Wordlists Cheat Sheet

Extensions

#All for fuzzing
1,2,3,bac,backup,bak,cache,conf,config,cs,csproj,dif,err,gz,inc,ini,java,json,jsp,map,log,lst,old,orig,part,php,rej,sass-cache,sav,save,save.1,sublime-project,sublime-workspace,swp,tar,tar.gz,temp,templ,tmp,txt,un~,vb,vbproj,vi,zip,0,s,_,dist,~,~1,~bk,asp,axd,aspx,ashx,js,class,ts,xml,ps1

#General
bak,sql,zip,xml,old,inc,backup,js,json,passwd,conf,log,yml,yaml,txt

#ASP.NET/IIS
asp,aspx,asmx,cfg,config,xml,web,dll,exe,wasm,wadl,axd,resx,wsdl,xsd,htm,ashx,cs,sln,asax

#Java
jsp,jsf,xhtml,xml,class,java,jar,seam,faces,shtml,ifaces,do,action,jspf,properties

#NodeJS
js,json,yaml,lock,yml,md,basejs

Combine & Sort Wordlists

#Combine wordlists:
cat file1.txt file2.txt file3.txt > combined_list.txt

#Sort unique:
sort combined_list.txt | uniq -u > cleaned_combined_list.txt

Pre-installed (Kali)

#Base path
/usr/share/wordlists/
#dirb
/usr/share/dirb/wordlists
#dirbuster
/usr/share/dirbuster/wordlists
#dnsmap
/usr/share/dnsmap/wordlist_TLAs.txt
#fasttrack
/usr/share/set/src/fasttrack/wordlist.txt
#wifi-cracker
/usr/share/fern-wifi-cracker/extras/wordlists
#metasploit
/usr/share/metasploit-framework/data/wordlists
#nmap
/usr/share/nmap/nselib/data/passwords.lst
#sqlmap
/usr/share/sqlmap/txt/wordlist.txt
#wfuzz
/usr/share/wfuzz/wordlist
#rockyou
/usr/share/wordlists/rockyou.txt

Crunch

# Usage
crunch <minimum-length> <maximum-length> [charset]
@ # lower case alpha characters
, # upper case alpha characters
% # numeric characters
^ # special characters including space

crunch 6 6 -t pass%% -o file1.txt
# Output
pass00
pass01
pass02

crunch 5 5 -t ddd@@ -o j -p dog cat bird -o file2.txt
# Output
birdcatdogaa
birdcatdogab
birdcatdogac
<skipped>
dogcatbirdzy

crunch 7 7 -t p@ss,%^ -l a@aaaaa -o file3.txt
# Output
p@ssA0!
p@ssA0@
p@ssA0#
p@ssA0$
<skipped>
p@ssZ9

CUPP (Common User Passwords Profiler)

CUPP is an automatic and interactive tool written in Python for creating custom wordlists. For instance, if you know some details about a specific target, such as their birthdate, pet name, company name, etc., this could be a helpful tool to generate passwords based on this known information.

git clone https://github.com/Mebus/cupp.git
python3 cupp.py
python3 cupp.py -i #Interactive questions for user password profiling
python3 cupp.py -l #Download huge wordlists from repository
python3 cupp.py -a #Parse default usernames and passwords directly from Alecto DB

CeWL (Custom Word List generator)

cewl -w list.txt -d 5 -m 5 http://thm.labs
    -w #will write the contents to a file. In this case, list.txt.
    -m 5 #gathers strings (words) that are 5 characters or more
    -d 5 #is the depth level of web crawling/spidering (default 2)
    http://thm.labs #is the URL that will be used

RSMangler (Permutation)

RSMangler will take a wordlist and perform various manipulations on it. It will first take the input words and generate all permutations and the acronym of the words (in order they appear in the file) before it applies the rest of the mangles

# Basic usage
rsmangler --file wordlist.txt

#To pass the initial words in on standard in do:
cat wordlist.txt | rsmangler

#To send the output to a file:
rsmangler --file wordlist.txt --output mangled.txt

Username Generator

git clone https://github.com/therodri2/username_generator.git
cd username_generator
python3 username_generator.py -h
    usage: username_generator.py [-h] -w wordlist [-u]
    Python script to generate user lists for bruteforcing!
    optional arguments:
      -h, --help show this help message and exit
      -w <wordlist>, --wordlist <wordlist> Specify path to the wordlist
      -u, --uppercase Also produce uppercase permutations. Disabled by default

#Example
echo "John Smith" > users.lst
python3 username_generator.py -w users.lst

Number Generator

Vault-Tec Terminal

CheatSheets

Active Directory

Cloud

Container

Linux

Network

Tech Stack

Windows

Web Application