Enumeration with Wordlists

Wordlists for assets, usernames and passwords for your pentest

Projects

Directory Enumeration

wfuzz

Wfuzz can ignore specific HTTP response status codes.

wfuzz -c --hc 302 -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt https://example.com/FUZZ

wfuzz with HTTP proxy

Chain wfuzz with HTTP Proxy such Burp, handy when a dictionary is too big. You can specify maximum timeout for a request (--req-delay 1000) and number of threats (-t1). Use (-Z) to ignore connection errors.

wfuzz  -t1 -c --hc 302 --req-delay 1000 -Z  --sc 200,202,204,307,403 -f ./wfuzz_out.txt -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -p 127.0.0.1:8080:HTTP https://example.com/FUZZ   

REST API - OpenAPI, Swagger

/api
/api-docs
/api/api-docs
/api/docs
/api/openapi.json
/api/openapi.yaml
/api/swagger.json
/api/swagger.yaml
/api/v1/openapi.json
/api/v1/openapi.yaml
/api/v1/swagger.json
/api/v1/swagger.yaml
/api/v2/openapi.json
/api/v2/openapi.yaml
/api/v2/swagger.json
/api/v2/swagger.yaml
/openapi
/openapi-docs
/openapi-resources
/openapi-ui.html
/openapi.json
/openapi.yaml
/openapi/api-docs
/openapi/api-docs
/openapi/docs
/openapi/index.html
/openapi/v1/api-docs
/openapi/v1/openapi.json
/openapi/v1/openapi.json/
/openapi/v1/openapi.yaml
/openapi/v2/api-docs
/openapi/v2/openapi.json
/openapi/v2/openapi.yaml
/static/api/openapi.json
/static/api/openapi.yaml
/static/api/swagger.json
/static/api/swagger.yaml
/swagger-resources
/swagger-ui.html
/swagger.json
/swagger.yaml
/swagger/api-docs
/swagger/index.html
/swagger/v1/api-docs
/swagger/v1/swagger.json
/swagger/v1/swagger.json/
/swagger/v1/swagger.yaml
/swagger/v2/api-docs
/swagger/v2/swagger.json
/swagger/v2/swagger.yaml
/ui
/v1/api-docs
/v1/openapi-docs
/v2/api-docs
/v2/openapi-docs

Admin panels

https://github.com/Karanxa/Bug-Bounty-Wordlists/blob/main/admin.txt

Usernames

https://github.com/danielmiessler/SecLists/tree/master/Usernames

https://github.com/insidetrust/statistically-likely-usernames

Passwords

https://wiki.skullsecurity.org/index.php/Passwords

Accounts

A quick list for application and user accounts enumeration

Admin
Administrator
adm
admin
administrator
alex
ali
ana
andrea
anna
ansible
antonio
api
app
appadmin
author
azureuser
backup
bwsa
carlos
daniel
david
designer
ec2-user
ftp
ftpuser
git
guest
hadoop
hbv7
info
jose
kisadmin
laura
local
localadmin
marco
maria
michael
mysql
nagios
operator
oracle
pi
postgres
puppet
root
sa
sandra
sara
service
su
super
superadmin
support
test
test1
test2
ts3
ubnt
ubuntu
user
user1
user2
users
usuario
vagrant
vice
writer
wwo
www

References

Stok epic video about wordlists.

Last updated