SecLists is a comprehensive collection of security testing lists maintained by Daniel Miessler, Jason Haddix, and g0tmi1k. The repository contains multiple types of lists used during security assessments and penetration testing activities. The collection includes usernames and passwords for credential testing, URLs for web application testing, sensitive data patterns for data discovery, fuzzing payloads for input validation testing, and web shells for post-exploitation activities. The repository serves as a centralized resource for security professionals conducting various types of security assessments. Users can clone the 1.2 GB repository to access all available lists for their testing purposes. The project provides organized collections of data that support different phases of security testing, from reconnaissance to exploitation.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
A digital archive of the internet, allowing users to capture and browse archived web pages.
A command that builds and executes command lines from standard input, allowing for the execution of commands with multiple arguments.
Explore the top million websites, ranked by referring subnets, and gain insights into online influence and popularity.
SharpShares efficiently enumerates and maps network shares and resolves names within a domain.
SharpEDRChecker scans system components to detect security products and tools.
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.