Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-01-20 15:14:23 +01:00
Code Issues Projects Releases Wiki Activity
2601 commits 2 branches 30 tags 2.7 GiB
Commit graph

876 commits

Author SHA1 Message Date
g0tmi1k
60fbd42063
Merge pull request #622 from realArcherL/patch-2 
A very new naming scheme for Graphql endpoints
 2021-08-27 21:15:39 +01:00
g0tmi1k
b4637896ef
Merge pull request #623 from righettod/feature_add_oauth2-odic_endpoints 
Add missing OAUTH2/OIDC endpoints.

Source: https://righettod.eu.auth0.com/.well-known/openid-configuration
 2021-08-27 21:15:07 +01:00
g0tmi1k
177f25ba69
Merge pull request #625 from cbk914/master 
Some additions

Source: http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
 2021-08-27 21:14:37 +01:00
g0tmi1k
01f7723ddd
Merge pull request #626 from 7PH/master 
Add waybackverify.txt filename to raft medium and large lists
 2021-08-27 21:13:55 +01:00
g0tmi1k
eea747817d
Merge pull request #628 from Anon-Exploiter/patch-1 
Added ga-google-analytics in wp-plugins.txt

Source https://wordpress.org/plugins/ga-google-analytics/
 2021-08-27 21:12:25 +01:00
g0tmi1k
4002c2c970
Merge pull request #630 from whitehauler/patch-1 
Update raft-large-files.txt
 2021-08-27 21:12:01 +01:00
g0tmi1k
de06dbb492
Merge pull request #637 from dabasanta/DaniloBasanta 
Added list of IPv4 address class A&C. Also a script to generate these lists.
 2021-08-27 21:11:24 +01:00
g0tmi1k
d8294e9763
Merge pull request #629 from righettod/feature_add_oauth-oidc_scopes_dict 
Add a dict with OAUTH2/OIDC scopes.
 2021-08-27 21:00:07 +01:00
5tr1x
a45a11ecca
Create aem2.txt 2021-08-25 15:22:35 -05:00
mxrch
11eee99996
adding "dismiss" to big.txt 2021-08-22 22:54:33 +02:00
Danilo
6473406b1e Shell script to generate any IP ranges as you need 2021-08-13 12:44:32 -05:00
Danilo
28f2b5b9eb Added list of 192.168.x.x Class B IP range 2021-08-13 12:42:49 -05:00
Danilo
48258a71ce Added list of 10.10.x.x Class A IP range 2021-08-13 12:42:21 -05:00
Crypt-Con
7599d80112
Update nginx.txt 2021-07-31 10:28:09 +05:30
Afaq
0e6d80b6d9
added a critical endpoint 
added a critical endpoint which contains critical DB information.
 2021-07-27 17:39:44 +05:00
Dominique RIGHETTO
388cac333b
Merge all versions of the file 2021-07-17 19:28:42 +02:00
Dominique RIGHETTO
48cc424388
Add files via upload 2021-07-17 19:23:28 +02:00
Dominique RIGHETTO
8572bd91ad
Update oauth-oidc-scopes.txt 2021-07-17 08:12:51 +02:00
Dominique RIGHETTO
ea3268e688
Add a dict with OAUTH/OIDC scopes. 
See PR to extended description.
 2021-07-16 14:33:26 +02:00
Syed Umar Arfeen
da169ef5d0
Added ga-google-analytics in wp-plugins.txt 
From: https://wordpress.org/plugins/ga-google-analytics/

```
Plugin Name: GA Google Analytics
Plugin URI: https://perishablepress.com/google-analytics-plugin/
Description: Adds your Google Analytics Tracking Code to your WordPress site.
Tags: analytics, ga, google, google analytics, tracking, statistics, stats
Author: Jeff Starr
Author URI: https://plugin-planet.com/
Donate link: https://monzillamedia.com/donate.html
Contributors: specialk
Requires at least: 4.1
Tested up to: 5.3
Stable tag: 20191109
Version: 20191109
Requires PHP: 5.6.20
Text Domain: ga-google-analytics
Domain Path: /languages
License: GPL v2 or later
```
 2021-07-16 16:38:36 +05:00
7PH
43cbe32e24 Add waybackverify.txt filename to raft medium and large lists 2021-07-13 13:09:49 +02:00
Dominique RIGHETTO
2c97b1bea1
Add missing OAUTH2/OIDC endpoints 
See https://righettod.eu.auth0.com/.well-known/openid-configuration
 2021-07-05 14:17:15 +02:00
cbk914
9a871facf1
Merge branch 'danielmiessler:master' into master 2021-06-26 23:06:55 +02:00
realArcherL
852b6e45f1
A very new naming scheme 
I have noticed a new naming convention surge in companies, having Graphql API endpoint as `example.com/je/graphql`. This is something I encountered while doing BBs on HackerOne.
 2021-06-22 12:26:49 +05:30
Jake Craige
24cdcb35e8
Add port 3000 (Ruby on Rails) to common ports 
This is the default port rails uses in a fresh installation, this is mentioned [on the command line docs here](https://guides.rubyonrails.org/command_line.html#bin-rails-server) and I also have a lot of experience with rails confirming this port is often used in practice
 2021-06-17 21:19:19 -07:00
g0tmi1k
03b4d2c22c
Merge pull request #619 from krvaibhaw/master 
Update http-request-headers-fields-large.txt
 2021-06-13 00:00:00 +01:00
g0tmi1k
034041bb6b
Merge pull request #615 from righettod/feature_add_shibboleth-sso 
Add Shibboleth.sso Metadata endpoint

https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForSP
 2021-06-12 19:16:16 +01:00
Vaibhaw
6c1044b617 Merge branch 'danielmiessler:master' into master 2021-06-10 15:35:56 +05:30
Vaibhaw
4bd0b23411
Update wordpress.fuzz.txt 2021-06-10 15:12:47 +05:30
Vaibhaw
ed37faca0b
Update wordpress.fuzz.txt 2021-06-10 15:11:27 +05:30
cbk914
cd20324f79 Merge branch 'danielmiessler:master' into master 2021-06-09 13:09:19 +02:00
Dominique RIGHETTO
3eeb4e5292
Add Shibboleth.sso Metadata endpoint 
Source: https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForSP
 2021-06-07 15:43:03 +02:00
Dominique RIGHETTO
864faed87f
Add "oauth/token/info" endpoint 
See https://docs.gitlab.com/ee/api/oauth2.html#retrieving-the-token-information
 2021-05-28 15:44:59 +02:00
Dominique RIGHETTO
56e23b6436
Add openid endpoints and metadata 
See https://connect2id.com/products/server/docs/api
 2021-05-28 15:20:54 +02:00
Dominique RIGHETTO
0e471e3faf
Add oauth endpoints 
See https://auth0.com/docs/protocols/protocol-oauth2#endpoints
 2021-05-28 15:11:32 +02:00
g0tmi1k
664dd4c648
Merge pull request #603 from shelld3v/patch-9 
More endpoints from Assetnote wordlist

https://wordlists-cdn.assetnote.io/data/automated/httparchive_apiroutes_2021_04_28.txt
 2021-05-25 17:44:52 +01:00
g0tmi1k
8c35abaa4c
Merge pull request #599 from drwetter/patch-5 
Add balancer for apache

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
 2021-05-25 17:36:38 +01:00
g0tmi1k
3ce65b30e3
Merge pull request #594 from righettod/master 
Add security.txt at the root
 2021-05-25 17:35:52 +01:00
g0tmi1k
e52d55d4ad
Merge pull request #584 from Splint3r7/master 
Update Ruby on Rails wordlists
 2021-05-25 17:33:55 +01:00
g0tmi1k
22b96249fd
Merge pull request #600 from renanhsilva/master 
Update wordpress.fuzz.txt
 2021-05-25 17:33:30 +01:00
g0tmi1k
44c288e17a
Merge pull request #601 from shelld3v/patch-8 
Better wordlist
 2021-05-25 17:32:54 +01:00
cbk914
cb4febae37 Merge branch 'danielmiessler:master' into master 2021-05-11 16:10:42 +02:00
Hector Grecco
725eeb4a4d
Add "cms" word to list 2021-05-05 10:51:29 -03:00
shelld3v
096fcd8906
More endpoints from Assetnote wordlist 2021-05-05 13:35:40 +07:00
shelld3v
fc3902bc5d
Better wordlist 2021-05-01 00:04:10 +07:00
Renan Silva
3670ebf929
Update wordpress.fuzz.txt 
add the file wp-config.php
 2021-04-30 02:49:01 +00:00
Dirk Wetter
94354ee231
Add balancer for apache 
https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
 2021-04-26 18:26:17 +02:00
Dominique RIGHETTO
4a2ab64c10
Add security.txt at the root 2021-04-15 07:58:49 +02:00
Afaq
773441aed8
Update all.txt 
added adminHeader.html endpoint
 2021-04-11 21:16:35 +05:00
Splint3r7
a5f6a19362
Update Ruby on Rails wordlists 2021-03-26 12:56:05 +05:00
g0tmi1k
7693c73c26
Merge pull request #582 from slicin/patch-1 
Update wp-plugins.fuzz.txt
 2021-03-23 06:44:43 +00:00
slicin
c3c8518831
Update wp-plugins.fuzz.txt 
Adding broken-link-manager to find:
CVE-2015-9453
CVE-2015-9467
CVE-2015-9468
 2021-03-19 17:12:59 -04:00
Ernestas Kulik
e1d08810b3 Discovery: Fix spelling and hyphenate some words 
“atleast” and “sensitive” are self-explanatory here. Hyphenation makes
things even more readable, even if a tad pedantic.

https://xkcd.com/37/
 2021-03-13 23:23:27 +01:00
g0tmi1k
eeea855ac5
Merge pull request #577 from righettod/master 
Add "contribute.json" file entry

https://infosec.mozilla.org/guidelines/web_security#contributejson
https://www.contributejson.org/
https://github.com/mozilla/contribute.json
 2021-03-01 12:43:28 +00:00
Dominique RIGHETTO
6715ca5d96
Add "contribute.json" file entry 2021-03-01 12:36:34 +01:00
g0tmi1k
3f5531cde3
Merge pull request #573 from righettod/master 
Add specific "render" endpoints
 2021-03-01 05:18:13 +00:00
Dominique RIGHETTO
6400f4d31e
Change the url to google 2021-02-26 14:12:33 +01:00
Dominique RIGHETTO
2afcf1217c
Add specific render endpoints 2021-02-21 18:55:29 +01:00
Cristiano Maruti
84149f5b30
Create versioning_metafiles.txt 2021-02-20 20:41:53 +01:00
g0tmi1k
c341f97b90
Merge pull request #563 from jaiswalakshansh/patch-1 
Update spring-boot.txt

Source: https://www.baeldung.com/spring-boot-actuators
 2021-02-12 10:17:51 +00:00
g0tmi1k
4df226a358
Merge pull request #539 from shelld3v/patch-6 
Create a wordlist for dirsearch users
 2021-02-12 10:17:25 +00:00
g0tmi1k
36116d773a
Merge pull request #557 from shelld3v/patch-7 
More API endpoints (from assetnote) and sort everything

Source: wordlist.assetnote.io
 2021-02-12 10:16:52 +00:00
g0tmi1k
0d39b80eee
Merge pull request #570 from Faelian/master 
Added webpack.manifest.json
 2021-02-11 22:09:44 +00:00
Olivier Lasne
ca898cc4c7 Added webpack.manifest.json 2021-02-11 23:05:42 +01:00
g0t mi1k
d30d7b46e6 Fix up 2021-02-11 21:56:20 +00:00
g0tmi1k
7a0c657912
Merge pull request #555 from shoeper/unique-dns-keeporder 
DNS lists lower case only
 2021-02-11 21:35:58 +00:00
g0tmi1k
5d0d24f91b
Merge pull request #562 from righettod/feature_blazor 
Add Microsoft Blazor WebAssembly identifiers

Source: https://github.com/SteveSandersonMS/CarChecker
 2021-02-11 21:26:13 +00:00
g0tmi1k
94e19b86fa
Merge pull request #559 from TAbdiukov/master 
Object Exchange (OBEX) common and uncommon path lists

Source: https://en.wikipedia.org/wiki/OBject_EXchange
 2021-02-11 21:24:29 +00:00
g0tmi1k
ad24e5dcd1
Merge pull request #549 from righettod/Feature_548 
Add ".well-known/jwks.json" path to common.txt file.

Source:

- https://auth0.com/docs/tokens/json-web-tokens/json-web-key-sets
- https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html#amazon-cognito-user-pools-using-tokens-step-2
- https://blogs.akamai.com/2019/10/verify-jwt-with-json-web-key-set-jwks-in-api-gateway.html
 2021-02-11 20:50:33 +00:00
g0tmi1k
cd52c8428a
Merge pull request #547 from fiLLLip/patch-1 
Add humans.txt

Source: http://humanstxt.org/
 2021-02-11 20:49:46 +00:00
g0tmi1k
751900cbde
Merge pull request #544 from mxrch/master 
Adding .git to big.txt
 2021-02-11 20:49:15 +00:00
g0tmi1k
5ec9d37a15
Merge pull request #540 from kazkansouh/mime-types-iana 
refreshed mime/content-types

Source: https://www.iana.org/assignments/media-types/media-types.xml

```
curl https://www.iana.org/assignments/media-types/media-types.xml -s | xpath -q -e '//file/text()' | tr '[[:upper:]]' '[[:lower:]]'
```
 2021-02-11 20:47:27 +00:00
g0tmi1k
9fbf6cb419
Merge pull request #524 from t0-git/patch-1 
Adding new .git entries and .svnignore.
 2021-02-11 20:28:23 +00:00
Akshansh Jaiswal
1d11e71a65
Update spring-boot.txt 2021-01-25 10:30:28 +05:30
Dominique RIGHETTO
405cf59743
Add Microsoft Blazor client identifier 2021-01-24 08:58:00 +01:00
TAbdiukov
05fe10e860
Upload rare (uncommon) OBEX paths 
Sources: multiple (all listed in the file)
 2021-01-20 16:06:00 +11:00
TAbdiukov
5c246e58cd
a few extras from SE spec files for devs 
Sources,
https://manualzz.com/doc/24948742
https://manualzz.com/doc/922881/dcs-phfs-dw-user-guide
 2021-01-20 15:06:25 +11:00
TAbdiukov
6e71f29fc3
a topn more paths from official specs 
Src: http://www.pday.com.cn/technology/irda_documents/irmc_v1p1.pdf
 2021-01-20 14:59:16 +11:00
TAbdiukov
ba087b3874
add comments; sort alphabetically; rm duplicates 2021-01-20 14:39:49 +11:00
TAbdiukov
cbf5d4eadb
First upload 
Source:  http://dev.zuckschwerdt.org/openobex/wiki/ObexFtpServices
 2021-01-20 14:20:28 +11:00
shelld3v
216ae4a8df
More endpoints 2021-01-11 18:54:44 +07:00
shelld3v
963add5f23
More API endpoints (from assetnote) and sort everything 2021-01-11 18:42:46 +07:00
Sven Höper
dc04568e57
DNS lists lower case only 
Converted DNS lists to lower case only and removed duplicates
without chaing order

fix #553
 2021-01-06 16:18:04 +01:00
Dominique RIGHETTO
38581fac54
Add ".well-known/jwks.json" path 
Add path to the JSON Web Key Sets file.
This file is documented [here](https://auth0.com/docs/tokens/json-web-tokens/json-web-key-sets)
 2020-12-27 16:35:37 +01:00
Filip Andre Larsen Tomren
8327e45d92 Add humans.txt to common list 
'humans.txt' is common as specified http://humanstxt.org. At least as
common as 'humans', without having to specify extension in tools like 'dirb'.
 2020-12-08 14:53:06 +01:00
mxrch
fb4aaabc63
Update big.txt 2020-11-21 00:16:16 +01:00
Karim Kanso
a6f2ed757f refreshed content-types from www.iana.org/assignments/media-types/media-types.xml 2020-11-17 11:48:56 +00:00
shelld3v
004d110704
Create dirsearch.txt 2020-11-15 13:52:44 +07:00
cbk914
003bfef95f
Merge pull request #6 from danielmiessler/master 
Update
 2020-11-12 02:44:53 +01:00
g0tmi1k
9f4d672e98
Merge pull request #517 from righettod/master 
Add path to a common ManageEngine endpoint

Source: https://righettod.eu/#4-vulns
 2020-11-11 12:00:53 +00:00
g0tmi1k
ac861e371d
Merge pull request #509 from ArgentEnergy/spring-boot-redis 
Spring Boot Redis paths.
 2020-11-06 11:51:25 +00:00
cbk914
52fc87a1fc Add ELMAH files and directories 2020-11-05 16:39:29 +01:00
g0tmi1k
12513fd8ad
Merge pull request #518 from clem9669/patch-5 
Adding nextcloud & owncloud to common.txt

Source: https://help.dreamhost.com/hc/en-us/articles/235545207-Step-by-step-guide-to-deploy-Nextcloud-on-DreamCompute
 2020-11-03 22:00:16 +00:00
g0tmi1k
6d164b9672
Merge pull request #527 from soufianetahiri/master 
Added actuator default paths and created new XSS fuzzing list

Source: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/production-ready-endpoints.html
 2020-11-03 11:39:11 +00:00
g0tmi1k
449d7a84cd
Merge pull request #528 from drwetter/patch-4 
Add CMS login

https://processwire.com/docs/security/admin/
 2020-11-02 21:12:18 +00:00
g0tmi1k
cea2a72bae
Merge pull request #506 from LabanSkollerDefensify/patch-1 
Add NDES and SCEP URLs

/certsrv/mscep/mscep.dll: https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure
/certsrv/mscep_admin: https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx
 2020-11-02 21:11:53 +00:00
g0tmi1k
fe2aa9e7b0
Merge pull request #521 from realArcherL/master 
Slight correction with version numbers from earlier PR also added new endpoints
 2020-11-02 20:57:49 +00:00
Dirk Wetter
f7577f68cb
Add CMS login 
Processwire is a CMS which I recently encountered during a pentest. /processwire is the login (compare /typo3 or /wp-login.php)
 2020-10-23 13:14:04 +02:00
Soufiane Tahiri
a8e73cb425
Added actuator default paths 
Added actuator paths
 2020-10-23 10:51:19 +02:00
t0-git
8d60339a5f
Adding new git entries and .svnignore. 2020-10-07 21:02:51 +02:00
realArcherL
2d9b4effe7
Corrected the v3 repetition and added new ones. 
api and /graph
 2020-10-03 16:13:08 +05:30
clem9669
6150a902f3
Adding nextcloud & owncloud to common.txt 
Nextcloud & ownCloud are two famous software for creating and using file hosting service.
PS: this adding might also be done on bigger discovery list because none of big list contains them
 2020-10-02 08:30:11 +00:00
Dominique RIGHETTO
fee58c17da
Add path to a common ManageEngine endpoint 
Add path to a endpoint often exposed to anonymous user by ManageEngine products.
See https://www.manageengine.com/
 2020-10-02 08:32:34 +02:00
cbk914
ae8aabcfed Merge branch 'master' of https://github.com/cbk914/SecLists 2020-09-30 16:37:47 +02:00
ArgentEnergy
505a333e9f Spring Boot Redis paths. Discloses details of Redis version, amount of keys in each database, memory size, etc.... 2020-09-25 20:01:00 -03:00
Laban Sköllermark
940dc91637
Add NDES and SCEP URLs 
Microsoft Network Device Enrollment Service (NDES) is used to enroll
devices such as Cisco routers and iPhones with a device certificate
issued by Active Directory Certificate Services (ADCS) Certification
Authority (CA) via the Simple Certificate Enrollment Protocol (SCEP).

Add the following URLs:

* /certsrv/mscep_admin - admin page of Network Device Enrollment Service
  (NDES)
* /certsrv/mscep/mscep.dll - Simple Certificate Enrollment Protocol
  (SCEP) server endpoint
 2020-09-23 14:49:24 +02:00
device33
c126de81ab
Update apache.txt 
add mod_cluster-manager
 2020-09-23 10:55:23 +02:00
g0tmi1k
ca6bf04c05
Merge pull request #465 from dee-see/patch-1 
Add new Swagger UI path
 2020-09-16 07:30:38 +01:00
g0tmi1k
3e29513e3b
Merge pull request #484 from realArcherL/patch-1 
Updated with more keywords and version numbers

- Source: https://youtu.be/NPDp7GHmMa0
 2020-09-16 07:28:58 +01:00
g0tmi1k
a274ffba57
Merge pull request #495 from shelld3v/patch-1 
Add more API endpoints
 2020-09-16 07:25:58 +01:00
g0tmi1k
a3924f7a71
Merge pull request #498 from shelld3v/patch-4 
Add some endpoints
 2020-09-16 07:24:41 +01:00
0x00gum
ed0b32f5ce
Some New DB Extensions 2020-09-13 20:04:25 +03:00
shelld3v
0f328c377d
Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
shelld3v
aff66805e0
Add more API endpoints 2020-09-07 16:49:32 +07:00
realArcherL
5501592986
Updated with more keywords and version numbers 
Based on the Bugcrowd level-up talk (https://youtu.be/NPDp7GHmMa0)
 2020-08-18 17:47:27 +05:30
cbk914
e06aacd937 Revert "Merge pull request #4 from danielmiessler/master" 
This reverts commit c266835781, reversing
changes made to fd4968f43b.
 2020-08-11 14:25:56 +02:00
Dominic
cc16fe8813
Merge branch 'master' into patch-1 2020-07-22 13:44:30 -04:00
g0tmi1k
31ee70aeef
Merge pull request #473 from mrajput7/master 
Update golang.txt

Source: https://www.dropbox.com/s/ir2b56j3zt7vz0a/golang_handlefunc_combined?dl=0
 2020-07-22 16:24:33 +01:00
g0tmi1k
a3b77e1170
Merge pull request #475 from joegoerlich/patch-1 
Update sap.txt
 2020-07-22 16:24:13 +01:00
g0tmi1k
3a9cac0384
Merge pull request #474 from chudyPB/master 
Update sap.txt
 2020-07-22 16:24:02 +01:00
g0tmi1k
5fc3e6a208
Merge pull request #476 from toxydose/patch-1 
Add some common ports
 2020-07-22 16:23:04 +01:00
g0t mi1k
3567cf6fc0 Writable locations Windows 
Source: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md

accesschk -w -s -q -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Interactive "C:\Program Files" >> programfiles.txt

accesschk -w -s -q -u Users "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Everyone "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Interactive "C:\Program Files (x86)" >> programfilesx86.txt

accesschk -w -s -q -u Users "C:\Windows" >> windows.txt
accesschk -w -s -q -u Everyone "C:\Windows" >> windows.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Windows" >> windows.txt
accesschk -w -s -q -u Interactive "C:\Windows" >> windows.txt
 2020-07-22 16:05:54 +01:00
Alexander Bridges
a628a652be
Add some common ports 
https://www.sonicwall.com/support/knowledge-base/running-sslvpn-on-a-different-tcp-port/170503249443105/
https://www.router-switch.com/faq/difference-between-https-port-443-and-8443.html
https://www.speedguide.net/port.php?port=8008
 2020-07-22 03:23:00 +03:00
joegoerlich
d16951bd86
Update sap.txt 
Added URLs related to [CVE-2020-6287].
 2020-07-21 10:11:10 +02:00
chudyPB
da33a2b4a4
Update sap.txt 2020-07-21 09:34:10 +02:00
Mohit Narayan Rajput
99d3e2ab22
Update golang.txt 2020-07-19 01:34:21 -04:00
D3lT4
c5ce1780eb
Update swagger.txt 2020-07-08 23:37:59 +05:30
WhiteDot
c8cfb4666b
Update raft-large-files.txt 
added some file names
 2020-07-06 22:54:56 +05:30
Dominic
3ae69babfa
Add new Swagger UI path 
Just stumbled upon that URL, search `inurl:swagger/ui/index` for examples.
 2020-06-30 08:53:21 -04:00
clem9669
c4002baa24
Minor change 
Added 1 line for good practice
 2020-06-18 14:15:16 +00:00
Techbrunch
baf37cc800
Update swagger.txt 
Update swagger.txt
 2020-06-12 11:23:06 +02:00
0x08
7db405b01c
TYPO fixed: some lines start with space. 2020-06-06 01:13:59 +03:00
g0tmi1k
6beba93eac
Merge pull request #427 from Failsafe-0verflowme/patch-1 
Update common.txt
 2020-06-05 16:30:13 +01:00
g0tmi1k
9aa4f93db1
Merge pull request #433 from MomIsBestFriend/Fix-425 
Fixed typo in Discovery/Variables/secret-keywords.txt
 2020-06-05 16:29:54 +01:00
Karim Kanso
607c3293b4 strip trailing whitespace 2020-05-27 14:26:51 +01:00
Karim Kanso
a3416ba706 standardisze line endings 2020-05-27 14:10:50 +01:00
g0tmi1k
9a14bdb7ca
Merge pull request #441 from cactuschibre/master 
Reorder and add more Actuator endpoints

Source; https://apereo.github.io/cas/development/monitoring/Monitoring-Statistics.html
 2020-05-27 10:42:10 +01:00
g0tmi1k
67947cfae1
Merge pull request #435 from righettod/master 
Add WWW and HTML folders
 2020-05-27 09:54:21 +01:00
cactuschibre
017b233805
Reorder and add more Actuator endpoints 2020-05-26 16:28:58 +02:00
guest20
6ccd6853d4
Rename Public-Source-Repo-Issues.txt to Public-Source-Repo-Issues.json 
This file is full of json, which might upset someone writing a script that assumes *.txt files are just url fragments....
 2020-05-24 13:07:50 +02:00
Dominique RIGHETTO
9763b2a76d
Add www folder 2020-05-23 11:37:49 +02:00
Dominique RIGHETTO
6350b61e1d
Add missing ending / 2020-05-23 11:36:17 +02:00
Dominique RIGHETTO
e790c509b8
Ass html folder 2020-05-23 11:34:37 +02:00
MomIsBestFriend
e89ff1fbda Fixed typo in Discovery/Variables/secret-keywords.txt 2020-05-17 00:37:40 +03:00
pbafe
888cdaa13a
Create Django.txt 
Updated on April 20th, the contents include all the files of Django between version 3.0.5 and 2.1
 2020-05-09 10:53:35 +02:00
g0tmi1k
86c6e6314f
Merge pull request #430 from cnotin/patch-1 
Add .well-known entries

Source: 
- https://gist.github.com/quickbreach/3bddfdf193b3d988b0e07d07dbac0da0
- https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
- https://mercure.rocks/spec#discovery
 2020-05-08 12:07:45 +01:00
g0tmi1k
47e882f5d9
Merge pull request #405 from soufianetahiri/patch-1 
add swagger path
 2020-05-08 12:06:57 +01:00
Clément Notin
123be76ca1
Add .well-known entries 2020-05-08 01:14:12 +02:00
0verflowme
ffc8d2bf32
Update common.txt 2020-05-03 19:53:03 +05:30
Moritz
fbab21e873 Added default Directory-Wordlist from Dirbuster 2020-04-28 16:48:25 +02:00
alisabzeghabaei
4efdac9a7e
some new php backdoor names. 
new backdoor name added from https://github.com/JohnTroony/php-webshells repository.
 2020-04-27 03:51:20 +04:30
pbafe
5a8df75c4b
Create Drupal.txt 2020-04-16 20:33:25 +02:00
Wellington Moraes
83a500c9d4 renamed to correct name 2020-04-07 08:52:35 -03:00
Soufiane Tahiri
c368fc5f80
add swagger path 2020-04-02 12:06:36 +02:00
Tibo-le-canard
697537b256
Adding actuator endpoints 2020-04-01 14:53:34 +02:00
socketz
c51120382e
Added wp-content/debug.log 2020-03-30 15:18:48 +02:00
Alexandre ZANNI
220d997033 fix architecture 
fix https://github.com/danielmiessler/SecLists/issues/398
 2020-03-16 14:44:20 +01:00
g0tmi1k
5517d9fdec
Merge pull request #395 from jaweesh/master 
added Umbraco cms identification from their official files

Source; http://umbracoreleases.blob.core.windows.net/download/UmbracoCms.8.5.4.zip
 2020-03-02 11:07:44 +00:00
jaweesh
60466a4597 added Umbraco cms identification from their zip file 2020-03-02 14:29:24 +04:00
reydc
1fb8561d9c
Update graphql.txt 2020-02-23 10:20:31 -03:00
Dominique RIGHETTO
cb37e5b03d
Create reverse-proxy-inconsistencies.txt 2020-01-22 09:03:34 +01:00
Dominique RIGHETTO
44b3fdedf2
Add entries from a blog about content discovery in API 
Blog url: https://blog.jonlu.ca/posts/experiments-and-growth-hacking
 2020-01-03 16:22:45 +01:00
Dominique RIGHETTO
f7314e9c34
Add entry from Portswigger WebAcademy 
Entry found in labs from https://portswigger.net/web-security/access-control
 2019-12-29 11:50:12 +01:00
Camas
eb2cd4518a Remove extra newline 2019-11-08 23:32:46 +00:00
Camas
a7184dd1f7 Fix line endings 2019-11-08 15:09:15 +00:00
Ricardo
5bdfce1568
Hidden SNMP community in Cisco SG220 series 
Reference: https://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_default_snmp.pdf
 2019-11-08 10:39:12 +00:00
davidegirardi
78190b79a6 Add CICS transaction list 2019-11-03 11:50:45 +01:00
Dominique RIGHETTO
9f94cae21b
Add local ports for scan 2019-10-21 17:49:56 +02:00
Tonimir Kisasondi
b472dfc528
added jolokia 
See https://jolokia.org/

Gets exposed in combination with springboot.
 2019-10-13 22:04:35 +02:00
Dominique RIGHETTO
5c917b1cba
Add dictionary for GraphQL 
Help to detect GraphQL endpoint
 2019-10-11 17:19:05 +02:00
Dominique RIGHETTO
b93f54f4fb
Add VIM and NANO backup file 2019-10-11 15:55:38 +02:00
XalfiE
5d2567ab0e
Oracle EBS wordlist addition 
Oracle EBS wordlist addition
 2019-10-07 13:12:51 +03:00
Tonimir Kisasondi
7afc0c42a7
adds mappings and restart 
This list is missing mappings and restart. Just added them.
 2019-10-03 10:11:17 +02:00
Dirk Wetter
3ce96b82d4
Update with entries from Wikipedia 
...see https://en.wikipedia.org/wiki/List_of_/.well-known/_services_offered_by_webservers
 2019-10-02 21:35:58 +02:00
Dirk Wetter
d7bf9b91bd
Add some .well-known dir entries 
*  Add 1x apple-app-site-association, as it also can appear in docroot: https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html

  *  put .well-known in alphabetical order

  * Added more from IANA registry: https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml

There might be still more URI -- Apple didn't seem to have registered their URI either at IANA either (process see  https://tools.ietf.org/html/rfc5785#5.1).)
 2019-09-30 15:47:38 +02:00
g0tmi1k
7148816422
Merge branch 'master' into master 2019-09-30 10:47:53 +01:00
g0tmi1k
ed0e6e1e1e
Merge pull request #343 from draguntsow/patch-1 
Create a wordlist of Modx Revolution CMS packages

Source: https://modx.com/
 2019-09-30 10:44:43 +01:00
Nikos Gk
dcf5d8162c
Update with missing common endpoints 
Update list following discussion on Twitter: https://twitter.com/NahamSec/status/1177672652011343873
 2019-09-28 19:20:35 +03:00
draguntsow
ddb5adf3d5
Create a wordlist of Modx Revolution CMS packages 
The list of plugins is collected from the info provided on the official site.
 2019-09-27 15:38:49 +03:00
dotan3
95df7943d6 Add Laravel related urls 2019-09-25 11:32:24 +02:00
Adrien
4d0073c4cd
Added new files path 2019-08-17 23:29:16 +02:00
g0tmi1k
162c2ee368
Merge pull request #328 from hisxo/patch-1 
Create symfony wordlist (for LFI/Path Traversal)

Source: https://github.com/hisxo/wordlist
 2019-08-13 04:36:15 -07:00
Eric Range
93e236b118
Update quickhits.txt 2019-08-13 10:21:15 +02:00
Eric Range
a71d0b11fd
new config file locations 
config files for the "Damn Vulnerable Web Application (DVWA)" app.
 2019-08-13 10:18:39 +02:00
BlackPearl01
07dd8118ad
Create symfony wordlist (for LFI/Path Traversal) 
Hello,

I created this wordlist because I had a Path Traversal vulnerability in an environment with Symfony. This wordlist has helped me a lot and I hope she can help others.

Adrien
 2019-08-03 22:01:45 +02:00
Alexander Bridges
4cdabd6555
add Dot CMS login endpoint 
source: https://dotcms.com/docs/latest/logging-into-dotcms
 2019-07-28 02:57:16 +03:00
Alexander Bridges
b0a709be71
add weevely.php shell endpoint 2019-07-26 14:55:28 +03:00
Alexander Bridges
09e93df441
add /phpmyadmin/ endpoints 2019-07-20 23:56:12 +03:00
g0tmi1k
11b967a88f Merge branch 'master' of https://github.com/danielmiessler/SecLists into misc 
# Conflicts:
#	Discovery/Infrastructure/common-router-ips.txt
 2019-07-09 12:15:28 +01:00
g0tmi1k
f455dc518a Sort common-router-ip by pop 2019-07-09 12:06:25 +01:00
g0tmi1k
503c57f500
Merge pull request #314 from jakobhuss/patch-1 
Non valid ipv4
 2019-07-05 17:22:13 +01:00
Alexander Bridges
c5c705134f
Sitecore CMS endpoints 
#### Sources:

Sitecore CMS:  https://www.sitecore.com/

Sensitive endpoints: https://doc.sitecore.com/developers/90/platform-administration-and-architecture/en/deny-anonymous-users-access-to-a-folder.html

Sitecore docs:  
https://doc.sitecore.com/legacy-docs/SC72/sitecore-web-service-sc65-a4.pdf
https://doc.sitecore.com/SdnArchive/upload/sitecore7/75/sitecore_security_hardening_guide-sc75-usletter.pdf
 2019-07-05 19:14:54 +03:00
Alexander Bridges
eae5072a6e
add bower.json dependencies file 
Contains sensitive info
https://zellwk.com/blog/bower/
 2019-07-05 18:53:08 +03:00
Alexander Bridges
ee0e0b01a5
few login endpoints 2019-07-05 18:50:29 +03:00
jakobhuss
0c97bfa509
Non valid ipv4 2019-07-05 13:53:59 +02:00
g0tmi1k
c9a56c3fe0
Merge pull request #312 from g0tmi1k/richelieu 
Add richelieu
 2019-07-03 14:11:25 +01:00
g0tmi1k
ad53a28ba0 Rename a few filesto match 2019-07-03 14:11:00 +01:00
waawaa
4a5f06c053
Missing paths with known RCE vulnerabilities 
Some paths are missing which have known RCE vulnerabilities
 2019-07-02 09:31:42 +02:00
g0tmi1k
7f083ceb07 Close #217 - Add api_wordlist 
Source: https://github.com/chrislockard/api_wordlist
 2019-05-08 12:22:03 +01:00
g0tmi1k
9239f0a284 find . -name '*_*' -exec rename 's/_/-/g' "{}" \; 2019-05-08 11:54:39 +01:00
g0tmi1k
a65f6bd665 Close #291 - Fix encoding issues 
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
 2019-05-08 11:04:00 +01:00
g0tmi1k
8e1f1ae56a Close #294 - Add /weblogic/ready 2019-05-07 18:20:26 +01:00
Ricardo
6d15c05bc4
Include .well-known/apple-app-site-association 
Include .well-known/apple-app-site-association
Ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
 2019-04-12 16:25:47 +01:00
toxydose
3251b35d54 update login endpoints 2019-04-10 15:54:03 +03:00
toxydose
6aa736a75a ShoreTel Connect login page GHDB-ID:5172 2019-04-10 15:47:27 +03:00
toxydose
94cc83dbda add endpoints without trailing slashes 2019-04-10 15:42:15 +03:00
g0tmi1k
611ba969ec Move location 2019-04-10 13:31:17 +01:00
g0tmi1k
12751dbbf0 Fix #288 - Add graphql 
Source: https://graphql.org/learn/serving-over-http/
 2019-04-10 13:18:25 +01:00
g0tmi1k
ed69bd3738
Merge pull request #282 from drwetter/master 
Suggestion to avoid license files to be added per accident
 2019-03-19 09:30:26 +00:00
Dirk Wetter
9da980c4da Suggestion to avoid license files to be added per accident 
Some license files carry the extension .txt which requires
a thorough look to distinguish them from payloads with the
same extension.
 2019-03-19 10:20:36 +01:00
Zawadi Done
eca7232058
Update IIS.fuzz.txt 
https://twitter.com/mrr0y4l3/status/1106602488495525888?s=12
 2019-03-18 20:00:54 +01:00
Dirk
cea5abf93d Adding more springboot entrypoints 2019-03-17 11:47:50 +01:00
g0tmi1k
6830bbe052
Merge pull request #278 from tkisason/patch-1 
Update spring-boot.txt

Source: https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
 2019-03-16 20:31:21 +00:00
ArgentEnergy
7fa417a3d5 Added more AEM paths. 2019-03-15 21:43:31 -03:00
ArgentEnergy
ae88fbed37 Added Swagger paths. 2019-03-15 21:18:17 -03:00
Tonimir Kisasondi
eaccabd89a
Update spring-boot.txt 2019-03-15 22:37:48 +01:00
Tonimir Kisasondi
61b92c599d
Update spring-boot.txt 
Added some other paths according to:
https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
 2019-03-15 22:26:08 +01:00
Liam Somerville
9ddb20063b
Add "admin" 2019-02-22 12:02:05 -07:00
SolomonSklash
9d29d64635
Fixed typo in file name. 
sortedcombied-knock-dnsrecon-fierce-reconng.txt -> sortedcombined-knock-dnsrecon-fierce-reconng.txt
 2019-02-19 10:36:10 -06:00
Andrei Conache
807b08a7eb
add /admin-console directory 2019-02-08 17:16:37 +01:00
g0tmi1k
72d9141eb4
Update secretkeywords.txt 
As requested ~ https://github.com/danielmiessler/SecLists/pull/267#issuecomment-458900997
 2019-01-30 11:12:02 +00:00
g0tmi1k
a0c2048867
Merge pull request #267 from nsonaniya2010/master 
new secret keywords added

Source: 55899c0ee0/SubDomainizer.py (L174)
 2019-01-30 10:52:00 +00:00
Neeraj Edwards
e3cf286b8d
Merge branch 'master' into master 2019-01-30 15:58:29 +05:30
Neeraj Sonaniya
0460f9de6f new secret keywords added 2019-01-30 15:50:09 +05:30
root
f4470cdea6 guly: added shubs lists 2019-01-29 14:48:59 +01:00
g0tmi1k
8f3802fd51
Merge pull request #262 from g0tmi1k/websphere 
Fix #255 - Add more wps
 2019-01-07 15:55:58 +00:00
g0tmi1k
758842d94f Fix #255 - Add more wps 2019-01-07 15:55:10 +00:00
g0tmi1k
5e1dc9cc79 Fix #259 - Recover from bad merge 2019-01-07 15:40:56 +00:00
Daniel Miessler
778b16115f Added https://github.com/g0tmi1k to the project leaders list. 2018-12-31 11:53:56 -08:00
g0tmi1k
f9c1ec678c
Merge pull request #253 from toxydose/master 
Merge and delete vordlists, add login.html to Logins.fuzz.txt
 2018-12-11 11:33:42 +00:00
g0tmi1k
3e30797df9
Merge pull request #254 from g0tmi1k/snmp 
Made OneSixtyOne happy with SNMP
 2018-12-11 11:25:22 +00:00
g0tmi1k
4fb16b1ad3 Made OneSixtyOne happy with SNMP 
Source: https://github.com/trailofbits/onesixtyone/issues/1
 2018-12-11 11:22:26 +00:00
toxydose
5e043e22ba merged FatwireCMS.fuzz.txt fatwire.txt 2018-12-11 04:32:05 +02:00
toxydose
24c955345f contains the same, and less than FatwireCMS.fuzz.txt 2018-12-11 04:12:44 +02:00
toxydose
4bda908742 merged two domino endpoints files 2018-12-11 04:01:38 +02:00
toxydose
82671ffafc add login.html endpoint 2018-12-11 02:27:08 +02:00
toxydose
dd08d4aacb merged two IIS wordlists, deleted file. 2018-12-08 17:22:44 +02:00
toxydose
c638cb3055 File containing the same strings that are included to jboss.txt 2018-12-08 17:05:37 +02:00
toxydose
6aedd5e95d deleted duplicate file vignette.txt that duplicates Vignette.fuzz.txt but do not contains slashes 2018-12-08 17:01:56 +02:00
toxydose
1182e89d55 delete file containing duplicate entries from netware.txt 2018-12-08 16:58:00 +02:00
toxydose
ea352ed2ce - sorted alphabetically 
- removed duplicates
- merged unique with "ColdFusion.fuzz2.txt"
- deleted "ColdFusion.fuzz2.txt"
 2018-12-07 16:22:34 +02:00
toxydose
412153b437 add Atlassian Confluence login endpoints 
Reference: https://confluence.atlassian.com/doc/customizing-the-login-page-163938553.html
 2018-12-06 00:56:47 +02:00
Neeraj Sonaniya
f21a6dfc0a List Addition - A list of secret related keywords should be added 2018-12-03 15:07:32 +05:30
toxydose
277b243d61 add slashes. Some servers are redirecting from folders without slashes to folders with slashes in the end of URI, and 302 is returned instead of 200 2018-12-02 02:39:55 +02:00
toxydose
aac5204f75 add clientaccesspolicy.xml and crossdomain.xml files which are usually contains unsafe wildcarded configurations. 2018-12-02 02:23:41 +02:00
tomcodes
613af9601e Add HashiCorp Vault GUI default URL to quickhits.txt 2018-11-21 16:11:47 +01:00
tomcodes
ff8406d36b Add sonar-project.properties file to quickhits.txt 2018-11-21 15:54:22 +01:00
tomcodes
214a277412 Add AWS CodeDeploy appspec.yml file to quickhits.txt 2018-11-21 15:21:42 +01:00
Alexander Bridges
a53dae2a76
Add /wp-json/wp/v2/users 
Add /wp-json/wp/v2/users WP REST API endpoint which exposes sensitive information - list of all WP users, which could be used for brute-force attacks.
 2018-10-31 23:27:00 +02:00
Alexander Bridges
dbfa5e2b1e
Add some WP rest API endpoints 
reference: http://v2.wp-api.org/
 2018-10-31 23:19:31 +02:00
Alexander Bridges
85cc7eeadf
Added cpanel login page 
reference: https://www.webhostinghub.com/help/learn/cpanel/getting-started/how-to-login-to-cpanel
 2018-10-30 01:00:31 +02:00
g0tmi1k
3327ec8b40
Merge pull request #229 from drwetter/patch-1 
Correct 1 typo in typo3 login ;-)
 2018-10-23 12:53:05 +01:00
Dirk Wetter
e8b1df5f84
Correct 1 typo in typo3 login 
/typo3/in is IMHO not the login.
 2018-10-23 13:50:09 +02:00
Alexander Bridges
2ced567e86
Add Wordpress and Shopware login pages 
Added common Wordpress and Shopware CMS's login forms.

References:
https://premium.wpmudev.org/blog/find-wordpress-login/
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/wordpress.fuzz.txt
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/shopware.txt
 2018-10-23 13:46:26 +03:00
Alexander Bridges
5a88be0c4f
Add Shopware common sensitive files wordlist. 
Shopware is open source e-commerce software 
https://github.com/shopware/shopware 
Shopware wordlist was not presented in this directory. The file should be improved and expanded
 2018-10-17 17:19:53 +03:00
g0tmi1k
d68ba5f9ed Rename "_" -> "-" & found a few new homes 2018-10-15 13:08:10 +01:00
CyberSemtex
a9e9e80884 Deleted the params and functions wordlists. Merged the boring_headers and headers file together then created a version with uppercases 1st letters (including after dashes) and a full uppercase version. Every file have been sorted with -u option to delete duplicates. Hit me up if you find something wrong. 2018-10-04 23:46:58 +02:00
CyberSemtex
a2f0c2cb00 Added the wordlists from param-miner extension of BurpSuite by @albinowax 2018-10-04 23:45:21 +02:00
objectified
bc97ca41f5 added wordlist for Spring Boot (Actuator) 2018-08-23 20:22:01 +02:00
g0tmi1k
201e2abfb5 Close #195 - Confluence administration 
Source: https://confluence.atlassian.com/doc/using-apache-to-limit-access-to-the-confluence-administration-interface-216433019.html
 2018-07-05 07:21:57 +01:00
frite
a3cce76170 Adding jhaddix DNS entries file. 2018-06-30 22:09:30 +01:00
g0tmi1k
3f79d071ce Quick move about 2018-03-21 17:47:29 +00:00
g0tmi1k
c524f768bf Close #148 - More Lotus Domino 
Source: https://github.com/danielmiessler/SecLists/issues/148
Source: 6300758c46/modules/auxiliary/scanner/lotus/lotus_domino_version.rb
Source: 583d0a5ade/domi_owned/fingerprint.py (L60-L72)
 2018-03-21 17:07:45 +00:00
g0tmi1k
2ff356ee2a Add domi-owned 
Source: https://github.com/coldfusion39/domi-owned
 2018-03-21 17:04:37 +00:00
g0tmi1k
df9697d189 Add Domino-Hunter 
Source: https://sourceforge.net/projects/dominohunter/
 2018-03-21 16:59:57 +00:00
g0tmi1k
7a9a7c6c35 Close #135 - Default web roots (WIP!) 2018-03-21 16:50:02 +00:00
g0tmi1k
2b697209a8 Close #127 - Merge similar WebLogic files 
Command:
cat Weblogic.fuzz.txt weblogic.txt | sed -e 's/^\///' -e 's/ $//' | sort -u | sed -e 's/^/\//' > /tmp/weblogic.txt; mv {/tmp/,}weblogic.txt
cat Websphere.fuzz.txt websphere.txt | sed -e 's/^\///' -e 's/ $//' | sort -u | sed -e 's/^/\//' > /tmp/websphere.txt; mv {/tmp/,}websphere.txt
 2018-03-21 16:44:33 +00:00
g0tmi1k
bddd77825e Close #145 - Update Common_PHP_Filenames.txt (admin*.php) 2018-03-21 16:14:59 +00:00
g0tmi1k
1863878864 Close #153 - Update ApacheTomcat.fuzz.txt 2018-03-21 16:10:27 +00:00
g0tmi1k
1e13b9dc15 Close #177 - Update apache.txt (Add php.ini) 2018-03-21 16:03:59 +00:00
Daniel Miessler
befbd5b20d
Merge pull request #168 from tomcodes/master 
Add gitlab related urls to quickhits.txt
 2018-03-19 19:14:58 -07:00
g0tmi1k
3043259a0a Removed domains & duplicates (Fix #138) 2018-03-07 11:42:24 +00:00
g0tmi1k
58fadb9d32 Removed duplicate lines (Start of fix: #138) 2018-03-07 11:15:09 +00:00
g0tmi1k
08f12147a3 Add "-" to split up words, moved files since PR accepted 
- PRs: #122, #123, #125, #126, #136, #146, #149, #162, #174, #176
 2018-03-05 10:30:27 +00:00
g0tmi1k
47afcb61e2 Removed duplicate files 2018-03-05 10:04:37 +00:00
g0tmi1k
7a55e1871c Remove pointless files. 2018-03-05 09:52:00 +00:00
Thomas Arthus
4f664bb240 Merge remote-tracking branch 'upstream/master' 2018-03-05 10:48:09 +01:00
Daniel Miessler
93984aaffd
Merge pull request #146 from giomke/patch-1 
Create coin miners list
 2018-03-04 12:32:27 -08:00
Daniel Miessler
24e9df940f
Merge pull request #136 from mazen160/master 
Added @mazen160 wordlist for common web API endpoints.
 2018-03-04 12:27:24 -08:00
Daniel Miessler
1ed82e703a
Merge pull request #125 from Rbcafe/patch-1 
Create flyspray-1.0RC4
 2018-03-04 12:24:19 -08:00
Daniel Miessler
b5d9ff5705
Merge pull request #126 from Rbcafe/patch-2 
Create piwik-3.0.4
 2018-03-04 12:23:52 -08:00
Daniel Miessler
49a6d721ff
Merge pull request #128 from g0tmi1k/structure 
Structure Clean Up
 2018-03-04 12:23:06 -08:00
tomcodes
084e597f0e Add gitlab related urls to quickhits.txt 2018-01-24 09:30:54 +01:00
Daniel Miessler
7cf6e78ff5 Addded Darkweb 10,100,1K,10K to Passwords. 2018-01-02 21:46:14 -08:00
g0tmi1k
b794d53a28 Add "Web-Shells" 2017-12-20 16:32:34 +00:00
Daniel Miessler
b794ed7aaa Updated licensing. 2017-12-19 05:17:27 -08:00
g0tmi1k
85ac8e9be7 Fix merge conflict 2017-11-27 15:08:43 +00:00
Giorgi Mkervalishvili
a1964c7fae Create coin miners list 
It's not exactly security issue but sometimes this sources is indicator of  compromise
 2017-10-19 10:44:28 +04:00
Jason Haddix
bc2b43d815 Create AdobeCQ-AEM 2017-10-01 16:15:20 -07:00
Jason Haddix
e206be9ce5 Create Jenkins-Hudson.txt 2017-09-27 23:44:51 -07:00
Mazin Ahmed
7bbc06c6e2 Added @mazen160 wordlist for common web API endpoints. 2017-09-26 01:17:27 +03:00
g0tmi1k
25d4ac447e rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
g0tmi1k
7ac72f1003 Removed duplicate files 2017-07-11 13:59:26 +01:00
g0tmi1k
a97be9373e Started sorting "Miscellaneous/" & "Fuzzing/" 2017-07-11 13:53:16 +01:00
g0tmi1k
6f69a35b5e Started clean up on "Discovery/Web_Content" 2017-07-11 13:36:01 +01:00
g0tmi1k
f304f79ae6 Add Discovery/SNMP 2017-07-11 12:48:33 +01:00
g0tmi1k
dcf8a43baa Add Discovery/Infrastructure 2017-07-11 12:48:23 +01:00
g0tmi1k
3d25aca3d6 Moved leaked passwords lists 2017-07-11 12:47:47 +01:00
Rbcafe
3f29afd7ef Rename flyspray-1.0RC4 to flyspray-1.0RC4.txt 2017-07-03 10:26:52 +02:00
Rbcafe
458fba42d1 Rename piwik-3.0.4 to piwik-3.0.4.txt 2017-07-03 10:26:19 +02:00
Rbcafe
33ffbd78bc Create piwik-3.0.4 2017-07-03 10:14:33 +02:00
Rbcafe
77d5efdb2b Create flyspray-1.0RC4 2017-07-03 10:12:29 +02:00
Jason Haddix
6e15b1e160 Add files via upload 2017-05-20 18:09:32 -07:00
Daniel Miessler
ffce0051e4 Merge pull request #113 from ilyaglow/fix/bitquark-subdomains-location 
Move bitquark subdomains list to Discovery
 2017-05-11 21:51:25 -04:00
Daniel Miessler
aefcb3690c Merge pull request #107 from Rbcafe/patch-4 
Create Roundcube_123.txt
 2017-05-11 21:50:36 -04:00
Daniel Miessler
ea4523a98a Merge pull request #103 from upgoingstar/patch-1 
Created Sitefinity_fuzz.txt
 2017-05-11 21:49:52 -04:00
Daniel Miessler
d4652a7126 Merge pull request #102 from 0x6c7862/master 
Golang common routes
 2017-05-11 21:49:33 -04:00
Daniel Miessler
def29d4e8c Merge pull request #94 from brezelbaecker/master 
Added SAP ICM auth guest-login bypass URL
 2017-05-11 21:48:38 -04:00
Daniel Miessler
9aab1014e9 Merge pull request #92 from alexlauerman/master 
Improved test cases
 2017-05-11 21:47:55 -04:00
Daniel Miessler
a650494c4e Merge pull request #87 from Rbcafe/patch-3 
Create symphony_267_xslt_cms.txt
 2017-05-11 21:46:49 -04:00
Daniel Miessler
06eae1fa4b Merge pull request #86 from Rbcafe/patch-2 
Create symfony_315_demo.txt
 2017-05-11 21:46:32 -04:00
Daniel Miessler
15a13e4ecc Merge pull request #83 from Rbcafe/patch-1 
Create nginx.txt
 2017-05-11 21:44:15 -04:00
Daniel Miessler
6183717491 Merge pull request #74 from whoot/master 
Version and Install files
 2017-05-11 21:41:29 -04:00
James Ebentier
d9175ca5df Add jsp login page 2017-05-06 18:10:17 -07:00
James Ebentier
75af43ba78 Add rails entry for index potential files 2017-05-06 17:18:57 -07:00
Jason Haddix
e134f4c3c6 Update Logins.fuzz.txt 
invocactf
 2017-05-06 13:24:59 -07:00
Jason Haddix
82ae9d7576 Update Common_PHP_Filenames.txt 2017-05-06 13:22:59 -07:00
Ilya Glotov
2f921032f0
Move bitquark subdomains list to Discovery 2017-04-07 16:15:55 +03:00
Rbcafe
eb761d5427 Create Roundcube_123.txt 2017-02-09 06:50:53 +01:00
Jason Haddix
25939f605f Create db_backups.txt 2017-01-16 18:03:00 -08:00
Shubham mittal
b09bf67599 Created Sitefinity_fuzz.txt 
For CMS Sitefinity
 2016-12-29 15:55:42 +05:30
lxb
844400b9b0
Golang common routes 2016-12-20 10:01:31 +11:00
Wojtek Przibylla
5b3ed33eeb Added string sap/admin/index.html that bypasses the guest 
authentication for the ICM Administration interface. Related to the URL sap/admin/default.html string which requires authentication.
 2016-11-07 16:20:52 +01:00
Alex Lauerman
0097d1823b Created Linux File List 
Generated a trimmed list of common Linux files, useful in blindly fuzzing path traversal and XXE.
 2016-10-29 20:50:31 -05:00
Rbcafe
249d5690f3 Create symphony_267_xslt_cms.txt 
Files inside "Symphony XSLT CMS 2.6.7"

Best regards
@rbcafe
 2016-10-13 10:32:38 +02:00
Rbcafe
7c60ee37bc Create symfony_315_demo.txt 
Files inside "Symfony Demo Application"
 2016-10-13 10:24:23 +02:00
Rbcafe
859a46344c Create nginx.txt 2016-10-10 10:49:35 +02:00
Jan Rude
1ac97d75e5 Version and Install files 
Added new Changelog/install files as seen in Typo3 and Tomcat
 2016-09-08 09:31:49 +02:00
Daniel Miessler
8ef8694256 Merge pull request #67 from henshin/patch-1 
Support for CVE-2007-1860 mod_jk double encoding
 2016-08-17 11:09:14 -07:00
Ailton Caetano
022b00b4c9 added a couple of folders to Vignette lists 2016-07-29 19:04:07 -03:00
Tiago Sintra
fff5faa976 Support for CVE-2007-1860 mod_jk double encoding 
Added paths that will check access control bypass using double encoding (CVE-2007-1860) that could allow a remote user to access Tomcat's administration panel.
Based on the scenario demonstrated on https://pentesterlab.com/exercises/cve-2007-1860/course
 2016-07-28 14:10:42 +02:00
g0tmi1k
aad07fff50 Removed duplicate values - awk '!x[$0]++' 2016-05-17 12:39:21 +01:00
g0tmi1k
164a5337b2 Remove multi empty lines 2016-05-17 12:20:38 +01:00
g0tmi1k
89b2494409 Added file extensions 2016-05-17 12:08:06 +01:00
g0tmi1k
457997fd6a Changing permissions to everything matches - 0644 2016-05-17 12:04:45 +01:00
Daniel Miessler
d698104724 Moved public repo stuff to Discovery. 2016-03-29 16:08:29 -07:00
Daniel Miessler
d67b07d6d3 Merge pull request #47 from alexlauerman/patch-1 
Removed trailing whitespace from entries in axis.txt
 2016-03-07 13:02:34 -08:00
Jay Turla
c64ee8540c Update ApacheTomcat.fuzz.txt 
adding MicroStrategy Web Universal Administrator
 2016-01-28 07:36:40 +08:00
Alex Lauerman
2674664a49 Removed trailing whitespace 
Requesting "/happyaxis.jsp     HTTP/1.1" (note the extra whitespace) could cause issue.
 2016-01-26 11:23:42 -06:00
Daniel Miessler
ee8e5385df Merge pull request #30 from albinowax/master 
Add wordlist for bruteforcing hidden GET/POST parameters
 2016-01-04 13:29:30 -08:00
Daniel Miessler
5197526414 Merge pull request #32 from g0tmi1k/DNS 
DNS
 2016-01-04 13:28:29 -08:00
Jason Haddix
bd0bba2498 Create quickhits.txt 
user submitted via twitter, source: https://bo0om.ru/fuzz.txt
 2015-12-02 23:33:37 -08:00
Jason Haddix
8b4e1a4e85 add dns recon 2015-11-03 12:28:19 -08:00
Daniel Miessler
155664bcce Added RobotsDisallowed content to Discovery/Web_Content 2015-09-23 09:41:27 -07:00
g0tmi1k
4713733624 ethicalhack3r's Zone Transfers The Alexa Top 1M 
Source: http://www.ethicalhack3r.co.uk/zone-transf`ers-on-the-alexa-top-1-million-part-2/
 2015-08-27 11:06:24 +01:00
g0tmi1k
6ba1cc3751 Fix permissions 2015-08-27 11:00:45 +01:00
James Kettle
9309803f3f Add wordlist for bruteforcing hidden GET/POST parameters 2015-08-13 14:11:37 +01:00
Daniel Miessler
232ce766d9 Moar structure. 2015-08-04 11:20:14 -07:00
Daniel Miessler
70a2b58c5d Moar directory motionz. 2015-08-04 10:50:55 -07:00
Daniel Miessler
c90f845a8f Updating project structure. 2015-08-04 10:38:59 -07:00
Daniel Miessler
49f1acb96c Updating project structure. 2015-08-04 10:34:44 -07:00
Daniel Miessler
df0622ea7f Merge pull request #18 from shipcod3/patch-7 
Create backup_files.txt
 2015-02-09 21:51:56 -08:00
JT
fa8a4e3a2e Create Common_PHP_Filenames.txt 
common PHP filenames
 2015-02-04 15:21:01 +08:00
JT
8295de1680 Create backup_files.txt 
backup files for common CMS config files
 2015-02-04 14:57:47 +08:00
Daniel Miessler
f1f512c541 Merge pull request #10 from dalvarezs/businessobjects 
SAP BusinessObjects URLs
 2015-02-03 19:43:31 -08:00
Daniel Miessler
424740cb96 Merge pull request #11 from shipcod3/master 
Adding more payloads for PHP fuzz and 'malicious.txt', strings for finding backdoor shells, rootkits, botnets, and exploitable functions
 2015-02-03 19:43:15 -08:00
Daniel Miessler
312e524624 Merge pull request #12 from shipcod3/patch-1 
Update Apache.fuzz.txt
 2015-02-03 19:42:48 -08:00
Daniel Miessler
18a02b6347 Merge pull request #14 from shipcod3/patch-3 
Update PHP_CommonBackdoors.fuzz.txt
 2015-02-03 19:42:08 -08:00
Daniel Miessler
22a501476f Merge pull request #15 from shipcod3/patch-4 
Create JSP_CommonBackdoors.fuzz.txt
 2015-02-03 19:31:47 -08:00
JT
9fa9a5e34f Update Apache.fuzz.txt 2015-01-28 03:29:26 +08:00
JT
2ea652864c Create PL_CommonBackdoors.fuzz.txt 2015-01-27 14:46:46 +08:00
JT
aaf7693aea Create JSP_CommonBackdoors.fuzz.txt 
common backdoor filenames for JSP
 2015-01-27 14:43:07 +08:00
JT
84f0001241 Create ASP_CommonBackdoors.fuzz.txt 
Common backdoors for ASP
 2015-01-27 14:38:48 +08:00
JT
99ef24c0ac Update PHP_CommonBackdoors.fuzz.txt 
Adding more common PHP backdoor files
 2015-01-27 14:32:38 +08:00
JT
261cb2c0e9 Update Apache.fuzz.txt 
adding more payloads
 2015-01-26 20:08:05 +08:00
JT
472ab12918 Update PHP.fuzz.txt 2015-01-26 19:22:28 +08:00
JT
525fe93f94 Update PHP.fuzz.txt 
Adding more payloads for PHP.fuzz.txt
 2015-01-26 19:21:22 +08:00
david
2d8ad867e3 SAP BusinessObjects URLs 2015-01-15 22:35:22 +01:00
sinnur
61eff77c49 sorts some files into folders, added nocount versions to some password lists, added a few extra cms lists 2014-05-15 16:18:23 +08:00
charliecampbell
8398d3056d added several lists including ckeditor 2014-03-11 16:22:11 +08:00
charliecampbell
f7c91fcb6e adding some wordlists 2014-02-28 02:48:31 +08:00
Daniel Miessler
9dc0d15475 Added top 100 adobe passwords. 2013-12-21 10:18:08 -06:00
Daniel Miessler
e3ac09ed1c Merge branch 'master' of github.com:danielmiessler/SecLists 2013-03-21 22:27:29 -07:00
Daniel Miessler
c8bfe0c7c8 Added rsnake's fierce host list 2013-03-21 22:26:39 -07:00
jhaddix
03d5620f5d Adding SVN Digger Lists 2013-03-12 13:03:23 -07:00
Daniel Miessler
b9e6418c48 Many additions to the repository... 2012-08-26 20:04:09 -07:00