❎
wiki.hackerlab.cz
  • About me
  • Vulnerability Assessment
  • CLOUD PENTESTING
    • AWS
    • Microsoft Azure
  • REST API - Bypasses and Privilege Escalations
  • Web Pentesting
    • LDAP Injection
    • Django ORM Exploitation
    • HTTP Request Smuggling
    • Server Side Template Injection (SSTI)
    • Insecure Deserialization
    • Brute force
    • Shell Fu - Oneliners
    • CORS
    • Special Chars & NULL Bytes
    • XSS
    • XXE
    • Nuclei
    • SQL Injection
    • Blind SQL Injection
    • SQLmap
    • NoSQL Injection
    • CRLF Injection
    • Input Validation - Fuzz1
    • HTTP Headers - X-Forwarded
    • Log4j
    • Enumeration with Wordlists
    • Bug Bounty - Web Recon
    • HTTP Proxy Override
    • CSV Injection
    • Windows Forbidden File Names
    • Path Traversal
    • OS Command Injection
    • Open Redirect
    • JWT Token
    • Burp Extensions - TokenJAR & ATOR
    • Upload RCE
    • GUID and UUIDs
  • Toolset
    • Git - Repo and Tools
    • Docker for Pentesters
  • Infrastructure Pentesting
    • Active Directory (AD)
      • Vulnerable Machines (labs)
      • Pass the hash
      • Azure Active Directory
      • Password Cracking
      • Domain Enumeration
      • LLMNR Poisoning with Responder
      • HTB Forest
      • LDAP
      • WinRM
      • SMB & RPC Enumeration
      • SMB Relay
      • Impacket
      • Bloodhound
      • OWA Exchange Server 2019
      • Active Directory Web Services (ADWS)
      • Active Directory Attacks
    • Mail Server Attacks
    • NFS Enumeration
    • Windows PostExploitation
      • Windows Enumeration
      • Powershell Payloads
      • Add RDP Account & Ride on Meterpreter
    • Dump File Analysis
  • Other Pentest Projects
    • Security Projects
  • WIFI Pentesting
    • Kali Linux - Alpha card AWUS 1900 (VirtualBox)
    • Active Card & Monitor Mode
    • Aircrack-ng Suite
  • Certs
    • Burp Suite Certified Practitioner
  • Linux
    • Network Manager
  • Books
    • The Hacker Playbook 3
Powered by GitBook
On this page
  • Directory Enumeration
  • REST API FUZZY LIST
  • REST API - OpenAPI, Swagger
  • Admin panels
  • Usernames
  • Passwords
  • Accounts
  • Projects
  • References

Was this helpful?

  1. Web Pentesting

Enumeration with Wordlists

Wordlists for assets, usernames and passwords for your pentest

PreviousLog4jNextBug Bounty - Web Recon

Last updated 8 months ago

Was this helpful?

Directory Enumeration

gobuster

Gobuster to burp --proxy, hide responses with specific response length (--ex*), ignore TLS cert (-k)

gobuster
gobuster dir --url https://a/api --wordlist /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -k -r -b 500,404 -t 1 --timeout 25s --exclude-length 47340 --proxy http://127.0.0.1:8080 -o gobuster-apwfuzz

Wfuzz

Wfuzz can ignore specific HTTP response status codes.

wfuzz -c --hc 302 -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt https://example.com/FUZZ

wfuzz with HTTP proxy

Chain wfuzz with HTTP Proxy such Burp, handy when a dictionary is too big. You can specify maximum timeout for a request (--req-delay 1000) and number of threats (-t1). Use (-Z) to ignore connection errors.

wfuzz  -t1 -c --hc 302 --req-delay 1000 -Z  --sc 200,202,204,307,403 -f ./wfuzz_out.txt -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -p 127.0.0.1:8080:HTTP https://example.com/FUZZ

kiterunner

kr scan http://10.10.0.200:5000/users -A=httparchive_apiroutes_2024_01_28.txt -x 1 kiterunner

REST API FUZZY LIST

REST API - OpenAPI, Swagger

/api
/api-docs
/api/api-docs
/api/docs
/api/openapi.json
/api/openapi.yaml
/api/swagger.json
/api/swagger.yaml
/api/v1/openapi.json
/api/v1/openapi.yaml
/api/v1/swagger.json
/api/v1/swagger.yaml
/api/v2/openapi.json
/api/v2/openapi.yaml
/api/v2/swagger.json
/api/v2/swagger.yaml
/openapi
/openapi-docs
/openapi-resources
/openapi-ui.html
/openapi.json
/openapi.yaml
/openapi/api-docs
/openapi/api-docs
/openapi/docs
/openapi/index.html
/openapi/v1/api-docs
/openapi/v1/openapi.json
/openapi/v1/openapi.json/
/openapi/v1/openapi.yaml
/openapi/v2/api-docs
/openapi/v2/openapi.json
/openapi/v2/openapi.yaml
/static/api/openapi.json
/static/api/openapi.yaml
/static/api/swagger.json
/static/api/swagger.yaml
/swagger-resources
/swagger-ui.html
/swagger.json
/swagger.yaml
/swagger/api-docs
/swagger/index.html
/swagger/v1/api-docs
/swagger/v1/swagger.json
/swagger/v1/swagger.json/
/swagger/v1/swagger.yaml
/swagger/v2/api-docs
/swagger/v2/swagger.json
/swagger/v2/swagger.yaml
/ui
/v1/api-docs
/v1/openapi-docs
/v2/api-docs
/v2/openapi-docs

Admin panels

Usernames

Passwords

Accounts

A quick list for application and user accounts enumeration

Admin
Administrator
adm
admin
administrator
alex
ali
ana
andrea
anna
ansible
antonio
api
app
appadmin
author
azureuser
backup
bwsa
carlos
daniel
david
designer
ec2-user
ftp
ftpuser
git
guest
hadoop
hbv7
info
jose
kisadmin
laura
local
localadmin
marco
maria
michael
mysql
nagios
operator
oracle
pi
postgres
puppet
root
sa
sandra
sara
service
su
super
superadmin
support
test
test1
test2
ts3
ubnt
ubuntu
user
user1
user2
users
usuario
vagrant
vice
writer
wwo
www

Projects

References

about wordlists.

https://github.com/assetnote/kiterunner
https://www.sqrsec.com/api-fuzzing-lists
https://github.com/Karanxa/Bug-Bounty-Wordlists/blob/main/admin.txt
https://github.com/danielmiessler/SecLists/tree/master/Usernames
https://github.com/insidetrust/statistically-likely-usernames
https://wiki.skullsecurity.org/index.php/Passwords
Stok epic video
LogoAssetnote Wordlists
LogoGitHub - bhavesh-pardhi/Wordlist-Hub: Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utilized by bug hunters, penetration testers, and security enthusiasts during their reconnaissance and vulnerability assessment processes.GitHub
LogoGitHub - trickest/wordlists: Real-world infosec wordlists, updated regularlyGitHub
LogoGitHub - gmelodie/awesome-wordlists: A curated list wordlists for bruteforcing and fuzzingGitHub