Merge branch 'ItsIgnacioPortal-sync'

Discovery/Web-Content/README.md

@@ -10,14 +10,6 @@ Use for: Discovering sensitive filepaths of **Adobe ColdFusion**
 Creation date: Aug 27, 2012
 No updates have been made to this wordlist since its creation.
 
-## Apache.fuzz.txt
-Use for: Discvering sensitive content in Apache web servers.
-Date of last update: Jan 26, 2015
-
-## ApacheTomcat.fuzz.txt
-Use for: Discovering sensitive content in Apache Tomcat servers.
-Date of last update: Dec 14, 2017
-
 ## CGI-HTTP-POST-Windows.fuzz.txt
 Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, [Microsoft FrontPage](https://en.wikipedia.org/wiki/Microsoft_FrontPage)
 Source: https://github.com/deepak0401/Front-Page-Exploit
@@ -106,37 +98,41 @@ References:
 - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
 
 
-## Frontpage.fuzz.txt
+## Microsoft-Frontpage.txt
 Use for: Fuzzing for common filepaths in webpages designed with **[Microsoft Frontpage](https://en.wikipedia.org/wiki/Microsoft_FrontPage)**
 
 Year of the first release of Microsoft Frontpage: 1997
-Year of the last release of Microsoft Frontpage: 2003
 
+## Oracle-EBS-wordlist.txt
+Use for: Fuzzing for common filepaths of [Oracle E-Business Suite](https://www.oracle.com/applications/ebusiness/) (EBS) version 11.
+
+EBS v11 exposes:
+- usernames
+- ports
+- OS information
+- protocol information
+- Unauthenticated file upload
+- Cookie contents
+- SHA-1 hashed passwords
+
+As an Unauthenticated user it's also possible to:
+- Create forms
+- Get servlets status
+- Get certain configuration files
+
+Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telling-us/
+
+Date of last update: Oct 7, 2019
+
+
+<<<<<<< HEAD
+## iis-systemweb.txt
+Use for: Fuzzing the `/aspnet_client/system_web/` directory on [Microsoft IIS](https://www.iis.net/) servers to detect **CGIs** and **scripts** even even if the two ladder directories are inaccessible.
+
+Reference: https://github.com/irsdl/IIS-ShortName-Scanner
+Discussion: https://github.com/danielmiessler/SecLists/pull/783
+
+Date of last update: Jun 27, 2022
+=======
 Date of last update: Oct 14, 2010
-
-
-## Web-Server-Java-Servlet-Runner-Adobe-JRun
-Use for: Fuzzing for common filepaths in webpages served with **[Java Servlet Runner (Adobe JRun)](https://adobe.fandom.com/wiki/JRun)**
-
-Year of the first release of Java Servlet Runner (Adobe JRun): 1997
-Year of the last release of Java Servlet Runner (Adobe JRun): 2007
-
-Date of last update: Oct 14, 2010
-
-
-## Web-Server-Oracle-Sun-iPlanet.txt
-Use for: Fuzzing for common filepaths in webpages served with **[Oracle Sun iPlanet](https://www.oracle.com/middleware/technologies/webtier.html)**
-
-Year of the first release of Sun-iPlanet (Adobe JRun): 1994
-Year of the last release of Sun-iPlanet (Adobe JRun): 2017
-
-Date of last update: Oct 14, 2010
-
-
-## Web-Server-Glassfish-Sun-Microsystems.txt
-Use for: Fuzzing for common filepaths in webpages served with **[Glassfish - Sun Microsystems](https://glassfish.org/)**
-
-Year of the first release of Glassfish: [2005](https://en.wikipedia.org/wiki/GlassFish)
-Glassfish is still in recieving updates as of 2024.
-
-Date of last update: Oct 14, 2010
+>>>>>>> 0a6cbb9c (feat(docs): Moved Web-Server wordlists into their own directory)

Discovery/Web-Content/Service-Specific/README.md

@@ -0,0 +1,11 @@
+# Service-Specific wordlists
+
+These wordlists are for testing specific web-based services.
+
+## Microsoft-Forefront-Identity-Manager.txt
+Use for: Fuzzing for common filepaths in **[Microsoft Forefront Identity Manager](https://learn.microsoft.com/en-us/previous-versions/windows/desktop/forefront-2010/ee652374(v=vs.100)) deployments.**
+
+Date of the first release of Microsoft Forefront Identity Manager: [2010-05-27](https://learn.microsoft.com/en-us/lifecycle/products/?terms=forefront%20identity)
+Date of the last release of Microsoft Forefront Identity Manager: 2013-01-15
+
+Date of last wordlist update: May 14, 2020

Discovery/Web-Content/Web-Servers/README.md

@@ -0,0 +1,68 @@
+# Web-Server wordlists
+
+The wordlists contained in this directory are specific for testing certain **web server software**.
+
+## Java-Servlet-Runner-Adobe-JRun
+Use for: Fuzzing for common filepaths in webpages served with **[Java Servlet Runner (Adobe JRun)](https://adobe.fandom.com/wiki/JRun)**
+
+Year of the first release of Java Servlet Runner (Adobe JRun): 1997
+Year of the last release of Java Servlet Runner (Adobe JRun): 2007
+
+Date of last update: Oct 14, 2010
+
+
+## Oracle-Sun-iPlanet.txt
+Use for: Fuzzing for common filepaths in webpages served with **[Oracle Sun iPlanet](https://www.oracle.com/middleware/technologies/webtier.html)**
+
+Year of the first release of Sun-iPlanet (Adobe JRun): 1994
+Year of the last release of Sun-iPlanet (Adobe JRun): 2017
+
+Date of last update: Oct 14, 2010
+
+
+## Glassfish-Sun-Microsystems.txt
+Use for: Fuzzing for common filepaths in webpages served with **[Glassfish - Sun Microsystems](https://glassfish.org/)**
+
+Year of the first release of Glassfish: [2005](https://en.wikipedia.org/wiki/GlassFish)
+Glassfish is still in recieving updates as of 2024.
+
+Date of last update: Oct 14, 2010
+
+
+## Apache.fuzz.txt
+Use for: Discvering sensitive content in Apache web servers.
+Date of last update: Jan 26, 2015
+
+
+## Apache-Tomcat.txt
+Use for: Discovering sensitive content in Apache Tomcat servers.
+Date of last update: Dec 14, 2017
+
+
+## iis-systemweb.txt
+Use for: Fuzzing the `/aspnet_client/system_web/` directory on [Microsoft IIS](https://www.iis.net/) servers to detect **CGIs** and **scripts** even even if the two ladder directories are inaccessible.
+
+Reference: https://github.com/irsdl/IIS-ShortName-Scanner
+Discussion: https://github.com/danielmiessler/SecLists/pull/783
+
+<<<<<<< HEAD
+Date of last update: Jun 27, 2022
+
+
+## JBoss.txt
+Use for: Fuzzing for common filepaths in webpages served with **[JBoss - RedHat](https://jbossas.jboss.org)** (not to be confused with "JBoss EAP").
+
+Date of the first release of JBoss: [2002-05-29](https://jbossas.jboss.org/downloads/)
+Date of the last release of JBoss: 2012-03-09
+
+Date of last wordlist update: Feb 27, 2014
+
+
+## Apache-Axis.txt
+Use for: Fuzzing for common filepaths in webpages created with **[Apache Axis](https://axis.apache.org/axis/)**
+
+Date of the first release of Apache Axis: [2002-10-07](https://jbossas.jboss.org/downloads/)
+Date of the last release of Apache Axis: 2006-04-22
+=======
+Date of last update: Jun 27, 2022
+>>>>>>> 0a6cbb9c (feat(docs): Moved Web-Server wordlists into their own directory)

Discovery/Web-Content/apache.txt

@@ -1,33 +0,0 @@
-.htaccess
-.htpasswd
-.meta
-.web
-access_log
-cgi
-cgi-bin
-cgi-pub
-cgi-script
-dummy
-error
-error_log
-htdocs
-httpd
-httpd.pid
-icons
-index.html
-logs
-manual
-phf
-printenv
-server-info
-server-status
-status
-test-cgi
-tmp
-~bin
-~ftp
-~nobody
-~root
-php.ini
-mod_cluster-manager
-balancer-manager