Skip to content

Wordlists Setup and Usage

Install SecLists

Clone to /usr/share

sudo git clone https://github.com/danielmiessler/SecLists.git /usr/share/seclists

Or Install via APT (Parrot/Kali)

sudo apt update
sudo apt install seclists

Install DIRB Wordlists

sudo apt install dirb

Wordlists located in: /usr/share/dirb/wordlists/

Common Wordlists

Dirbuster

sudo apt install dirbuster

Wordlists located in: /usr/share/dirbuster/wordlists/

Wordlists Package

sudo apt install wordlists

Rockyou Password Wordlist

# Install wordlists
sudo apt install wordlists

# Extract rockyou.txt
sudo gunzip /usr/share/wordlists/rockyou.txt.gz

SecLists for Gobuster

Install Comprehensive List (~500MB)

sudo git clone --depth 1 https://github.com/danielmiessler/SecLists.git /usr/share/seclists

Common Paths for Gobuster

/usr/share/seclists/Discovery/Web-Content/common.txt
/usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt

Quick Manual Wordlist

# Create basic custom wordlist
echo -e "admin\nlogin\napi\nbackup\ntest\nconfig" > wordlist.txt

# Use with gobuster
gobuster dir -u http://10.129.34.145 -w wordlist.txt

Usage Examples

Directory Scanning

gobuster dir -u http://10.129.34.145 -w /usr/share/seclists/Discovery/Web-Content/common.txt

Subdomain Enumeration

gobuster vhost -u http://10.129.34.145 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt

Password Attacks

hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://10.129.34.145