---

---

"Word Lists" for Software Security Test Cases

Word lists, Dictionary Files, Attack Strings, Miscellaneous Datasets and Proof-of-Concept Test Cases With a Collection of Tools for Penetration Testers

<!-- <span style="color: red">WARNING<b>:</b></span> REPOSITORY IS NEARING 1GB -->

• <a href="#intro">Brief Introduction to werdlists</a>
• <a href="#inspire">Inspiration Taken from Similar Projects</a>
  • <a href="#unique">Unique Features Only Available With werdlists</a>
• <a href="#repo">Repository Directory Hierarchy and Structure</a>
  • <a href="#naming">Naming Scheme, Syntax and Meaning</a>
• <a href="#contents">Folder Names and Description of Contents</a>

<a name="intro"></a>Brief Introduction to werdlists :scissors:

This project is a collection of word lists--they are mostly whitespace-delimited or line-based. Although the passes-dicts folder contains inputs for password cracking, overall the files amassed here are intended to be useful in facilitating the creation of insecure program state (with the help of a black-box fuzzer or scanning tool.) The vast majority of files are simply ASCII with the UNIX style newline. Beware that this project does not attempt in any way to be minimalist or lack verbosity!

<a name="inspire"></a>Inspiration Taken From Similar Projects :thought_balloon:

werdlists is very similar to fuzzdb and SecLists. SecLists is maintained by my former colleague at IOActive, Daniel Miessler. Admittedly, werdlists is quite similar in mission as it's a centralized attack strings and input data resource. Regardless, werdlists expands on a number of concepts: it has its own unique style, organization, original hand-crafted contents, dataset creation/management/validation scripts, scanner springboards, etc.

<a name="unique"></a>Unique Features Only Available With werdlists :100:

werdlists cross-references between the code repositories of third-party scanners and its own datasets that each tool will benefit from. Moreover, there are specialized parsing scripts exclusive to werdlists that extract results produced through pairing test tools with its own data. Output strings are gathered from those results and fed back into the test tools. In other words, there are a number of interactive and/or tunable feedback loops implemented. Quite a few of the werdlists data files were created this way.

<a name="repo"></a>Repository Directory Hierarchy and Structure :nut_and_bolt:

The scripts folder consists of shell scripts used for repository maintenance. There is a sub-directory of scripts called init where scripts that initialize data files are stored. If a script filename stored in init contains two dashes, then it's output should reflect the contents of the associated data file. For example, compare manpages-environ and clib-package-names. All scripts were written using bash syntax. The contrib folder is for storing scripts contributed via pull request and the utils folder contains utilities that aren't necessarily specific to the werdlists project, such as scripts for managing any wordlist file. Other data files were manually composed by hand and a small handful were created by recycling output strings back into input parameter lists, i.e. dirbdirs-feedback The tools folder lists security tools that the datasets contained in this repository can be provided as input for. Individual folders are detailed in the <a href="#contents">Folder Names and Description of Contents</a> section below. All files in each dataset directory are detailed in the local README.md file for that folder (as opposed to the global README.md in the root directory being read now.)

<a name="naming"></a>Naming Scheme, Syntax and Meaning :speech_balloon:

Most files have the *.txt extension signifying the text/plain MIME type Often used formats besides plain text include: Comma-Separated Values (text/csv), Extended Markup Language (application/xml), Hyper Text Markup Language (application/html), etc. Any file that is larger than 1MB uncompressed will be compressed with xz according to the commands in the scripts/xzlarge-files bash script. Other file extensions in use are: *.ans, *.asc, *.bin, *.c, *.conf, *.cpp, *.csv, *.html, *.inf, *.ini, *.json, *.md, *.rpz, *.rst, *.sh, *.txt, *.xml, *.yaml, *.yml, *.zip, and *.zone.

<a name="contents"></a>Folder Names and Description of Contents :clipboard:

|    Folder  Name    | Description of Contents |:----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | apple-paths | :rocket: Pathnames found on MacOS file systems
| apple-data | :apple: Data identifiers and such from Apple's MacOS operating system
| arpa-headers | :email: Header fields transmitted over RFC2822 style protocols like SMTP
| ascii-art | :art: "Low bit" a.k.a. 7-bit ASCII art items without control characters
| biology-info | :microscope: Reference information useful in the study of biological issues
| browser-data | :door: Data related to GUI browser software like Chrome, FireFox, etc.
| cert-data | :scroll: Information commonly utilized by cryptographic certificate materials
| char-encodes | :ideograph_advantage: Various character encodings provided by different locales/charsets
| char-sequence | :black_nib: various character sequences modeled after ctype.h
| chat-data | :open_mouth: Additional data on IRC, XMPP and other such messaging protocols
| cipher-data | :blowfish: Data denoting or used by cryptographic algorithm implementations
| cmd-usage | :hammer: Help text shown in a terminal when attempting to execute CLI programs
| code-keywords | :coffee: Computer language identifiers, reserved words and similar syntax
| cpu-arch | :factory: Low-level [computer architecture](https://wikipedia.org