diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 2f3a0c97..6cd7158b 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -7,17 +7,24 @@ No updates have been made to this wordlist since its creation. ## AdobeXML.fuzz.txt Use for: Discovering sensitive filepaths of **Adobe ColdFusion** + Creation date: Aug 27, 2012 + No updates have been made to this wordlist since its creation. + ## CGI-HTTP-POST-Windows.fuzz.txt Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, [Microsoft FrontPage](https://en.wikipedia.org/wiki/Microsoft_FrontPage) + Source: https://github.com/deepak0401/Front-Page-Exploit + Date of last update: Aug 27, 2012 + The last version of FrontPage was released on 2003. ## CGI-HTTP-POST.fuzz.txt Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI". + Date of last update: Aug 27, 2012 This wordlist tests for the following vulnerabilities: @@ -27,14 +34,19 @@ This wordlist tests for the following vulnerabilities: - Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836) - DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt). + ## CGI-Microsoft.fuzz.txt Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems. + Date of last update: Aug 27, 2012 + ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. + Source: [Google's RAFT](https://code.google.com/archive/p/raft/) + ## combined_words.txt Use for: discovering files @@ -54,10 +66,11 @@ This list is a combination of the following wordlists: ## combined_directories.txt -Use for: discovering files and directories +Use for: discovering files and directories + This list is automatically updated by a github action whenever any of the lists it's composed by is modified. -This list is a combination of the following wordlists: +These are the wordlists that compose this wordlist: - apache.txt - combined_words.txt - directory-list-1.0.txt @@ -78,7 +91,6 @@ Use for: discovering files and directories ### Source This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified. - ## dsstorewordlist.txt SOURCE: https://github.com/aels/subdirectories-discover @@ -88,6 +100,7 @@ Perfect wordlist to discover directories and files on target site with tools lik - Then sorted by probability and removed strings with one occurrence. - resulted file you can download is below. Happy Hunting! + ## vulnerability-scan_j2ee-websites_WEB-INF.txt Use for: discovering sensitive j2ee files exploiting a lfi @@ -102,6 +115,7 @@ References: Use for: Fuzzing for common filepaths in webpages designed with **[Microsoft Frontpage](https://en.wikipedia.org/wiki/Microsoft_FrontPage)** Year of the first release of Microsoft Frontpage: 1997 +Year of the last release of Microsoft Frontpage: 2003 ## Oracle-EBS-wordlist.txt Use for: Fuzzing for common filepaths of [Oracle E-Business Suite](https://www.oracle.com/applications/ebusiness/) (EBS) version 11. @@ -125,7 +139,6 @@ Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telli Date of last update: Oct 7, 2019 -<<<<<<< HEAD ## iis-systemweb.txt Use for: Fuzzing the `/aspnet_client/system_web/` directory on [Microsoft IIS](https://www.iis.net/) servers to detect **CGIs** and **scripts** even even if the two ladder directories are inaccessible. @@ -133,6 +146,3 @@ Reference: https://github.com/irsdl/IIS-ShortName-Scanner Discussion: https://github.com/danielmiessler/SecLists/pull/783 Date of last update: Jun 27, 2022 -======= -Date of last update: Oct 14, 2010 ->>>>>>> 0a6cbb9c (feat(docs): Moved Web-Server wordlists into their own directory) diff --git a/Discovery/Web-Content/Service-Specific/README.md b/Discovery/Web-Content/Service-Specific/README.md index eda7acea..7ccb54c3 100644 --- a/Discovery/Web-Content/Service-Specific/README.md +++ b/Discovery/Web-Content/Service-Specific/README.md @@ -5,7 +5,7 @@ These wordlists are for testing specific web-based services. ## Microsoft-Forefront-Identity-Manager.txt Use for: Fuzzing for common filepaths in **[Microsoft Forefront Identity Manager](https://learn.microsoft.com/en-us/previous-versions/windows/desktop/forefront-2010/ee652374(v=vs.100)) deployments.** -Date of the first release of Microsoft Forefront Identity Manager: [2010-05-27](https://learn.microsoft.com/en-us/lifecycle/products/?terms=forefront%20identity) +Date of the first release of Microsoft Forefront Identity Manager: [2010-05-27](https://learn.microsoft.com/en-us/lifecycle/products/?terms=forefront%20identity) Date of the last release of Microsoft Forefront Identity Manager: 2013-01-15 Date of last wordlist update: May 14, 2020 \ No newline at end of file diff --git a/Discovery/Web-Content/Web-Servers/README.md b/Discovery/Web-Content/Web-Servers/README.md index 54726385..9ef8b717 100644 --- a/Discovery/Web-Content/Web-Servers/README.md +++ b/Discovery/Web-Content/Web-Servers/README.md @@ -5,7 +5,7 @@ The wordlists contained in this directory are specific for testing certain **web ## Java-Servlet-Runner-Adobe-JRun Use for: Fuzzing for common filepaths in webpages served with **[Java Servlet Runner (Adobe JRun)](https://adobe.fandom.com/wiki/JRun)** -Year of the first release of Java Servlet Runner (Adobe JRun): 1997 +Year of the first release of Java Servlet Runner (Adobe JRun): 1997 Year of the last release of Java Servlet Runner (Adobe JRun): 2007 Date of last update: Oct 14, 2010 @@ -14,7 +14,7 @@ Date of last update: Oct 14, 2010 ## Oracle-Sun-iPlanet.txt Use for: Fuzzing for common filepaths in webpages served with **[Oracle Sun iPlanet](https://www.oracle.com/middleware/technologies/webtier.html)** -Year of the first release of Sun-iPlanet (Adobe JRun): 1994 +Year of the first release of Sun-iPlanet (Adobe JRun): 1994 Year of the last release of Sun-iPlanet (Adobe JRun): 2017 Date of last update: Oct 14, 2010 @@ -23,7 +23,7 @@ Date of last update: Oct 14, 2010 ## Glassfish-Sun-Microsystems.txt Use for: Fuzzing for common filepaths in webpages served with **[Glassfish - Sun Microsystems](https://glassfish.org/)** -Year of the first release of Glassfish: [2005](https://en.wikipedia.org/wiki/GlassFish) +Year of the first release of Glassfish: [2005](https://en.wikipedia.org/wiki/GlassFish) Glassfish is still in recieving updates as of 2024. Date of last update: Oct 14, 2010 @@ -31,11 +31,13 @@ Date of last update: Oct 14, 2010 ## Apache.fuzz.txt Use for: Discvering sensitive content in Apache web servers. + Date of last update: Jan 26, 2015 ## Apache-Tomcat.txt Use for: Discovering sensitive content in Apache Tomcat servers. + Date of last update: Dec 14, 2017 @@ -43,16 +45,16 @@ Date of last update: Dec 14, 2017 Use for: Fuzzing the `/aspnet_client/system_web/` directory on [Microsoft IIS](https://www.iis.net/) servers to detect **CGIs** and **scripts** even even if the two ladder directories are inaccessible. Reference: https://github.com/irsdl/IIS-ShortName-Scanner + Discussion: https://github.com/danielmiessler/SecLists/pull/783 -<<<<<<< HEAD Date of last update: Jun 27, 2022 ## JBoss.txt Use for: Fuzzing for common filepaths in webpages served with **[JBoss - RedHat](https://jbossas.jboss.org)** (not to be confused with "JBoss EAP"). -Date of the first release of JBoss: [2002-05-29](https://jbossas.jboss.org/downloads/) +Date of the first release of JBoss: [2002-05-29](https://jbossas.jboss.org/downloads/) Date of the last release of JBoss: 2012-03-09 Date of last wordlist update: Feb 27, 2014 @@ -61,8 +63,5 @@ Date of last wordlist update: Feb 27, 2014 ## Apache-Axis.txt Use for: Fuzzing for common filepaths in webpages created with **[Apache Axis](https://axis.apache.org/axis/)** -Date of the first release of Apache Axis: [2002-10-07](https://jbossas.jboss.org/downloads/) -Date of the last release of Apache Axis: 2006-04-22 -======= -Date of last update: Jun 27, 2022 ->>>>>>> 0a6cbb9c (feat(docs): Moved Web-Server wordlists into their own directory) +Date of the first release of Apache Axis: [2002-10-07](https://jbossas.jboss.org/downloads/) +Date of the last release of Apache Axis: 2006-04-22 \ No newline at end of file