:keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

View on GitHub


|      File  Name      | Description of Contents |:—————————|———————————————————————————————————————————————————————————- | adaway-block-list | hosts block list distributed by adaway.org
| alexa-host-names | Alexa URI host names sorted and uniqified
| alexa-top50-global | The top 50 global web sites from http://alexa.com/topsites
| altdns-host-lists | a list of hostnames via the altdns tool
| amazon-aws-hostnames | Amazon AWS host names list | av-update-hosts | anti-virus signature update host names
| bigbad-hosts-list | only subdom-brute-list.txt is larger than this file
| brutex-wordlists-nameslist | https://github.com/1N3/BruteX/blob/master/wordlists/nameslist.txt
| cloudfail-data-subdomains | https://github.com/m0rtem/CloudFail/blob/master/data/subdomains.txt | common-intranet-hosts | host names commonly found on private intranets
| dns-dictionary-hosts | hosts.txt taken from DNSDictionary tool
| dns-underscore-hosts | examples of host names for IN SRV or DNS-SD records that contain underscores | dnsbrute-names-large | a large list of host names via the dnsbrute tool
| dnsbrute-names-small | a list half the size of the large one also from dnsbrute
| dnsinfo-gathertool-list | namelist.txt
| dnsmaper-subs-db | subs.db file from dnsmaper tool’s repository on GitHub | dnssearch-hosts-list | hosts list packaged with the dnssearch utility
| dod-hosts-table | Old School DoD Internet Host Table (not in /etc/hosts format)
| edu-host-names | names of hosts that typically appear on a .edu network | expanded-intranet-hosts | additional hosts generated from common-intranet-hosts
| fierce-lists-20000 | 20000.txt from fierce repository’s lists folder
| fierce-lists-5000 | 5000.txt from fierce repository’s lists folder
| fierce-lists-default | default.txt from fierce repository’s lists folder
| fierce-scanner-hosts | hosts.txt file packaged with fierce DNS scanner
| fuzsub-merged-dictionaries | merged file of all dictionaries packaged with FuzSub tool | host-names-large | the largest list of host names in this folder
| host-names-medium | a medium-sized list of host names only
| host-names-small | list of host names that’s manageably sized
| host-names-sorted | various host names sorted alphabetically
| hostsfile-dotnet-readme | Malwarebytes readme.txt file
| hosts-file-entries | /etc/hosts file entries taken from hpHosts
| hosts-word-list | list of words for host names
| hphosts-file-optimized | hosts file with multiple host names per line
| hphosts-partial-database | hosts-partial.txt
| huge-hosts-combine | unique combo of a half-dozen subdomain lists in this folder
| incapsula-scevron-hosts | list of Incapsula client host names determined by my SCEVRON research presented at Derbycon 4.0 “Family Rootz” | inet-hosts-sample | sample of real host names from Internet zone files
| intranet-hosts-list | combination of several intranet host lists files
| intranet-hosts-short | a short list of intranet hostnames without numbers appended
| malekal-hosts-filter | hosts file used to block adware
| malwareteks-hosts-file | hosts file from MalwareTeks
| more-intranet-hosts | common-intranet-hosts with numeric digits appended
| mvps-hosts-file | hosts file downloaded from MSFT MVP’s site
| nmap-vhosts-all | virtual host names from nmap’s vhosts-full.lst and vhosts-default.lst
| open-door-subdomains | subdomains.dat file from OpenDoor | pglyoyo-adservers-hostlist | https://pgl.yoyo.org/adservers/serverlist.php
| siph0n-subdomains-list | subdomain name list from siph0n
| someonewhocares-zero-hosts | zero hosts file matching host names to
| someonewhocares-ipv6-hosts | ipv6 text file matching host names to IPv6 Localhost
| sorted-subdomain-counts | subdomains.txt file from averagesecurity’s axfr repository
| spam-blacklist-hosts | host names used in from addresses by spammers
| subdom-brute-list | taken from cujanovic’s GitHub repo subdomain-bruteforce-list
| subdomain-names-full | this is the dict/subnames_full.txt file from https://github.com/lijiejie/subDomainsBrute
| subdomain3-cdn-servers | list of Content delivery network servers from cdn_servers.txt of subdomain3 | subdomain3-nextsub-full | list of subdomains from next_sub_full.txt of subdomain3 | subdomain3-wydomain-list | larger list of subdomains from wydomain.csv of subdomain3 | subrake-hostnames-list | list of host names from subrake tool https://raw.githubusercontent.com/hash3liZer/Subrake/master/wordlists/small.lst
| top-million-subdomains | large list of subdomain names cldrn GitHub
| tor-hsts-preloads | Site list for HTTP Strict Transport Security preloading on TOR
| tweet-link-hosts | hosts parsed from tweet text on Twitter
| uber-subdomain-names | subdomain names used by Uber
| virtual-host-scanning | hostnames useful for detecting a web server’s Name-based Virtual Hosting configuration
| vhostscan-format-wordlist | wordlist for finding name-based virtual hosts packaged with virtual-host-discovery
| wget-hsts-hosts | HSTS (Strict Transport Security) host names saved by GNU wget
| wydomain-dnspod-names | list that includes anglicized Chinese words, originally dnspod.csv of the wydomain tool | yahoo-ad-hosts | host names of Yahoo advertising web servers
| yahoo-server-hosts | names of Yahoo front-end web app servers

    Tool  Name     Description of Purpose
Sublist3r Fast subdomains enumeration tool for penetration testers