Skip to content

Instantly share code, notes, and snippets.

@morkin1792

morkin1792/wordlists.sh

Last active November 16, 2025 21:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save morkin1792/6f7d25599d1d1779e41cdf035938a28e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save morkin1792/6f7d25599d1d1779e41cdf035938a28e to your computer and use it in GitHub Desktop.
Download ZIP
pentest wordlists
Raw
wordlists.sh
#!/usr/bin/env zsh
# reference
# https://wordlists.assetnote.io/
# https://github.com/danielmiessler/SecLists/
# https://github.com/fuzzdb-project/fuzzdb
BASE=(
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-DB-Backups.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Logins.fuzz.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Passwords.fuzz.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Service-Specific/Swagger.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/api/api-endpoints.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/fuzz-Bo0oM.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/quickhits.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/big.txt'
'https://gist.githubusercontent.com/morkin1792/6f7d25599d1d1779e41cdf035938a28e/raw/zextra.txt'
## portuguese
'https://raw.githubusercontent.com/danielmiessler/SecLists/refs/tags/2025.2/Discovery/Web-Content/common-and-portuguese.txt'
'https://gist.githubusercontent.com/morkin1792/6f7d25599d1d1779e41cdf035938a28e/raw/zapi-br.txt'
# api
# 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_apiroutes_2025_10_27.txt'
# files
# 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_directories_1m_2025_10_27.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Web-Servers/nginx.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CMS/SAP.fuzz.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Programming-Language-Specific/golang.txt'
)
JAVA=(
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CMS/trickest-cms-wordlist/tomcat.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Web-Servers/Apache-Tomcat.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/JavaServlets-Common.fuzz.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Web-Servers/JBoss.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Service-Specific/Oracle-WebLogic.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/OracleAppServer.fuzz.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Oracle9i.fuzz.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CMS/Oracle-EBS-wordlist.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Web-Servers/Glassfish-Sun-Microsystems.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Programming-Language-Specific/Java-Spring-Boot.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Service-Specific/IBM-WebSphere-Application-Server.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Service-Specific/Oracle-WebLogic.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Servers/Java-Servlet-Runner-Adobe-JRun.txt'
# 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_jsp_jspa_do_action_2025_10_27.txt'
)
PHP=(
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Programming-Language-Specific/Common-PHP-Filenames.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Programming-Language-Specific/PHP.fuzz.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CMS/trickest-cms-wordlist/laravel.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CMS/symfony-315-demo.txt'
# 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_cgi_pl_2025_10_27.txt'
# big
# 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_php_2025_10_27.txt'
)
ASP=(
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Web-Servers/IIS.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Programming-Language-Specific/ASP.NET/CommonBackdoors-ASP.fuzz.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/File-Extensions-Universal-SVNDigger-Project/cat/Language/asp.txt'
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/File-Extensions-Universal-SVNDigger-Project/cat/Language/aspx.txt'
'https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/discovery/predictable-filepaths/login-file-locations/windows-asp.txt'
'https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/discovery/predictable-filepaths/login-file-locations/windows-aspx.txt'
# big
# 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_aspx_asp_cfm_svc_ashx_asmx_2024_05_28.txt'
)
RUBY=(
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Programming-Language-Specific/ror.txt'
)
PYTHON=(
'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CMS/Django.txt'
)
dir=$(mktemp -d)
function download() {
links=( $@ )
for link in "${links[@]}"; do
(cd "$dir" && curl -L -qO "$link")
done
sed -i 's/^\///g' $dir/*
# sed -i 's/\/$//g' $dir/*
}
function addDirsearch() {
download 'https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt'
dirDirsearch=$(mktemp -d)
mv $dir/dicc.txt $dirDirsearch
exts=( $@ )
for ext in "${exts[@]}"; do
sed "s/%EXT%/$ext/g" $dirDirsearch/dicc.txt > $dir/dicc_$ext.txt
done
rm ${dirDirsearch:?}/dicc.txt
rmdir ${dirDirsearch:?}
}
cat <<EOF
## example for generic tech
download \$BASE \$PHP \$JAVA \$ASP \$RUBY \$PYTHON && addDirsearch 'html' 'zip' 'rar' 'php' 'asp' 'jsp'
cat \$dir/* | grep -Ev 'Contribed|ISAPI' | sort -u > all.fuzz.txt && rm -rf \${dir:?}
EOF
Raw
zapi-br.txt
acao
motoristas
contato
adminn
dashboard
logs
arquivosLogs
sessao
sessoes
recursos
testt
testando
test
tst
cpfCnpj
contratosPagos
chaves
chave
chavesApi
chaveApi
ambientes
ambiente
homol
hml
qa
qa-dev
dev-qa
homolog
homologacao
deveteste
testedev
testehomol
homolteste
agencia
acordo
acordos
admin
administracao
administrador
apelido
ativo
avista
a-vista
bloqueado
bloqueados
boleto
boletos
cliente
clientes
cnpj
contato
contratos
cpf
cpf-cnpjs
datafim
data-fim
datainicio
data-inicio
data-nascimento
diretor
documento
documentos
email
emails
emissao
estorno
funcionario
funcionarios
garagem
garagens
gerente
gravar
grupo
grupoacesso
id
identidade
indentificador
liberados
logins-usuario
login-usuario
marcas
monitor
monitoracao
nome
origem
parcela
parcelas
placas
promocao
promocoes
recsenha
recuperar
redefinir
resumo
rg
senha
senhas
senhas-usuario
senhas-usuarios
senhas-usuarios-ativos
senha-usuario
simulacao
simulacoes
solicitar
status
status-usuario
status-usuarios
sucesso
telefone
telefones
teste
testes
usuario
usuario-documento
usuarios
usuarios-documentos
v1
v2
v3
v4
v5
veiculo
download
downloads
teste
testes
doc
classes
logins
autenticacao
contratos
auth
alterar
reset
email
emails
a
b
c
z
q
w
e
r
t
123456
123456789
1234
102030
12345
12345678
010203
rental
Brasil
123mudar
BRASIL
123123
654321
gabriel
canal2006
abc123
assinantes
101010
flamengo
123321
159753
brasil
felipe
junior
121212
qwerty
1234567
131313
vitoria
biologia
rafael
matheus
142536
112233
daniel
1234567890
senha123
password
gustavo
111111
comercial
felicidade
eduardo
familia
santos
mariana
sucesso
1q2w3e4r
a1b2c3
estrela
rodrigo
222222
musica
camila
amanda
a1b2c3d4
252525
marcelo
leonardo
cruzeiro
lucas123
000000
carlos
juliana
vinicius
teste123
gabriela
fernanda
jesus
tricolor
124578
1q2w3e
marcos
123abc
212121
leticia
147258
789456
q1w2e3r4
123654
202020
thiago
ricardo
henrique
escola
master
beatriz
amo12voc
gremio
159357
victor
senha
palmeiras
151515
carolina
oliveira
fernando
010101
guilherme
larissa
banana
saopaulo
arthur
lilica
147258369
lucas
marina
987654321
123qwe
cachorro
renata
amor
qwe123
buceta
gatinha
232323
666666
147852
12345678910
1a2b3c4d
positivo
pipoca
macaco
naruto
123456a
0123456789
aninha
alegria
242424
antonio
historia
1a2b3c
simone
maria
amizade
asd123
9876543
alexandre
mateus
vanessa
246810
princesa
q1w2e3
741852
jessica
10203040
987654
luciana
deusefiel
giovanna
acao
acordo
acordos
admin
existe
administracao
administrador
apelido
ativo
carteira
talentos
talento
carteiras
a-vista
avista
bloqueado
saldo
saldos
idSaldo
uuid
bloqueados
boleto
boletos
cadastro
cadastros
chaves
cliente
clientes
cnpj
contato
contratos
cpf
cpf-cnpjs
cupom
data-fim
datafim
data-inicio
datainicio
data-nascimento
desconto
descontos
diretor
documento
documentos
eai
email
emails
emissao
estorno
funcionario
funcionarios
garagem
garagens
gerente
gravar
grupo
grupoacesso
id
identidade
indentificador
informe
liberados
logins-usuario
login-usuario
marcas
meu
meus
monitor
monitoracao
nome
notificacao
notificacoes
oferta
ofertas
origem
pergunta
perguntas
faq
externo
futebol
cep
socio
socios
parcela
parcelas
parceria
parcerias
participante
participantes
pix
pixs
placas
prd
promocao
promocoes
recsenha
recuperar
redefinir
rendimento
resgate
resgates
resumo
rg
ganhador
parceiro
parceiros
idUsuario
idUsuarios
idEmpresa
idEmpresas
Empresa
Empresas
pagamento
pagamentos
Esqueci
esqueciSenha
senhaEsqueci
entrega
entregas
oferta
ofertas
idOferta
campeonato
combo
dados
dado
idAdmin
idAdministrador
isAlive
acumulo
rota
token
ingresso
senha
assunto
assuntos
senhas
senhas-usuario
senhas-usuarios
senhas-usuarios-ativos
senha-usuario
simulacao
simulacoes
solicitar
status
status-usuario
status-usuarios
sucesso
telefone
participanteId
Idparticipante
telefones
teste
testes
total
troque
usuario
usuario-documento
usuarios
usuarios-documentos
v1
v2
v3
v4
v5
veiculo
codigo
codigos
soc
monitorar
deolho
olhos
olho
acao
acordo
acordos
admin
existe
administracao
administrador
apelido
ativo
carteira
talentos
talento
carteiras
a-vista
avista
bloqueado
saldo
saldos
idSaldo
uuid
bloqueados
boleto
boletos
cadastro
cadastros
chaves
cliente
clientes
cnpj
contato
contratos
cpf
cpf-cnpjs
cupom
data-fim
datafim
data-inicio
datainicio
data-nascimento
desconto
descontos
diretor
documento
documentos
eai
email
emails
emissao
estorno
funcionario
funcionarios
garagem
garagens
gerente
gravar
grupo
grupoacesso
id
identidade
indentificador
informe
liberados
logins-usuario
login-usuario
marcas
meu
meus
monitor
monitoracao
nome
notificacao
notificacoes
oferta
ofertas
origem
pergunta
perguntas
faq
externo
futebol
cep
socio
socios
parcela
parcelas
parceria
parcerias
participante
participantes
pix
pixs
placas
prd
promocao
promocoes
recsenha
recuperar
redefinir
rendimento
resgate
resgates
resumo
rg
ganhador
parceiro
parceiros
idUsuario
idUsuarios
idEmpresa
idEmpresas
Empresa
Empresas
pagamento
pagamentos
Esqueci
esqueciSenha
senhaEsqueci
entrega
entregas
oferta
ofertas
idOferta
campeonato
combo
dados
dado
idAdmin
idAdministrador
isAlive
acumulo
rota
token
ingresso
senha
assunto
assuntos
senhas
senhas-usuario
senhas-usuarios
senhas-usuarios-ativos
senha-usuario
simulacao
simulacoes
solicitar
status
status-usuario
status-usuarios
sucesso
telefone
participanteId
Idparticipante
telefones
teste
testes
total
troque
usuario
usuario-documento
usuarios
usuarios-documentos
v1
v2
v3
v4
v5
veiculo
codigo
codigos
Raw
zextra.txt
cms/admin
global-protect/getsoftwarepage.esp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment