Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-01-26 10:06:07 +01:00
Code Issues Projects Releases Wiki Activity
2601 commits 2 branches 30 tags 2.7 GiB
Commit graph

876 commits

Author SHA1 Message Date
Alexander Bridges
85cc7eeadf
Added cpanel login page 
reference: https://www.webhostinghub.com/help/learn/cpanel/getting-started/how-to-login-to-cpanel
 2018-10-30 01:00:31 +02:00
g0tmi1k
3327ec8b40
Merge pull request #229 from drwetter/patch-1 
Correct 1 typo in typo3 login ;-)
 2018-10-23 12:53:05 +01:00
Dirk Wetter
e8b1df5f84
Correct 1 typo in typo3 login 
/typo3/in is IMHO not the login.
 2018-10-23 13:50:09 +02:00
Alexander Bridges
2ced567e86
Add Wordpress and Shopware login pages 
Added common Wordpress and Shopware CMS's login forms.

References:
https://premium.wpmudev.org/blog/find-wordpress-login/
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/wordpress.fuzz.txt
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/shopware.txt
 2018-10-23 13:46:26 +03:00
Alexander Bridges
5a88be0c4f
Add Shopware common sensitive files wordlist. 
Shopware is open source e-commerce software 
https://github.com/shopware/shopware 
Shopware wordlist was not presented in this directory. The file should be improved and expanded
 2018-10-17 17:19:53 +03:00
g0tmi1k
d68ba5f9ed Rename "_" -> "-" & found a few new homes 2018-10-15 13:08:10 +01:00
CyberSemtex
a9e9e80884 Deleted the params and functions wordlists. Merged the boring_headers and headers file together then created a version with uppercases 1st letters (including after dashes) and a full uppercase version. Every file have been sorted with -u option to delete duplicates. Hit me up if you find something wrong. 2018-10-04 23:46:58 +02:00
CyberSemtex
a2f0c2cb00 Added the wordlists from param-miner extension of BurpSuite by @albinowax 2018-10-04 23:45:21 +02:00
objectified
bc97ca41f5 added wordlist for Spring Boot (Actuator) 2018-08-23 20:22:01 +02:00
g0tmi1k
201e2abfb5 Close #195 - Confluence administration 
Source: https://confluence.atlassian.com/doc/using-apache-to-limit-access-to-the-confluence-administration-interface-216433019.html
 2018-07-05 07:21:57 +01:00
frite
a3cce76170 Adding jhaddix DNS entries file. 2018-06-30 22:09:30 +01:00
g0tmi1k
3f79d071ce Quick move about 2018-03-21 17:47:29 +00:00
g0tmi1k
c524f768bf Close #148 - More Lotus Domino 
Source: https://github.com/danielmiessler/SecLists/issues/148
Source: 6300758c46/modules/auxiliary/scanner/lotus/lotus_domino_version.rb
Source: 583d0a5ade/domi_owned/fingerprint.py (L60-L72)
 2018-03-21 17:07:45 +00:00
g0tmi1k
2ff356ee2a Add domi-owned 
Source: https://github.com/coldfusion39/domi-owned
 2018-03-21 17:04:37 +00:00
g0tmi1k
df9697d189 Add Domino-Hunter 
Source: https://sourceforge.net/projects/dominohunter/
 2018-03-21 16:59:57 +00:00
g0tmi1k
7a9a7c6c35 Close #135 - Default web roots (WIP!) 2018-03-21 16:50:02 +00:00
g0tmi1k
2b697209a8 Close #127 - Merge similar WebLogic files 
Command:
cat Weblogic.fuzz.txt weblogic.txt | sed -e 's/^\///' -e 's/ $//' | sort -u | sed -e 's/^/\//' > /tmp/weblogic.txt; mv {/tmp/,}weblogic.txt
cat Websphere.fuzz.txt websphere.txt | sed -e 's/^\///' -e 's/ $//' | sort -u | sed -e 's/^/\//' > /tmp/websphere.txt; mv {/tmp/,}websphere.txt
 2018-03-21 16:44:33 +00:00
g0tmi1k
bddd77825e Close #145 - Update Common_PHP_Filenames.txt (admin*.php) 2018-03-21 16:14:59 +00:00
g0tmi1k
1863878864 Close #153 - Update ApacheTomcat.fuzz.txt 2018-03-21 16:10:27 +00:00
g0tmi1k
1e13b9dc15 Close #177 - Update apache.txt (Add php.ini) 2018-03-21 16:03:59 +00:00
Daniel Miessler
befbd5b20d
Merge pull request #168 from tomcodes/master 
Add gitlab related urls to quickhits.txt
 2018-03-19 19:14:58 -07:00
g0tmi1k
3043259a0a Removed domains & duplicates (Fix #138) 2018-03-07 11:42:24 +00:00
g0tmi1k
58fadb9d32 Removed duplicate lines (Start of fix: #138) 2018-03-07 11:15:09 +00:00
g0tmi1k
08f12147a3 Add "-" to split up words, moved files since PR accepted 
- PRs: #122, #123, #125, #126, #136, #146, #149, #162, #174, #176
 2018-03-05 10:30:27 +00:00
g0tmi1k
47afcb61e2 Removed duplicate files 2018-03-05 10:04:37 +00:00
g0tmi1k
7a55e1871c Remove pointless files. 2018-03-05 09:52:00 +00:00
Thomas Arthus
4f664bb240 Merge remote-tracking branch 'upstream/master' 2018-03-05 10:48:09 +01:00
Daniel Miessler
93984aaffd
Merge pull request #146 from giomke/patch-1 
Create coin miners list
 2018-03-04 12:32:27 -08:00
Daniel Miessler
24e9df940f
Merge pull request #136 from mazen160/master 
Added @mazen160 wordlist for common web API endpoints.
 2018-03-04 12:27:24 -08:00
Daniel Miessler
1ed82e703a
Merge pull request #125 from Rbcafe/patch-1 
Create flyspray-1.0RC4
 2018-03-04 12:24:19 -08:00
Daniel Miessler
b5d9ff5705
Merge pull request #126 from Rbcafe/patch-2 
Create piwik-3.0.4
 2018-03-04 12:23:52 -08:00
Daniel Miessler
49a6d721ff
Merge pull request #128 from g0tmi1k/structure 
Structure Clean Up
 2018-03-04 12:23:06 -08:00
tomcodes
084e597f0e Add gitlab related urls to quickhits.txt 2018-01-24 09:30:54 +01:00
Daniel Miessler
7cf6e78ff5 Addded Darkweb 10,100,1K,10K to Passwords. 2018-01-02 21:46:14 -08:00
g0tmi1k
b794d53a28 Add "Web-Shells" 2017-12-20 16:32:34 +00:00
Daniel Miessler
b794ed7aaa Updated licensing. 2017-12-19 05:17:27 -08:00
g0tmi1k
85ac8e9be7 Fix merge conflict 2017-11-27 15:08:43 +00:00
Giorgi Mkervalishvili
a1964c7fae Create coin miners list 
It's not exactly security issue but sometimes this sources is indicator of  compromise
 2017-10-19 10:44:28 +04:00
Jason Haddix
bc2b43d815 Create AdobeCQ-AEM 2017-10-01 16:15:20 -07:00
Jason Haddix
e206be9ce5 Create Jenkins-Hudson.txt 2017-09-27 23:44:51 -07:00
Mazin Ahmed
7bbc06c6e2 Added @mazen160 wordlist for common web API endpoints. 2017-09-26 01:17:27 +03:00
g0tmi1k
25d4ac447e rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
g0tmi1k
7ac72f1003 Removed duplicate files 2017-07-11 13:59:26 +01:00
g0tmi1k
a97be9373e Started sorting "Miscellaneous/" & "Fuzzing/" 2017-07-11 13:53:16 +01:00
g0tmi1k
6f69a35b5e Started clean up on "Discovery/Web_Content" 2017-07-11 13:36:01 +01:00
g0tmi1k
f304f79ae6 Add Discovery/SNMP 2017-07-11 12:48:33 +01:00
g0tmi1k
dcf8a43baa Add Discovery/Infrastructure 2017-07-11 12:48:23 +01:00
g0tmi1k
3d25aca3d6 Moved leaked passwords lists 2017-07-11 12:47:47 +01:00
Rbcafe
3f29afd7ef Rename flyspray-1.0RC4 to flyspray-1.0RC4.txt 2017-07-03 10:26:52 +02:00
Rbcafe
458fba42d1 Rename piwik-3.0.4 to piwik-3.0.4.txt 2017-07-03 10:26:19 +02:00
Rbcafe
33ffbd78bc Create piwik-3.0.4 2017-07-03 10:14:33 +02:00
Rbcafe
77d5efdb2b Create flyspray-1.0RC4 2017-07-03 10:12:29 +02:00
Jason Haddix
6e15b1e160 Add files via upload 2017-05-20 18:09:32 -07:00
Daniel Miessler
ffce0051e4 Merge pull request #113 from ilyaglow/fix/bitquark-subdomains-location 
Move bitquark subdomains list to Discovery
 2017-05-11 21:51:25 -04:00
Daniel Miessler
aefcb3690c Merge pull request #107 from Rbcafe/patch-4 
Create Roundcube_123.txt
 2017-05-11 21:50:36 -04:00
Daniel Miessler
ea4523a98a Merge pull request #103 from upgoingstar/patch-1 
Created Sitefinity_fuzz.txt
 2017-05-11 21:49:52 -04:00
Daniel Miessler
d4652a7126 Merge pull request #102 from 0x6c7862/master 
Golang common routes
 2017-05-11 21:49:33 -04:00
Daniel Miessler
def29d4e8c Merge pull request #94 from brezelbaecker/master 
Added SAP ICM auth guest-login bypass URL
 2017-05-11 21:48:38 -04:00
Daniel Miessler
9aab1014e9 Merge pull request #92 from alexlauerman/master 
Improved test cases
 2017-05-11 21:47:55 -04:00
Daniel Miessler
a650494c4e Merge pull request #87 from Rbcafe/patch-3 
Create symphony_267_xslt_cms.txt
 2017-05-11 21:46:49 -04:00
Daniel Miessler
06eae1fa4b Merge pull request #86 from Rbcafe/patch-2 
Create symfony_315_demo.txt
 2017-05-11 21:46:32 -04:00
Daniel Miessler
15a13e4ecc Merge pull request #83 from Rbcafe/patch-1 
Create nginx.txt
 2017-05-11 21:44:15 -04:00
Daniel Miessler
6183717491 Merge pull request #74 from whoot/master 
Version and Install files
 2017-05-11 21:41:29 -04:00
James Ebentier
d9175ca5df Add jsp login page 2017-05-06 18:10:17 -07:00
James Ebentier
75af43ba78 Add rails entry for index potential files 2017-05-06 17:18:57 -07:00
Jason Haddix
e134f4c3c6 Update Logins.fuzz.txt 
invocactf
 2017-05-06 13:24:59 -07:00
Jason Haddix
82ae9d7576 Update Common_PHP_Filenames.txt 2017-05-06 13:22:59 -07:00
Ilya Glotov
2f921032f0
Move bitquark subdomains list to Discovery 2017-04-07 16:15:55 +03:00
Rbcafe
eb761d5427 Create Roundcube_123.txt 2017-02-09 06:50:53 +01:00
Jason Haddix
25939f605f Create db_backups.txt 2017-01-16 18:03:00 -08:00
Shubham mittal
b09bf67599 Created Sitefinity_fuzz.txt 
For CMS Sitefinity
 2016-12-29 15:55:42 +05:30
lxb
844400b9b0
Golang common routes 2016-12-20 10:01:31 +11:00
Wojtek Przibylla
5b3ed33eeb Added string sap/admin/index.html that bypasses the guest 
authentication for the ICM Administration interface. Related to the URL sap/admin/default.html string which requires authentication.
 2016-11-07 16:20:52 +01:00
Alex Lauerman
0097d1823b Created Linux File List 
Generated a trimmed list of common Linux files, useful in blindly fuzzing path traversal and XXE.
 2016-10-29 20:50:31 -05:00
Rbcafe
249d5690f3 Create symphony_267_xslt_cms.txt 
Files inside "Symphony XSLT CMS 2.6.7"

Best regards
@rbcafe
 2016-10-13 10:32:38 +02:00
Rbcafe
7c60ee37bc Create symfony_315_demo.txt 
Files inside "Symfony Demo Application"
 2016-10-13 10:24:23 +02:00
Rbcafe
859a46344c Create nginx.txt 2016-10-10 10:49:35 +02:00
Jan Rude
1ac97d75e5 Version and Install files 
Added new Changelog/install files as seen in Typo3 and Tomcat
 2016-09-08 09:31:49 +02:00
Daniel Miessler
8ef8694256 Merge pull request #67 from henshin/patch-1 
Support for CVE-2007-1860 mod_jk double encoding
 2016-08-17 11:09:14 -07:00
Ailton Caetano
022b00b4c9 added a couple of folders to Vignette lists 2016-07-29 19:04:07 -03:00
Tiago Sintra
fff5faa976 Support for CVE-2007-1860 mod_jk double encoding 
Added paths that will check access control bypass using double encoding (CVE-2007-1860) that could allow a remote user to access Tomcat's administration panel.
Based on the scenario demonstrated on https://pentesterlab.com/exercises/cve-2007-1860/course
 2016-07-28 14:10:42 +02:00
g0tmi1k
aad07fff50 Removed duplicate values - awk '!x[$0]++' 2016-05-17 12:39:21 +01:00
g0tmi1k
164a5337b2 Remove multi empty lines 2016-05-17 12:20:38 +01:00
g0tmi1k
89b2494409 Added file extensions 2016-05-17 12:08:06 +01:00
g0tmi1k
457997fd6a Changing permissions to everything matches - 0644 2016-05-17 12:04:45 +01:00
Daniel Miessler
d698104724 Moved public repo stuff to Discovery. 2016-03-29 16:08:29 -07:00
Daniel Miessler
d67b07d6d3 Merge pull request #47 from alexlauerman/patch-1 
Removed trailing whitespace from entries in axis.txt
 2016-03-07 13:02:34 -08:00
Jay Turla
c64ee8540c Update ApacheTomcat.fuzz.txt 
adding MicroStrategy Web Universal Administrator
 2016-01-28 07:36:40 +08:00
Alex Lauerman
2674664a49 Removed trailing whitespace 
Requesting "/happyaxis.jsp     HTTP/1.1" (note the extra whitespace) could cause issue.
 2016-01-26 11:23:42 -06:00
Daniel Miessler
ee8e5385df Merge pull request #30 from albinowax/master 
Add wordlist for bruteforcing hidden GET/POST parameters
 2016-01-04 13:29:30 -08:00
Daniel Miessler
5197526414 Merge pull request #32 from g0tmi1k/DNS 
DNS
 2016-01-04 13:28:29 -08:00
Jason Haddix
bd0bba2498 Create quickhits.txt 
user submitted via twitter, source: https://bo0om.ru/fuzz.txt
 2015-12-02 23:33:37 -08:00
Jason Haddix
8b4e1a4e85 add dns recon 2015-11-03 12:28:19 -08:00
Daniel Miessler
155664bcce Added RobotsDisallowed content to Discovery/Web_Content 2015-09-23 09:41:27 -07:00
g0tmi1k
4713733624 ethicalhack3r's Zone Transfers The Alexa Top 1M 
Source: http://www.ethicalhack3r.co.uk/zone-transf`ers-on-the-alexa-top-1-million-part-2/
 2015-08-27 11:06:24 +01:00
g0tmi1k
6ba1cc3751 Fix permissions 2015-08-27 11:00:45 +01:00
James Kettle
9309803f3f Add wordlist for bruteforcing hidden GET/POST parameters 2015-08-13 14:11:37 +01:00
Daniel Miessler
232ce766d9 Moar structure. 2015-08-04 11:20:14 -07:00
Daniel Miessler
70a2b58c5d Moar directory motionz. 2015-08-04 10:50:55 -07:00
Daniel Miessler
c90f845a8f Updating project structure. 2015-08-04 10:38:59 -07:00
Daniel Miessler
49f1acb96c Updating project structure. 2015-08-04 10:34:44 -07:00
Daniel Miessler
df0622ea7f Merge pull request #18 from shipcod3/patch-7 
Create backup_files.txt
 2015-02-09 21:51:56 -08:00
JT
fa8a4e3a2e Create Common_PHP_Filenames.txt 
common PHP filenames
 2015-02-04 15:21:01 +08:00
JT
8295de1680 Create backup_files.txt 
backup files for common CMS config files
 2015-02-04 14:57:47 +08:00
Daniel Miessler
f1f512c541 Merge pull request #10 from dalvarezs/businessobjects 
SAP BusinessObjects URLs
 2015-02-03 19:43:31 -08:00
Daniel Miessler
424740cb96 Merge pull request #11 from shipcod3/master 
Adding more payloads for PHP fuzz and 'malicious.txt', strings for finding backdoor shells, rootkits, botnets, and exploitable functions
 2015-02-03 19:43:15 -08:00
Daniel Miessler
312e524624 Merge pull request #12 from shipcod3/patch-1 
Update Apache.fuzz.txt
 2015-02-03 19:42:48 -08:00
Daniel Miessler
18a02b6347 Merge pull request #14 from shipcod3/patch-3 
Update PHP_CommonBackdoors.fuzz.txt
 2015-02-03 19:42:08 -08:00
Daniel Miessler
22a501476f Merge pull request #15 from shipcod3/patch-4 
Create JSP_CommonBackdoors.fuzz.txt
 2015-02-03 19:31:47 -08:00
JT
9fa9a5e34f Update Apache.fuzz.txt 2015-01-28 03:29:26 +08:00
JT
2ea652864c Create PL_CommonBackdoors.fuzz.txt 2015-01-27 14:46:46 +08:00
JT
aaf7693aea Create JSP_CommonBackdoors.fuzz.txt 
common backdoor filenames for JSP
 2015-01-27 14:43:07 +08:00
JT
84f0001241 Create ASP_CommonBackdoors.fuzz.txt 
Common backdoors for ASP
 2015-01-27 14:38:48 +08:00
JT
99ef24c0ac Update PHP_CommonBackdoors.fuzz.txt 
Adding more common PHP backdoor files
 2015-01-27 14:32:38 +08:00
JT
261cb2c0e9 Update Apache.fuzz.txt 
adding more payloads
 2015-01-26 20:08:05 +08:00
JT
472ab12918 Update PHP.fuzz.txt 2015-01-26 19:22:28 +08:00
JT
525fe93f94 Update PHP.fuzz.txt 
Adding more payloads for PHP.fuzz.txt
 2015-01-26 19:21:22 +08:00
david
2d8ad867e3 SAP BusinessObjects URLs 2015-01-15 22:35:22 +01:00
sinnur
61eff77c49 sorts some files into folders, added nocount versions to some password lists, added a few extra cms lists 2014-05-15 16:18:23 +08:00
charliecampbell
8398d3056d added several lists including ckeditor 2014-03-11 16:22:11 +08:00
charliecampbell
f7c91fcb6e adding some wordlists 2014-02-28 02:48:31 +08:00
Daniel Miessler
9dc0d15475 Added top 100 adobe passwords. 2013-12-21 10:18:08 -06:00
Daniel Miessler
e3ac09ed1c Merge branch 'master' of github.com:danielmiessler/SecLists 2013-03-21 22:27:29 -07:00
Daniel Miessler
c8bfe0c7c8 Added rsnake's fierce host list 2013-03-21 22:26:39 -07:00
jhaddix
03d5620f5d Adding SVN Digger Lists 2013-03-12 13:03:23 -07:00
Daniel Miessler
b9e6418c48 Many additions to the repository... 2012-08-26 20:04:09 -07:00