ð The first release of 2025! ð
Lead Contributor: @ItsIgnacioPortal
Highlights
This release adds new documentation for many wordlists. Duplicate and obsolete wordlists have been removed, and the following new wordlist has been incorporated into the project:
- ð
2024-200_most_used_passwords.txt
The Discovery/Web-Content/trickest-robots-disallowed-wordlists/top-10000.txt wordlist has been fixed, which caused problems when cloning the project on Windows. (#397)
The .fuzz suffix has been removed from many more wordlists, improving clarity in the wordlist filenames.
A great number of wordlists have been properly categorized, improving the overall usability of Seclists.
Full Changelog
ð New content
- ð feat(wordlist): Add filepaths for testing Single-page applications. (#1159)
- ð feat(wordlist): Add IIS default page and image files. (#1158)
- ð feat(wordlist): Added '2024-200_most_used_passwords.txt' wordlist
- ð feat(wordlist): Added 'daloradius' to common.txt
- ð feat(wordlist): Added 'Web-Server' prefix to wordlist filenames
- ð feat(wordlist): Added missing words in API 'actions' wordlists
- ð feat(wordlist): Added more endpoints to common.txt
- ð feat(wordlist): Added more LLM data-leakage payloads
- ð feat(wordlist): Added more subdomains to 'combined_subdomains.txt'
- ð feat(wordlist): Added protobuf mimetypes
- ð feat(wordlist): Expanded the List-Of-Swear-Words "fr-CA-u-sd-caqc.txt" wordlist
- ð feat(wordlist): Greatly improved "Amounts" wordlists
- ð feat(wordlist): Update spring-boot.txt to v2.1.7
ð Fixes & Improvements
- ð feat(docs): Improved formatting of the PR template.
- ð feat(docs): Replace repository details with badges for better visibility.
- ð fix(cicd): Fixed line-ending normalization on "remote-wordlists-updater.yml"
- ð fix(wordlist): Fixed bad formatting in raft-* wordlists
- ð chore(docs): Removed '.fuzz' from multiple wordlist filenames
ð Documentation
- ð feat(docs): Added documentation for 'AdobeCQ-AEM.txt' wordlist
- ð feat(docs): Added documentation for 'AdobeXML.fuzz.txt' wordlist
- ð feat(docs): Added documentation for 'Apache-Axis.txt' wordlist
- ð feat(docs): Added documentation for 'Apache.fuzz.txt' wordlist
- ð feat(docs): Added documentation for 'ApacheTomcat.fuzz.txt' wordlist
- ð feat(docs): Added documentation for 'CGI-HTTP-POST-Windows.fuzz.txt' wordlist
- ð feat(docs): Added documentation for 'CGI-HTTP-POST.fuzz.txt' wordlist
- ð feat(docs): Added documentation for 'CGI-Microsoft.fuzz.txt' wordlist
- ð feat(docs): Added documentation for 'Frontpage.fuzz.txt' wordlist
- ð feat(docs): Added documentation for 'fully-qualified-java-classes.txt' wordlist
- ð feat(docs): Added documentation for 'IIS-POST.txt'
- ð feat(docs): Added documentation for 'iis-systemweb.txt' wordlist
- ð feat(docs): Added documentation for 'iplanet.txt' wordlist
- ð feat(docs): Added documentation for 'JBoss.txt' wordlist
- ð feat(docs): Added documentation for 'Keycloak-Identity-Access-Management.txt'
- ð feat(docs): Added documentation for 'Microsoft-Forefront-Identity-Manager.txt' wordlist
- ð feat(docs): Added documentation for 'Oracle-EBS-wordlist.txt' wordlist
- ð feat(docs): Added documentation for 'Oracle-WebLogic.txt'
- ð feat(docs): Added documentation for 'raft-*' wordlists
- ð feat(docs): Added documentation for 'reverse-proxy-inconsistencies.txt'
- ð feat(docs): Added documentation for 'Web-Server-Glassfish-Sun-Microsystems.txt' wordlist
- ð feat(docs): Added documentation for the 'graphql.txt' wordlist
- ð feat(docs): Added note about outdated contents for the 'AdobeCQ-AEM.txt' wordlist
ðŠĶ Removed content
- ðŠĶ chore(wordlist): Removed 'KitchensinkDirectories.fuzz.txt' wordlist
- ðŠĶ chore(wordlist): Removed 'Randomfiles.fuzz.txt' wordlist
- ðŠĶ chore(wordlist): Removed 'tests.txt' wordlist
- ðŠĶ chore(wordlist): Removed 'Vignette.fuzz.txt' wordlist
- ðŠĶ chore(wordlist): Removed BiblePass project
- ðŠĶ chore(wordlist): Removed duplicate wordlist '500-worst-passwords.txt'
- ðŠĶ chore(wordlist): Removed duplicate wordlist 'without_spaces.txt'
- ðŠĶ chore(wordlist): Removed obsolete 'dirsearch.txt' wordlist
- ðŠĶ chore(wordlist): Removed obsolete 'IBM Lotus iNotes' wordlist
- ðŠĶ chore(wordlist): Removed obsolete hyperion wordlists
- ðŠĶ chore(wordlist): Removed obsolete IOCs wordlists
- ðŠĶ fix(wordlist): Removed 'FatwireCMS.fuzz.txt' wordlist
- ðŠĶ fix(wordlist): Removed 'fnf-fuzz.txt' wordlist
- ðŠĶ fix(wordlist): Removed duplicate wordlist 'iplanet.txt'
- ðŠĶ fix(wordlist): Removed duplicate wordlist 'jrun.txt'
- ðŠĶ fix(wordlist): Removed duplicate wordlist 'sunas.txt'
ð Other changes
- ð chore(wordlist): Moved CGI wordlists into the 'LEGACY-SERVICES/CGIs' directory
- ð feat(docs): Moved programming-language-specific wordlists into their own directory
- ð feat(docs): Moved Web-Server wordlists into their own directory
- ð feat(docs): Removed mis-categorized 'Web-Services' folder
- ð feat(docs): Renamed 'axis.txt' to 'Apache-Axis.txt'
- ð feat(docs): Renamed 'SVNDigger' folder to a more descriptive folder name
- ð fix(cicd): Added automatic clean-up to wordlist updater
- ð fix(cicd): Fixed crash on "remote-wordlists-updater.yml"
- ð fix(docs): Added "Ignacio Portal" to the project credits.
- ð fix(docs): Moved 'AdobeCQ-AEM.txt' into the CMS directory
- ð fix(docs): Moved 'aem2.txt' into the CMS directory
- ð fix(docs): Moved 'axis.txt' into the Web-Servers directory
- ð fix(docs): Moved 'Confluence-Administration.txt' into the Service-Specific directory
- ð fix(docs): Moved 'forefront-identity-management.txt' into the Service-Specific directory
- ð fix(docs): Moved 'jboss.txt' into the Web-Servers directory
- ð fix(docs): Moved 'Jenkins-Hudson.txt' into the Service-Specific directory
- ð fix(docs): Moved 'nginx.txt' into the Web-Servers directory
- ð fix(docs): Moved 'Oracle-EBS-wordlist.txt' into the CMS directory
- ð fix(docs): Moved 'sharepoint-ennumeration.txt' into the CMS directory
- ð fix(docs): Moved 'spring-boot.txt' into the Programming-Language-Specific directory
- ð fix(docs): Moved 'swagger.txt' into the Service-Specific directory
- ð fix(wordlist): Merged duplicate 'Apache Tomcat' wordlists
- ð fix(wordlist): Merged duplicate Apache wordlists
- ð fix(wordlist): Merged duplicate Microsoft Frontpage wordlists
- ð fix(wordlist): Merged duplicate Oracle EBS wordlists
- ð fix(wordlist): Merged duplicate Sharepoint wordlists
- ð fix(wordlist): Moved 'HTTP-POST-Microsoft.fuzz.txt' into 'Web-Servers\IIS-POST.txt'
- ð fix(wordlist): Moved 'pulsesecure.txt' into 'Service-Specific\PulseSecure-VPN.txt'
- ð fix(wordlist): Moved 'websphere.txt' into 'Service-Specific\IBM-WebSphere-Application-Server.txt'
- ð fix(wordlist): Moved *200_most_used_passwords to Common-Credentials directory
- ð fix(wordlist): Removed duplicates from '2024-200_most_used_passwords.txt' wordlist
- ð fix(wordlist): Removed redundant linejumps from CommonAdminBase64.txt
- ð fix(wordlist): Renamed '2024-200_most_used_passwords.txt' to '2024-197_most_used_passwords.txt'
- ð fix(wordlist): Renamed 'hpsmh.txt' to 'HP-System-Management-Homepage.txt'
- ð fix(wordlist): Renamed 'proxy-conf.fuzz.txt' to 'Proxy-Auto-Configuration-Files.txt'
- ð fix(wordlist): Renamed 'sap.txt' to 'SAP-NetWeaver.txt'
- ð fix(wordlist): Renamed wordlist 'Frontpage.fuzz.txt' to 'Microsoft-Frontpage.txt'
- ð fix(wordlist): Renamed wordlist 'IIS.fuzz.txt' to 'IIS.txt'
- ð fix(wordlist): Renamed wordlist 'Sharepoint.fuzz.txt' to 'Sharepoint.txt'
- ð fix(wordlist): Renamed wordlist 'SunAppServerGlassfish.fuzz.txt' to 'Web-Server-Glassfish-Sun-Microsystems.txt'
- ð fix(wordlist): Revert "Update metadata.txt"
- ð fix(wordlist): Transformed "local-ports.txt" into "Ports-1-To-65535.txt"
Shout-out to: @curiv, @emmanuelgautier, @goosvorbook, @guillermodotn, @eltociear, @ivan-sincek, @jorelpaddick, @jthack, @NihaoKangkang, @mtremr, @napz99, @ola456, @onurkarasalihoglu, @cosad3s, and @V0idSeek3r
ðĨ Thank you everyone <3