rix4uni/WordList

# 词表 自定义 fuzzing 词表 `fuzzing_list.txt` ``` cat urls.txt | sed 's|\(.*\)/[^/]*$|\1|' | cut -d"/" -f4,5,6,7,8,9,10,11 | tr "/" "\n" | sed '/^$/d' | anew fuzzing_list.txt ``` 自定义 DNS 词表 `dns-wordlist.txt` ``` cat alltargets.txt | sed 's/\.[^.]*$//' | tr "." "\n" | egrep -v '^[0-9]*$' | anew dns-wordlist.txt ``` 扫描这些 URL 以排查 nuclei 错误配置 `urls-for-nuclei.txt` ``` cat urls.txt | grep -E "^https?://[^/]+/.+" | cut -d"/" -f1-4 | anew -q urls-for-nuclei.txt ;cat urls.txt | grep -E "^https?://[^/]+/.+" | cut -d"/" -f1-5 | anew -q urls-for-nuclei.txt ;cat urls.txt | grep -E "^https?://[^/]+/.+" | cut -d"/" -f1-6 | anew -q urls-for-nuclei.txt ``` `default-username-password.txt` ``` curl -s "https://raw.githubusercontent.com/rix4uni/WordList/main/default-username-password.txt"|cut -d":" -f1 | tee -a username.txt && curl -s "https://raw.githubusercontent.com/rix4uni/WordList/main/default-username-password.txt"|cut -d":" -f2 | tee -a password.txt ``` 自定义参数词表 `params.txt` ``` cat urls.txt | grep "\.php?" | uro | grep "?" | cut -f2 -d"?" | cut -f1 -d"=" | sed '/^\s*$/d'| anew params.txt ``` 自定义 fuzzing 词表 `onelistforall.txt` ``` curl -s "https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt" | anew -q onelistforall.txt && curl -s "https://raw.githubusercontent.com/six2dez/OneListForAll/main/onelistforallmicro.txt" | anew -q onelistforall.txt && curl -s "https://raw.githubusercontent.com/six2dez/OneListForAll/main/onelistforallshort.txt" | anew -q onelistforall.txt && curl -s "https://raw.githubusercontent.com/ayoubfathi/leaky-paths/main/leaky-paths.txt" | anew -q onelistforall.txt && curl -s "https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt" | anew -q onelistforall.txt && curl -s "https://raw.githubusercontent.com/abdallaabdalrhman/Wordlist-for-Bug-Bounty/main/great_wordlist_for_bug_bounty.txt" | anew -q onelistforall.txt && curl -s "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-large-directories.txt" | anew -q onelistforall.txt && curl -s "https://wordlists-cdn.assetnote.io/data/automated/httparchive_php_2020_11_18.txt" | anew -q onelistforall.txt && curl -s "https://wordlists-cdn.assetnote.io/data/automated/httparchive_aspx_asp_cfm_svc_ashx_asmx_2020_11_18.txt" | anew -q onelistforall.txt && curl -s "https://wordlists-cdn.assetnote.io/data/automated/httparchive_jsp_jspa_do_action_2022_08_28.txt" | anew -q onelistforall.txt ``` ## payloads - 前 50 个 => `*-small.txt` - 前 500 个 => `*-medium.txt` - 不限数量的所有 payloads => `*-large.txt`，如果超过 50MB 则为 `*-large-1.txt`, `*-large-2.txt` ## technologies - 不限数量的所有 technologies => `techname/techname.txt`，如果超过 50MB 则为 `techname/techname-1.txt`, `techname/techname-2.txt` ## nuclei-technologies 使用：[nuclei-wordlist-generator.go](https://github.com/rix4uni/WordList/blob/main/wordlist-generator-tools/nuclei-wordlist-generator.go) - `techname/techname-unknown.txt` - `techname/techname-info.txt` - `techname/techname-low.txt` - `techname/techname-medium.txt` - `techname/techname-high.txt` - `techname/techname-critical.txt` - `techname/techname-all.txt`

标签：Bug Bounty, DNS枚举, EVTX分析, Fuzzing, Google, IP 地址批量处理, Nuclei, SEO安全, SMB, Web安全, Wordlist, 参数Fuzz, 可自定义解析器, 字典, 安全测试, 密码管理, 攻击性安全, 数据展示, 文本处理, 日志审计, 用户名密码, 目录枚举, 移动安全, 红队, 网络安全工具, 蓝队分析, 赏金猎人, 路径扫描, 错误配置检测, 默认密码