordlist): Added IANA mime-types to "web-all-content-types.txt" (PR #1204)
✨ feat(wordlist): Added mcp-server.txt entries to common.txt
✨ feat(wordlist): Added more OBEX common filenames and cleaned OBEX wordlists (PR #1249)
✨ feat(wordlist): Added more permutations to 'common_directories.txt'
✨ feat(wordlist): Added more swagger endpoints (PR #1219)
✨ feat(wordlist): Added new payload to 'SAP' wordlist (PR #1196)
✨ feat(wordlist): Added prefixes to deal with Java-Spring-Boot being behind spring-cloud-gateway (PR #1220)
✨ feat(wordlist): Added Quectel to default-passwords.csv + updated default-passwords.txt (PR #1208)
✨ feat(wordlist): Added readme.md to "Discovery/Web-Content/big.txt" (PR #1248)
✨ feat(wordlist): Added YYYY-MM-DD dates wordlists (PR #1217)
Other changes
🐛 fix(wordlist): Added 'DirBuster-2007' prefix to all DirBuster wordlists
🐛 fix(cicd): Removed trailing spaces from wordlist-updater_default-passwords.yml (PR #1243)
🐛 fix(cicd): Updated paths in the 'Wordlist Updater - Combined directories' pipeline
🐛 fix(docs): Updated filenames that compose 'combined_directories.txt'
🐛 fix(wordlist): Cleaned up '100k-most-used-passwords-NCSC.txt' (PR #1235)
🐛 fix(wordlist): Fixed encoding in "100k-most-used-passwords-NCSC.txt" (PR #1226)
🐛 fix(wordlist): Updated curl-protocols wordlist (PR #1237)
🔧 chore(wordlist): Moved 'curl-protocols.txt' wordlist to the 'Fuzzing' directory
New Contributors
@GoombaProgrammer made their first contribution in #1198
@joseaguardia made their first contribution in #1199
@theclayton made their first contribution in #1204
@rtfmkiesel made their first contribution in #1208
@DaddyBigFish made their first contribution in #1217
@psytester made their first contribution in #1219
@Jhayrolandero made their first contribution in #1223
@kennystrawnmusic made their first contribution in #1224
@liamjones made their first contribution in #1226
@evilgensec made their first contribution in #1235
@robinkarlberg made their first contribution in #1237
@Sh3b0 made their first contribution in #1243
@totobarbar made their first contribution in #1248

下载

✈️ 全球下载通道

  此处内容已隐藏,请评论后刷新页面查看.

🚀 极核加速通道

  此处内容已隐藏,请付费后查看
THE END
实用工具
# 字典合集
想说的话 1  QQ & 微信交流群: 点击查看加群方式
2  本站运营不易,以真心❤️换真心💕,如果帮助到你,可以 推荐给朋友 或者 开通金贝会员 支持一下本站!
3  请不要进行任何非授权的网络攻击,如果造成任何损失均由使用者本人负责,与本站和原作者无关!
点赞79 分享
【字典合集】SecLists-更全面的渗透测试字典 v2025.3 - 极核GetShell
【字典合集】SecLists-更全面的渗透测试字典 v2025.3
⭕此处是支付积分以获取极核加速下载通道,非强制购买!
💎您可以赞助本站,获取金贝会员畅享极核加速下载通道!
✔️在本文回复即可解锁全球下载通道!
10积分
付费阅读
相关推荐
【漏洞扫描】Xray v1.9.11 高级版 - 极核GetShell
【漏洞扫描】Xray v1.9.11 高级版
【漏洞扫描】Xray v1.9.11 高级版
2年前 5552
【云服务利用框架】CF v0.5.0 - 极核GetShell
【云服务利用框架】CF v0.5.0
【云服务利用框架】CF v0.5.0
12个月前 1086
【专业渗透测试框架】Metasploit Pro v4.22.7 高级版 - 极核GetShell
【专业渗透测试框架】Metasploit Pro v4.22.7 高级版
【专业渗透测试框架】Metasploit Pro v4.22.7 高级版
8个月前 3152
【漏洞扫描】HCL AppScan v10.7 高级版 - 极核GetShell
【漏洞扫描】HCL AppScan v10.7 高级版
【漏洞扫描】HCL AppScan v10.7 高级版
2年前 5208
【权限提升】GodPotato v1.20 - 极核GetShell
【权限提升】GodPotato v1.20
【权限提升】GodPotato v1.20
2年前 2097
【SQL注入工具】SQLMAP v1.9.9.4 最新开发版 - 极核GetShell
【SQL注入工具】SQLMAP v1.9.9.4 最新开发版
【SQL注入工具】SQLMAP v1.9.9.4 最新开发版
2年前 4000
【远控工具】GotoHTTP 新一代易用的远程控制工具 - 极核GetShell
【远控工具】GotoHTTP 新一代易用的远程控制工具
【远控工具】GotoHTTP 新一代易用的远程控制工具
1年前 1846
【目录扫描】dirsearch_bypass403 v0.2 - 极核GetShell
【目录扫描】dirsearch_bypass403 v0.2
【目录扫描】dirsearch_bypass403 v0.2
2年前 1599
茶谈区 共717条

请登录后发表评论

    暂无评论内容

【证书培训】网络安全认证课程超低价 - 极核GetShell
极核GetShell - 打破网络安全资源分享边界