Kali Linux includes a very useful collection of password dictionaries and wordlists in /usr/share/wordlists. Some files you will find there are as follows:
- rockyou.tar.gz: The RockYou website was hacked in December 2010, more than 14 million passwords were leaked, and this list includes them. These passwords are archived in this file, so you will need to decompress it before using it:
tar -xzf rockyou.tar.gz
- dnsmap.txt: Contains common subdomain names, such as intranet, ftp, or www; it is useful when brute forcing a DNS server.
- /dirbuster/*: The dirbuster directory contains names of files commonly found in web servers; these files can be used when using DirBuster or OWASP-ZAP's Forced Browse.
- /wfuzz/*: Inside this directory, ...