Merge pull request #1171 from ItsIgnacioPortal/sync

2026-01-04 23:23:16 +01:00 · 2025-02-21 20:48:18 -03:00 · 2025-02-21 20:48:18 -03:00 · 900dd7fb34
commit 900dd7fb34
parent 62cecd1416 7dac781f96
12 changed files with 30 additions and 35 deletions
--- a/Discovery/Web-Content/CMS/Adobe-AEM_2021.txt
+++ b/Discovery/Web-Content/CMS/Adobe-AEM_2021.txt
--- a/Discovery/Web-Content/CMS/AdobeCQ-AEM_2017.txt
+++ b/Discovery/Web-Content/CMS/AdobeCQ-AEM_2017.txt
--- a/Discovery/Web-Content/CMS/Oracle-EBS-wordlist.txt
+++ b/Discovery/Web-Content/CMS/Oracle-EBS-wordlist.txt
--- a/Discovery/Web-Content/CMS/README.md
+++ b/Discovery/Web-Content/CMS/README.md
@ -0,0 +1,30 @@
+# CMS Wordlists
+
+These wordlists are specific to Content Management Systems.
+
+## AdobeCQ-AEM_2017.txt
+Use for: Discovering sensitive filepaths of **Adobe Experience Manager**
+Creation date: Oct 1, 2017
+No updates have been made to this wordlist since its creation.
+
+
+## Oracle-EBS-wordlist.txt
+Use for: Fuzzing for common filepaths of [Oracle E-Business Suite](https://www.oracle.com/applications/ebusiness/) (EBS) version 11.
+
+EBS v11 exposes:
+- usernames
+- ports
+- OS information
+- protocol information
+- Unauthenticated file upload
+- Cookie contents
+- SHA-1 hashed passwords
+
+As an Unauthenticated user it's also possible to:
+- Create forms
+- Get servlets status
+- Get certain configuration files
+
+Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telling-us/
+
+Date of last update: Oct 7, 2019
--- a/Discovery/Web-Content/CMS/Sharepoint-Ennumeration.txt
+++ b/Discovery/Web-Content/CMS/Sharepoint-Ennumeration.txt
--- a/Discovery/Web-Content/Programming-Language-Specific/Java-Spring-Boot.txt
+++ b/Discovery/Web-Content/Programming-Language-Specific/Java-Spring-Boot.txt
--- a/Discovery/Web-Content/README.md
+++ b/Discovery/Web-Content/README.md
@ -1,10 +1,5 @@
 # Web discovery wordlists

-## AdobeCQ-AEM.txt
-Use for: Discovering sensitive filepaths of **Adobe Experience Manager**
-Creation date: Oct 1, 2017
-No updates have been made to this wordlist since its creation.
-
 ## AdobeXML.fuzz.txt
 Use for: Discovering sensitive filepaths of **Adobe ColdFusion**

@ -116,33 +111,3 @@ Use for: Fuzzing for common filepaths in webpages designed with **[Microsoft Fro

 Year of the first release of Microsoft Frontpage: 1997
 Year of the last release of Microsoft Frontpage: 2003
-
-## Oracle-EBS-wordlist.txt
-Use for: Fuzzing for common filepaths of [Oracle E-Business Suite](https://www.oracle.com/applications/ebusiness/) (EBS) version 11.
-
-EBS v11 exposes:
- usernames
- ports
- OS information
- protocol information
- Unauthenticated file upload
- Cookie contents
- SHA-1 hashed passwords
-
-As an Unauthenticated user it's also possible to:
- Create forms
- Get servlets status
- Get certain configuration files
-
-Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telling-us/
-
-Date of last update: Oct 7, 2019
-
-
-## iis-systemweb.txt
-Use for: Fuzzing the `/aspnet_client/system_web/` directory on [Microsoft IIS](https://www.iis.net/) servers to detect **CGIs** and **scripts** even even if the two ladder directories are inaccessible.
-
-Reference: https://github.com/irsdl/IIS-ShortName-Scanner
-Discussion: https://github.com/danielmiessler/SecLists/pull/783
-
-Date of last update: Jun 27, 2022
--- a/Discovery/Web-Content/Service-Specific/Jenkins-Hudson.txt
+++ b/Discovery/Web-Content/Service-Specific/Jenkins-Hudson.txt
--- a/Discovery/Web-Content/Service-Specific/Swagger.txt
+++ b/Discovery/Web-Content/Service-Specific/Swagger.txt
--- a/Discovery/Web-Content/Service-Specific/confluence-administration.txt
+++ b/Discovery/Web-Content/Service-Specific/confluence-administration.txt
--- a/Discovery/Web-Content/Web-Servers/JBoss.txt
+++ b/Discovery/Web-Content/Web-Servers/JBoss.txt
--- a/Discovery/Web-Content/Web-Servers/nginx.txt
+++ b/Discovery/Web-Content/Web-Servers/nginx.txt