--- tags: Seclists, Cyber Shujaa --- tags: `Seclists` `Cyber Shujaa` # Seclists/Wordlists: 📃 ![](https://i.imgur.com/oXqiStn.jpg) A Wordlist is ***a written collection of all words derived from a particular source, or sharing some other characteristic.*** Seclists is one of the best collections of wordlists. Seclists was coined from the words "Security" and "Lists". Generally it is ***a collection of multiple types of lists used during security assessments and brute forcing***. This lists usually contain various types of commonly used usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, web shells and many more. :::info :information_source: In some Linux environments, the word ***Seclists*** is use interchangeably with **Wordlists** to refer to the same collection. ::: Seclists are especially, a very important arsenal for a pen tester to have in their bag of tricks. Knowing how to get them and use them is key for security testing scenarios. ## Installation: 1. Using Linux Package Tool: a. To install, open terminal and run apt install command as below ![](https://i.imgur.com/bKD5H04.png) *(NB: The files are approx. 1.51GB, and so download speeds depend on your internet)* b. Once installed, you can access the lists from **/usr>>/share** directories as below ![](https://i.imgur.com/8I54Yeh.png) 2. Using GitHub Repos: a. Search for the desired repo containing Seclists from GitHub ![](https://i.imgur.com/5KuMOco.png) b. You get a list of Seclists repos that you can choose from ![](https://i.imgur.com/t67DyNL.png) c. Select one and either: __ i. Download as zip and unzip the folder ![](https://i.imgur.com/UqFrfVp.png) __ ii. Use git clone to download the repo if you have git installed and setup ![](https://i.imgur.com/uPZK4J2.png) ## Usage: The Seclists can be used in a myriad of scenarios e.g. a. During Discovery, to gather information about the target and move forward accordingly. This phase may include enumerating the target for different things like subdomains, open ports, running services, etc. using for example *DirBuster* b. Fuzzing, where a pen tester might try to feed large volumes of inaccurate data like payloads into an input field until a bug or a vulnerability is found. Example of Seclists use to Enumerate URLs with Ffuf ![](https://i.imgur.com/foqNKKK.png) ---- ## Bonus:🎉 - The most common and widely used Seclist GitHub repo: https://github.com/danielmiessler/SecLists - You can learn more about fuffing from below: https://github.com/ffuf/ffuf https://www.youtube.com/watch?v=aN3Nayvd7FU