使用 SecLists 進行滲透測試,包含密碼、使用者名稱、目錄、Payload 等完整字典收錄
專案簡介
SecLists 是滲透測試和安全研究中最常用的字典集合。包含使用者名稱、密碼、URL、敏感資料模式、Fuzzing Payload 等,是 Bug Bounty 和紅隊演練的必備工具。
GitHub Stars: 68K+
安裝
Git Clone
1
| git clone --depth 1 https://github.com/danielmiessler/SecLists.git
|
Kali Linux
1
2
| sudo apt install seclists
# 安裝位置:/usr/share/seclists
|
Homebrew
目錄結構
1
2
3
4
5
6
7
8
9
10
11
| SecLists/
├── Discovery/
│ ├── DNS/ # 子域名字典
│ ├── Web-Content/ # 目錄和檔案
│ └── Infrastructure/ # 基礎設施
├── Fuzzing/ # Fuzzing Payload
├── Passwords/ # 密碼字典
├── Usernames/ # 使用者名稱
├── Pattern-Matching/ # 敏感資料模式
├── Payloads/ # 攻擊 Payload
└── Miscellaneous/ # 其他
|
常用字典
目錄掃描
1
2
3
4
5
6
7
8
9
| # 常見目錄
Discovery/Web-Content/common.txt
Discovery/Web-Content/directory-list-2.3-medium.txt
# 備份檔案
Discovery/Web-Content/Common-Backups/common-backup-files.txt
# API 端點
Discovery/Web-Content/api/api-endpoints.txt
|
子域名列舉
1
2
3
4
5
6
7
| # 子域名字典
Discovery/DNS/subdomains-top1million-5000.txt
Discovery/DNS/subdomains-top1million-20000.txt
Discovery/DNS/subdomains-top1million-110000.txt
# DNS 記錄類型
Discovery/DNS/dns-jhaddix.txt
|
密碼攻擊
1
2
3
4
5
6
7
8
9
| # 常見密碼
Passwords/Common-Credentials/10k-most-common.txt
Passwords/Common-Credentials/best1050.txt
# 洩漏密碼
Passwords/Leaked-Databases/rockyou.txt
# 預設憑證
Passwords/Default-Credentials/default-passwords.txt
|
使用者名稱
1
2
3
4
5
6
| # 常見使用者名稱
Usernames/Names/names.txt
Usernames/top-usernames-shortlist.txt
# 特定服務
Usernames/Honeypot-Captures/multiplesources-users-fabian-fingerle.de.txt
|
實戰應用
目錄 Fuzzing(ffuf)
1
2
3
| ffuf -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt \
-u https://target.com/FUZZ \
-mc 200,301,302,403
|
子域名掃描(Subfinder)
1
| subfinder -d target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt
|
密碼爆破(Hydra)
1
2
| hydra -l admin -P /usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt \
target.com ssh
|
參數 Fuzzing(Burp)
1
2
3
4
| # 使用 Burp Intruder 載入
Fuzzing/LFI/LFI-Jhaddix.txt
Fuzzing/SQLi/Generic-SQLi.txt
Fuzzing/XSS/XSS-Jhaddix.txt
|
API 測試(Nuclei)
1
2
| nuclei -u https://api.target.com \
-w /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt
|
常用字典推薦
Web 安全測試
| 用途 | 字典路徑 |
|---|
| 目錄掃描 | Discovery/Web-Content/raft-large-directories.txt |
| 檔案掃描 | Discovery/Web-Content/raft-large-files.txt |
| 參數名稱 | Discovery/Web-Content/burp-parameter-names.txt |
| 敏感檔案 | Discovery/Web-Content/quickhits.txt |
SQL Injection
1
2
3
| Fuzzing/SQLi/Generic-SQLi.txt
Fuzzing/SQLi/Generic-BlindSQLi.txt
Fuzzing/SQLi/quick-SQLi.txt
|
XSS
1
2
3
| Fuzzing/XSS/XSS-Jhaddix.txt
Fuzzing/XSS/XSS-Cheat-Sheet-PortSwigger.txt
Fuzzing/XSS/xss-payload-list.txt
|
LFI/Path Traversal
1
2
3
| Fuzzing/LFI/LFI-Jhaddix.txt
Fuzzing/LFI/LFI-gracefulsecurity-linux.txt
Fuzzing/LFI/LFI-gracefulsecurity-windows.txt
|
SSRF
1
2
| Fuzzing/SSRF/SSRF-HTTP.txt
Fuzzing/SSRF/SSRF-DNS.txt
|
自訂字典
建立專案字典
1
2
3
4
5
| # 從網站收集關鍵字
cewl https://target.com -d 3 -w custom-wordlist.txt
# 合併字典
cat /usr/share/seclists/Discovery/Web-Content/common.txt custom-wordlist.txt | sort -u > combined.txt
|
密碼變形
1
2
| # 使用 hashcat 規則
hashcat --stdout -r /usr/share/hashcat/rules/best64.rule passwords.txt > mutated.txt
|
工具整合
ffuf 設定
1
2
3
4
5
6
| # ~/.ffufrc
[input]
wordlist = /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
[output]
format = json
|
Burp Suite
- Intruder → Payloads → Load
- 選擇 SecLists 字典
- 設定 Payload Processing
Nuclei
1
2
3
4
5
6
7
| # 自訂模板使用 SecLists
http:
- method: GET
path:
- "{{BaseURL}}/{{path}}"
payloads:
path: /usr/share/seclists/Discovery/Web-Content/common.txt
|
相關連結
延伸閱讀