Rockyou for web fuzzing
V2 released! Now you can build your own wordlists with the same method and this release includes a short wordlist. Base wordlists provided in /dict folder. See Method 3
ffuf -c -w onelistforall.txt -u [target.com]/FUZZ- Git clone and extract:
git clone https://github.com/six2dez/OneListForAll && cd OneListForAll
7z x onelistforall.7z.001- Fuzz with the best tool ffuf :)
ffuf -c -w onelistforall.txt -u [target.com]/FUZZBuild your own wordlists!
-
Add your wordlists to dict/ folder with suffix _short.txt for short wordlist and _long.txt for the full wordlist.
-
Run ./olfa.sh (olfa -> One List For All) and you will have onelistforall.txt file and onelistforallshort.txt.
-
Fuzz with the best tool ffuf :)
ffuf -c -w onelistforall.txt -u [target.com]/FUZZIn the fields that both lists coincide, the short one has the content but in less quantity, only the most relevant.
Both lists have:
- First slash (/) removed, lines that have it is on purpose.
- Removed special chars or crash chars such as `' sqlis, xss, etc
- Trimmed trailing whitespaces
- Removed comments (lines starting with #)
| Year | Short | Full |
|---|---|---|
| Size | 5M | 180M |
| Lines | 344644 | 9117326 |
| Extension specific | ✓ | ✔️ |
| Config files | ✓ | ✔️ |
| Admin panels | ✓ | ✔️ |
| Dotfiles | ✓ | ✔️ |
| Backup files/folders | ✓ | ✔️ |
| LFI | ✓ | ✔️ |
| Multilanguage dicts | ✓ | ✔️ |
| Extension specific | ✓ | ✔️ |
| CMS specific | ✓ | ✔️ |
| Robots Disallowed | ✓ | ✔️ |
| Software specific | ✓ | ✔️ |
| Usernames | ✗ | ✔️ |
| Words | ✗ | ✔️ |
| Subdomains | ✗ | ✔️ |
This is a wordlist for fuzzing purposes made from the best wordlists currently available, lowercased and deduplicated later with duplicut. The lists used have been some selected within these repositories:
- fuzzdb
- SecLists
- xmendez
- minimaxir
- TheRook
- danielmiessler
- swisskyrepo
- 1N3
- cujanovic
- lavalamp
- ics-default
- jeanphorn
- j3ers3
- nyxxxie
- dirbuster
- dotdotpwn
- hackerone_wordlist
- commonspeak2
- bruteforce-list
Feel free to contribute, PR are welcomed.
You can support this work buying me a coffee:
