Sourcing wordlists
When attacking web applications, often we’ll probably need to try and fuzz / brute-force usernames and passwords. Common wordlists that are used throughout the community are:
Creating custom wordlists
It’s possible for us to create our own wordlists using source material from the web application. CeWL is an application that will generate wordlists from a URL, crawling through all the endpoints to gather words for the wordlist.