Introdução | Wordlist, Mentalist | Solyd One
- Introdução | Wordlist, Mentalist | Solyd One
info
No Kali Linux, as wordlists ficam no diretório /usr/share/wordlist
danger
O programa chamado mentalist cria wordlist
Instalando o Seclist - projeto que contém senhas e usuários
sudo apt update
sudo apt install seclists -y
Tabela de recomendações (quando precisar de users / passwords)
| Necessidade | Caminho(s) recomendados (copia/cole) |
|---|---|
| Usuários / Usernames (top lists) | /usr/share/wordlists/seclists/Usernames/ |
| /usr/share/wordlists/john.lst | |
| Senhas (listas grandes: rockyou, secLists passwords) | /usr/share/wordlists/rockyou.txt.gz |
| /usr/share/wordlists/seclists/Passwords/ | |
| Diretórios / Web-content (enumeração web) | /usr/share/wordlists/dirb/ |
| /usr/share/wordlists/dirbuster/ | |
| /usr/share/wordlists/seclists/Discovery/Web-Content/ | |
| Fuzzing / wfuzz payloads | /usr/share/wordlists/wfuzz/ |
| Subdomínios / recon / amass lists | /usr/share/wordlists/amass/ |
| /usr/share/wordlists/dnsmap.txt | |
| Nmap scripts / NSE-related lists | /usr/share/wordlists/nmap.lst |
| Wi-Fi / wireless wordlists | /usr/share/wordlists/fern-wifi/ |
| /usr/share/wordlists/wifite.txt | |
| SQL / sqlmap wordlists | /usr/share/wordlists/sqlmap.txt |
| Metasploit-related lists | /usr/share/wordlists/metasploit/ |
Tabela guia SECLISTS
| Necessidade | Caminho(s) recomendados (copia/cole) |
|---|---|
| Usuários / Usernames (top lists) | /usr/share/seclists/Usernames/ |
| /usr/share/wordlists/john.lst | |
| Senhas / Passwords (genéricas) | /usr/share/seclists/Passwords/ |
| /usr/share/seclists/Passwords/Common-Credentials/ | |
| /usr/share/seclists/Passwords/Leaked-Databases/ | |
| LFI (Linux) | /usr/share/seclists/Fuzzing/LFI/LFI-gracefulsecurity-linux.txt |
| LFI (Windows) | /usr/share/seclists/Fuzzing/LFI/LFI-gracefulsecurity-windows.txt |
| Path Traversal | /usr/share/seclists/Fuzzing/ |
| RFI / PHP Wrappers | /usr/share/seclists/Fuzzing/ |
| Directory Bruteforce (Web) | /usr/share/seclists/Discovery/Web-Content/ |
| /usr/share/seclists/Discovery/Web-Content/common.txt | |
| /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt | |
| Subdomains | /usr/share/seclists/Discovery/DNS/ |
| /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt | |
| API / Endpoints | /usr/share/seclists/Discovery/Web-Content/api/ |
| Parâmetros HTTP (Parameter Mining) | /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt |
| Fuzzing geral (payloads variados) | /usr/share/seclists/Fuzzing/ |
| SQL Injection payloads | /usr/share/seclists/Fuzzing/SQLi/ |
| XSS payloads | /usr/share/seclists/Fuzzing/XSS/ |
| JWT / Tokens | /usr/share/seclists/Fuzzing/JWT/ |
| Extensões de arquivos | /usr/share/seclists/Discovery/Web-Content/web-extensions.txt |
| CMS (WordPress, Joomla, etc) | /usr/share/seclists/Discovery/Web-Content/CMS/ |
| User-Agents | /usr/share/seclists/Miscellaneous/User-Agents/ |
| Robots / Backup files | /usr/share/seclists/Discovery/Web-Content/ |