# OneListForAll **Rockyou for web fuzzing** This is a project to generate huge wordlists for web fuzzing, if you just want to fuzz with a good wordlist use the file [onelistforallmicro.txt](https://github.com/six2dez/OneListForAll/blob/main/onelistforallmicro.txt). >**Due to GitHub's size file limitations I had to split all the files bigger than 50M in different files with the following taxonomy _technology_[1-99]_long.txt** >**If you want to recreate the original file just run, for example the apache long dict `cat dict/apache* > dict/apache_long.txt`** The wordlists mentioned at the bottom of this pages are merged by technology/type and differenced by _short and _long suffixes. So you can search by any technology or software and fuzz the target site with a small list or the long one. Also, this projects provides three of all-in-one wordlists: - onelistforall.txt (everything merged, both _short.txt and _long.txt files, cleaned and deduplicated, zipped 7z multi) - onelistforallshort.txt (merged only _short.txt files, cleaned and deduplicated) - onelistforallmicro.txt (my favorite, manually crafted and constantly updated, with interesting files and low-hanging fruits findings) ## Usage ### Method 1 1. Go to [releases](https://github.com/six2dez/OneListForAll/releases) and download the latest 2. Fuzz with the best tool [ffuf](https://github.com/ffuf/ffuf) :) ```bash ffuf -c -w onelistforall.txt -u [target.com]/FUZZ ``` ### Method 2 **Build your own wordlists!** > Requirement: install [duplicut](https://github.com/nil0x42/duplicut) by yourself :) 1. Add your wordlists to dict/ folder with suffix **_short.txt** for short wordlist and **_long.txt** for the full wordlist. 2. Run ./olfa.sh (olfa -> One List For All) and you will have onelistforall.txt file and onelistforallshort.txt. 3. Fuzz with the best tool [ffuf](https://github.com/ffuf/ffuf) :) ```bash ffuf -c -w onelistforall.txt -u [target.com]/FUZZ ``` ## Wordlists summary - **onelistforallmicro.txt** manally crafted wordlist for low hanging fruits: 18109 lines, 298K - **onelistforallshort.txt** a shortened version, it also contains a lot of things, but in a more affordable way: 892361 lines, 15M - **onelistforall.txt** basically everything, launch it and go to sleep. 59076819 lines, 1.2G ## Sources This is a wordlists project for fuzzing purposes made from the best word lists currently available,merged and deduplicated later with [duplicut](https://github.com/nil0x42/duplicut), adding cleaner from [BonJarber](https://github.com/BonJarber/SecUtils/tree/master/clean_wordlist). The lists used have been selected from these repositories: - [fuzzdb](https://github.com/fuzzdb-project/fuzzdb) - [SecLists](https://github.com/danielmiessler/SecLists) - [xmendez](https://github.com/xmendez/wfuzz) - [minimaxir](https://github.com/minimaxir/big-list-of-naughty-strings) - [TheRook](https://github.com/TheRook/subbrute) - [danielmiessler](https://github.com/danielmiessler]/RobotsDisallowed) - [swisskyrepo](https://github.com/swisskyrepo/PayloadsAllTheThings) - [1N3](https://github.com/1N3/IntruderPayloads) - [cujanovic](https://github.com/cujanovic) - [lavalamp](https://github.com/lavalamp-/password-lists) - [ics-default](https://github.com/arnaudsoullie/ics-default-passwords) - [jeanphorn](https://github.com/jeanphorn/wordlist) - [j3ers3](https://github.com/j3ers3/PassList) - [nyxxxie](https://github.com/nyxxxie/awesome-default-passwords) - [dirbuster](https://www.owasp.org/index.php/DirBuster) - [dotdotpwn](https://github.com/wireghoul/dotdotpwn) - [hackerone_wordlist](https://github.com/xyele/hackerone_wordlist) - [commonspeak2](https://github.com/assetnote/commonspeak2-wordlists) - [bruteforce-list](https://github.com/random-robbie/bruteforce-lists) - [assetnote](https://wordlists.assetnote.io/) - [brutas](https://github.com/tasooshi/brutas) - [werdlists](https://github.com/decal/werdlists) - [tk0-bugbounty](https://github.com/tomikoski/tk0-bugbounty) Feel free to contribute, PR are welcomed.