diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 20018a9f..78dd906c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,6 +10,43 @@ If you have any ideas for things we should include, please use ONE of the follow Significant effort SHOULD be made to give attribution for these lists whenever possible, and if you are a list owner or know who the original author/curator is, please let us know so we can give proper credit. +## Wordlist content + +If you're uploading a new Wordlist, make sure to follow these guidelines. + +### Remove leading slashes +Do not include leading slashes in the wordlists contents. This ensures all SecLists wordlists have the same format, and also helps keep the wordlist filesize down. +- ❌ `/path/to/something` +- ✅ `path/to/something` + + +### Remove duplicates + +> [!IMPORTANT] +> If you're on Windows, you'll need to install [Cygwin](https://cygwin.com/) to use these commands. + +You can remove duplicate lines from any wordlists using the command: +- On Linux: `sort -u your_wordlist.txt --output clean_file.txt` +- On Windows (Powershell): `&"C:\cygwin64\bin\sort.exe" -u your_wordlist.txt --output clean_file.txt` + +If the order of the lines matters, for example if you're uploading a wordlist of passwords where they are sorted by probability, then you can instead use this command instead: +- On Linux: `gawk '!seen[$0]++' your_wordlist.txt > clean_file.txt'` +- On Windows (Powershell): `&"C:\cygwin64\bin\gawk.exe" '!seen[$0]++' your_wordlist.txt > clean_file.txt'` + +### Remove ambiguous lines + +Purpose-specific wordlists with exceedingly common lines such as `index.html` and `.git` are likely to cause false positives when used against a target. It's recommended to remove these lines before uploading. + + +### Consider using placeholders + +If the wordlist contains URL parameters, consider that it may be beneficial to replace those parameters with placeholders, and then reference those placeholders in the documentation. + +For example: +- ❌ `path/to/auth?password=somePassword496` +- ✅ `path/to/auth?password={PASSWORD_PLACEHOLDER}` + + ## Folder naming scheme Folders should be named with the train case scheme, for example `File-System`.