Enumeration with Wordlists

Wordlists for assets, usernames and passwords for your pentest

Directory Enumeration

gobuster

Gobuster to burp --proxy, hide responses with specific response length (--ex*), ignore TLS cert (-k)

gobuster

gobuster dir --url https://a/api --wordlist /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -k -r -b 500,404 -t 1 --timeout 25s --exclude-length 47340 --proxy http://127.0.0.1:8080 -o gobuster-apwfuzz

Wfuzz

Wfuzz can ignore specific HTTP response status codes.

wfuzz -c --hc 302 -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt https://example.com/FUZZ

wfuzz with HTTP proxy

Chain wfuzz with HTTP Proxy such Burp, handy when a dictionary is too big. You can specify maximum timeout for a request (--req-delay 1000) and number of threats (-t1). Use (-Z) to ignore connection errors.

wfuzz  -t1 -c --hc 302 --req-delay 1000 -Z  --sc 200,202,204,307,403 -f ./wfuzz_out.txt -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -p 127.0.0.1:8080:HTTP https://example.com/FUZZ   

kiterunner

https://github.com/assetnote/kiterunner

kr scan http://10.10.0.200:5000/users -A=httparchive_apiroutes_2024_01_28.txt -x 1 kiterunner

REST API FUZZY LIST

https://www.sqrsec.com/api-fuzzing-lists

REST API - OpenAPI, Swagger

/api
/api-docs
/api/api-docs
/api/docs
/api/openapi.json
/api/openapi.yaml
/api/swagger.json
/api/swagger.yaml
/api/v1/openapi.json
/api/v1/openapi.yaml
/api/v1/swagger.json
/api/v1/swagger.yaml
/api/v2/openapi.json
/api/v2/openapi.yaml
/api/v2/swagger.json
/api/v2/swagger.yaml
/openapi
/openapi-docs
/openapi-resources
/openapi-ui.html
/openapi.json
/openapi.yaml
/openapi/api-docs
/openapi/api-docs
/openapi/docs
/openapi/index.html
/openapi/v1/api-docs
/openapi/v1/openapi.json
/openapi/v1/openapi.json/
/openapi/v1/openapi.yaml
/openapi/v2/api-docs
/openapi/v2/openapi.json
/openapi/v2/openapi.yaml
/static/api/openapi.json
/static/api/openapi.yaml
/static/api/swagger.json
/static/api/swagger.yaml
/swagger-resources
/swagger-ui.html
/swagger.json
/swagger.yaml
/swagger/api-docs
/swagger/index.html
/swagger/v1/api-docs
/swagger/v1/swagger.json
/swagger/v1/swagger.json/
/swagger/v1/swagger.yaml
/swagger/v2/api-docs
/swagger/v2/swagger.json
/swagger/v2/swagger.yaml
/ui
/v1/api-docs
/v1/openapi-docs
/v2/api-docs
/v2/openapi-docs

Admin panels

https://github.com/Karanxa/Bug-Bounty-Wordlists/blob/main/admin.txt

Usernames

https://github.com/danielmiessler/SecLists/tree/master/Usernames

https://github.com/insidetrust/statistically-likely-usernames

Passwords

https://wiki.skullsecurity.org/index.php/Passwords

Accounts

A quick list for application and user accounts enumeration

Admin
Administrator
adm
admin
administrator
alex
ali
ana
andrea
anna
ansible
antonio
api
app
appadmin
author
azureuser
backup
bwsa
carlos
daniel
david
designer
ec2-user
ftp
ftpuser
git
guest
hadoop
hbv7
info
jose
kisadmin
laura
local
localadmin
marco
maria
michael
mysql
nagios
operator
oracle
pi
postgres
puppet
root
sa
sandra
sara
service
su
super
superadmin
support
test
test1
test2
ts3
ubnt
ubuntu
user
user1
user2
users
usuario
vagrant
vice
writer
wwo
www

Projects

Assetnote Wordlistswordlists.assetnote.io

GitHub - bhavesh-pardhi/Wordlist-Hub: Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utilized by bug hunters, penetration testers, and security enthusiasts during their reconnaissance and vulnerability assessment processes.GitHub

GitHub - trickest/wordlists: Real-world infosec wordlists, updated regularlyGitHub

GitHub - gmelodie/awesome-wordlists: A curated list of wordlists for bruteforcing and fuzzingGitHub

References

Stok epic video about wordlists.