d4Rk's 1337 h4x0r guide
About me
Search…
Introduction
Reconnaissance
Recon
OSINT
Enumeration
Network discovery
Port scanning
Webserver scanning
Exploit detection
Fuzzing
Process monitoring
Exploitation
Shells
Passwords
Web
Buffer overflow
Misc
Privilege escalation
Linux
Windows
Post exploitation
Loot
Pivoting
Standalone Tools
Services
TCP
UDP
Misc
File transfer
Overview
Wget
Pure-FTPd
TFTP
VBScript: Wget clone
Misc
Bash
Burp Suite
Crypto
Ebowla
Firefox extensions
Impacket
Memory forensics
Metasploit Framework (MSF)
MITM
Msfvenom
Pass the Hash (PTH)
PowerShell
PowerShell on Linux
Wireshark
Wordlists and dictionaries
Bug Bounty
Platforms
Tools
Powered By GitBook
Wordlists and dictionaries

Related

​Passwords & credentials​

Wordlists

1
/usr/share/wordlists/
Copied!

Password Lists

rockyou

​rockyou.txt Compromise from 2009 from a social game and advertising website

msf

1
/usr/share/metasploit-framework/data/wordlists
Copied!

crackstation-human-only

​crackstation-human-only Real human passwords leaked from various website databases.

m3g0tr0n_Passwords_WordList_CLEANED

​m3g0tr0n_Passwords_WordList_CLEANED List of 122 Million Passwords

SecLists

SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. GitHub - danielmiessler/SecLists​
Common usernames: SecLists/Usernames/Names/names.txt Common passwords: SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt
Search for default creds (e.g. for tomcat)
1
find /usr/share/seclists | grep -i tomcat`
Copied!
Misc - Previous
Wireshark
Next - Bug Bounty
Platforms
Last modified 6mo ago
Copy link
Edit on GitHub
Contents
Related
Wordlists
Password Lists
rockyou
msf
crackstation-human-only
m3g0tr0n_Passwords_WordList_CLEANED
SecLists