Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-01-19 22:52:35 +01:00
Code Issues Projects Releases Wiki Activity
2601 commits 2 branches 30 tags 2.6 GiB
Commit graph

876 commits

Author SHA1 Message Date
GitHub Action
fd4d0a7807 [Github Action] Updated combined_directories.txt 2023-11-23 17:31:36 +00:00
g0tmi1k
7dcdadeeed
Merge pull request #905 from ThomasBucaioni/master 
Typos in discovery files
 2023-11-23 17:30:51 +00:00
GitHub Action
af5c6419e7 [Github Action] Updated combined_words.txt 2023-11-23 17:30:12 +00:00
g0tmi1k
7606e16b66
Merge pull request #906 from DmytroKashchuk/patch-1 
Update raft-medium-words.txt

Source: https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html
 2023-11-23 17:29:33 +00:00
g0tmi1k
65a1d20276
Merge pull request #914 from olizimmermann/master 
Certstream subdomains analysis
 2023-11-23 17:22:14 +00:00
Zyaire
cb5c387a2b
Update common-http-ports.txt 
Add port 8000
 2023-10-23 09:50:17 +08:00
olizimmermann
81cdc0b85e added certstream subdomains analysis 2023-10-22 20:01:08 +02:00
Sébastien Copin
e275915058
Update salesforce-aura-objects.txt 
Update Salesforce standard objects
 2023-10-19 11:57:25 +02:00
Dmytro Kashchuk
65d8f6eb4d
Update raft-medium-words.txt 
Adding "actuator" word in the list
 2023-10-05 11:54:47 +02:00
ThomasBucaioni
2874a0acaa Typos 2023-09-23 09:15:11 +02:00
CountablyInfinite
59bd80122e added wso2 api manager endpoint /services/WorkflowCallbackService?wsdl 2023-09-20 20:18:49 +02:00
Sourav Chakraborty
bbbba7123e Trace.axd has been added to dirsearch.txt which can expose sensitive information about the target 2023-09-08 10:40:41 +05:30
Adil Nadeem Babras
a2133616d4
Dutch Wordlist 
List of Dutch words scrape mostly from NL websites and some words collected from other sources.
 2023-08-16 03:43:07 +05:00
GitHub Action
395c945627 [Github Action] Updated combined_directories.txt 2023-08-15 21:48:36 +00:00
g0tmi1k
16dd537332
Merge pull request #864 from cosad3s/master 
Add PulseSecure wordlist
 2023-08-15 22:31:46 +01:00
g0tmi1k
e034442490
Merge pull request #894 from dylleb/patch-1 
Added .phar

Source: https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html#introduction
 2023-08-15 22:31:22 +01:00
g0tmi1k
8b719e8a28
Merge pull request #878 from denandz/restandardize-leading-slashes 
Fixes #876 - Standardize leading slases in web content discovery lists
 2023-08-15 22:20:17 +01:00
GitHub Action
16048fe918 [Github Action] Updated combined_words.txt 2023-08-15 21:06:56 +00:00
lebz
83b47d72aa
Creation of web-extensions-big.txt 2023-08-14 14:23:42 +02:00
lebz
f16bde83c0
Added .phar 2023-08-14 13:32:22 +02:00
Dominique RIGHETTO
e3ae747e69
Add K8S monitoring endpoints 2023-07-27 09:21:19 +02:00
Dominique RIGHETTO
7b00abf1b7
Update objects-lowercase.txt 2023-06-06 13:02:52 +02:00
Dominique RIGHETTO
7cf06f0ae6
Update objects-uppercase.txt 2023-06-06 13:02:26 +02:00
Dominique RIGHETTO
df7ee5ce10
Update objects-lowercase.txt 2023-06-06 13:01:48 +02:00
Dominique RIGHETTO
0634488f50
Update common.txt 2023-06-01 10:27:43 +02:00
DoI
82438ac31c Standardize leading slases in web conent 
Added bonus of moving ispsystem_billmanager_api.txt from CRLF to LF line
endings.
 2023-05-18 23:55:53 +12:00
Dominique RIGHETTO
9cae2f8bae
Add config files 2023-05-18 08:30:06 +02:00
GitHub Action
e2b935d691 [Github Action] Updated combined_directories.txt 2023-05-16 08:56:48 +00:00
g0tmi1k
1829bf195b
Merge pull request #852 from dabasanta/danilobasanta 
Dictionary of more than 5000 subdomains in Spanish
 2023-05-16 09:32:35 +01:00
g0tmi1k
4001739d74
Merge pull request #860 from righettod/add_new_dict_sap-wso2 
Add dict for SAP Analytics Cloud / WSO2 Entreprise Integrator.

Source: https://www.sap.com/products/technology-platform/cloud-analytics.html
https://ei.docs.wso2.com/en/latest/
https://wso2.com/integration/install/docker/community/get-started/
 2023-05-16 09:31:59 +01:00
g0tmi1k
2e10810b46
Merge pull request #866 from ItsIgnacioPortal/wordpress-fuzz 
Removed clutter from prematurely-merged PR (#813)
 2023-05-16 09:29:56 +01:00
Ignacio J. Perez Portal
6a9dd25341 chore: Renamed "WEB-INF-dict.txt" to "vulnerability-scan_j2ee-websites_WEB-INF.txt" 2023-03-17 04:13:03 -03:00
Ignacio J. Perez Portal
62a2ec98c2 chore: sort'ed and uniq'ed wordpress.fuzz.txt 2023-03-17 04:04:55 -03:00
Ignacio J. Perez Portal
fbfe8d8da5 fix: Removed irrelevant/unjustified entries from wordpress.fuzz.txt 2023-03-17 04:03:57 -03:00
Sebastien Copin
5d1bdc3747 Update Pulse Secure VPN wordlist 
Found in the wild
 2023-03-10 17:31:35 +01:00
Sebastien Copin
5fb77a3f36 Add Pulse Secure VPN wordlist 2023-03-09 19:26:07 +01:00
Dominique RIGHETTO
df7a31b1d2
Add files via upload 2023-03-09 13:38:45 +01:00
GitHub Action
7fa58a2a26 [Github Action] Updated combined_words.txt 2023-03-09 12:37:53 +00:00
Dominique RIGHETTO
7732856ab9
Update common.txt 2023-03-09 13:34:32 +01:00
g0tmi1k
4a697dfe49
Merge pull request #827 from ItsIgnacioPortal/dsstore 
Added dsstorewordlist.txt
 2023-03-09 12:19:38 +00:00
g0tmi1k
0268599a8f
Merge pull request #833 from mhmdiaa/trickest-wordlists 
Add Trickest wordlists

Source: https://github.com/trickest/inventory
 2023-03-09 12:16:58 +00:00
g0tmi1k
3256414e81
Merge pull request #834 from kazet/fresher-backups-Discovery/Web-Content/quickhits.txt 
Fresher backups in Discovery/Web-Content/quickhits.txt
 2023-03-09 12:16:14 +00:00
g0tmi1k
92b66ac2f1
Merge pull request #836 from veritysr/master 
Adding wordlist for DotNetNuke resources

Source: https://raw.githubusercontent.com/dnnsoftware/Dnn.Platform/2b530d234439f4e9cb1e0719d76c2bacd475c2d8/DNN%20Platform/Website/DotNetNuke.Website.csproj
 2023-03-09 12:15:00 +00:00
g0tmi1k
96fdca5ff7
Merge pull request #837 from righettod/add-server-js-extension 
Add React Server Components  file extension

Source: 
- https://blog.logrocket.com/what-you-need-to-know-about-react-server-components/
- https://blog.logrocket.com/react-server-components-nextjs-12/
 2023-03-09 12:14:35 +00:00
g0tmi1k
916ba65a9f
Merge pull request #840 from its0x08/patch-1 
Add new entries and sort list

Source: https://github.com/ColdFusionX/CVE-2021-26086
 2023-03-09 12:13:54 +00:00
g0tmi1k
66604e14fb
Merge pull request #846 from blaiddx64/master 
add **swagger-ui/ path (springfox)

Source: https://github.com/springfox/springfox/issues/3362#issuecomment-719617233
 2023-03-09 12:07:56 +00:00
g0tmi1k
74e45d60cc
Merge pull request #849 from n0kovo/master 
Add n0kovo_subdomains.txt

Source: https://n0kovo.github.io/posts/subdomain-enumeration-creating-a-highly-efficient-wordlist-by-scanning-the-entire-internet/
 2023-03-09 12:05:43 +00:00
Adam Katora
3f7ca8a35d
Add .hta to web-extensions.txt 2023-02-25 21:09:55 -05:00
Danilo Basanta
0af12bd241 Dictionary of more than 5000 subdomains in Spanish 2023-02-21 11:11:04 -05:00
n0kovo
0c55bc0dc8 Add n0kovo_subdomains.txt 2023-02-18 02:31:03 +01:00
blaidd
f06a8c5061
remove old invalid entries of swagger-ui 2023-02-11 03:55:38 -03:00
Blaidd
74da3d7c8c
add **swagger-ui/ path 2023-02-09 10:57:16 -03:00
Mohammed Diaa
ca01196bc3 Use more descriptive names for Trickest wordlists 2023-01-16 13:58:06 +02:00
0x08
2b4afcc59e
chore: Add new entries 2023-01-05 22:20:49 +03:00
Dominique RIGHETTO
5501ad52c3 Add server.js extension 2022-12-22 15:09:37 +00:00
Dominique RIGHETTO
aed62548a5 Reset to remote master state 2022-12-22 15:05:08 +00:00
Dominique RIGHETTO
ab0fba3838 Add .server.js extension 2022-12-21 19:15:32 +00:00
sean
07e50c34d3 Adding wordlist for DotNetNuke resources 2022-12-20 14:18:21 -06:00
GitHub Action
8d45daf9fe [Github Action] Updated combined_words.txt 2022-11-27 17:44:18 +00:00
Dominique RIGHETTO
506027e8a9
Enrich content 2022-11-27 18:43:11 +01:00
Krzysztof Zając
0665d0fe72 Fresher backups in Discovery/Web-Content/quickhits.txt 2022-11-25 13:32:56 +01:00
Mohammed Diaa
28f570631a Add Trickest-Technologies wordlists 2022-11-23 13:10:46 +02:00
Mohammed Diaa
d806325fe8 Add Trickest-Robots wordlists 2022-11-23 13:09:58 +02:00
Mohammed Diaa
025f85c7df Add trickest-inventory-subdomains.txt 2022-11-23 13:08:59 +02:00
Ignacio J. Perez Portal
c859bc7d3d
Merge branch 'master' into dsstore 2022-11-23 04:21:05 +00:00
g0tmi1k
7575cbdf93
Merge pull request #828 from CountablyInfinite/master 
Added content discovery for Liferay DXP default portlets
 2022-11-22 12:24:31 +00:00
g0tmi1k
88552f1608
Merge pull request #804 from 0xbuz3R/patch-1 
Update js.txt
 2022-11-22 12:16:37 +00:00
g0tmi1k
ca9d413d7e
Merge pull request #813 from abhishekmorla/master 
added new backupfiles in wordpress fuzz list

Source: https://www.linkedin.com/feed/update/urn:li:activity:6979486318774923264/
 2022-11-22 12:14:19 +00:00
g0tmi1k
8d52809a0a
Merge pull request #812 from tacticthreat/patch-1 
Create hashicorp-consul-api.txt

Source: HashiCorp documentation
 2022-11-22 12:13:03 +00:00
g0tmi1k
e870061b86
Merge pull request #811 from tacticthreat/patch-2 
Create salesforce-aura-objects.txt

Source: Salesforces' documentation
 2022-11-22 12:12:18 +00:00
g0tmi1k
4296f91216
Merge pull request #810 from gypsydiver/wp-plugins-update 
add site-editor and mail-masta to wp-plugins.fuzz.txt
 2022-11-22 12:11:39 +00:00
g0tmi1k
517c44b24e
Merge pull request #808 from InTruder-Sec/master 
Added more API directories for web application  enumeration
 2022-11-22 12:10:51 +00:00
g0tmi1k
2ce0271683
Merge pull request #807 from righettod/feature_update_springboot 
[spring-boot.txt] Add new endpoints

- https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.actuator.management.server.base-path
- https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints
 2022-11-22 12:09:25 +00:00
g0tmi1k
76d436287d
Merge pull request #805 from its0x08/patch-1 
chore: Add WEB-INF list

Source:
- https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
- https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
 2022-11-22 12:08:32 +00:00
g0tmi1k
ad20e71dbc
Merge pull request #801 from righettod/feature_adobe_aem 
[AdobeCQ-AEM.txt] Cleanup and enrichment.

Source: 

- https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security-checklist.html#restrict-access
- https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-configuration.html?lang=en#testing-dispatcher-security
 2022-11-22 12:05:49 +00:00
g0tmi1k
2752f1bf21
Merge pull request #746 from cyberpathogen2018/patch-1 
Fixed typo on line 26

Source: https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
 2022-11-22 12:00:42 +00:00
g0tmi1k
8d08bb324d
Merge pull request #798 from rodnt/patch-1 
Spring Boot RCE involving JMX enabled

Source: https://github.com/pyn3rd/Spring-Boot-Vulnerability#0x05-spring-boot-rce-involving-jmx-enabled
 2022-11-22 11:58:45 +00:00
CountablyInfinite
59ca9892ba added content discovery for liferay dxp portlets 2022-11-17 20:19:41 +01:00
PinkDev1
6362c3e275 Added dsstorewordlist.txt 2022-11-08 19:15:13 -03:00
RR
aacc4cd2c1
Removed duplicate entries 
applied unique to the wordlist removing any duplicates from list
 2022-10-20 11:31:56 -04:00
0x08
a218cf1a62
Merge branch 'danielmiessler:master' into patch-1 2022-10-14 15:04:02 +03:00
RR
69388e96f9
Update hashicorp-consul-api.txt 
removed two comment lines
 2022-10-03 14:54:49 -04:00
RR
5c356da2f6
Update salesforce-aura-objects.txt 
removed comment lines
 2022-10-03 13:24:28 -04:00
abhishekmorla
6f8c6e9226 added new backupfiles in wordpress fuzz list 2022-09-25 23:08:54 +05:30
RR
4bc885b5dd
Create salesforce-aura-objects.txt 2022-09-15 14:44:34 -04:00
RR
960a60fa44
Create hashicorp-consul-api.txt 2022-09-15 14:41:28 -04:00
Fernando Mendoza
62a7e2bf18 add site-editor and mail-masta 2022-09-15 04:06:39 +02:00
0x08
9aa9cbe8d8
chore: Add entry to the README.md 2022-09-11 20:29:45 +03:00
Deep Dhakate
e987cfe049
Update README.md 2022-09-09 16:51:28 +05:30
Deep Dhakate
d923f12bc2
Update README.md 2022-09-08 13:08:14 +05:30
Deep Dhakate
ec1bc6a782
Add files via upload 2022-09-08 13:05:55 +05:30
Dominique RIGHETTO
94f9cd4103
Add missing ones from last doc versions 2022-09-05 18:29:15 +02:00
Dominique RIGHETTO
390477fdc5
Add endpoints 2022-09-05 18:19:14 +02:00
GitHub Action
62e98b2e6b [Github Action] Updated awesome-environment-variable-names.txt 2022-09-01 00:11:48 +00:00
0x08
a8b1094090
chore: Add WEB-INF list 
## Add `WEB-INF` list.
Used to test LFI on j2ee webapps.
### Reference: 
- [https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3](https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3)
- [https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml](https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml)
- [https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java](https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java)
 2022-08-30 22:26:05 +03:00
d3xt4r
5ef677051c
Update js.txt 2022-08-27 01:14:03 +05:30
Dominique RIGHETTO
dadb6f6ebc
Cleanup and enhancement 2022-08-08 18:28:59 +02:00
Rodolfo Tavares
2a5e2b03a9
Spring Boot RCE involving JMX enabled 
Extracted from https://github.com/pyn3rd/Spring-Boot-Vulnerability#0x05-spring-boot-rce-involving-jmx-enabled
 2022-08-03 12:18:24 -03:00
GitHub Action
ef791ad197 [Github Action] Updated combined_directories.txt 2022-08-02 09:54:34 +00:00
g0tmi1k
67887612d7
Merge pull request #777 from ItsIgnacioPortal/fawesome-secrets 
Added awesome-environment-variable-names.txt and an auto-updater github action

Source: https://github.com/Puliczek/awesome-list-of-secrets-in-environment-variables
 2022-08-02 07:16:39 +01:00
g0tmi1k
507b65ef47
Merge pull request #701 from chashtag/master 
Added more PHP web shells
 2022-08-02 07:15:37 +01:00
g0tmi1k
4b2f826fed
Merge pull request #713 from TheQmaks/master 
ISPSystem BillManager - list of api endpoints for hostings penetration tests

Source: https://docs.ispsystem.com/billmanager/developer-section/billmanager-api
 2022-08-02 06:57:38 +01:00
g0tmi1k
20903ee7d8
Merge pull request #756 from ScreaMy7/master 
List of TLDs.

Source:

https://data.iana.org/TLD/tlds-alpha-by-domain.txt
https://tld-list.com/tlds-from-a-z
https://raw.githubusercontent.com/jdgregson/TLD-List/master/newline-separated-tlds.txt
 2022-08-02 06:48:14 +01:00
g0tmi1k
593324addc
Merge pull request #767 from shelld3v/patch-10 
Update dirsearch.txt
 2022-08-02 06:45:45 +01:00
GitHub Action
1ef4dcb96e [Github Action] Updated combined_words.txt 2022-08-02 05:34:58 +00:00
g0tmi1k
ce9f9588b7
Merge pull request #776 from ItsIgnacioPortal/fVersioning-systems 
raft-small-words.txt: Added more source code versioning systems

Source: https://nitter.kavin.rocks/intigriti/status/1533050946212839424
 2022-08-02 06:33:45 +01:00
g0tmi1k
348b6f3f88
Merge pull request #778 from ItsIgnacioPortal/i768 
Fixes #768: Created combined_subdomains.txt and appended "preprod-payroll" to it.
 2022-08-02 06:32:57 +01:00
g0tmi1k
ddd078f4ab
Merge pull request #781 from J-GainSec/patch-1 
Create top-apk-params.txt

Source: 

https://gist.github.com/nullenc0de/be4d0ac216ee4fecab5493555089b28d

https://twitter.com/nullenc0de/status/1425973675715612672

https://gist.github.com/nullenc0de/e9d1f2a8a0a38c9bfcb5bdb9fc7191ea
 2022-08-02 06:28:30 +01:00
g0tmi1k
b949a69cca
Merge pull request #782 from J-GainSec/patch-2 
Create sharepoint.txt

Source: https://github.com/GainSec/TreeHouse-Wordlists/blob/master/Microsoft%20SharePoint.txt
 2022-08-02 06:26:49 +01:00
g0tmi1k
baa6e8599b
Merge pull request #783 from J-GainSec/patch-3 
Create iis-systemweb.txt

Source: https://github.com/GainSec/TreeHouse-Wordlists/blob/master/IIS_Systemweb_fuzz-WL.txt
 2022-08-02 06:25:56 +01:00
g0tmi1k
7fb9827bfc
Merge pull request #784 from J-GainSec/patch-4 
Create forefront-identity-management

Source: https://raw.githubusercontent.com/GainSec/TreeHouse-Wordlists/master/Microsoft-Forefront-Identity-Management-2010.txt
 2022-08-02 06:25:23 +01:00
g0tmi1k
1ebd15c9e5
Merge pull request #786 from J-GainSec/patch-5 
Create uri-from-top-55-most-popular-apps.txt

Source:

https://github.com/danielmiessler/SecLists/pull/781#issuecomment-1168353194

https://twitter.com/nullenc0de/status/1425973675715612672

https://gist.github.com/nullenc0de/e9d1f2a8a0a38c9bfcb5bdb9fc7191ea
 2022-08-02 06:22:46 +01:00
Dominique RIGHETTO
20cb80229b
Add ssh key file name 2022-08-02 06:19:51 +02:00
GitHub Action
51bad1c320 [Github Action] Updated combined_words.txt 2022-08-01 23:11:39 +00:00
Wouter Kobes
f752b04a32 Adds activation to common.txt 2022-07-23 16:42:03 +02:00
J-GainSec
cda67688e9
Update uri-from-top-55-most-popular-apps.txt 
Removed a few useless entries
 2022-06-29 11:10:56 +02:00
J-GainSec
76fbcb2289
Update sharepoint-ennumeration.txt 
Removed any entries with // or /// and reran uniq
 2022-06-29 11:00:16 +02:00
J-GainSec
cccdb40cef
Update sharepoint-ennumeration.txt 
Removed double slashes
 2022-06-28 21:34:27 +02:00
J-GainSec
00cb49844d
Update and rename sharepoint.txt to sharepoint-ennumeration.txt 
Changed name
 2022-06-28 21:32:55 +02:00
J-GainSec
77e7ea50cf
Update uri-from-top-55-most-popular-apps.txt 
Removed leading slashes.
 2022-06-28 21:30:54 +02:00
J-GainSec
0a09279658
Rename forefront-identity-management to forefront-identity-management.txt 2022-06-28 15:37:41 +02:00
J-GainSec
944a8deaf0
Create uri-from-top-55-most-popular-apps.txt 
Removed trailing slashes
 2022-06-28 15:17:38 +02:00
J-GainSec
8cf0fbdc71
Update and rename top-apk-params.txt to url-params_from-top-55-most-popular-apps.txt 
Updated name
 2022-06-28 15:15:08 +02:00
J-GainSec
06b0cddb2a
Create forefront-identity-management 
Sourced from https://raw.githubusercontent.com/GainSec/TreeHouse-Wordlists/master/Microsoft-Forefront-Identity-Management-2010.txt

Wordlist for Microsoft Forefront Identity Management 2010
 2022-06-27 19:25:35 +02:00
J-GainSec
6a191793da
Create iis-systemweb.txt 
Sourced from https://github.com/GainSec/TreeHouse-Wordlists/blob/master/IIS_Systemweb_fuzz-WL.txt

A IIS /system_web/ wordlist.
 2022-06-27 19:20:19 +02:00
J-GainSec
051d84c9e7
Create sharepoint.txt 
Sourced from https://github.com/GainSec/TreeHouse-Wordlists/blob/master/Microsoft%20SharePoint.txt

A Microsoft Sharepoint wordlist
 2022-06-27 19:18:05 +02:00
J-GainSec
9a6b80ed19
Create top-apk-params.txt 
Parameters from the Top 55 Android applications.
 2022-06-27 19:06:01 +02:00
PinkDev1
1cbee5afc8 Fixed #768: Created combined_subdomains.txt and appended "preprod-payroll" to it 2022-06-23 23:03:53 -03:00
PinkDev1
baaec330cf Added awesome-environment-variable-names.txt and an auto-updater github action 2022-06-23 21:55:49 -03:00
PinkDev1
ba70a134d9 raft-small-words.txt: Added more source code versioning systems 
Source: https://nitter.kavin.rocks/intigriti/status/1533050946212839424
 2022-06-23 19:36:36 -03:00
Pham Sy Minh
355b691d5e
Update dirsearch.txt 2022-06-18 13:52:57 +07:00
ScreaM
b5e43148d2
Added tlds. 2022-05-11 18:47:43 +05:30
cyberpathogen2018
ab7098789d
Fixed typo on line 26 
typo could result in false negative results.
 2022-04-30 23:19:40 -04:00
GitHub Action
4eb28683ab [Github Action] Updated combined_words.txt 2022-04-26 16:51:13 +00:00
GitHub Action
939734974b [Github Action] Updated combined_directories.txt 2022-04-26 16:33:54 +00:00
g0tmi1k
9bf9f2ea2a
Merge pull request #696 from ItsIgnacioPortal/master 
Create universally useful combined web discovery wordlists which auto-update
 2022-04-26 17:32:16 +01:00
g0tmi1k
2e82613b9b
Merge pull request #712 from righettod/master 
Sync with param-miner master repository.

1. Take content of the file **params** from the [PortSwigger/param-miner](https://github.com/PortSwigger/param-miner/blob/master/resources/params) repository (master branch).
2. Take the content of the file **burp-parameter-names.txt** from the [SecLists](https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/burp-parameter-names.txt) repository (master branch).
3. Unify the both content removing the duplicates via `cat params  burp-parameter-names.txt | sort -u > burp-parameter-names.txt`.
4. Add the parameter named **api-version** found into this [blog post](https://medium.com/xm-cyber/10-ways-of-gaining-control-over-azure-function-apps-7e7b84367ce6) about attacking Azure function apps.
 2022-04-26 17:25:07 +01:00
Ben M Stokland
a7d0fc30a1
Add Hangfire console 
https://docs.hangfire.io/en/latest/configuration/using-dashboard.html
https://www.shodan.io/search?query=http.title%3A%22hangfire%22
 2022-04-20 21:32:18 +02:00
Anatoliy
dcb3b852f9
Add files via upload 2022-04-13 23:44:43 +03:00
Dominique RIGHETTO
ac544a1876
Sync with param-miner master repo 2022-04-10 10:04:13 +02:00
PinkDev1
2147ad87f7
quickhits.txt: restored to its initial state 
My previous two commits should've been on a different branch, Woops
 2022-02-21 06:41:14 +00:00
PinkDev1
66672f7299
quickhits.txt: Added more files 
Extracted from ShhGit: https://github.com/eth0izzle/shhgit/blob/master/config.yaml
 2022-02-21 06:34:36 +00:00
PinkDev1
58df3b3401
quickhits.txt: Removed trailing "/" 2022-02-21 06:32:19 +00:00
chashtag
a6f336de8c removed non php shells 2022-02-09 21:42:25 -05:00
chashtag
6428e57575 Added more we shells 
Removed spaces from file name
 2022-02-09 21:37:00 -05:00
g0tmi1k
168584fdc6
Merge pull request #651 from cbk914/master 
Spring paths update
 2022-02-02 23:41:04 +00:00
g0tmi1k
a537fd9ad4
Merge pull request #693 from giper45/master 
Added italian subdomains
 2022-02-02 23:34:42 +00:00
Paul Werther
8b17578f93 add opcache to raft large directory list, #683 2022-02-01 15:32:17 +01:00
g0tmi1k
58370984a4
Merge pull request #687 from righettod/master 
Add "h2-console" word

https://mp.weixin.qq.com/s/Yn5U8WHGJZbTJsxwUU3UiQ
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console
https://www.shodan.io/search?query=http.title%3A%22H2+Console%22
 2022-01-31 23:22:06 +00:00
g0tmi1k
5a4d4f7ebc
Merge pull request #686 from AddaxSoft/patch-2 
added 8443, tomcat ssl
 2022-01-31 23:21:24 +00:00
g0tmi1k
2dac179038
Merge pull request #685 from wdahlenburg/master 
Adding Spring Boot Gateway Actuator

https://wya.pl/2021/12/20/bring-your-own-ssrf-the-gateway-actuator/
 2022-01-31 23:20:57 +00:00
g0tmi1k
6dd17288aa
Merge pull request #678 from righettod/feature_update_namelist 
Add new sub domain names

https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/generate-vhost-names-dict.sh
 2022-01-31 23:09:45 +00:00
PinkDev1
90a1f6ad0a
Delete test.txt 2022-01-29 06:24:47 +00:00
PinkDev1
136146f3ef
Create README.md at Discovery/Web-Content 
I feel like every folder on this repo should have a README. Some wordlists have very confusing names
 2022-01-29 06:23:04 +00:00
GitHub Action
590c1e39ed [Github Action] Updated combined_words.txt 2022-01-29 06:07:16 +00:00
PinkDev1
35149384ca
This is a github action test 2022-01-29 06:06:05 +00:00
GitHub Action
07375693f8 [Github Action] Updated combined_directories.txt 2022-01-29 06:05:17 +00:00
PinkDev1
c5857eefaf
Delete combined_words.txt 2022-01-29 06:04:02 +00:00
GitHub Action
7271aab5ab [Github Action] Updated combined_words.txt 2022-01-29 05:48:35 +00:00
PinkDev1
b2ee580771
This is a github action test 2022-01-29 05:47:26 +00:00
PinkDev1
4158fd7b53
Delete combined_words.txt 2022-01-29 05:47:05 +00:00
PinkDev1
8b78386e0f
This is a github action test 2022-01-29 05:43:30 +00:00
GitHub Action
2fcef417cc [Github Action] Updated combined_words.txt 2022-01-29 05:35:07 +00:00
PinkDev1
3ee621ca17
This is a github action test 2022-01-29 05:33:55 +00:00
PinkDev1
2d6d06d534
This is a github action test 2022-01-29 05:25:09 +00:00
PinkDev1
c3392900fe
This is a github action test 2022-01-29 05:21:46 +00:00
PinkDev1
5cfb4fc8a5
This is a github action test 2022-01-29 05:12:38 +00:00
gx1
b5ad433f4d Added italian subdomains 2022-01-25 01:25:49 -05:00
Dominique RIGHETTO
22908368be
Add "h2-console" word 2022-01-08 13:45:09 +01:00
cbk914
c618890458
Merge branch 'danielmiessler:master' into master 2021-12-21 21:43:48 +01:00
A.K
6757c71ffe
added 8443, tomcat ssl 2021-12-21 11:43:25 +01:00
Wyatt Dahlenburg
ecf264f825 Adding the springboot gateway actuator 2021-12-20 15:25:09 -06:00
Dominique RIGHETTO
9fab26bbb6
Add new sub domain names 2021-12-11 07:06:17 +01:00
Varun Kakumani
31a89fd18d
Added latest years to dictionary 2021-12-02 02:04:03 +05:30
g0tmi1k
23469eb06f
Merge pull request #633 from basubanakar/patch-1 
Update nginx.txt
 2021-11-24 10:00:07 +00:00
g0tmi1k
c129a01483
Merge pull request #640 from mxrch/patch-1 
adding "dismiss" to big.txt
 2021-11-24 09:59:49 +00:00
g0tmi1k
d1a222afff
Merge pull request #649 from PinkDev1/master 
Many more scopes, and cleanup of oauth-oidc-scopes.txt

- https://developers.google.com/identity/protocols/oauth2/scopes
- https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps
- https://api.slack.com/legacy/oauth-scopes
- https://developers.dropbox.com/oauth-guide 
- https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
 2021-11-24 09:57:54 +00:00
g0tmi1k
94f8cd291e
Merge pull request #659 from righettod/feature_enrich_jenkins 
Add new endpoints to the jenkins dict.

Source: https://www.jenkins.io/download/
 2021-11-24 09:54:24 +00:00
Dirk Wetter
6e13335da2
Avoid 301 
trailing slash is needed here
 2021-11-08 17:06:31 +01:00
Dirk Wetter
5439c5ee29
Create hashicorp-vault.txt 
see https://www.vaultproject.io/api/system/seal 

Had to close #665 as leading v1 was missing. This one works (confirmed myself)
 2021-11-08 16:17:03 +01:00
PinkDev1
61c5f5a018
Added a couple of scopes 
https://infosecwriteups.com/how-did-i-earned-6000-from-tokens-and-scopes-in-one-day-12f95c6bf8aa?source=rss----7b722bfd1b8d---4&gi=1e1df8e602a6
 2021-10-18 01:36:33 +00:00
Dominique RIGHETTO
5c5c2815f2
Cleanup 2021-10-05 18:41:44 +02:00
Dominique RIGHETTO
f009b45892
Add new endpoints 2021-10-05 18:40:57 +02:00
cbk914
f01e9aae74
Update spring-boot.txt 2021-09-07 05:44:45 +02:00
cbk914
1719a6af3d
Update spring-boot.txt 2021-09-06 10:45:38 +02:00
cbk914
d35d281521 Updated Spring paths 2021-09-06 10:39:10 +02:00
PinkDev1
0bcb01ad6a
Sorted and removed duplicates 2021-09-02 19:25:40 +00:00
PinkDev1
e737a0f96b
Added officially recognized OpenID scopes 
from https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
 2021-09-02 19:24:57 +00:00
PinkDev1
e1c0693292
Added dropbox-app oauth scopes 
Scraped internally
 2021-09-02 19:21:48 +00:00
PinkDev1
30b2c22d24
Removed scopes with nonces/temporary identifiers 
I left `delete-after-date1619708000534-admin` because it seems to have a UNIX timestamp, so it *might* be useful.
 2021-09-02 19:03:43 +00:00
PinkDev1
bb991ad09a
Sorted and removed duplicates from oauth-oidc-scopes.txt 2021-09-02 19:00:44 +00:00
PinkDev1
647366b113
Added 155 scopes to oauth-oidc-scopes.txt 
All of these were manually gathered from:
- https://developers.google.com/identity/protocols/oauth2/scopes
- https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps
- https://api.slack.com/legacy/oauth-scopes
- https://dev.fitbit.com/build/reference/web-api/oauth2/#scope
 2021-09-02 18:59:51 +00:00
g0tmi1k
cb81804316
Merge pull request #647 from g0tmi1k/spaces 
dos2unix
 2021-08-28 21:36:19 +01:00
g0tmi1k
44523e27a8
Merge pull request #644 from han0x7300/issues-642 
add "___graphql" to "Discovery/Web-Content/graphql.txt

https://www.gatsbyjs.com/docs/reference/graphql-data-layer/graphql-api/
https://www.gatsbyjs.com/docs/tutorial/part-4/
 2021-08-28 21:31:10 +01:00
g0t mi1k
545e57b02d dos2unix 2021-08-28 21:29:32 +01:00
g0t mi1k
efeb38808c Replace ' ' with ' ' (Empty Characters) 2021-08-28 21:05:13 +01:00
han0x7300
ecd9da9dc2 add ___graphql to Discovery/Web-Content/graphql.txt,https://github.com/danielmiessler/SecLists/issues/642 2021-08-28 11:44:02 +08:00
g0tmi1k
e017d54a22
Merge pull request #643 from 5tr1x/patch-1 
Create aem2.txt
 2021-08-27 21:17:43 +01:00
g0tmi1k
656105853a
Merge pull request #592 from afaq1337/patch-1 
Update all.txt
 2021-08-27 21:17:26 +01:00
g0tmi1k
06cfff0475
Merge pull request #621 from jakecraige/patch-1 
Add port 3000 (Ruby on Rails) to common ports

Source: https://guides.rubyonrails.org/command_line.html#bin-rails-server
 2021-08-27 21:16:04 +01:00
g0tmi1k
60fbd42063
Merge pull request #622 from realArcherL/patch-2 
A very new naming scheme for Graphql endpoints
 2021-08-27 21:15:39 +01:00
g0tmi1k
b4637896ef
Merge pull request #623 from righettod/feature_add_oauth2-odic_endpoints 
Add missing OAUTH2/OIDC endpoints.

Source: https://righettod.eu.auth0.com/.well-known/openid-configuration
 2021-08-27 21:15:07 +01:00
g0tmi1k
177f25ba69
Merge pull request #625 from cbk914/master 
Some additions

Source: http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
 2021-08-27 21:14:37 +01:00
g0tmi1k
01f7723ddd
Merge pull request #626 from 7PH/master 
Add waybackverify.txt filename to raft medium and large lists
 2021-08-27 21:13:55 +01:00
g0tmi1k
eea747817d
Merge pull request #628 from Anon-Exploiter/patch-1 
Added ga-google-analytics in wp-plugins.txt

Source https://wordpress.org/plugins/ga-google-analytics/
 2021-08-27 21:12:25 +01:00
g0tmi1k
4002c2c970
Merge pull request #630 from whitehauler/patch-1 
Update raft-large-files.txt
 2021-08-27 21:12:01 +01:00
g0tmi1k
de06dbb492
Merge pull request #637 from dabasanta/DaniloBasanta 
Added list of IPv4 address class A&C. Also a script to generate these lists.
 2021-08-27 21:11:24 +01:00
g0tmi1k
d8294e9763
Merge pull request #629 from righettod/feature_add_oauth-oidc_scopes_dict 
Add a dict with OAUTH2/OIDC scopes.
 2021-08-27 21:00:07 +01:00
5tr1x
a45a11ecca
Create aem2.txt 2021-08-25 15:22:35 -05:00
mxrch
11eee99996
adding "dismiss" to big.txt 2021-08-22 22:54:33 +02:00
Danilo
6473406b1e Shell script to generate any IP ranges as you need 2021-08-13 12:44:32 -05:00
Danilo
28f2b5b9eb Added list of 192.168.x.x Class B IP range 2021-08-13 12:42:49 -05:00
Danilo
48258a71ce Added list of 10.10.x.x Class A IP range 2021-08-13 12:42:21 -05:00
Crypt-Con
7599d80112
Update nginx.txt 2021-07-31 10:28:09 +05:30
Afaq
0e6d80b6d9
added a critical endpoint 
added a critical endpoint which contains critical DB information.
 2021-07-27 17:39:44 +05:00
Dominique RIGHETTO
388cac333b
Merge all versions of the file 2021-07-17 19:28:42 +02:00
Dominique RIGHETTO
48cc424388
Add files via upload 2021-07-17 19:23:28 +02:00
Dominique RIGHETTO
8572bd91ad
Update oauth-oidc-scopes.txt 2021-07-17 08:12:51 +02:00
Dominique RIGHETTO
ea3268e688
Add a dict with OAUTH/OIDC scopes. 
See PR to extended description.
 2021-07-16 14:33:26 +02:00
Syed Umar Arfeen
da169ef5d0
Added ga-google-analytics in wp-plugins.txt 
From: https://wordpress.org/plugins/ga-google-analytics/

```
Plugin Name: GA Google Analytics
Plugin URI: https://perishablepress.com/google-analytics-plugin/
Description: Adds your Google Analytics Tracking Code to your WordPress site.
Tags: analytics, ga, google, google analytics, tracking, statistics, stats
Author: Jeff Starr
Author URI: https://plugin-planet.com/
Donate link: https://monzillamedia.com/donate.html
Contributors: specialk
Requires at least: 4.1
Tested up to: 5.3
Stable tag: 20191109
Version: 20191109
Requires PHP: 5.6.20
Text Domain: ga-google-analytics
Domain Path: /languages
License: GPL v2 or later
```
 2021-07-16 16:38:36 +05:00
7PH
43cbe32e24 Add waybackverify.txt filename to raft medium and large lists 2021-07-13 13:09:49 +02:00
Dominique RIGHETTO
2c97b1bea1
Add missing OAUTH2/OIDC endpoints 
See https://righettod.eu.auth0.com/.well-known/openid-configuration
 2021-07-05 14:17:15 +02:00
cbk914
9a871facf1
Merge branch 'danielmiessler:master' into master 2021-06-26 23:06:55 +02:00
realArcherL
852b6e45f1
A very new naming scheme 
I have noticed a new naming convention surge in companies, having Graphql API endpoint as `example.com/je/graphql`. This is something I encountered while doing BBs on HackerOne.
 2021-06-22 12:26:49 +05:30
Jake Craige
24cdcb35e8
Add port 3000 (Ruby on Rails) to common ports 
This is the default port rails uses in a fresh installation, this is mentioned [on the command line docs here](https://guides.rubyonrails.org/command_line.html#bin-rails-server) and I also have a lot of experience with rails confirming this port is often used in practice
 2021-06-17 21:19:19 -07:00
g0tmi1k
03b4d2c22c
Merge pull request #619 from krvaibhaw/master 
Update http-request-headers-fields-large.txt
 2021-06-13 00:00:00 +01:00
g0tmi1k
034041bb6b
Merge pull request #615 from righettod/feature_add_shibboleth-sso 
Add Shibboleth.sso Metadata endpoint

https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForSP
 2021-06-12 19:16:16 +01:00
Vaibhaw
6c1044b617 Merge branch 'danielmiessler:master' into master 2021-06-10 15:35:56 +05:30
Vaibhaw
4bd0b23411
Update wordpress.fuzz.txt 2021-06-10 15:12:47 +05:30
Vaibhaw
ed37faca0b
Update wordpress.fuzz.txt 2021-06-10 15:11:27 +05:30
cbk914
cd20324f79 Merge branch 'danielmiessler:master' into master 2021-06-09 13:09:19 +02:00
Dominique RIGHETTO
3eeb4e5292
Add Shibboleth.sso Metadata endpoint 
Source: https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataForSP
 2021-06-07 15:43:03 +02:00
Dominique RIGHETTO
864faed87f
Add "oauth/token/info" endpoint 
See https://docs.gitlab.com/ee/api/oauth2.html#retrieving-the-token-information
 2021-05-28 15:44:59 +02:00
Dominique RIGHETTO
56e23b6436
Add openid endpoints and metadata 
See https://connect2id.com/products/server/docs/api
 2021-05-28 15:20:54 +02:00
Dominique RIGHETTO
0e471e3faf
Add oauth endpoints 
See https://auth0.com/docs/protocols/protocol-oauth2#endpoints
 2021-05-28 15:11:32 +02:00
g0tmi1k
664dd4c648
Merge pull request #603 from shelld3v/patch-9 
More endpoints from Assetnote wordlist

https://wordlists-cdn.assetnote.io/data/automated/httparchive_apiroutes_2021_04_28.txt
 2021-05-25 17:44:52 +01:00
g0tmi1k
8c35abaa4c
Merge pull request #599 from drwetter/patch-5 
Add balancer for apache

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
 2021-05-25 17:36:38 +01:00
g0tmi1k
3ce65b30e3
Merge pull request #594 from righettod/master 
Add security.txt at the root
 2021-05-25 17:35:52 +01:00
g0tmi1k
e52d55d4ad
Merge pull request #584 from Splint3r7/master 
Update Ruby on Rails wordlists
 2021-05-25 17:33:55 +01:00
g0tmi1k
22b96249fd
Merge pull request #600 from renanhsilva/master 
Update wordpress.fuzz.txt
 2021-05-25 17:33:30 +01:00
g0tmi1k
44c288e17a
Merge pull request #601 from shelld3v/patch-8 
Better wordlist
 2021-05-25 17:32:54 +01:00
cbk914
cb4febae37 Merge branch 'danielmiessler:master' into master 2021-05-11 16:10:42 +02:00
Hector Grecco
725eeb4a4d
Add "cms" word to list 2021-05-05 10:51:29 -03:00
shelld3v
096fcd8906
More endpoints from Assetnote wordlist 2021-05-05 13:35:40 +07:00
shelld3v
fc3902bc5d
Better wordlist 2021-05-01 00:04:10 +07:00
Renan Silva
3670ebf929
Update wordpress.fuzz.txt 
add the file wp-config.php
 2021-04-30 02:49:01 +00:00
Dirk Wetter
94354ee231
Add balancer for apache 
https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
 2021-04-26 18:26:17 +02:00
Dominique RIGHETTO
4a2ab64c10
Add security.txt at the root 2021-04-15 07:58:49 +02:00
Afaq
773441aed8
Update all.txt 
added adminHeader.html endpoint
 2021-04-11 21:16:35 +05:00
Splint3r7
a5f6a19362
Update Ruby on Rails wordlists 2021-03-26 12:56:05 +05:00
g0tmi1k
7693c73c26
Merge pull request #582 from slicin/patch-1 
Update wp-plugins.fuzz.txt
 2021-03-23 06:44:43 +00:00
slicin
c3c8518831
Update wp-plugins.fuzz.txt 
Adding broken-link-manager to find:
CVE-2015-9453
CVE-2015-9467
CVE-2015-9468
 2021-03-19 17:12:59 -04:00
Ernestas Kulik
e1d08810b3 Discovery: Fix spelling and hyphenate some words 
“atleast” and “sensitive” are self-explanatory here. Hyphenation makes
things even more readable, even if a tad pedantic.

https://xkcd.com/37/
 2021-03-13 23:23:27 +01:00
g0tmi1k
eeea855ac5
Merge pull request #577 from righettod/master 
Add "contribute.json" file entry

https://infosec.mozilla.org/guidelines/web_security#contributejson
https://www.contributejson.org/
https://github.com/mozilla/contribute.json
 2021-03-01 12:43:28 +00:00
Dominique RIGHETTO
6715ca5d96
Add "contribute.json" file entry 2021-03-01 12:36:34 +01:00
g0tmi1k
3f5531cde3
Merge pull request #573 from righettod/master 
Add specific "render" endpoints
 2021-03-01 05:18:13 +00:00
Dominique RIGHETTO
6400f4d31e
Change the url to google 2021-02-26 14:12:33 +01:00
Dominique RIGHETTO
2afcf1217c
Add specific render endpoints 2021-02-21 18:55:29 +01:00
Cristiano Maruti
84149f5b30
Create versioning_metafiles.txt 2021-02-20 20:41:53 +01:00
g0tmi1k
c341f97b90
Merge pull request #563 from jaiswalakshansh/patch-1 
Update spring-boot.txt

Source: https://www.baeldung.com/spring-boot-actuators
 2021-02-12 10:17:51 +00:00
g0tmi1k
4df226a358
Merge pull request #539 from shelld3v/patch-6 
Create a wordlist for dirsearch users
 2021-02-12 10:17:25 +00:00
g0tmi1k
36116d773a
Merge pull request #557 from shelld3v/patch-7 
More API endpoints (from assetnote) and sort everything

Source: wordlist.assetnote.io
 2021-02-12 10:16:52 +00:00
g0tmi1k
0d39b80eee
Merge pull request #570 from Faelian/master 
Added webpack.manifest.json
 2021-02-11 22:09:44 +00:00
Olivier Lasne
ca898cc4c7 Added webpack.manifest.json 2021-02-11 23:05:42 +01:00
g0t mi1k
d30d7b46e6 Fix up 2021-02-11 21:56:20 +00:00
g0tmi1k
7a0c657912
Merge pull request #555 from shoeper/unique-dns-keeporder 
DNS lists lower case only
 2021-02-11 21:35:58 +00:00
g0tmi1k
5d0d24f91b
Merge pull request #562 from righettod/feature_blazor 
Add Microsoft Blazor WebAssembly identifiers

Source: https://github.com/SteveSandersonMS/CarChecker
 2021-02-11 21:26:13 +00:00
g0tmi1k
94e19b86fa
Merge pull request #559 from TAbdiukov/master 
Object Exchange (OBEX) common and uncommon path lists

Source: https://en.wikipedia.org/wiki/OBject_EXchange
 2021-02-11 21:24:29 +00:00
g0tmi1k
ad24e5dcd1
Merge pull request #549 from righettod/Feature_548 
Add ".well-known/jwks.json" path to common.txt file.

Source:

- https://auth0.com/docs/tokens/json-web-tokens/json-web-key-sets
- https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html#amazon-cognito-user-pools-using-tokens-step-2
- https://blogs.akamai.com/2019/10/verify-jwt-with-json-web-key-set-jwks-in-api-gateway.html
 2021-02-11 20:50:33 +00:00
g0tmi1k
cd52c8428a
Merge pull request #547 from fiLLLip/patch-1 
Add humans.txt

Source: http://humanstxt.org/
 2021-02-11 20:49:46 +00:00
g0tmi1k
751900cbde
Merge pull request #544 from mxrch/master 
Adding .git to big.txt
 2021-02-11 20:49:15 +00:00
g0tmi1k
5ec9d37a15
Merge pull request #540 from kazkansouh/mime-types-iana 
refreshed mime/content-types

Source: https://www.iana.org/assignments/media-types/media-types.xml

```
curl https://www.iana.org/assignments/media-types/media-types.xml -s | xpath -q -e '//file/text()' | tr '[[:upper:]]' '[[:lower:]]'
```
 2021-02-11 20:47:27 +00:00
g0tmi1k
9fbf6cb419
Merge pull request #524 from t0-git/patch-1 
Adding new .git entries and .svnignore.
 2021-02-11 20:28:23 +00:00
Akshansh Jaiswal
1d11e71a65
Update spring-boot.txt 2021-01-25 10:30:28 +05:30
Dominique RIGHETTO
405cf59743
Add Microsoft Blazor client identifier 2021-01-24 08:58:00 +01:00
TAbdiukov
05fe10e860
Upload rare (uncommon) OBEX paths 
Sources: multiple (all listed in the file)
 2021-01-20 16:06:00 +11:00
TAbdiukov
5c246e58cd
a few extras from SE spec files for devs 
Sources,
https://manualzz.com/doc/24948742
https://manualzz.com/doc/922881/dcs-phfs-dw-user-guide
 2021-01-20 15:06:25 +11:00
TAbdiukov
6e71f29fc3
a topn more paths from official specs 
Src: http://www.pday.com.cn/technology/irda_documents/irmc_v1p1.pdf
 2021-01-20 14:59:16 +11:00
TAbdiukov
ba087b3874
add comments; sort alphabetically; rm duplicates 2021-01-20 14:39:49 +11:00
TAbdiukov
cbf5d4eadb
First upload 
Source:  http://dev.zuckschwerdt.org/openobex/wiki/ObexFtpServices
 2021-01-20 14:20:28 +11:00
shelld3v
216ae4a8df
More endpoints 2021-01-11 18:54:44 +07:00
shelld3v
963add5f23
More API endpoints (from assetnote) and sort everything 2021-01-11 18:42:46 +07:00
Sven Höper
dc04568e57
DNS lists lower case only 
Converted DNS lists to lower case only and removed duplicates
without chaing order

fix #553
 2021-01-06 16:18:04 +01:00
Dominique RIGHETTO
38581fac54
Add ".well-known/jwks.json" path 
Add path to the JSON Web Key Sets file.
This file is documented [here](https://auth0.com/docs/tokens/json-web-tokens/json-web-key-sets)
 2020-12-27 16:35:37 +01:00
Filip Andre Larsen Tomren
8327e45d92 Add humans.txt to common list 
'humans.txt' is common as specified http://humanstxt.org. At least as
common as 'humans', without having to specify extension in tools like 'dirb'.
 2020-12-08 14:53:06 +01:00
mxrch
fb4aaabc63
Update big.txt 2020-11-21 00:16:16 +01:00
Karim Kanso
a6f2ed757f refreshed content-types from www.iana.org/assignments/media-types/media-types.xml 2020-11-17 11:48:56 +00:00
shelld3v
004d110704
Create dirsearch.txt 2020-11-15 13:52:44 +07:00
cbk914
003bfef95f
Merge pull request #6 from danielmiessler/master 
Update
 2020-11-12 02:44:53 +01:00
g0tmi1k
9f4d672e98
Merge pull request #517 from righettod/master 
Add path to a common ManageEngine endpoint

Source: https://righettod.eu/#4-vulns
 2020-11-11 12:00:53 +00:00
g0tmi1k
ac861e371d
Merge pull request #509 from ArgentEnergy/spring-boot-redis 
Spring Boot Redis paths.
 2020-11-06 11:51:25 +00:00
cbk914
52fc87a1fc Add ELMAH files and directories 2020-11-05 16:39:29 +01:00
g0tmi1k
12513fd8ad
Merge pull request #518 from clem9669/patch-5 
Adding nextcloud & owncloud to common.txt

Source: https://help.dreamhost.com/hc/en-us/articles/235545207-Step-by-step-guide-to-deploy-Nextcloud-on-DreamCompute
 2020-11-03 22:00:16 +00:00
g0tmi1k
6d164b9672
Merge pull request #527 from soufianetahiri/master 
Added actuator default paths and created new XSS fuzzing list

Source: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/production-ready-endpoints.html
 2020-11-03 11:39:11 +00:00
g0tmi1k
449d7a84cd
Merge pull request #528 from drwetter/patch-4 
Add CMS login

https://processwire.com/docs/security/admin/
 2020-11-02 21:12:18 +00:00
g0tmi1k
cea2a72bae
Merge pull request #506 from LabanSkollerDefensify/patch-1 
Add NDES and SCEP URLs

/certsrv/mscep/mscep.dll: https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure
/certsrv/mscep_admin: https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx
 2020-11-02 21:11:53 +00:00
g0tmi1k
fe2aa9e7b0
Merge pull request #521 from realArcherL/master 
Slight correction with version numbers from earlier PR also added new endpoints
 2020-11-02 20:57:49 +00:00
Dirk Wetter
f7577f68cb
Add CMS login 
Processwire is a CMS which I recently encountered during a pentest. /processwire is the login (compare /typo3 or /wp-login.php)
 2020-10-23 13:14:04 +02:00
Soufiane Tahiri
a8e73cb425
Added actuator default paths 
Added actuator paths
 2020-10-23 10:51:19 +02:00
t0-git
8d60339a5f
Adding new git entries and .svnignore. 2020-10-07 21:02:51 +02:00
realArcherL
2d9b4effe7
Corrected the v3 repetition and added new ones. 
api and /graph
 2020-10-03 16:13:08 +05:30
clem9669
6150a902f3
Adding nextcloud & owncloud to common.txt 
Nextcloud & ownCloud are two famous software for creating and using file hosting service.
PS: this adding might also be done on bigger discovery list because none of big list contains them
 2020-10-02 08:30:11 +00:00
Dominique RIGHETTO
fee58c17da
Add path to a common ManageEngine endpoint 
Add path to a endpoint often exposed to anonymous user by ManageEngine products.
See https://www.manageengine.com/
 2020-10-02 08:32:34 +02:00
cbk914
ae8aabcfed Merge branch 'master' of https://github.com/cbk914/SecLists 2020-09-30 16:37:47 +02:00
ArgentEnergy
505a333e9f Spring Boot Redis paths. Discloses details of Redis version, amount of keys in each database, memory size, etc.... 2020-09-25 20:01:00 -03:00
Laban Sköllermark
940dc91637
Add NDES and SCEP URLs 
Microsoft Network Device Enrollment Service (NDES) is used to enroll
devices such as Cisco routers and iPhones with a device certificate
issued by Active Directory Certificate Services (ADCS) Certification
Authority (CA) via the Simple Certificate Enrollment Protocol (SCEP).

Add the following URLs:

* /certsrv/mscep_admin - admin page of Network Device Enrollment Service
  (NDES)
* /certsrv/mscep/mscep.dll - Simple Certificate Enrollment Protocol
  (SCEP) server endpoint
 2020-09-23 14:49:24 +02:00
device33
c126de81ab
Update apache.txt 
add mod_cluster-manager
 2020-09-23 10:55:23 +02:00
g0tmi1k
ca6bf04c05
Merge pull request #465 from dee-see/patch-1 
Add new Swagger UI path
 2020-09-16 07:30:38 +01:00
g0tmi1k
3e29513e3b
Merge pull request #484 from realArcherL/patch-1 
Updated with more keywords and version numbers

- Source: https://youtu.be/NPDp7GHmMa0
 2020-09-16 07:28:58 +01:00
g0tmi1k
a274ffba57
Merge pull request #495 from shelld3v/patch-1 
Add more API endpoints
 2020-09-16 07:25:58 +01:00
g0tmi1k
a3924f7a71
Merge pull request #498 from shelld3v/patch-4 
Add some endpoints
 2020-09-16 07:24:41 +01:00
0x00gum
ed0b32f5ce
Some New DB Extensions 2020-09-13 20:04:25 +03:00
shelld3v
0f328c377d
Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
shelld3v
aff66805e0
Add more API endpoints 2020-09-07 16:49:32 +07:00
realArcherL
5501592986
Updated with more keywords and version numbers 
Based on the Bugcrowd level-up talk (https://youtu.be/NPDp7GHmMa0)
 2020-08-18 17:47:27 +05:30
cbk914
e06aacd937 Revert "Merge pull request #4 from danielmiessler/master" 
This reverts commit c266835781, reversing
changes made to fd4968f43b.
 2020-08-11 14:25:56 +02:00
Dominic
cc16fe8813
Merge branch 'master' into patch-1 2020-07-22 13:44:30 -04:00
g0tmi1k
31ee70aeef
Merge pull request #473 from mrajput7/master 
Update golang.txt

Source: https://www.dropbox.com/s/ir2b56j3zt7vz0a/golang_handlefunc_combined?dl=0
 2020-07-22 16:24:33 +01:00
g0tmi1k
a3b77e1170
Merge pull request #475 from joegoerlich/patch-1 
Update sap.txt
 2020-07-22 16:24:13 +01:00
g0tmi1k
3a9cac0384
Merge pull request #474 from chudyPB/master 
Update sap.txt
 2020-07-22 16:24:02 +01:00
g0tmi1k
5fc3e6a208
Merge pull request #476 from toxydose/patch-1 
Add some common ports
 2020-07-22 16:23:04 +01:00
g0t mi1k
3567cf6fc0 Writable locations Windows 
Source: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md

accesschk -w -s -q -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Interactive "C:\Program Files" >> programfiles.txt

accesschk -w -s -q -u Users "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Everyone "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Interactive "C:\Program Files (x86)" >> programfilesx86.txt

accesschk -w -s -q -u Users "C:\Windows" >> windows.txt
accesschk -w -s -q -u Everyone "C:\Windows" >> windows.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Windows" >> windows.txt
accesschk -w -s -q -u Interactive "C:\Windows" >> windows.txt
 2020-07-22 16:05:54 +01:00
Alexander Bridges
a628a652be
Add some common ports 
https://www.sonicwall.com/support/knowledge-base/running-sslvpn-on-a-different-tcp-port/170503249443105/
https://www.router-switch.com/faq/difference-between-https-port-443-and-8443.html
https://www.speedguide.net/port.php?port=8008
 2020-07-22 03:23:00 +03:00
joegoerlich
d16951bd86
Update sap.txt 
Added URLs related to [CVE-2020-6287].
 2020-07-21 10:11:10 +02:00
chudyPB
da33a2b4a4
Update sap.txt 2020-07-21 09:34:10 +02:00
Mohit Narayan Rajput
99d3e2ab22
Update golang.txt 2020-07-19 01:34:21 -04:00
D3lT4
c5ce1780eb
Update swagger.txt 2020-07-08 23:37:59 +05:30
WhiteDot
c8cfb4666b
Update raft-large-files.txt 
added some file names
 2020-07-06 22:54:56 +05:30
Dominic
3ae69babfa
Add new Swagger UI path 
Just stumbled upon that URL, search `inurl:swagger/ui/index` for examples.
 2020-06-30 08:53:21 -04:00
clem9669
c4002baa24
Minor change 
Added 1 line for good practice
 2020-06-18 14:15:16 +00:00
Techbrunch
baf37cc800
Update swagger.txt 
Update swagger.txt
 2020-06-12 11:23:06 +02:00
0x08
7db405b01c
TYPO fixed: some lines start with space. 2020-06-06 01:13:59 +03:00
g0tmi1k
6beba93eac
Merge pull request #427 from Failsafe-0verflowme/patch-1 
Update common.txt
 2020-06-05 16:30:13 +01:00
g0tmi1k
9aa4f93db1
Merge pull request #433 from MomIsBestFriend/Fix-425 
Fixed typo in Discovery/Variables/secret-keywords.txt
 2020-06-05 16:29:54 +01:00
Karim Kanso
607c3293b4 strip trailing whitespace 2020-05-27 14:26:51 +01:00
Karim Kanso
a3416ba706 standardisze line endings 2020-05-27 14:10:50 +01:00
g0tmi1k
9a14bdb7ca
Merge pull request #441 from cactuschibre/master 
Reorder and add more Actuator endpoints

Source; https://apereo.github.io/cas/development/monitoring/Monitoring-Statistics.html
 2020-05-27 10:42:10 +01:00
g0tmi1k
67947cfae1
Merge pull request #435 from righettod/master 
Add WWW and HTML folders
 2020-05-27 09:54:21 +01:00
cactuschibre
017b233805
Reorder and add more Actuator endpoints 2020-05-26 16:28:58 +02:00
guest20
6ccd6853d4
Rename Public-Source-Repo-Issues.txt to Public-Source-Repo-Issues.json 
This file is full of json, which might upset someone writing a script that assumes *.txt files are just url fragments....
 2020-05-24 13:07:50 +02:00
Dominique RIGHETTO
9763b2a76d
Add www folder 2020-05-23 11:37:49 +02:00
Dominique RIGHETTO
6350b61e1d
Add missing ending / 2020-05-23 11:36:17 +02:00
Dominique RIGHETTO
e790c509b8
Ass html folder 2020-05-23 11:34:37 +02:00
MomIsBestFriend
e89ff1fbda Fixed typo in Discovery/Variables/secret-keywords.txt 2020-05-17 00:37:40 +03:00
pbafe
888cdaa13a
Create Django.txt 
Updated on April 20th, the contents include all the files of Django between version 3.0.5 and 2.1
 2020-05-09 10:53:35 +02:00
g0tmi1k
86c6e6314f
Merge pull request #430 from cnotin/patch-1 
Add .well-known entries

Source: 
- https://gist.github.com/quickbreach/3bddfdf193b3d988b0e07d07dbac0da0
- https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
- https://mercure.rocks/spec#discovery
 2020-05-08 12:07:45 +01:00
g0tmi1k
47e882f5d9
Merge pull request #405 from soufianetahiri/patch-1 
add swagger path
 2020-05-08 12:06:57 +01:00
Clément Notin
123be76ca1
Add .well-known entries 2020-05-08 01:14:12 +02:00
0verflowme
ffc8d2bf32
Update common.txt 2020-05-03 19:53:03 +05:30
Moritz
fbab21e873 Added default Directory-Wordlist from Dirbuster 2020-04-28 16:48:25 +02:00