All Rights Reserved © 2026 The Domain
Disclaimer: SecLists is intended for educational purposes and authorized security testing only. Using these lists against systems you do not own or have permission to test is illegal.
| Feature | Description | |---------|-------------| | | RockYou, 10-million password list, common passwords, default credentials | | Usernames | Top usernames, common admin names, names from breaches | | Subdomains | Massive subdomain lists (from DNS dumpster, common names, etc.) | | Fuzzing | SQLi, XSS, LFI, XXE, and other injection payloads | | Web Content | Directory/file brute-force lists (common directories, backup files, logs, etc.) | | Pattern Matching | Regex patterns for credit cards, SSNs, API keys, etc. | | Misc | User-agents, fuzzing strings, secrets, and RT (real-time) wordlists | seclists.org
While the website seclists.org is the primary portal, the project is actively maintained on GitHub. The site serves as a clean, directory-browsable interface to download these lists or view them directly in the browser. It saves testers from having to generate their own dictionaries from scratch, providing crowdsourced, optimized lists derived from years of real-world breaches and testing scenarios. | | Misc | User-agents, fuzzing strings, secrets,
Disclaimer: SecLists is intended for educational purposes and authorized security testing only. Using these lists against systems you do not own or have permission to test is illegal.
| Feature | Description | |---------|-------------| | | RockYou, 10-million password list, common passwords, default credentials | | Usernames | Top usernames, common admin names, names from breaches | | Subdomains | Massive subdomain lists (from DNS dumpster, common names, etc.) | | Fuzzing | SQLi, XSS, LFI, XXE, and other injection payloads | | Web Content | Directory/file brute-force lists (common directories, backup files, logs, etc.) | | Pattern Matching | Regex patterns for credit cards, SSNs, API keys, etc. | | Misc | User-agents, fuzzing strings, secrets, and RT (real-time) wordlists |
While the website seclists.org is the primary portal, the project is actively maintained on GitHub. The site serves as a clean, directory-browsable interface to download these lists or view them directly in the browser. It saves testers from having to generate their own dictionaries from scratch, providing crowdsourced, optimized lists derived from years of real-world breaches and testing scenarios.
All Rights Reserved © 2026 The Domain