Web Common Directories and Filenames - Word Lists Collection

Current WordLists Release : 20111129

I have created some lists of words based on common web directory and file names. These wordlists are for Web security testing purpose.


  • 29/11/11: 20111129 More words, more fun. Updated with some fresh new critical words.
  • 28/11/11: 20111128 Updated and cleaned Extra/Crazy words. WordLists are smaller and better.
  • 27/11/11: 20111127 Initial release.


736.9 KB - WordLists-20111129.zip

Most of you might already know that hidden does not mean secure nor unreachable. I tried to include a maximum of sensitive filenames and directories in these auto-generated wordlists. I’ll try to update these files from time to time.

Quick description:

  • All = Common + Extra + Crazy
  • Common = Very frequently used words ONLY
  • Extra = Some extra words for lucky and patient people (does not contain Common nor Crazy wordlists)
  • Crazy = Extremely rare words ONLY (does not contain Extra nor Common wordlists)

I invite you to try the excellent w3bfukk0r forced browsing tool from http://www.ngolde.de/w3bfukk0r.html.

w3bfukk0r – scan webservers for hidden directories (forced browsing)

w3bfukk0r is a forced browsing tool, it basically scans webservers (HTTP/HTTPS) for a directory by using HTTP HEAD command and brute force mechanism based on a word list.

Have fun my friends!

Related terms:

Mobile Application Security Engineering Lead & SME | 0076 7E64 293A E3EC 542B 9C72 3A11 417C B43F DB1A