# About

SecLists is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed.

This project is maintained by [Daniel Miessler](http://www.danielmiessler.com/ "Daniel Miessler") and [Jason Haddix](http://www.securityaegis.com "Jason Haddix"). 

## Contributing

If you have any ideas for things we should include, please use one of the following methods to submit them:

1. Fork the project and send us pull requests
2. Send us links through this project, and we'll go and parse them and incorporate them
3. Email daniel.miessler@owasp.org or jason.haddix@owasp.org with content to add

An effort is made to give attribution for these lists whenever possible, and if you are a list owner or know who the original author/curator is, please let us know so we can give proper credit.

### Attribution

- Adam Muntner and  for the FuzzDB content, including all authors from the FuzzDB project
- Ron Bowes of SkullSecurity for collaborating and including all his lists here
- Clarkson University for their research that led to the Clarkson list
- All the authors listed in the XSS with context doc, which was found on pastebin and added to by us
- Ferruh Mavitina for the begginings of the LFI Fuzz list
- Kevin Johnson for laudnaum shells
- RSnake for fierce hostname list 
- Charlie Campbell for Spanish word list, numerous other contributions
- Rob Fuller for the IZMY list
- shipCod3 for an SSH user/pass list
- Steve Crapo for doing splitting work on a number of large lists
- Thanks to Blessen Thomas for recommending Mario's/cure53's XSS vectors

::