![](\"https:\/\/varutra-1a3b6.kxcdn.com\/wp-content\/uploads\/2022\/01\/Using-SecLists-for-Penetration-Testing-1024x535.png\" "\\"Using")
<\/p>\n<\/p>\n
Seclists is something that comes very handy to a pen tester. The simple reason is, it has a collection of all the wordlist lists that is related to different technologies, web servers, and web shells that can be helpful while performing penetration testing on any particular target.<\/p>\n
<\/p>\n
All the Kali machine has the option of seclists. To run it for pentesting, we need to install it in our system. There are a couple of different ways of installing it on our machine.<\/p>\n
Here is also an alternate method of installing the lists in the system. There will not be any problem in installing seclists directly by connecting to the package online if your system is up-to-date. In case, your system is not up-to-date then you may come across some issues while installing. In such a scenario, you can opt for updating the index package in the sources.list file. Edit the file and add the following path for the kali index in the file.<\/p>\n
Path to add in the file:<\/p>\n
https:\/\/mirrors.ocf.berkeley.edu\/kali-images\/current\/<\/a><\/p>\n After adding this index path to the file, save the file and then run the following command in the terminal to install the seclists in your system.<\/p>\n Command:<\/p>\n sudo apt-get install seclists<\/p>\n After installing, you can access the seclists under the path: \/usr\/share\/seclists<\/u>. There are different types of lists that are included in this folder.<\/p>\n Below is the tree representation of seclists. The tree displays its directory structure.<\/p>\n Fig: Tree structure of Seclists<\/p>\n Fig: Tree structure of seclists<\/p>\n <\/p>\n Seclists contains a lot of different wordlists that are used for multiple purposes with different available tools. These lists are segregated according to usage. In this blog, we will discuss a couple of the seclists categories and how to use them.<\/p>\n This phase includes enumerating the target for different things like subdomains, open ports, running services, etc. The discovery module includes different sub-categories like DNS, Infrastructure, SNMP, Web-Content, and more that can be used for enumerating the target.<\/p>\n Eg: The below example shows how we can automate the process of sub-domain enumeration using dirb and seclists.<\/p>\n Fig: Subdomain enumeration using dirb<\/p>\n <\/p>\n In the above-shown example the command that was used is as follows:<\/p>\n <\/p>\n <\/p>\n Here in this command, the first part is the URL of the target i.e.,\u00a0http:\/\/demo.testfire.net<\/a>\u00a0and we have given the path of the wordlist that is used from the discovery module of seclists.<\/p>\n And below you can see different subdomains found for the given target.<\/p>\n Fig: Wordlists in fuzzing module of Seclists<\/p>\n There are different lists related to Databases, LFI, SQLi, XSS, etc. using which you can fuzz for the respective attacks.<\/p>\n <\/p>\n This way you can successfully learn how to install and run seclists in your system and use them for pentesting. There are various penetration methods like android penetration testing with drozer<\/a>, AWS pentesting<\/a>, and much more that you can read in our blog<\/a> section.<\/p>\n <\/p>\n Author<\/p>\n Pralekya H.<\/strong><\/p>\n Associate Security Consultant<\/p>\n Attack & Pentest Team,<\/p>\n Varutra Consulting Pvt. Ltd.<\/p>","protected":false},"excerpt":{"rendered":" Introduction to SecLists Seclists is something that comes very handy to a pen tester. The simple reason is, it has a collection of all the…<\/p>\n","protected":false},"author":4,"featured_media":18244,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[51,272],"tags":[139,594,593,592],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n
![\"Tree](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2022\/01\/Tree-structure-of-Seclists.png\")
<\/p>\n![\"Tree](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2022\/01\/Tree-structure-of-seclists-2.png\")
<\/p>\nHow to use SecLists?<\/strong><\/h3>\n
\n
![\"Subdomain](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2022\/01\/Subdomain-enumeration-using-dirb.png\")
<\/p>\n\n
\n
![\"Wordlists](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2022\/01\/Wordlists-in-fuzzing-module-of-Seclists.png\")
<\/p>\nConclusion<\/strong><\/h3>\n