In this tutorial, we will see some of the best wordlists for pentesters. A pentester is professional in cracking password, stressing authentication panels or even a simple directory Bruteforce it all drills down to the wordlists that you use. Now we are going to understand wordlists, look around for some good wordlists, run some tools to manage the wordlists.

Introduction:

Since the time the advancement of Penetration Testers has started, something we continually see is that the attacker cracks the password of the objective and gets in! Well in the greater part of the depictions of the attacks in films and series regularly show the present situation in detail as it is the easiest attack to depict. Regardless of how the situation breaking passwords or performing Credential Stuffing was once a curse on the Web Applications. Today we somehow have got control over them with the utilization of CAPTCHA or Rate Limiting yet at the same time, they are one of the successful attacks. The spirit of such attacks is the wordlist.

Wordlists:

The attacker needs to provide a wordlist, which is a file (often a text document but not limited to it), containing a set of values to test a mechanism. This is a little bit complex, let’s make it a bit easier.

Whenever an attacker confronts an Authentication Mechanism, but if it’s not possible, the attacker must attempt some notable credentials into the Authentication Mechanism to try to figure it out. This rundown of understanding certifications is a wordlist.

Also, rather than physically entering the qualities individually, the aggressor utilizes an apparatus or content to robotize this cycle. Additionally, on account of breaking, hash esteems, the instrument utilizes the wordlists and encodes the passages of wordlists into a similar hash and afterward utilizes a string contrast work to match the hashes.

The Cyber Security World tends to see the significance of the wordlist as fundamental when a match is discovered, considering the hash cracked.

Wordlists in Kali Linux:

Since Kali Linux was exceptionally created to perform Penetration Testing, it is loaded with different sorts of wordlists. This is because different tools are available in the Kali Linux to perform Bruteforce Attacks on Logins, Directories, and so on. We should go through a portion of the wordlists from the huge arsenal of wordlists Kali Linux contain.

The /usr/share index contains the situated wordlists. Within this directory, we find the dirb directory, which houses the wordlists utilized for performing Directory Bruteforce with the dirb tool. Additionally, the dirbuster tool, also used for Directory Bruteforce, is available with additional options. Moreover, there is a dedicated Wi-Fi directory specifically designed to aid in breaking Wi-Fi authentications.

Then, we have Metasploit which utilizes wordlists for nearly everything. At that point, there is a Nmap wordlist that contains that can be utilized while scanning some specific services. Then, at that point, we have the Rockstar of Wordlists: rockyou. This is compacted of course, and you should separate it prior to utilizing it. Exceptionally enormous with 1,44,42,062 qualities could be passwords for a lot of client accounts on the web. Finally, we have the wfuzz directory that has the wordlists that can be utilized clubbed with wfuzz.

Location: /usr/share/wordlists

Dirb Wordlists:

To investigate one of the directories, we utilize the tree command to list all the wordlists inside the dirb directory. Here we have distinctive wordlists that differ in size and languages. There is an expansions wordlist too so the attacker can utilize that directory to play out a Directory Bruteforce. There are some application-explicit wordlists, for example, apache.txt or sharepoint.txt too.

Location: /usr/share/wordlists/dirb

Rockyou Wordlists:

Rockyou.txt is a set of compromised passwords from the online media application engineer otherwise called RockYou. It created gadgets for the Myspace application. In December 2009, the organization encountered an information break resulting the exposure of more than 32 million client accounts. It was fundamentally a direct result of the organization’s strategy of storing the passwords in cleartext.

Location: /usr/share/wordlists

At the time of booting Kali Linux, it will be packed in a gz document. To unfasten run the accompanying order. It will de-pressurize and prepared for use on any sort of assault you need.

gzip -d /usr/share/wordlists/rockyou.txt.gz

Wfuzz Wordlists:

The creators developed the Wfuzz apparatus to perform Bruteforcing assaults on web applications. Additionally, it can identify web applications, enumerate directories, records, and scripts, among other functions. It is also capable of changing the request from GET to POST. This feature proves useful in various situations, such as checking for SQL Injections. The apparatus includes a set of predefined wordlists, which are specifically designed for use with Wfuzz but can be used anywhere as desired. These wordlists are categorized into sections like general, Injections, stress, vulns, web services, and others.

Location: /usr/share/wordlists/wfuzz

GitHub Wordlists:

We learned about the immense assortment that Kali Linux contains. However, in some cases they will in general be not as most recent as we require. This can occur in a situation wherein another 0-day has been found. There will be no access in those dictionaries. This is the place where we can go wild looking on the web yet it is huge and requires some investment. This is the place where we can sneak around in GitHub as many individuals would make such a dictionary. In this way, looking through GitHub may give you those new and new word references or it can assist you with tracking down that particular word reference that you need to fluff a particular structure.

Link: GitHub Wordlists

Seclists:

Seclists gather various kinds of wordlists that can be used during Penetration Testing, all in one spot. These wordlists can contain usernames, passwords, URLs, delicate information designs, fluffing payloads, web shells, and so forth To introduce on Kali Linux, we will utilize the well-suited order followed by the Seclists as displayed in the picture beneath.

GitHub: Seclists

apt install seclists

Assetnode Wordlists:

The Assetnode Wordlist delivers an extraordinarily curated wordlist for an entire scope of regions, for example, the subdomain disclosure or uncommon curios revelation. The following best thing that has been released since the Seclists is that it gets refreshed on the 28th of each month, according to their site.

To download all wordlists on the double anyone can utilize the accompanying wget order.

Website: Assetnote Wordlists

wget -r --no-parent -R "index.html*" https://wordlists-cdn.assetnote.io/ -nH

PacketStrom Wordlists:

Bundle Storm Security is a data security site that offers current and verifiable PC security instruments, exploits, and security warnings. A group of security enthusiasts works to publish new security information and propose tools for educational and testing purposes.

Yet, causing us a deep sense of shock, it additionally distributes wordlists. Any client that has crafter some predefined wordlist can present their wordlist on their site. In this way, in case you are searching for an interesting wordlist make certain to look at it.

Link: Pack Strom Security Wordlists

Cleaning Wordlists:

Till now we saw numerous wordlists that contain a great many passages inside them.

During infiltration testing on your weak worker or any CTF, currently, it is potentially acceptable as they are designed to handle this type of brute force. However, things become somewhat complicated when we transition to the real scenario. As, all things considered, no improvement group or proprietor will allow you to play out 1,000 after thousand wordlist bruteforce.

This can hamper its nature of administration to different clients. In this way, we should diminish the wordlist sections. I realize it sounds counterproductive yet it isn’t. The wordlists may contain a few payloads that may be surpassing 100 characters or even be excessively explicit for them to remove anything straightforwardly. Then, at that point we do have a few payloads that are the best approach to like each other that in the event that we supplant any of them, the outcome stays as before. Jon Barber made a content that can eliminate loud sanctions, for example, ! ( , %. Moreover, clean the wordlist with the goal that it very well may be more compelling.

GitHub: CleanWordlist.sh

./clean_wordlists.sh HTML5sec-Injections-Jhaddix.txt

Crafting Wordlists:

CeWL:

So, the Ruby application CeWL crawls a given URL to a predetermined depth, optionally follows external links, and generates a list of words that can be used for password cracking tools like John the Ripper.

CeWL additionally has a related order line application, FAB (Files Already Bagged) which utilizes a similar metadata extraction methods to make writer/maker records from currently downloaded. Here we are running CeWL against the tart URL and saving the yield into a wordlist by the name of dict.txt.

GitHub: CeWL – Custom Word List generator

Crafting Wordlists: Crunch

Crunch is a wordlist generator where you can determine a standard person set or a person set you indicate. crunch can produce every conceivable blend and changes. Here, we utilized crunch to create a wordlist with at least 2 and a limit of 3 characters and composing the yield inside a wordlist by the name of dict.txt.

Crafting Wordlists: Cupp

A weak password may be extremely short or just utilize alphanumeric characters, simplifying unscrambling.
Somebody profiling the client can easily guess a feeble secret key, such as a birthday, nickname, address, name of a pet or relative, or a common word like God, love, cash, or password. Cupp comes into utilization in situations like legal penetration tests or forensic crime investigations. In this case, we create a wordlist that is specific to an individual named Raj. We enter the details and upon submission, a wordlist is generated specifically for this client.

GitHub: CUPP – Common User Passwords Profiler

Conclusion:

The point that we are attempting to pass on through this article is that wordlist is quite possibly the main asset an entrance analyzer can have. There are various assets to get a wordlist and numerous instruments to make your very own wordlist. We needed this article to fill in as your go-to direct at whatever point you are attempting to learn or utilize a wordlist or any of the apparatuses to create a wordlist.