Whats the deal of having multiple wordlists?

Home Forums Bug Bounty Q&A Whats the deal of having multiple wordlists?


Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • caon

    Recently I found myself thinking in how performatic my wordlists are. I have custom lists with all sorts of information, but here I’m talking about fuzzing with general lists – not technology focused stuff, which makes obvious the need of having multiple lists.

    What’s the difference between your subdomain, parameter or path list? I’ve been thinking about it and the conclusion I ended up with is: None! One list contains more words that other and that’s it.

    Constantly I end up using my subdomain list for path fuzzing or my parameter list for subdomain discovering, at the end of day they usually uncover stuff that was not found before, because there’s nothing binding words that are in parameter list to parameters! It is way better to have a general list with every word out there and call it all.txt – just like what jhaddix did back then- and fuzz from there.

    Of course there are exceptions, subdomains lists should comma values, paths should have specific dirs and etc…. But the point is, if you are trying to uncover something with a targetted list that you found in github saying that’s specific for certain research, you are, probably, missing something.

    The same goes for file extensions focused stuff.

    What’s your opinion?


    I think that’s good approach. Gonna try subs 2M subs list and see if I can get anything interesting.

    Gal Nagli

    When you perform HTTP Fuzzing it can be super intrusive and WAF’s can block many of your requests, so you need to have smaller wordlists.


    There’s no option to delete a comment – do not consider this message,

    • This reply was modified 8 months, 4 weeks ago by caon.

    Agree that they can be noisy. But from a “I need to get paths that no one found” perspective, it does not makes any sense to use smaller lists – yeah, you should have a quick list to fire into every target to see what’s the deal – but apart than that, if you have concerns about WAFs, it is way better to use a distributed scanner axiom/fleet/custom k8 with rabbit.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Ready to join the community?

Better Together, we are waiting for you!