Once you have mastered installing SecLists, you might want to create your own aggregate lists.
Fix: Use sudo for system directories or install in your home folder.
cd ~/ # Instead of /usr/share/
git clone --depth 1 https://github.com/danielmiessler/SecLists.git
Once installed, navigating SecLists can be intimidating. Understanding the taxonomy is critical to efficiency. Let's break down the core directories: installing seclists
When testing basic auth, you need both a user list and a password list.
hydra -L /usr/share/seclists/Usernames/top-usernames-shortlist.txt \
-P /usr/share/seclists/Passwords/Common-Credentials/best1050.txt \
target-ip http-get /admin/
SecLists is invaluable for Burp Intruder. Once you have mastered installing SecLists , you
Use awk to only keep passwords over 8 characters:
awk 'length($0) >= 8' my_clean_list.txt > long_passwords.txt
Create shortcuts to avoid typing long paths: Once installed, navigating SecLists can be intimidating
echo 'export SECLISTS="/opt/SecLists"' >> ~/.bashrc
echo 'alias seclists="ls $SECLISTS"' >> ~/.bashrc
source ~/.bashrc
Now, reference any list like: $SECLISTS/Discovery/Web_Content/common.txt