SecLists

Features

Vulnerability Assessment and Testing - Provides a centralized library of security assessment data for auditing software, firmware, and hardware.
Security Wordlists - Provides a comprehensive collection of usernames, passwords, and sensitive data patterns for security assessment.
Awesome List - A community-curated directory that catalogs and links out to other open-source projects, rather than a standalone tool you run yourself.
Web Application Security - Provides payloads and testing resources for discovering vulnerabilities in web applications.
Security Testing Methodologies - Provides a structured, community-vetted framework for performing comprehensive security audits.
IoT Security Testing Guides - Provides a structured collection of methodologies and guides for testing internet-connected hardware.
Credential Brute-Forcing - Provides large collections of common credentials for testing system resilience against brute-force attacks.
Injection Payloads - Provides extensive collections of injection payloads for testing application resilience against unexpected data.
Fuzzing and Wordlists - Extensive collection of wordlists for HTTP methods and API endpoints.
Hacker Documentaries - Essential collection of lists for security testing and assessment.
Security Collections - Collection of wordlists for security assessment and testing.
Wordlists and Payloads - Comprehensive collection of lists for security assessments.
Security Curated Lists - Collection of wordlists for security assessments and fuzzing.
Attack Payloads and Wordlists - Collection of lists for usernames, passwords, and fuzzing payloads.
Fuzzing Wordlists - Comprehensive collection of lists for security testing and fuzzing.
Penetration Testing - Collection of lists used during security assessments and testing.
Security And Privacy - Collection of lists used for security assessments and testing.
Security Resources - Listed in the “Security Resources” section of the Awesome Hacking awesome list.
Threat Intelligence and OSINT - Comprehensive collection of lists for security assessments.
Vulnerability Research - Aggregates lists for security assessments and fuzzing.
Vulnerability Scanning - Provides pre-defined lists of attack patterns for systematic vulnerability scanning of applications and services.
Vulnerability Wordlists - Comprehensive collection of lists for security testing and fuzzing.
Web Security Testing - Comprehensive collection of wordlists for brute-forcing applications.
Wordlists - Collection of lists used during security assessments.
Fuzzing Resources - Provides a standardized library of input patterns and payloads for testing application resilience.
IoT Security Hardening - Provides methodologies and testing resources for hardening internet-connected hardware against insecure configurations.
Firmware Analysis Guides - Offers comprehensive guides for the complete lifecycle of device firmware analysis and exploitation.
Security Assessments - Provides methodologies for evaluating security risks and insecure configurations in connected hardware.
Firmware Security Methodologies - Provides structured methodologies for auditing and testing the security of embedded device firmware.
Static Asset Decoupling - Separates raw testing data from execution logic to ensure compatibility with diverse security tools.
Flat-File Storage - Organizes security assets into a portable, hierarchical directory structure of plain text files.
Standardized Directory Taxonomies - Maintains a consistent folder hierarchy to allow automated tools to predictably ingest testing resources.

Open-source alternatives to SecLists

Similar open-source projects, ranked by how many features they share with SecLists.

thekingofduck/fuzzdicts
TheKingOfDuck/fuzzDicts
8,355View on GitHub
fuzzDicts is a repository of curated wordlists and dictionaries designed for web application fuzzing. It provides collections of strings and payloads used to discover hidden files, subdomains, and security vulnerabilities. The project includes specialized libraries for different security testing vectors, such as dictionaries for common request and cookie parameters, lists of common subdomain prefixes, and collections of passwords and default vendor credentials for brute-force testing. It also maintains a security payload library containing character sequences used to identify flaws like SQL i
Pythondirectoryfuzz-testingfuzzer
View on GitHub8,355
sbilly/awesome-security
sbilly/awesome-security
14,022View on GitHub
This project is a comprehensive, curated directory of cybersecurity resources, software, and documentation designed to support system and network protection. It serves as a centralized knowledge base and index for security professionals, aggregating industry-standard practices and open-source tools across a wide range of technical domains. The repository distinguishes itself by providing a structured collection of methodologies and frameworks for security operations. It covers critical areas including threat intelligence, digital forensics, infrastructure auditing, and vulnerability assessmen
awesome-listsecurity
View on GitHub14,022
carpedm20/awesome-hacking
carpedm20/awesome-hacking
15,722View on GitHub
This project is a comprehensive, community-curated directory of cybersecurity resources, tools, and educational materials. It functions as a centralized index for researchers and students to discover frameworks and utilities across the entire security lifecycle, ranging from initial vulnerability assessment to post-exploitation analysis. The repository distinguishes itself through a hierarchical taxonomy that organizes diverse security disciplines into a searchable, version-controlled knowledge base. Rather than hosting software directly, it utilizes a decentralized aggregation model that lin
awesomehacking
View on GitHub15,722
fuzzdb-project/fuzzdb
fuzzdb-project/fuzzdb
8,819View on GitHub
fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-s
PHP
View on GitHub8,819

See all 30 alternatives to SecLists

danielmiesslerSecLists

Features

Open-source alternatives to SecLists

TheKingOfDuck/fuzzDicts

sbilly/awesome-security

carpedm20/awesome-hacking

fuzzdb-project/fuzzdb

Star history

Open-source alternatives to SecLists

TheKingOfDuck/fuzzDicts

sbilly/awesome-security

carpedm20/awesome-hacking

fuzzdb-project/fuzzdb