
Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utilized by bug hunters, penetration testers, and security enthusiasts during their reconnaissance and vulnerability assessment processes.

MIT LicenseMIT

Bug Hunter's Wordlists Repository

Bug Hunter's Wordlists Repository

Welcome to the Bug Hunter's Wordlists repository! 🐛🔍 This repository serves as a comprehensive collection of essential wordlists utilized by bug hunters, penetration testers, and security enthusiasts during their reconnaissance and vulnerability assessment processes.

Table of Contents


In the realm of ethical hacking and cybersecurity, wordlists are indispensable tools that aid researchers in finding hidden vulnerabilities, exposed paths, sensitive information, and potential attack vectors. This repository is established with the goal of bringing together an extensive assortment of wordlists, simplifying the process of reconnaissance, identification, and exploitation of security weaknesses.


Explore an array of meticulously curated wordlists designed to cater to diverse aspects of security testing. The repository includes the following wordlists:


  • 10-million-password-list-top-1000000.txt: Wordlist of 10 Million Passwords

403 Header Bypass Wordlist

  • 403_header_payloads.txt: Wordlist for 403 Header Bypass Techniques

403 URL Bypass Wordlist

  • 403_url_payloads.txt: Wordlist for 403 URL Bypass Strategies

6-Digit Numbers

  • 6-digits-000000-999999.txt: Comprehensive Collection of 6-Digit Number Combinations

Internal Admin Panels

  • admin.txt: Wordlist for Uncovering Internal Admin Panels

Adminer Wordlist

  • adminer.txt: Adminer-Specific Wordlist for Identifying Admin Interfaces

Leaked File Paths

  • all-files-leaked.txt: Wordlist Encompassing Paths of Leaked Files

All Git Dorks

  • all-gitdorks.txt: Aggregated List of All Git Dorks for Git Repository Enumeration

Fuzzing Wordlist

  • all_fuzz.txt: Comprehensive Fuzzing Wordlist

Google Dorking Wordlist

  • allgoogle.txt: Comprehensive Google Dorking Wordlist

Android Permissions Wordlist

  • android_all_permissions.txt: Android Permissions Wordlist

Antivirus Names

  • antivirus_names.txt: List of Antivirus Software Names

API Actions Wordlist

  • api-actions.txt: API Actions Wordlist

API Objects Wordlist

  • api-objects.txt: API Objects Wordlist

All APIs Wordlist

  • api.txt: Comprehensive List of APIs Wordlist

Deduct X Values

  • api_seen_in_wild.txt: Deduct X values

ASP Files Without Path

  • asp_files_only.txt: ASP Files without Path Wordlist

ASP Files with Path

  • asp_files_with_path.txt: ASP Path with Wordlists

Update Backup Files Only

  • backup_files_only.txt: Updated Backup Files Only

Backup Files with Path

  • backup_files_with_path.txt: Backup Files with Path

CGI-BIN Wordlist

  • cgi-bin.txt: CGI-BIN Wordlist

CGI Files Wordlist

  • cgi-files.txt: CGI Files Wordlist

Config Wordlist

  • config.txt: Config Wordlist

CSS Properties Wordlist

  • css_all_properties.txt: CSS Properties Wordlist

CVE Paths Wordlist

  • cve-paths.txt: CVE Paths Wordlist

Directory Traversal Up to One

  • directory_only_one.small.txt: Directory traversal up to one

DLL Files

  • dll_files.txt: DLL Files Wordlist

Dot Files Wordlist

  • dotfiles.txt: Dot Files Wordlist

EC2 Wordlist

  • ec2.txt: EC2 Wordlist

ENV Wordlist

  • env.txt: ENV Wordlist

All Extensions Wordlist

  • extensions.txt: All Extensions Wordlist

Content Fuzzing Wordlist

  • fuzz.txt: Content Fuzzing Wordlist

Git Config Wordlist

  • git_config.txt: Git Config Wordlist

Limited Google Dorking Wordlist

  • google.txt: Limited Google Dorking Wordlist

Htaccess Wordlist

  • htaccess: Htaccess Wordlist

JSP Files Without Path

  • jsp_files_only.txt: JSP Files without Path

Juicy Paths Wordlist

  • juicy-paths.txt: Juicy Paths Wordlist

JWT Secrets Wordlist

  • jwt-secrets.txt: JWT Secrets by Wallarm

Kubernetes Wordlist

  • k8s.txt: Adding Auth02

Keys Wordlist

  • keys.txt: Keys Wordlist

Leaked Misconfiguration Wordlist

  • leaky-misconfigs.txt: Leaked Misconfiguration Wordlist

Logs Wordlist

  • log.txt: Logs Wordlist

Log4j Payloads Wordlist

  • log4j_payloads.txt: Log4j Payloads

Nginx Directory Wordlist

  • ngnix.txt: Nginx Directory Wordlist

NPMRC Wordlist

  • npmrc.txt: NPMRC Wordlist

Open Redirect Payloads Wordlist

  • open-redirects.txt: Open Redirect Payloads Wordlist

Perl Files Wordlist

  • perl-files.txt: Perl Files Wordlist

PHP Files Without Path

  • php_files_only.txt: PHP Files without Path

PHP Files with Path

  • php_files_with_path.txt: PHP Files with Path

PHP My Admin Wordlist

  • phpmyadmin.txt: PHP My Admin Wordlist

PHP Unit Wordlist

  • phpunit.txt: PHP Unit Wordlist

Properties File Wordlist

  • properties-files.txt: Properties File Wordlist

Shodan Dorks by Lothos612

  • shodan-dorks.txt: Shodan Dorks by Lothos612

SQL Wordlist

  • sql.txt: SQL Wordlist

SQLi Google Dorks by iGotRootSRC

  • sqli-google-dorks.txt: SQLi Google Dorks by iGotRootSRC

SQL Blind Time-Based

  • sqli_blind_time-based.txt: SQL Blind Time-Based

Apache Tomcat Directory Wordlist

  • tomcat.txt: Apache Tomcat Directory Wordlist

Directory Bruteforcing Wordlist 1

  • top-10k-web-directories_from_10M_urlteam_links.txt: Directory Bruteforcing Wordlist 1

Usernames Wordlist

  • user_field_names.txt: Usernames Wordlist

Web Config Wordlist

  • webconfig.txt: Web Config Wordlist

Windows LFI Wordlist

  • windows-lfi.txt: Windows LFI Wordlist

Random WordPress Wordlist

  • wordpress-random.txt: Random WordPress Wordlist

WordPress Content Wordlist

  • wp-content.txt: WordPress Content Wordlist

WordPress Plugins

  • wp-plugins.txt: WordPress Plugins

XSS Payloads

  • xss_payload.txt: Adding XSS Payloads

YAML Wordlist

  • yaml.txt: List of YAML-related terms and patterns.


The Bug Hunter's Wordlists Repository thrives on community involvement. You are encouraged to contribute to this repository by:

  1. Forking: Fork the repository to your GitHub account.
  2. Adding: Add new wordlists or enhance existing ones with valuable entries.
  3. Pull Request: Submit a pull request detailing your changes.
  • All contributions, whether they include new wordlists, updates, or improvements, are immensely appreciated and contribute to the collective security knowledge.


  • It is crucial to emphasize that this repository is intended solely for educational and research purposes. The wordlists provided here should be employed responsibly and only on systems for which you possess explicit authorization. Unauthorized use is strongly discouraged and could lead to legal consequences.

Follow Author

Twitter LinkedIn GitHub Snapchat Instagram HackerOne

  • If you find value in these free wordlists and tools, consider showing your appreciation by buying me a coffee. Your support helps keep this project going and enables the continuous improvement of these resources.

Buy Me a Coffee