Security Collection

Important resources, links and tools.

No affiliation, check licensing, no sponsors.

This whole page is work in progress and the format WILL change! - Currently fighting my way through my bookmarks and I am suffering.

Resources #

SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
kkrypt0nn/wordlists - Yet another collection of wordlists

EFF's Long Wordlists / List - Like Diceware, but longer words
PGP wordlist
Diceware / List / Mirror - 7776 short words, abbreviations and easy-to-remember character strings
BIP0039 / List / Mirror
Bytewords BCR-2020-012 - Bytewords is a method for encoding binary objects as a sequence of four-letter English words
NATO Phonetic Alphabet
Mnemonic wordlist / List - The wordlist contains 1626 words, between 4 and 7 letters long, different prefix of another word (e.g. visit, visitor

breach.txt by weakpass - A wordlist built from real-world passwords found in breaches, forum dumps, leaked logs, and other underground sources (one of many lists they provide)
rockyou.txt (2009) - classic ~14 million real-world passwords leaked from the 2009 RockYou breach
RockYou2024 (can’t find official source, only via torrent, around 140GB) - almost 10 billion records
berzerk0/Probable-Wordlists - Version 2 is live! Wordlists sorted by probability

PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF

fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
Assetnote Wordlists - high quality wordlists for content and subdomain discovery
fuzz.txt / List - Potentially dangerous files
samlists - Free, libre, effective, and data-driven wordlists for all!
Trickest Wordlists - Real-world infosec wordlists, updated regularly