A curated list of wordlists for API Hacking
API
- API endpoints & objects - Yassine Aboukir’s list of 3203 common API endpoints and objects designed for fuzzing
- api-wordlist - A wordlist of API names for web application assessments
- Assetnote Wordlists - Automated & Manual Wordlists provided by Assetnote
- Cook - An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need
- fuzzdb - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery
- fuzz.txt - Potentially dangerous files
- Hacking-APIs - hAPI Hacker’s collection of API paths and wordlists
- leaky-paths - A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs etc…
- PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- SecLists - It’s a collection of multiple types of lists used during security assessments, collected in one place
Assorted
- https://github.com/carlospolop/Auto_Wordlists
- https://github.com/cr0hn/nosqlinjection_wordlists
- https://github.com/orwagodfather/My-WordLISTs
- https://github.com/SilverPoision/a-full-list-of-wordlists
- https://github.com/Dormidera/WordList-Compendium
- https://github.com/trickest/wordlists
- https://github.com/3ndG4me/KaliLists
- https://github.com/trickest/mkpath
- https://github.com/YaS5in3/Bug-Bounty-Wordlists
- https://github.com/Karanxa/Bug-Bounty-Wordlists
- https://github.com/shifty0g/wordlist-tools
- https://github.com/Net-hunter121/API-Wordlist
- https://github.com/BlackArch/wordlistctl
- https://github.com/initstring/passphrase-wordlist