diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 3a753249..6cd7158b 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -7,17 +7,24 @@ No updates have been made to this wordlist since its creation. ## AdobeXML.fuzz.txt Use for: Discovering sensitive filepaths of **Adobe ColdFusion** + Creation date: Aug 27, 2012 + No updates have been made to this wordlist since its creation. + ## CGI-HTTP-POST-Windows.fuzz.txt Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, [Microsoft FrontPage](https://en.wikipedia.org/wiki/Microsoft_FrontPage) + Source: https://github.com/deepak0401/Front-Page-Exploit + Date of last update: Aug 27, 2012 + The last version of FrontPage was released on 2003. ## CGI-HTTP-POST.fuzz.txt Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI". + Date of last update: Aug 27, 2012 This wordlist tests for the following vulnerabilities: @@ -27,14 +34,19 @@ This wordlist tests for the following vulnerabilities: - Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836) - DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt). + ## CGI-Microsoft.fuzz.txt Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems. + Date of last update: Aug 27, 2012 + ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. + Source: [Google's RAFT](https://code.google.com/archive/p/raft/) + ## combined_words.txt Use for: discovering files @@ -79,7 +91,6 @@ Use for: discovering files and directories ### Source This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified. - ## dsstorewordlist.txt SOURCE: https://github.com/aels/subdirectories-discover @@ -89,6 +100,7 @@ Perfect wordlist to discover directories and files on target site with tools lik - Then sorted by probability and removed strings with one occurrence. - resulted file you can download is below. Happy Hunting! + ## vulnerability-scan_j2ee-websites_WEB-INF.txt Use for: discovering sensitive j2ee files exploiting a lfi @@ -103,6 +115,7 @@ References: Use for: Fuzzing for common filepaths in webpages designed with **[Microsoft Frontpage](https://en.wikipedia.org/wiki/Microsoft_FrontPage)** Year of the first release of Microsoft Frontpage: 1997 +Year of the last release of Microsoft Frontpage: 2003 ## Oracle-EBS-wordlist.txt Use for: Fuzzing for common filepaths of [Oracle E-Business Suite](https://www.oracle.com/applications/ebusiness/) (EBS) version 11. @@ -126,7 +139,6 @@ Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telli Date of last update: Oct 7, 2019 -<<<<<<< HEAD ## iis-systemweb.txt Use for: Fuzzing the `/aspnet_client/system_web/` directory on [Microsoft IIS](https://www.iis.net/) servers to detect **CGIs** and **scripts** even even if the two ladder directories are inaccessible. @@ -134,6 +146,3 @@ Reference: https://github.com/irsdl/IIS-ShortName-Scanner Discussion: https://github.com/danielmiessler/SecLists/pull/783 Date of last update: Jun 27, 2022 -======= -Date of last update: Oct 14, 2010 ->>>>>>> 0a6cbb9c (feat(docs): Moved Web-Server wordlists into their own directory)