Skip to content
/ Penetration-Testing Public

A complete list of all the wordlists, tips, tricks, tools & methodologies for penetration testing/bug hunting.

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

web-cipher-007/Penetration-Testing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,108 Commits
403 Bypass
403 Bypass
 
 
API Key Leaks
API Key Leaks
 
 
Account Takeover
Account Takeover
 
 
Business Logic Errors
Business Logic Errors
 
 
CORS Misconfiguration
CORS Misconfiguration
 
 
CRLF Injection
CRLF Injection
 
 
CSV Injection
CSV Injection
 
 
CVE Exploits
CVE Exploits
 
 
Clickjacking
Clickjacking
 
 
Client Side Path Traversal
Client Side Path Traversal
 
 
Command Injection
Command Injection
 
 
Cross-Site Request Forgery
Cross-Site Request Forgery
 
 
DNS Rebinding
DNS Rebinding
 
 
DOM Clobbering
DOM Clobbering
 
 
Denial of Service
Denial of Service
 
 
Dependency Confusion
Dependency Confusion
 
 
Directory Traversal
Directory Traversal
 
 
File Inclusion
File Inclusion
 
 
Google Web Toolkit
Google Web Toolkit
 
 
GraphQL Injection
GraphQL Injection
 
 
HTTP Parameter Pollution
HTTP Parameter Pollution
 
 
Headless Browser
Headless Browser
 
 
Hidden Parameters
Hidden Parameters
 
 
Insecure Deserialization
Insecure Deserialization
 
 
Insecure Direct Object References
Insecure Direct Object References
 
 
Insecure Management Interface
Insecure Management Interface
 
 
Insecure Randomness
Insecure Randomness
 
 
Insecure Source Code Management
Insecure Source Code Management
 
 
JSON Web Token
JSON Web Token
 
 
Java RMI
Java RMI
 
 
LDAP Injection
LDAP Injection
 
 
LaTeX Injection
LaTeX Injection
 
 
Mass Assignment
Mass Assignment
 
 
Methodology and Resources
Methodology and Resources
 
 
NoSQL Injection
NoSQL Injection
 
 
OAuth Misconfiguration
OAuth Misconfiguration
 
 
ORM Leak
ORM Leak
 
 
Open Redirect
Open Redirect
 
 
Parameter Discovery
Parameter Discovery
 
 
Prompt Injection
Prompt Injection
 
 
Prototype Pollution
Prototype Pollution
 
 
Race Condition
Race Condition
 
 
Regular Expression
Regular Expression
 
 
Request Smuggling
Request Smuggling
 
 
SAML Injection
SAML Injection
 
 
SQL Injection
SQL Injection
 
 
Server Side Include Injection
Server Side Include Injection
 
 
Server Side Request Forgery
Server Side Request Forgery
 
 
Server Side Template Injection
Server Side Template Injection
 
 
Tabnabbing
Tabnabbing
 
 
Type Juggling
Type Juggling
 
 
Upload Insecure Files
Upload Insecure Files
 
 
Web Cache Deception
Web Cache Deception
 
 
Web Sockets
Web Sockets
 
 
XPATH Injection
XPATH Injection
 
 
XSLT Injection
XSLT Injection
 
 
XSS Injection
XSS Injection
 
 
XXE Injection
XXE Injection
 
 
Zip Slip
Zip Slip
 
 
_LEARNING_AND_SOCIALS
_LEARNING_AND_SOCIALS
 
 
_template_vuln
_template_vuln
 
 
BBHF.txt
BBHF.txt
 
 
README.md
README.md
 
 
http-methods.txt
http-methods.txt
 
 

Repository files navigation

| Pentesting Wordlists / Tips, Tricks & References |

🚀 Curated Wordlists for Ethical Hacking & Security Testing
This repository contains a comprehensive collection of wordlists for penetration testing, security assessments, and ethical hacking. These wordlists have been gathered, modified, and curated from multiple sources to ensure high-quality, effective results for various security tasks.

📌 What’s Inside?
🔹 Common Password Lists – Default credentials, leaked passwords, and brute-force attack wordlists.
🔹 Fuzzing Wordlists – Files, directories, parameters, and payloads for web fuzzing.
🔹 Subdomain & DNS Enumeration – Wordlists for discovering subdomains and DNS records.
🔹 Web Exploitation – SQL injection, XSS, LFI, SSRF, and other attack vectors.
🔹 Custom Wordlists – Modified and optimized lists from various sources for better results.
🔹 Optimized Tips, tricks & various other references/materials for penetration tester/bug hunters.

⚠️ Disclaimer
This repository is intended strictly for ethical hacking, security research & legal testing purposes. Unauthorized use of these wordlists for illegal purposes is prohibited. The author is not responsible for any misuse.

💡 Contributions & Credits
This repository is a collection of multiple publicly available sources, modified and enhanced for better usability for me. If you have suggestions, feel free to contribute or open an issue!
Original sources:

  1. https://github.com/swisskyrepo/PayloadsAllTheThings
  2. https://github.com/coffinxp/payloads/tree/main
  3. https://github.com/danielmiessler/SecLists/tree/master

Thank you for visiting!
Keep grinding & growing!

About

A complete list of all the wordlists, tips, tricks, tools & methodologies for penetration testing/bug hunting.

Topics

penetration-testing bugbountytips

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages