# WordList-Compendium **Repository Path**: yijingsec/WordList-Compendium ## Basic Information - **Project Name**: WordList-Compendium - **Description**: Personal compilation of wordlists & dictionaries for everything. Users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc. - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: https://github.com/Dormidera/WordList-Compendium - **GVP Project**: No ## Statistics - **Stars**: 2 - **Forks**: 0 - **Created**: 2024-03-05 - **Last Updated**: 2025-07-11 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README ![Logo](https://github.com/Dormidera/WordList-Compendium/blob/master/wordlistcompendiumlogo.png) Personal compilation of wordlists & dictionaries for everything. Users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc. If you want to add more or If you know the authorship of a dictionary, contact me. ### Passwords :key: * [Passwords, by SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) * [Common Credentials](https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials) * [Cracked Hashes milw0rm-dictionary](https://github.com/danielmiessler/SecLists/blob/master/Passwords/Cracked-Hashes/milw0rm-dictionary.txt) * [Default Credentials by services](https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default-Credentials) * [Honeypot Captures](https://github.com/danielmiessler/SecLists/tree/master/Passwords/Honeypot-Captures) * [Leaked Databases](https://github.com/danielmiessler/SecLists/tree/master/Passwords/Leaked-Databases) * [Probable-Wordlist, by Berzerk0](https://github.com/berzerk0/Probable-Wordlists) * [Real Passwords MegaLinks](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/Real-Passwords-MegaLinks.md) * [Passwords Default](https://github.com/berzerk0/Probable-Wordlists/blob/master/Dictionary-Style/Technical_and_Default/Password_Default_ProbWL.txt) * [Top 304 Thousand](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/Top304Thousand-probable-v2.txt) * [Top 12 Thousand](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/Top12Thousand-probable-v2.txt) * [Top 1575](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/Top1575-probable-v2.txt) * [Top 207](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/Top207-probable-v2.txt) * [Analysis Files](https://github.com/berzerk0/Probable-Wordlists/tree/master/Analysis-Files) * [WPA]() * [Real Password MegaLinks, by Berzerk0](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/WPA-Length/Real-Password-WPA-MegaLinks.md) * [Top204Thousand, by Berzerk0](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/WPA-Length/Top204Thousand-WPA-probable-v2.txt) * [Top 4800, by Berzerk0](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/WPA-Length/Top4800-WPA-probable-v2.txt) * [Top 447, by Berzerk0](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/WPA-Length/Top447-WPA-probable-v2.txt) * [Top 62, by Berzerk0](https://github.com/berzerk0/Probable-Wordlists/blob/master/Real-Passwords/WPA-Length/Top62-WPA-probable-v2.txt) * [Passwords mix, by Werdlists](https://github.com/decal/werdlists/tree/master/passes-dicts) * [Nmap](https://github.com/Dormidera/WordList-Compendium/blob/master/Passwords/Nmap) ### Users :busts_in_silhouette: * [Users Common](https://github.com/Dormidera/WordList-Compendium/blob/master/Users/Users%20Common) * [Users mix by SecLists](https://github.com/danielmiessler/SecLists/tree/master/Usernames) ### Injections :syringe: * [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) * A list of useful payloads and bypass for Web Application Security and Pentest/CTF (CSRF, LDAP, NoSQL, XEE, etc.). * [Cross-Site Scripting (XSS)](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/Cross-Site%20Scripting%20(XSS)) * [Cross-Site Scripting (XSS) by SecLists](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing/XSS) * [XSS swf fuzz](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/xss_swf_fuzz.txt) * [XSS remote payloads HTTPS](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/xss_remote_payloads-https.txt) * [XSS remote payloads HTTP](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/xss_remote_payloads-http.txt) * [XSS payloads quick](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/xss_payloads_quick.txt) * [XSS grep](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/xss_grep.txt) * [XSS funny stored](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/xss_funny_stored.txt) * [XSS find inject](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/xss_find_inject.txt) * [XSS escape chars](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/xss_escape_chars.txt) * [XML Attacks](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/xml-attacks.txt) * [Auth Bypass](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/auth_bypass.txt) * [command exec](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/command_exec.txt) * [Overflow](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/overflow.txt) * [Payload injectx](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/payload_injectx.txt) * [SQLI error based](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/sqli-error-based.txt) * [SQLI time based](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/sqli-time-based.txt) * [SQLI union select](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/sqli-union-select.txt) * [SQLI escape chars](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/sqli_escape_chars.txt) * [SQL](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/SQL) * [SQL by SecLists](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing/SQLi) * [Databases by SecLists](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing/Databases) * [Path Trasversal](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/traversal-short.txt) * [Path Trasversal short](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/traversal-short.txt) * [Path Trasversal by 1N3](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/traversal.txt) * [URL payloads](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/url_payloads.txt) * [SSI](https://github.com/Dormidera/WordList-Compendium/blob/master/Injections/FuzzList%20(by%201N3)/ssi_quick.txt) * [SSI Jhaddix](https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/SSI-Injection-Jhaddix.txt) * [LFI](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing/LFI) * [LDAP](https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/LDAP.Fuzzing.txt) * [JSON](https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/JSON.Fuzzing.txt) ### Languages :u5272: * [German](https://github.com/Dormidera/WordList-Compendium/blob/master/Languages/German) * [Spanish](https://github.com/Dormidera/WordList-Compendium/blob/master/Languages/Spanish) ### Vendors/Software :label: * [Web content](https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content) * CMS, DB, APIs, Web Servers, etc. by SecLists. * [Vendor Default](https://github.com/decal/werdlists/blob/master/passes-dicts/vendor-default-passwords.csv) * [Tomcat](https://github.com/Dormidera/WordList-Compendium/blob/master/Software/Tomcat%20(user:password)) * [Oracle](https://github.com/Dormidera/WordList-Compendium/blob/master/Software/Oracle%20(user:password)) * [ckeditor 4.7.3 (by @_devalias)](https://github.com/Dormidera/WordList-Compendium/blob/master/Software/ckeditor%204.7.3%20(by%20%40_devalias)) * [GovCMS 7.x-2.15 (by @_devalias)](https://github.com/Dormidera/WordList-Compendium/blob/master/Software/GovCMS%207.x-2.15%20(by%20%40_devalias)) * [ASP](https://github.com/Dormidera/WordList-Compendium/blob/master/Software/ASP) * [JSP](https://github.com/Dormidera/WordList-Compendium/blob/master/Software/JSP) * [PHP 1/2](https://github.com/Dormidera/WordList-Compendium/blob/master/Software/PHP%201to2) * [PHP 2/2](https://github.com/Dormidera/WordList-Compendium/blob/master/Software/PHP%202to2) * [Exploitable PHP functions](https://stackoverflow.com/questions/3115559/exploitable-php-functions) ### Domains/Subdomains :globe_with_meridians: * [Mix Subdomains popular 2020 (incoming...)](https://github.com/bitquark/dnspop) * [Mix Subdomains popular 2017](https://github.com/skooch/subpop-results/tree/master/20170128) * [Mix Subdomains popular 2016](https://github.com/bitquark/dnspop/tree/master/results) * [Certificate Transparency Subdomains](https://github.com/internetwache/CT_subdomains) ### Others :bookmark_tabs: * [Google Fuzzing Dictionaries](https://github.com/google/fuzzing/tree/master/dictionaries) * [Naughty Strings](https://github.com/minimaxir/big-list-of-naughty-strings) * [User Agents]( https://github.com/danielmiessler/SecLists/tree/master/Fuzzing/User-Agents) * [Google 10000 English](https://github.com/first20hours/google-10000-english) * This repo contains a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google's Trillion Word Corpus. ### Tools :hammer: * [BurpSuite](https://github.com/SilverPoision/a-full-list-of-wordlists/tree/master/Wordlists/burp_pack) * Burp-pack with all the dictionaries available in the tool BurpSuite. * [SQLmap](https://github.com/sqlmapproject/sqlmap) * sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. * [Hashcat](https://github.com/hashcat/hashcat) * World's fastest and most advanced password recovery utility. * [Dirb](https://github.com/Dormidera/WordList-Compendium/tree/master/Tools/Dirb) * DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response. * [Fuzzdb](https://github.com/Dormidera/WordList-Compendium/tree/master/Tools/Fuzzdb) * Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery. * [DirSearch](https://github.com/Dormidera/WordList-Compendium/tree/master/Tools/DirSearch) * Web path scanner. * [Wfuzz](https://github.com/Dormidera/WordList-Compendium/tree/master/Tools/Wfuzz) * Web application fuzzer http://wfuzz.io. * [Cfuzzer](https://github.com/Dormidera/WordList-Compendium/tree/master/Tools/Cfuzzer) * url-fuzzer. * [Pyfuzz](https://github.com/Dormidera/WordList-Compendium/tree/master/Tools/Pyfuzz) * URL fuzzing tool made of Python. * [CommonSpeak](https://github.com/pentester-io/commonspeak) * Commonspeak is a wordlist generation tool that leverages public datasets from Google's BigQuery platform. Do you want more info? In my personal blog there are some more : * [Device search engines](https://www.1024megas.com/search-engines). :mag: * [Links to resources](https://www.1024megas.com/resources). :link: * [1024MEGAS.com](https://www.1024megas.com). :man_technologist: Collected by @Dormidera.