OneListForAll/README.md

# OneListForAll
**Rockyou for web fuzzing**

This is a project to generate huge wordlists for web fuzzing, if you just want to fuzz with a good wordlist use the file [onelistforallmicro.txt](https://github.com/six2dez/OneListForAll/blob/main/onelistforallmicro.txt).

>**Due to GitHub's size file limitations I had to split all the files bigger than 50M in different files with the following taxonomy _technology_[1-99]_long.txt**
>**If you want to recreate the original file just run, for example the apache long dict `cat dict/apache* > dict/apache_long.txt`**

The wordlists mentioned at the bottom of this pages are merged by technology/type and differenced by _short and _long suffixes. So you can search by any technology or software and fuzz the target site with a small list or the long one. Also, this projects provides three of all-in-one wordlists:

- onelistforall.txt (everything merged, both _short.txt and _long.txt files, cleaned and deduplicated, zipped 7z multi)
- onelistforallshort.txt (merged only _short.txt files, cleaned and deduplicated)
- onelistforallmicro.txt (my favorite, manually crafted and constantly updated, with interesting files and low-hanging fruits findings)


## Usage

### Method 1

1. Go to [releases](https://github.com/six2dez/OneListForAll/releases) and download the latest

2. Fuzz with the best tool [ffuf](https://github.com/ffuf/ffuf) :)
```bash
ffuf -c -w onelistforall.txt -u [target.com]/FUZZ
```

### Method 2

**Build your own wordlists!**

> Requirement: install [duplicut](https://github.com/nil0x42/duplicut) by yourself :)

1. Add your wordlists to dict/ folder with suffix **_short.txt** for short wordlist and **_long.txt** for the full wordlist.

2. Run ./olfa.sh (olfa -> One List For All) and you will have onelistforall.txt file and onelistforallshort.txt.

3. Fuzz with the best tool [ffuf](https://github.com/ffuf/ffuf) :)
```bash
ffuf -c -w onelistforall.txt -u [target.com]/FUZZ
```

## Wordlists summary

- **onelistforallmicro.txt** manally crafted wordlist for low hanging fruits: 18109 lines, 298K
- **onelistforallshort.txt** a shortened version, it also contains a lot of things, but in a more affordable way: 892361 lines, 15M
- **onelistforall.txt** basically everything, launch it and go to sleep. 59076819 lines, 1.2G

## Sources

This is a wordlists project for fuzzing purposes made from the best word lists currently available,merged and deduplicated later with [duplicut](https://github.com/nil0x42/duplicut), adding cleaner from [BonJarber](https://github.com/BonJarber/SecUtils/tree/master/clean_wordlist). The lists used have been selected from these repositories:

- [fuzzdb](https://github.com/fuzzdb-project/fuzzdb)
- [SecLists](https://github.com/danielmiessler/SecLists)
- [xmendez](https://github.com/xmendez/wfuzz)
- [minimaxir](https://github.com/minimaxir/big-list-of-naughty-strings)
- [TheRook](https://github.com/TheRook/subbrute)
- [danielmiessler](https://github.com/danielmiessler]/RobotsDisallowed)
- [swisskyrepo](https://github.com/swisskyrepo/PayloadsAllTheThings)
- [1N3](https://github.com/1N3/IntruderPayloads)
- [cujanovic](https://github.com/cujanovic)
- [lavalamp](https://github.com/lavalamp-/password-lists)
- [ics-default](https://github.com/arnaudsoullie/ics-default-passwords)
- [jeanphorn](https://github.com/jeanphorn/wordlist)
- [j3ers3](https://github.com/j3ers3/PassList)
- [nyxxxie](https://github.com/nyxxxie/awesome-default-passwords)
- [dirbuster](https://www.owasp.org/index.php/DirBuster)
- [dotdotpwn](https://github.com/wireghoul/dotdotpwn)
- [hackerone_wordlist](https://github.com/xyele/hackerone_wordlist)
- [commonspeak2](https://github.com/assetnote/commonspeak2-wordlists)
- [bruteforce-list](https://github.com/random-robbie/bruteforce-lists)
- [assetnote](https://wordlists.assetnote.io/)
- [brutas](https://github.com/tasooshi/brutas)
- [werdlists](https://github.com/decal/werdlists)
- [tk0-bugbounty](https://github.com/tomikoski/tk0-bugbounty)

Feel free to contribute, PR are welcomed.
Initial commit 2020-11-13 14:58:45 +03:00			`# OneListForAll`
v2 README update 2020-11-17 13:37:06 +03:00			`Rockyou for web fuzzing`
Update README.md 2020-11-15 19:06:21 +03:00
First commit new version 2022-06-15 18:21:57 +03:00			`This is a project to generate huge wordlists for web fuzzing, if you just want to fuzz with a good wordlist use the file [onelistforallmicro.txt](https://github.com/six2dez/OneListForAll/blob/main/onelistforallmicro.txt).`
v2.3 Micro List v2.3 Micro List 2020-12-05 02:20:22 +03:00
onelistforall full 7z parts 2022-06-19 17:20:56 +03:00			`>Due to GitHub's size file limitations I had to split all the files bigger than 50M in different files with the following taxonomy _technology_[1-99]_long.txt`
			>*If you want to recreate the original file just run, for example the apache long dict `cat dict/apache > dict/apache_long.txt`**

Update README.md 2022-10-04 00:23:55 +03:00			`The wordlists mentioned at the bottom of this pages are merged by technology/type and differenced by _short and _long suffixes. So you can search by any technology or software and fuzz the target site with a small list or the long one. Also, this projects provides three of all-in-one wordlists:`
Last update for this release 2022-06-16 12:23:11 +03:00
Update README.md 2022-10-04 00:23:55 +03:00			`- onelistforall.txt (everything merged, both _short.txt and _long.txt files, cleaned and deduplicated, zipped 7z multi)`
			`- onelistforallshort.txt (merged only _short.txt files, cleaned and deduplicated)`
Last update for this release 2022-06-16 12:23:11 +03:00			`- onelistforallmicro.txt (my favorite, manually crafted and constantly updated, with interesting files and low-hanging fruits findings)`

onelistforall full 7z parts 2022-06-19 17:20:56 +03:00
Update README.md 2020-11-13 16:00:51 +03:00			`## Usage`

Update README.md 2020-11-16 13:57:32 +03:00			`### Method 1`

Last update for this release 2022-06-16 12:23:11 +03:00			`1. Go to [releases](https://github.com/six2dez/OneListForAll/releases) and download the latest`
Update README.md 2020-11-15 18:55:59 +03:00
			`2. Fuzz with the best tool [ffuf](https://github.com/ffuf/ffuf) :)`
			```bash
v2 README update 2020-11-17 13:37:06 +03:00			`ffuf -c -w onelistforall.txt -u [target.com]/FUZZ`
Update README.md 2020-11-15 18:55:59 +03:00			```

Update README.md 2020-11-16 13:57:32 +03:00			`### Method 2`

v2 README update 2020-11-17 13:37:06 +03:00			`Build your own wordlists!`

Update README.md 2022-10-12 01:16:27 +03:00			`> Requirement: install [duplicut](https://github.com/nil0x42/duplicut) by yourself :)`

v2 README update 2020-11-17 13:37:06 +03:00			`1. Add your wordlists to dict/ folder with suffix _short.txt for short wordlist and _long.txt for the full wordlist.`

			`2. Run ./olfa.sh (olfa -> One List For All) and you will have onelistforall.txt file and onelistforallshort.txt.`

			`3. Fuzz with the best tool [ffuf](https://github.com/ffuf/ffuf) :)`
			```bash
			`ffuf -c -w onelistforall.txt -u [target.com]/FUZZ`
			```

Update README.md 2020-12-05 02:33:00 +03:00			`## Wordlists summary`

First commit new version 2022-06-15 18:21:57 +03:00			`- onelistforallmicro.txt manally crafted wordlist for low hanging fruits: 18109 lines, 298K`
Last update for this release 2022-06-16 12:23:11 +03:00			`- onelistforallshort.txt a shortened version, it also contains a lot of things, but in a more affordable way: 892361 lines, 15M`
			`- onelistforall.txt basically everything, launch it and go to sleep. 59076819 lines, 1.2G`
Update README.md 2020-12-05 02:33:00 +03:00
Update README.md 2020-11-13 16:00:51 +03:00			`## Sources`
Update README.md 2020-11-13 15:19:17 +03:00
First commit new version 2022-06-15 18:21:57 +03:00			`This is a wordlists project for fuzzing purposes made from the best word lists currently available,merged and deduplicated later with [duplicut](https://github.com/nil0x42/duplicut), adding cleaner from [BonJarber](https://github.com/BonJarber/SecUtils/tree/master/clean_wordlist). The lists used have been selected from these repositories:`
Update README.md 2020-11-13 15:19:17 +03:00
			`- [fuzzdb](https://github.com/fuzzdb-project/fuzzdb)`
			`- [SecLists](https://github.com/danielmiessler/SecLists)`
			`- [xmendez](https://github.com/xmendez/wfuzz)`
			`- [minimaxir](https://github.com/minimaxir/big-list-of-naughty-strings)`
			`- [TheRook](https://github.com/TheRook/subbrute)`
			`- [danielmiessler](https://github.com/danielmiessler]/RobotsDisallowed)`
			`- [swisskyrepo](https://github.com/swisskyrepo/PayloadsAllTheThings)`
			`- [1N3](https://github.com/1N3/IntruderPayloads)`
			`- [cujanovic](https://github.com/cujanovic)`
			`- [lavalamp](https://github.com/lavalamp-/password-lists)`
			`- [ics-default](https://github.com/arnaudsoullie/ics-default-passwords)`
			`- [jeanphorn](https://github.com/jeanphorn/wordlist)`
			`- [j3ers3](https://github.com/j3ers3/PassList)`
			`- [nyxxxie](https://github.com/nyxxxie/awesome-default-passwords)`
			`- [dirbuster](https://www.owasp.org/index.php/DirBuster)`
			`- [dotdotpwn](https://github.com/wireghoul/dotdotpwn)`
Update README.md 2020-11-14 01:10:14 +03:00			`- [hackerone_wordlist](https://github.com/xyele/hackerone_wordlist)`
			`- [commonspeak2](https://github.com/assetnote/commonspeak2-wordlists)`
Update README.md 2020-11-16 11:35:13 +03:00			`- [bruteforce-list](https://github.com/random-robbie/bruteforce-lists)`
Assetnote added and script improved 2020-11-27 19:08:13 +03:00			`- [assetnote](https://wordlists.assetnote.io/)`
First commit new version 2022-06-15 18:21:57 +03:00			`- [brutas](https://github.com/tasooshi/brutas)`
			`- [werdlists](https://github.com/decal/werdlists)`
Update README.md 2022-06-16 12:45:02 +03:00			`- [tk0-bugbounty](https://github.com/tomikoski/tk0-bugbounty)`
Update README.md 2020-11-13 16:00:51 +03:00
Update README.md 2022-06-16 12:45:02 +03:00			`Feel free to contribute, PR are welcomed.`