# Wordlists

## Credentials

* [Default Credentials Cheat Sheet](https://github.com/ihebski/DefaultCreds-cheat-sheet) - one place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password.
* [PWDB - New generation of Password Mass-Analysis](https://github.com/ignis-sec/Pwdb-Public) - a collection of all the data extracted from 1 billion credential leaks from the Internet.

## Universal

* [WordList Compendium](https://github.com/Dormidera/WordList-Compendium) - personal compilation of wordlists & dictionaries for everything; users, passwords, directories, files, vulnerabilities, fuzzing, injections, wordlists of tools, etc.
* [SecLists](https://github.com/danielmiessler/SecLists) - a collection of multiple types of lists used during security assessments.

## Web content

* [Assetnote Wordlists](https://wordlists.assetnote.io/) - high quality wordlists for content and subdomain discovery.
  * [swagger-wordlist.txt](https://wordlists-cdn.assetnote.io/data/kiterunner/swagger-wordlist.txt) - swagger files collected from a number of datasources, including an internet wide scan for the 40+ most common swagger path.
* [fuzz.txt](https://github.com/Bo0oM/fuzz.txt) - potentially dangerous files.
* [leaky-paths](https://github.com/ayoubfathi/leaky-paths) - a collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs and etc.