{"id":167,"date":"2021-04-24T18:49:58","date_gmt":"2021-04-24T18:49:58","guid":{"rendered":"https:\/\/sirensecurity.io\/blog\/?p=167"},"modified":"2021-04-24T19:26:45","modified_gmt":"2021-04-24T19:26:45","slug":"seclists","status":"publish","type":"post","link":"https:\/\/sirensecurity.io\/blog\/seclists\/","title":{"rendered":"Seclists."},"content":{"rendered":"\n<div class=\"wp-block-cover has-background-dim\"><img loading=\"lazy\" decoding=\"async\" width=\"4160\" height=\"2751\" class=\"wp-block-cover__image-background wp-image-89\" alt=\"\" src=\"https:\/\/sirensecurity.io\/blog\/wp-content\/uploads\/2021\/04\/3.jpg\" data-object-fit=\"cover\"\/><div class=\"wp-block-cover__inner-container is-layout-flow wp-block-cover-is-layout-flow\">\n<p class=\"has-text-align-center has-medium-font-size\">Your Fuzzing &amp; Busting Enumeration is only as good as the wordlist you have.<\/p>\n<\/div><\/div>\n\n\n\n<p>What is a Seclist?<br>A Seclist (Security List) is a large list of words or payloads with the intention of being thorough with assessments.  <br>Are you using wordlists that are either maintained or worked on by the Community? <br><br>When testing for <strong>Sanitization of User Input<\/strong> in your Web Assessments - make sure to check here!<br><br><em><strong>I got you.<\/strong><\/em><br><br>+ <strong>Seclists.<\/strong><br><a href=\"https:\/\/github.com\/danielmiessler\/SecLists\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/github.com\/danielmiessler\/SecLists<\/a><\/p>\n\n\n\n<p><br><strong>[ Here are some wordlists that I think are pretty important]<\/strong><br><br>+ <strong>Busting Files\/Directories.<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Discovery\/Web-Content\/raft-medium-directories.txt\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Discovery\/Web-Content\/raft-medium-directories.txt<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Discovery\/Web-Content\/raft-medium-directories.txt\" target=\"_blank\">https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Discovery\/Web-Content\/raft-medium-files.txt<\/a><br><\/p>\n\n\n\n<p>You can obviously use the large versions of RAFT if you would like.<br><\/p>\n\n\n\n<p id=\"seclists\"><br><br>+ <strong>Checking to see if a page has data parameters that are not from the User-End of a web application?<\/strong><br><a rel=\"noreferrer noopener\" href=\"https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Discovery\/Web-Content\/burp-parameter-names.txt\" target=\"_blank\">https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Discovery\/Web-Content\/burp-parameter-names.txt<\/a><\/p>\n\n\n\n<p><br><br>+ <strong>XSS (<\/strong><em>Cross Site Scripting<\/em><strong>) Checks:<\/strong><br><a href=\"https:\/\/github.com\/payloadbox\/xss-payload-list\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/github.com\/payloadbox\/xss-payload-list<\/a><\/p>\n\n\n\n<p><br><strong>+ LFI<\/strong> (<em>Local File Inclusion<\/em>) <strong>Checks:<\/strong><br><a rel=\"noreferrer noopener\" href=\"https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Fuzzing\/LFI\/LFI-Jhaddix.txt\" target=\"_blank\">https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Fuzzing\/LFI\/LFI-Jhaddix.txt<br><\/a><br><strong>+ Command Injection<\/strong> <strong>Checks:<\/strong><br><a rel=\"noreferrer noopener\" href=\"https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Fuzzing\/command-injection-commix.txt\" target=\"_blank\">https:\/\/raw.githubusercontent.com\/danielmiessler\/SecLists\/master\/Fuzzing\/command-injection-commix.txt<\/a><br><br><strong>+ SQL Injection Checks:<\/strong><br><a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/trietptm\/SQL-Injection-Payloads\/blob\/master\/LINKS.md\" target=\"_blank\">https:\/\/github.com\/trietptm\/SQL-Injection-Payloads\/blob\/master\/LINKS.md<br><\/a><br><br>+ <strong>Also See Payloads All The Things.<\/strong><br><a href=\"https:\/\/github.com\/swisskyrepo\/PayloadsAllTheThings\n\">https:\/\/github.com\/swisskyrepo\/PayloadsAllTheThings<br><\/a><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is a Seclist?A Seclist (Security List) is a large list of words or payloads with the intention of being thorough with assessments. Are you using wordlists that are either maintained or worked on by the Community? When testing for Sanitization of User Input in your Web Assessments - make sure to check here! I [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":89,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[4,6,9,7],"class_list":["post-167","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-s1ren","tag-s1ren","tag-seclists","tag-wordlist","tag-wordlists"],"_links":{"self":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts\/167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/comments?post=167"}],"version-history":[{"count":14,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts\/167\/revisions"}],"predecessor-version":[{"id":196,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/posts\/167\/revisions\/196"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/media\/89"}],"wp:attachment":[{"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/media?parent=167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/categories?post=167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sirensecurity.io\/blog\/wp-json\/wp\/v2\/tags?post=167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}