Skip to content

bad-antics/nullsec-wordlists

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
directories
directories
 
 
fuzzing
fuzzing
 
 
passwords
passwords
 
 
subdomains
subdomains
 
 
usernames
usernames
 
 
README.md
README.md
 
 

Repository files navigation

NullSec Wordlists

    ███▄    █  █    ██  ██▓     ██▓      ██████ ▓█████  ▄████▄  
    ██ ▀█   █  ██  ▓██▒▓██▒    ▓██▒    ▒██    ▒ ▓█   ▀ ▒██▀ ▀█  
   ▓██  ▀█ ██▒▓██  ▒██░▒██░    ▒██░    ░ ▓██▄   ▒███   ▒▓█    ▄ 
   ▓██▒  ▐▌██▒▓▓█  ░██░▒██░    ▒██░      ▒   ██▒▒▓█  ▄ ▒▓▓▄ ▄██▒
   ▒██░   ▓██░▒▒█████▓ ░██████▒░██████▒▒██████▒▒░▒████▒▒ ▓███▀ ░
   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
   █░░░░░░░░░░░░░░░░░ W O R D L I S T S ░░░░░░░░░░░░░░░░░░░░░█
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                       bad-antics

Wordlists NullSec

Overview

Curated wordlist collection for various security testing scenarios. Optimized for use with NullSec tools but compatible with any security testing tool.

Structure

nullsec-wordlists/
├── passwords/
│   ├── common.txt         # Top 10000 common passwords
│   ├── leaked.txt         # Compiled from public breaches
│   ├── default-creds.txt  # Default device credentials
│   └── by-length/         # Organized by password length
├── usernames/
│   ├── common.txt         # Common usernames
│   ├── admin.txt          # Administrative accounts
│   └── services.txt       # Service account names
├── directories/
│   ├── common.txt         # Common web directories
│   ├── api.txt            # API endpoints
│   ├── backup.txt         # Backup file locations
│   └── cms/               # CMS-specific paths
├── subdomains/
│   ├── common.txt         # Common subdomain prefixes
│   ├── short.txt          # 1-3 character prefixes
│   └── large.txt          # Comprehensive list
├── fuzzing/
│   ├── sqli.txt           # SQL injection payloads
│   ├── xss.txt            # XSS payloads
│   ├── lfi.txt            # LFI/RFI payloads
│   ├── ssti.txt           # SSTI payloads
│   └── command.txt        # Command injection
├── parameters/
│   ├── common.txt         # Common GET/POST parameters
│   ├── debug.txt          # Debug parameters
│   └── hidden.txt         # Hidden form fields
└── custom/
    └── generators/        # Scripts to generate custom lists

Usage

# With nullsec-webscan
nullsec-webscan -w wordlists/directories/common.txt

# With nullsec-netprobe DNS enumeration
nullsec-netprobe dns --wordlist wordlists/subdomains/common.txt

# With hydra
hydra -L wordlists/usernames/admin.txt -P wordlists/passwords/common.txt ssh://target

# With ffuf
ffuf -w wordlists/directories/common.txt -u https://target/FUZZ

Statistics

Category Files Total Lines
Passwords 5 ~100,000
Usernames 3 ~5,000
Directories 10 ~50,000
Subdomains 3 ~500,000
Fuzzing 5 ~10,000
Parameters 3 ~3,000

Generation

Custom wordlists can be generated with included tools:

# Generate password mutations
python3 generators/mutate.py base_words.txt > custom_passwords.txt

# Combine and dedupe
sort -u list1.txt list2.txt > combined.txt

# Filter by length
awk 'length >= 8 && length <= 16' passwords.txt > filtered.txt

License

NullSec Proprietary

GitHub Discord

About

Curated wordlists for security testing

Topics

security bruteforce fuzzing pentesting passwords wordlists nullsec

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published