feat(wordlist): Add wordlists for: Kubernetes, Docker, Elasticsearch, Grafana, GitLab, Prometheus (PR #1293)

This also added some more payloads to the wordlists for Tomcat, NginX and Hashicorp-consul.

Co-authored-by: PentesterTN <pentestertn@proton.me>

Discovery/Web-Content/Service-Specific/Docker-API.txt

@@ -0,0 +1,49 @@
+auth
+build
+commit
+configs
+configs/
+containers/create
+containers/json
+containers/json?all=true
+containers/json?filters={"status":["exited"]}
+containers/json?filters={"status":["running"]}
+containers/prune
+debug/pprof
+debug/pprof/cmdline
+debug/pprof/profile
+debug/pprof/symbol
+debug/pprof/trace
+distribution/library/alpine/json
+events
+exec/create
+grpc
+images/create?fromImage=alpine&tag=latest
+images/json
+images/json?all=true
+images/prune
+images/search?term=alpine
+info
+networks
+networks/
+networks/prune
+nodes
+nodes/
+_ping
+plugins
+plugins/
+secrets
+secrets/
+services
+services/
+swarm
+swarm/
+swarm/unlockkey
+system/df
+system/info
+tasks
+tasks/
+version
+volumes
+volumes/
+volumes/prune

Discovery/Web-Content/Service-Specific/Elasticsearch-Kibana.txt

@@ -0,0 +1,117 @@
+_aliases
+_all
+_all/_mapping
+_all/_settings
+_analyze
+api/alerting/rules/_find
+api/console/proxy
+api/features
+api/fleet/agent_policies
+api/fleet/agents
+api/fleet/package_policies
+api/saved_objects/export
+api/saved_objects/_find?type=dashboard
+api/saved_objects/_find?type=index-pattern
+api/saved_objects/_find?type=visualization
+api/spaces/space
+api/status
+api/telemetry/v2/clusters/_stats
+app/apm
+app/canvas
+app/dashboard
+app/dev_tools
+app/discover
+app/fleet
+app/kibana
+app/management
+app/maps
+app/ml
+app/observability
+app/security
+app/siem
+app/stack_management
+app/uptime
+app/visualize
+_bulk
+_cat
+_cat/allocation
+_cat/count
+_cat/fielddata
+_cat/health
+_cat/health?v
+_cat/indices
+_cat/indices?v
+_cat/master
+_cat/nodes
+_cat/nodes?v
+_cat/pending_tasks
+_cat/plugins
+_cat/recovery
+_cat/repositories
+_cat/segments
+_cat/shards
+_cat/shards?v
+_cat/tasks
+_cat/templates
+_cat/thread_pool
+_cluster/allocation/explain
+_cluster/health
+_cluster/health?pretty
+_cluster/pending_tasks
+_cluster/settings
+_cluster/state
+_cluster/stats
+_component_template
+_count
+_data_stream
+_data_stream/*
+_enrich/policy
+_field_caps?fields=*
+_ilm/policy
+_index_template
+_ingest/pipeline
+internal/security/me
+_license
+login
+logout
+_mapping
+_ml/anomaly_detectors
+_ml/datafeeds
+_ml/data_frame/analytics
+_msearch
+_nodes
+_nodes/_all/info/os
+_nodes/hot_threads
+_nodes/info
+_nodes/_local
+_nodes/stats
+_nodes/usage
+_reindex
+_remote/info
+_resolve/index/*
+_rollup/job
+_scripts
+s/default
+_search
+_search?pretty
+_search?q=*
+_search?size=100
+_security
+_security/api_key
+_security/privilege
+_security/role
+_security/user
+_settings
+_snapshot
+_snapshot/_all
+spaces/enter
+_sql
+_sql?format=txt
+_tasks
+_tasks?detailed=true
+_template
+_transform
+_watcher/_stats
+_xpack
+_xpack/security
+_xpack/usage

Discovery/Web-Content/Service-Specific/GitLab.txt

@@ -0,0 +1,100 @@
+admin
+admin/abuse_reports
+admin/appearances
+admin/applications
+admin/application_settings
+admin/application_settings/ci_cd
+admin/application_settings/general
+admin/application_settings/integrations
+admin/application_settings/metrics_and_profiling
+admin/application_settings/network
+admin/audit_events
+admin/background_jobs
+admin/broadcast_messages
+admin/deploy_keys
+admin/dev_ops_reports
+admin/groups
+admin/health_check
+admin/hooks
+admin/instance_review
+admin/jobs
+admin/labels
+admin/logs
+admin/network_policy
+admin/projects
+admin/requests_profiles
+admin/runners
+admin/system_info
+admin/users
+api/graphql
+api/graphql/schema
+api/v4/application/settings
+api/v4/broadcast_messages
+api/v4/deploy_keys
+api/v4/events
+api/v4/features
+api/v4/groups
+api/v4/groups?per_page=100
+api/v4/hooks
+api/v4/keys
+api/v4/lint
+api/v4/metadata
+api/v4/namespaces
+api/v4/personal_access_tokens
+api/v4/projects
+api/v4/projects?per_page=100
+api/v4/projects?search=
+api/v4/projects?visibility=public
+api/v4/runners
+api/v4/runners/all
+api/v4/sidekiq/compound_metrics
+api/v4/sidekiq/job_stats
+api/v4/sidekiq/process_metrics
+api/v4/sidekiq/queue_metrics
+api/v4/snippets
+api/v4/snippets/public
+api/v4/topics
+api/v4/usage_data/queries
+api/v4/users
+api/v4/users?per_page=100
+api/v4/version
+assets
+-/autocomplete/projects
+-/autocomplete/users.json
+dashboard/activity
+dashboard/groups
+dashboard/issues
+dashboard/merge_requests
+dashboard/projects
+dashboard/snippets
+dashboard/todos
+explore
+explore/groups
+explore/projects
+explore/snippets
+explore/topics
+-/graphql-explorer
+-/health
+help
+help/instance_configuration
+jwt/auth
+-/liveness
+-/metrics
+oauth/authorize
+oauth/token
+oauth/userinfo
+public
+-/readiness
+robots.txt
+search
+search?search=
+-/security/dashboard
+-/security/vulnerabilities
+sitemap.xml
+sitemap.xml.gz
+uploads
+users/confirmation/new
+users/password/new
+users/sign_in
+users/sign_up
+.well-known/openid-configuration

Discovery/Web-Content/Service-Specific/Grafana.txt

@@ -0,0 +1,86 @@
+admin
+admin/ldap
+admin/orgs
+admin/plugins
+admin/settings
+admin/stats
+admin/storage
+admin/users
+alerting/list
+api/access-control/roles
+api/access-control/users/permissions
+api/admin/orgs
+api/admin/settings
+api/admin/stats
+api/admin/users
+api/alertmanager/grafana/api/v2/alerts
+api/alertmanager/grafana/api/v2/silences
+api/alert-notifications
+api/alerts
+api/annotations
+api/annotations?limit=100
+api/auth/keys
+api/dashboards/db/{slug}
+api/dashboards/home
+api/dashboards/tags
+api/dashboards/uid/{uid}
+api/datasources
+api/datasources/1
+api/datasources/name/{name}
+api/datasources/proxy
+api/ds/query
+api/folders
+api/folders/{uid}
+api/frontend/settings
+api/health
+api/live/list
+api/live/push/{streamId}
+api/org
+api/org/preferences
+api/orgs
+api/org/users
+api/plugins
+api/plugins?enabled=true
+api/prometheus/grafana/api/v1/rules
+api/recording-rules
+api/ruler/grafana/api/v1/rules
+api/search
+api/search?query=
+api/search?type=dash-db
+api/search?type=dash-folder
+api/serviceaccounts
+api/serviceaccounts/search
+api/snapshots
+api/snapshots-delete/{key}
+api/teams/search
+api/user
+api/user/orgs
+api/user/preferences
+api/users
+api/users/search
+api/user/stars
+api/v1/provisioning/alert-rules
+api/v1/provisioning/contact-points
+api/v1/provisioning/mute-timings
+api/v1/provisioning/notification-policies
+api/v1/provisioning/templates
+connections/datasources
+dashboards
+d-solo/{uid}/{slug}
+d/{uid}/{slug}
+explore
+explore?orgId=1
+favicon.ico
+healthz
+login
+logout
+metrics
+playlists
+profile
+profile/password
+public/dashboards/{accessToken}
+public/plugins/alertlist/module.js
+public/plugins/bargauge/module.js
+public/plugins/graph/module.js
+robots.txt
+signup

Discovery/Web-Content/Service-Specific/Kubernetes.txt

@@ -0,0 +1,92 @@
+api
+api/
+apis
+apis/
+apis/admissionregistration.k8s.io/v1
+apis/apiextensions.k8s.io/v1
+apis/apiextensions.k8s.io/v1/customresourcedefinitions
+apis/apps/v1
+apis/apps/v1/daemonsets
+apis/apps/v1/deployments
+apis/apps/v1/replicasets
+apis/apps/v1/statefulsets
+apis/autoscaling/v1
+apis/autoscaling/v2
+apis/batch/v1
+apis/batch/v1/cronjobs
+apis/batch/v1/jobs
+apis/certificates.k8s.io/v1
+apis/extensions/v1beta1
+apis/networking.k8s.io/v1
+apis/networking.k8s.io/v1/ingresses
+apis/networking.k8s.io/v1/networkpolicies
+apis/policy/v1
+apis/policy/v1/poddisruptionbudgets
+apis/rbac.authorization.k8s.io/v1
+apis/rbac.authorization.k8s.io/v1/clusterrolebindings
+apis/rbac.authorization.k8s.io/v1/clusterroles
+apis/rbac.authorization.k8s.io/v1/rolebindings
+apis/rbac.authorization.k8s.io/v1/roles
+apis/storage.k8s.io/v1
+apis/storage.k8s.io/v1/storageclasses
+api/v1
+api/v1/
+api/v1/configmaps
+api/v1/endpoints
+api/v1/events
+api/v1/limitranges
+api/v1/namespaces
+api/v1/namespaces/argocd
+api/v1/namespaces/cert-manager
+api/v1/namespaces/default
+api/v1/namespaces/default/configmaps
+api/v1/namespaces/default/pods
+api/v1/namespaces/default/secrets
+api/v1/namespaces/default/serviceaccounts
+api/v1/namespaces/default/services
+api/v1/namespaces/ingress-nginx
+api/v1/namespaces/istio-system
+api/v1/namespaces/kube-public
+api/v1/namespaces/kube-public/configmaps
+api/v1/namespaces/kubernetes-dashboard
+api/v1/namespaces/kube-system
+api/v1/namespaces/kube-system/configmaps
+api/v1/namespaces/kube-system/pods
+api/v1/namespaces/kube-system/secrets
+api/v1/namespaces/kube-system/services
+api/v1/namespaces/monitoring
+api/v1/nodes
+api/v1/persistentvolumeclaims
+api/v1/persistentvolumes
+api/v1/pods
+api/v1/replicationcontrollers
+api/v1/resourcequotas
+api/v1/secrets
+api/v1/serviceaccounts
+api/v1/services
+healthz
+healthz/autoregister-completion
+healthz/etcd
+healthz/log
+healthz/ping
+healthz/poststarthook/start-kube-apiserver-admission-initializer
+livez
+livez/log
+livez/ping
+logs
+logs/
+metrics
+metrics/cadvisor
+metrics/probes
+metrics/resource
+openapi/v2
+openapi/v3
+readyz
+readyz/log
+readyz/ping
+readyz/shutdown
+swagger-2.0.0.json
+swagger-2.0.0.pb-v1
+swagger.json
+version
+.well-known/openid-configuration

Discovery/Web-Content/Service-Specific/Prometheus-Alertmanager.txt

@@ -0,0 +1,54 @@
+alerts
+api/v1/admin/tsdb/clean_tombstones
+api/v1/admin/tsdb/delete_series
+api/v1/admin/tsdb/snapshot
+api/v1/alertmanagers
+api/v1/alerts
+api/v1/alerts/groups
+api/v1/label/__name__/values
+api/v1/labels
+api/v1/metadata
+api/v1/query?query=go_info
+api/v1/query?query=node_uname_info
+api/v1/query?query=process_open_fds
+api/v1/query?query=up
+api/v1/query_range?query=up&start=2024-01-01T00:00:00Z&end=2024-01-02T00:00:00Z&step=3600
+api/v1/receivers
+api/v1/rules
+api/v1/series?match[]=up
+api/v1/silences
+api/v1/status
+api/v1/status/buildinfo
+api/v1/status/config
+api/v1/status/flags
+api/v1/status/runtimeinfo
+api/v1/status/tsdb
+api/v1/status/walreplay
+api/v1/targets
+api/v1/targets/metadata
+api/v2/alerts
+api/v2/alerts/groups
+api/v2/receivers
+api/v2/silences
+api/v2/status
+config
+consoles
+consoles/index.html
+federate?match[]={__name__=~".+"}
+flags
+graph
+-/healthy
+metrics
+-/ready
+rules
+service-discovery
+status
+status/buildinfo
+status/config
+status/flags
+status/runtimeinfo
+status/tsdb
+status/walreplay
+targets
+targets?state=active
+targets?state=dropped

Discovery/Web-Content/Web-Servers/Apache-Tomcat.txt

@@ -1,9 +1,24 @@
+META-INF
+META-INF/
+META-INF/context.xml
+RELEASE-NOTES.txt
+ROOT
+RUNNING.txt
+WEB-INF
+WEB-INF/
+WEB-INF/classes/
+WEB-INF/web.xml
 add
 balancer
 conf/
 conf/server.xml/
 dav
 deploy
+docs
+docs/
+docs/api
+docs/config
+docs/setup
 examples
 examples/%252e%252e/manager/html
 examples/%2e%2e/manager/html
@@ -11,9 +26,11 @@ examples/../manager/html
 examples/jsp/index.html
 examples/jsp/snp/snoop.jsp
 examples/jsp/source.jsp
+examples/servlet/HelloWorldExample
+examples/servlet/SnoopServlet
+examples/servlet/TroubleShooter
 examples/servlet/default/jsp/snp/snoop.jsp
 examples/servlet/default/jsp/source.jsp
-examples/servlet/HelloWorldExample
 examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample
 examples/servlet/org.apache.catalina.INVOKER.SnoopServlet
 examples/servlet/org.apache.catalina.INVOKER.TroubleShooter
@@ -22,21 +39,35 @@ examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp
 examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp
 examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp
 examples/servlet/snoop
-examples/servlet/SnoopServlet
-examples/servlet/TroubleShooter
 examples/servlets/index.html
+examples/websocket
+examples/websocket/index.xhtml
 host-manager
+host-manager/
 host-manager/add
 host-manager/host-manager.xml
+host-manager/html
 host-manager/html/*
 host-manager/list
 host-manager/remove
 host-manager/start
 host-manager/stop
+host-manager/text
+host-manager/text/list
 html/*
 install
 j4p
+j_security_check?j_username=admin&j_password=admin
+j_security_check?j_username=manager&j_password=manager
+j_security_check?j_username=tomcat&j_password=tomcat
 jmxproxy/*
+jolokia
+jolokia/
+jolokia/exec/java.lang:type=Threading/dumpAllThreads/true/true
+jolokia/list
+jolokia/read/java.lang:type=Memory
+jolokia/read/java.lang:type=Runtime/ClassPath
+jolokia/version
 jsp-examples
 list
 manager
@@ -48,6 +79,8 @@ manager/html/*
 manager/install
 manager/jmxproxy
 manager/jmxproxy/*
+manager/jmxproxy/?get=java.lang:type=Memory&att=HeapMemoryUsage
+manager/jmxproxy/?get=java.lang:type=Runtime&att=ClassPath
 manager/list
 manager/manager.xml
 manager/reload
@@ -61,16 +94,26 @@ manager/start
 manager/status
 manager/status.xsd
 manager/status/*
+manager/status/all
+manager/status?XML=true
 manager/stop
 manager/text
+manager/text/serverinfo
+manager/text/sessions?path=/
+manager/text/sslConnectorCiphers
+manager/text/threaddump
 manager/undeploy
-RELEASE-NOTES.txt
+probe
+probe/
+psi-probe
+psi-probe/
 reload
 remove
 resources
 roles
-ROOT
 save
+server-info
+server-status
 serverinfo
 servlet/default
 servlet/default/
@@ -91,14 +134,12 @@ sessions
 shared/
 shared/lib/
 start
+status.xsd
 status/*
 stop
 tomcat-docs
 undeploy
-WEB-INF/
-WEB-INF/classes/
-WEB-INF/web.xml
 webdav
 webdav/index.html
 webdav/servlet/org.apache.catalina.servlets.WebdavServlet/
-webdav/servlet/webdav/
+webdav/servlet/webdav/

Discovery/Web-Content/Web-Servers/nginx.txt

@@ -1,8 +1,11 @@
 50x.html
+api
+api/
+basic_status
 conf
 conf/
-conf/fastcgi_params
 conf/fastcgi.conf
+conf/fastcgi_params
 conf/koi-utf
 conf/koi-win
 conf/mime.types
@@ -12,13 +15,14 @@ conf/uwsgi_params
 conf/win-utf
 contrib
 contrib/
-contrib/geo2nginx.pl
 contrib/README
+contrib/geo2nginx.pl
 contrib/unicode2nginx
 contrib/unicode2nginx/koi-utf
 contrib/unicode2nginx/unicode-to-nginx.pl
 contrib/unicode2nginx/win-utf
 contrib/vim
+dashboard.html
 docs
 docs/
 docs/CHANGES
@@ -28,14 +32,27 @@ docs/OpenSSL.LICENSE
 docs/PCRE.LICENCE
 docs/README
 docs/zlib.LICENSE
+health
+healthz
 html
 html/
 html/50x.html
 html/index.html
 index.html
+liveness
 logs
 logs/
+nginx.conf
 nginx.exe
+nginx_status
+ping
+readiness
+ready
+server-status
+status
+stub_status
+swagger-ui
 temp
 temp/
-nginx.conf
+upstream_conf
+upstream_conf?list=

Discovery/Web-Content/hashicorp-consul-api.txt

@@ -1,39 +1,92 @@
-v1/agent/services
-v1/acl/token/self
-v1/identity/entity/id?list=true
-v1/identity/group/id?list=true
-v1/sys/namespaces?list=true
-v1/acl/tokens
-v1/catalog/datacenters
-v1/catalog/services
-v1/catalog/nodes
-v1/agent/members
-v1/acl/bootstrap
-v1/acl/replication
-v1/acl/policies
-v1/acl/roles
+ui/
+ui/#/clients
+ui/#/jobs
+ui/#/kv
+ui/#/nodes
+ui/#/servers
+ui/#/services
+ui/#/topology
+ui/vault/access
+ui/vault/policies
+ui/vault/secrets
 v1/acl/auth-methods
 v1/acl/binding-rules
+v1/acl/bootstrap
+v1/acl/policies
+v1/acl/replication
+v1/acl/roles
+v1/acl/token/self
+v1/acl/tokens
+v1/agent/checks
+v1/agent/host
+v1/agent/log?loglevel=trace
+v1/agent/members
 v1/agent/metrics
 v1/agent/metrics?format=prometheus
 v1/agent/monitor
+v1/agent/self
+v1/agent/servers
+v1/agent/services
+v1/allocations
+v1/auth/token/accessors
+v1/auth/token/lookup-self
+v1/catalog/datacenters
+v1/catalog/nodes
+v1/catalog/services
 v1/catalog/services?ns=root
 v1/connect/ca/configuration
+v1/connect/ca/roots
 v1/connect/intentions
 v1/coordinate/datacenters
 v1/coordinate/nodes
+v1/deployments
+v1/evaluations
 v1/event/list
-v1/operator/license
-v1/operator/segment
+v1/health/checks/{service}
+v1/health/service/{service}
+v1/health/state/any
+v1/health/state/critical
+v1/identity/entity/id
+v1/identity/entity/id?list=true
+v1/identity/group/id
+v1/identity/group/id?list=true
+v1/jobs
+v1/kv/?keys
+v1/kv/?recurse
 v1/namespace/root
 v1/namespaces
+v1/nodes
+v1/operator/autopilot/health
+v1/operator/license
+v1/operator/raft/configuration
+v1/operator/segment
 v1/query
+v1/regions
+v1/secret/data
+v1/secret/metadata
 v1/session/list
+v1/snapshot
 v1/status/leader
 v1/status/peers
-v1/sys/seal-status
-v1/sys/replication/status
-v1/sys/license/features
-v1/sys/health?standbycode=200&sealedcode=200&uninitcode=200&drsecondarycode=200&performancestandbycode=200
+v1/sys/audit
+v1/sys/auth
+v1/sys/config/state/sanitized
+v1/sys/ha-status
 v1/sys/health
+v1/sys/health?standbycode=200&sealedcode=200&uninitcode=200&drsecondarycode=200&performancestandbycode=200
+v1/sys/host-info
+v1/sys/init
+v1/sys/internal/counters/requests
+v1/sys/internal/counters/tokens
+v1/sys/internal/specs/openapi
+v1/sys/internal/ui/mounts
+v1/sys/key-status
+v1/sys/leader
+v1/sys/license/features
+v1/sys/metrics
+v1/sys/mounts
+v1/sys/namespaces?list=true
 v1/sys/policies/acl
+v1/sys/replication/status
+v1/sys/seal-status
+v1/volumes

README.md

@@ -31,7 +31,7 @@ This project is maintained by [Daniel Miessler](https://danielmiessler.com/), [J
 ![Repo size](https://img.shields.io/github/repo-size/danielmiessler/SecLists.svg)
 
 <!-- This badge is automatically updated by a GitHub Action. Do not edit manually. -->
-![Approx cloning time](https://img.shields.io/badge/clone%20time-~%208m%202s%20@50Mb/s-blue)
+![Approx cloning time](https://img.shields.io/badge/clone%20time-~%208m%2010s%20@50Mb/s-blue)
 
 
 - - -