diff --git a/Discovery/Web-Content/aem2.txt b/Discovery/Web-Content/CMS/Adobe-AEM_2021.txt similarity index 100% rename from Discovery/Web-Content/aem2.txt rename to Discovery/Web-Content/CMS/Adobe-AEM_2021.txt diff --git a/Discovery/Web-Content/AdobeCQ-AEM.txt b/Discovery/Web-Content/CMS/AdobeCQ-AEM_2017.txt similarity index 100% rename from Discovery/Web-Content/AdobeCQ-AEM.txt rename to Discovery/Web-Content/CMS/AdobeCQ-AEM_2017.txt diff --git a/Discovery/Web-Content/Oracle-EBS-wordlist.txt b/Discovery/Web-Content/CMS/Oracle-EBS-wordlist.txt similarity index 100% rename from Discovery/Web-Content/Oracle-EBS-wordlist.txt rename to Discovery/Web-Content/CMS/Oracle-EBS-wordlist.txt diff --git a/Discovery/Web-Content/CMS/README.md b/Discovery/Web-Content/CMS/README.md new file mode 100644 index 00000000..7b11cf8a --- /dev/null +++ b/Discovery/Web-Content/CMS/README.md @@ -0,0 +1,30 @@ +# CMS Wordlists + +These wordlists are specific to Content Management Systems. + +## AdobeCQ-AEM_2017.txt +Use for: Discovering sensitive filepaths of **Adobe Experience Manager** +Creation date: Oct 1, 2017 +No updates have been made to this wordlist since its creation. + + +## Oracle-EBS-wordlist.txt +Use for: Fuzzing for common filepaths of [Oracle E-Business Suite](https://www.oracle.com/applications/ebusiness/) (EBS) version 11. + +EBS v11 exposes: +- usernames +- ports +- OS information +- protocol information +- Unauthenticated file upload +- Cookie contents +- SHA-1 hashed passwords + +As an Unauthenticated user it's also possible to: +- Create forms +- Get servlets status +- Get certain configuration files + +Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telling-us/ + +Date of last update: Oct 7, 2019 \ No newline at end of file diff --git a/Discovery/Web-Content/sharepoint-ennumeration.txt b/Discovery/Web-Content/CMS/Sharepoint-Ennumeration.txt similarity index 100% rename from Discovery/Web-Content/sharepoint-ennumeration.txt rename to Discovery/Web-Content/CMS/Sharepoint-Ennumeration.txt diff --git a/Discovery/Web-Content/spring-boot.txt b/Discovery/Web-Content/Programming-Language-Specific/Java-Spring-Boot.txt similarity index 100% rename from Discovery/Web-Content/spring-boot.txt rename to Discovery/Web-Content/Programming-Language-Specific/Java-Spring-Boot.txt diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 6cd7158b..e5558431 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -1,10 +1,5 @@ # Web discovery wordlists -## AdobeCQ-AEM.txt -Use for: Discovering sensitive filepaths of **Adobe Experience Manager** -Creation date: Oct 1, 2017 -No updates have been made to this wordlist since its creation. - ## AdobeXML.fuzz.txt Use for: Discovering sensitive filepaths of **Adobe ColdFusion** @@ -116,33 +111,3 @@ Use for: Fuzzing for common filepaths in webpages designed with **[Microsoft Fro Year of the first release of Microsoft Frontpage: 1997 Year of the last release of Microsoft Frontpage: 2003 - -## Oracle-EBS-wordlist.txt -Use for: Fuzzing for common filepaths of [Oracle E-Business Suite](https://www.oracle.com/applications/ebusiness/) (EBS) version 11. - -EBS v11 exposes: -- usernames -- ports -- OS information -- protocol information -- Unauthenticated file upload -- Cookie contents -- SHA-1 hashed passwords - -As an Unauthenticated user it's also possible to: -- Create forms -- Get servlets status -- Get certain configuration files - -Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telling-us/ - -Date of last update: Oct 7, 2019 - - -## iis-systemweb.txt -Use for: Fuzzing the `/aspnet_client/system_web/` directory on [Microsoft IIS](https://www.iis.net/) servers to detect **CGIs** and **scripts** even even if the two ladder directories are inaccessible. - -Reference: https://github.com/irsdl/IIS-ShortName-Scanner -Discussion: https://github.com/danielmiessler/SecLists/pull/783 - -Date of last update: Jun 27, 2022 diff --git a/Discovery/Web-Content/Jenkins-Hudson.txt b/Discovery/Web-Content/Service-Specific/Jenkins-Hudson.txt similarity index 100% rename from Discovery/Web-Content/Jenkins-Hudson.txt rename to Discovery/Web-Content/Service-Specific/Jenkins-Hudson.txt diff --git a/Discovery/Web-Content/swagger.txt b/Discovery/Web-Content/Service-Specific/Swagger.txt similarity index 100% rename from Discovery/Web-Content/swagger.txt rename to Discovery/Web-Content/Service-Specific/Swagger.txt diff --git a/Discovery/Web-Content/confluence-administration.txt b/Discovery/Web-Content/Service-Specific/confluence-administration.txt similarity index 100% rename from Discovery/Web-Content/confluence-administration.txt rename to Discovery/Web-Content/Service-Specific/confluence-administration.txt diff --git a/Discovery/Web-Content/jboss.txt b/Discovery/Web-Content/Web-Servers/JBoss.txt similarity index 100% rename from Discovery/Web-Content/jboss.txt rename to Discovery/Web-Content/Web-Servers/JBoss.txt diff --git a/Discovery/Web-Content/nginx.txt b/Discovery/Web-Content/Web-Servers/nginx.txt similarity index 100% rename from Discovery/Web-Content/nginx.txt rename to Discovery/Web-Content/Web-Servers/nginx.txt