Is this safe to use on all targets?

No. Use only within authorized security testing, bug bounty programs, CTFs, or educational environments and within the defined scope.

How do I access the files in this skill?

Use the path references/Usernames as shown in the usage example, walk the directory with a script, and read the .txt files containing usernames.

SecLists Usernames (Curated)

Scanned

npx machina-cli add skill Eyadkelleh/awesome-claude-skills-security/usernames --openclaw

Files (1)

SKILL.md

2.4 KB

SecLists Usernames (Curated)

Description

Top username lists for enumeration: common usernames, default credentials, names. Curated essentials for authorized testing.

Source: SecLists/Usernames Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

Username enumeration (authorized)
Default credential testing
User discovery
Account validation

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

top-usernames-shortlist.txt - Most common usernames
cirt-default-usernames.txt - Default system usernames
Names/names.txt - Common first/last names

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Usernames"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

Authorized penetration testing with written permission
Bug bounty programs (within scope)
CTF competitions
Security research in controlled environments
Testing your own systems
Educational demonstrations

Prohibited Use Cases ❌

Unauthorized access attempts
Testing without permission
Malicious activities
Privacy violations
Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:

Full repository: https://github.com/danielmiessler/SecLists
Size: 4.5 GB with 6,000+ files
All categories: Passwords, Usernames, Discovery, Fuzzing, Payloads, Web-Shells, Pattern-Matching, AI, Miscellaneous

Generated by Skill Seeker | SecLists Usernames Collection License: MIT - Use responsibly with proper authorization

Source

git clone https://github.com/Eyadkelleh/awesome-claude-skills-security/blob/main/seclists-categories usernames/usernames/SKILL.md

View on GitHub

Overview

SecLists Usernames (Curated) provides top username lists for enumeration, including common usernames, default credentials, and common names. It's a curated subset designed for authorized security testing, bug bounty programs, CTFs, and education.

How This Skill Works

The skill bundles three files from SecLists: top-usernames-shortlist.txt, cirt-default-usernames.txt, and Names/names.txt. You load these lists and iterate through the lines to attempt username discovery against targets during a sanctioned assessment. The included usage example demonstrates how to locate and read these files from the skill path (references/Usernames) using a simple directory walk.

When to Use It

Authorized username enumeration during testing
Default credential testing on systems within scope
User discovery to map active accounts
Account validation and onboarding checks
Educational demonstrations in training or CTF environments

Quick Start

Step 1: Identify the curated files under the skill path references/Usernames (top-usernames-shortlist.txt, cirt-default-usernames.txt, Names/names.txt)
Step 2: Load the files into your tooling and prepare to test against your target login endpoints, respecting rate limits and scope
Step 3: Run the tests, collect valid usernames, and follow up with remediation and reporting

Best Practices

Obtain explicit authorization and define the testing scope before using the lists
Cross-check discovered usernames with target account status and login policies
Respect rate limits, throttle requests, and monitor for account lockouts
Contextualize tests with target naming conventions and domain information
Log findings and preserve evidence for reporting and remediation

Example Use Cases

Enumerating login usernames on a web application during a bug bounty engagement
Checking for default usernames on network devices to aid remediation
Discovering user accounts during a controlled red team exercise
Validating account creation or deactivation by cross-referencing with a names list
Educational demo in a training lab to illustrate weak username risks

Frequently Asked Questions

Add this skill to your agents

SecLists Usernames (Curated)

SecLists Usernames (Curated)

Description

When to Use This Skill

Key Files in This Skill

Usage Example

Security & Ethics

Authorized Use Cases ✅

Prohibited Use Cases ❌

Complete SecLists Collection

Source

Overview

How This Skill Works

When to Use It

Quick Start

Best Practices

Example Use Cases

Frequently Asked Questions

What is included in the SecLists Usernames (Curated) skill?

Is this safe to use on all targets?

How do I access the files in this skill?