Important changes

📛 Deprecated DirBuster wordlists

The dirbuster wordlists were made in 2007, and are now considered obsolete. Instead, these wordlists are recommended for testing modern web environments:

• Discovery/Web-Content/combined_words.txt
• Discovery/Web-Content/combined_directories.txt

Both of these wordlists are composed of various other wordlists in that same directory, and are automatically updated whenever one of their components is modified. For more information see the README.md for Discovery/Web-Content.

The dirbuster wordlists will remain contained in SecLists, but they now have the DirBuster-2007 prefix to highlight their age.

---

📛 Dangerous SQLi payloads

The SQL Injection wordlists contained in Fuzzing/Databases/SQLi are not safe to use on production environments. Many of those wordlists contain potentially destructive queries which may permanently delete data on any databases they're used on. A warning has been added to the README.md for that directory. For more information see issue #1011

---

New content

• ✨ feat(wordlist): Created Active Directory wordlist (PR #1224)
• ✨ feat(docs): Added "GENOVEVA" tool to readme (PR #1200)
• ✨ feat(docs): Added alternative reference to docs
• ✨ feat(docs): Added documentation for the 'cirt-net_collection.txt' wordlist
• ✨ feat(docs): Added documentation for the 'Java-Spring-Boot.txt' wordlist
• ✨ feat(docs): Added documentation for the 'xato-net-10-million-passwords' wordlists
• ✨ feat(wordlist): Added 'encryptionkeys' directory to 'common_directories.txt'
• ✨ feat(wordlist): Added /etc/apache2/.htpasswd to LFI fuzzing lists (PR #1223)
• ✨ feat(wordlist): Added a dictionary for Model Context Protocol server discovery. (PR #1216)
• ✨ feat(wordlist): Added common Spanish names and words (PR #1199)
• ✨ feat(wordlist): Added default SSH password "padmin:padmin" for IBM Power Systems (PR #1211)
• ✨ feat(wordlist): Added IANA mime-types to "web-all-content-types.txt" (PR #1204)
• ✨ feat(wordlist): Added mcp-server.txt entries to common.txt
• ✨ feat(wordlist): Added more OBEX common filenames and cleaned OBEX wordlists (PR #1249)
• ✨ feat(wordlist): Added more permutations to 'common_directories.txt'
• ✨ feat(wordlist): Added more swagger endpoints (PR #1219)
• ✨ feat(wordlist): Added new payload to 'SAP' wordlist (PR #1196)
• ✨ feat(wordlist): Added prefixes to deal with Java-Spring-Boot being behind spring-cloud-gateway (PR #1220)
• ✨ feat(wordlist): Added Quectel to default-passwords.csv + updated default-passwords.txt (PR #1208)
• ✨ feat(wordlist): Added readme.md to "Discovery/Web-Content/big.txt" (PR #1248)
• ✨ feat(wordlist): Added YYYY-MM-DD dates wordlists (PR #1217)

Other changes

• 🐛 fix(wordlist): Added 'DirBuster-2007' prefix to all DirBuster wordlists
• 🐛 fix(cicd): Removed trailing spaces from wordlist-updater_default-passwords.yml (PR #1243)
• 🐛 fix(cicd): Updated paths in the 'Wordlist Updater - Combined directories' pipeline
• 🐛 fix(docs): Updated filenames that compose 'combined_directories.txt'
• 🐛 fix(wordlist): Cleaned up '100k-most-used-passwords-NCSC.txt' (PR #1235)
• 🐛 fix(wordlist): Fixed encoding in "100k-most-used-passwords-NCSC.txt" (PR #1226)
• 🐛 fix(wordlist): Updated curl-protocols wordlist (PR #1237)
• 🔧 chore(wordlist): Moved 'curl-protocols.txt' wordlist to the 'Fuzzing' directory

New Contributors

• @GoombaProgrammer made their first contribution in https://github.com/danielmiessler/SecLists/pull/1198
• @joseaguardia made their first contribution in https://github.com/danielmiessler/SecLists/pull/1199
• @theclayton made their first contribution in https://github.com/danielmiessler/SecLists/pull/1204
• @rtfmkiesel made their first contribution in https://github.com/danielmiessler/SecLists/pull/1208
• @DaddyBigFish made their first contribution in https://github.com/danielmiessler/SecLists/pull/1217
• @psytester made their first contribution in https://github.com/danielmiessler/SecLists/pull/1219
• @Jhayrolandero made their first contribution in https://github.com/danielmiessler/SecLists/pull/1223
• @kennystrawnmusic made their first contribution in https://github.com/danielmiessler/SecLists/pull/1224
• @liamjones made their first contribution in https://github.com/danielmiessler/SecLists/pull/1226
• @evilgensec made their first contribution in https://github.com/danielmiessler/SecLists/pull/1235
• @robinkarlberg made their first contribution in https://github.com/danielmiessler/SecLists/pull/1237
• @Sh3b0 made their first contribution in https://github.com/danielmiessler/SecLists/pull/1243
• @totobarbar made their first contribution in https://github.com/danielmiessler/SecLists/pull/1248

Full Changelog: https://github.com/danielmiessler/SecLists/compare/2025.2...2025.3