Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-04-20 22:12:56 +02:00
Code Issues Projects Releases Wiki Activity
1457 commits 2 branches 31 tags 2.3 GiB
Commit graph

321 commits

Author SHA1 Message Date
g0tmi1k
5ec9d37a15
Merge pull request #540 from kazkansouh/mime-types-iana 
refreshed mime/content-types

Source: https://www.iana.org/assignments/media-types/media-types.xml

```
curl https://www.iana.org/assignments/media-types/media-types.xml -s | xpath -q -e '//file/text()' | tr '[[:upper:]]' '[[:lower:]]'
```
 2021-02-11 20:47:27 +00:00
g0tmi1k
9fbf6cb419
Merge pull request #524 from t0-git/patch-1 
Adding new .git entries and .svnignore.
 2021-02-11 20:28:23 +00:00
Akshansh Jaiswal
1d11e71a65
Update spring-boot.txt 2021-01-25 10:30:28 +05:30
Dominique RIGHETTO
405cf59743
Add Microsoft Blazor client identifier 2021-01-24 08:58:00 +01:00
shelld3v
216ae4a8df
More endpoints 2021-01-11 18:54:44 +07:00
shelld3v
963add5f23
More API endpoints (from assetnote) and sort everything 2021-01-11 18:42:46 +07:00
Dominique RIGHETTO
38581fac54
Add ".well-known/jwks.json" path 
Add path to the JSON Web Key Sets file.
This file is documented [here](https://auth0.com/docs/tokens/json-web-tokens/json-web-key-sets)
 2020-12-27 16:35:37 +01:00
Filip Andre Larsen Tomren
8327e45d92 Add humans.txt to common list 
'humans.txt' is common as specified http://humanstxt.org. At least as
common as 'humans', without having to specify extension in tools like 'dirb'.
 2020-12-08 14:53:06 +01:00
mxrch
fb4aaabc63
Update big.txt 2020-11-21 00:16:16 +01:00
Karim Kanso
a6f2ed757f refreshed content-types from www.iana.org/assignments/media-types/media-types.xml 2020-11-17 11:48:56 +00:00
shelld3v
004d110704
Create dirsearch.txt 2020-11-15 13:52:44 +07:00
cbk914
003bfef95f
Merge pull request #6 from danielmiessler/master 
Update
 2020-11-12 02:44:53 +01:00
g0tmi1k
9f4d672e98
Merge pull request #517 from righettod/master 
Add path to a common ManageEngine endpoint

Source: https://righettod.eu/#4-vulns
 2020-11-11 12:00:53 +00:00
g0tmi1k
ac861e371d
Merge pull request #509 from ArgentEnergy/spring-boot-redis 
Spring Boot Redis paths.
 2020-11-06 11:51:25 +00:00
cbk914
52fc87a1fc Add ELMAH files and directories 2020-11-05 16:39:29 +01:00
g0tmi1k
12513fd8ad
Merge pull request #518 from clem9669/patch-5 
Adding nextcloud & owncloud to common.txt

Source: https://help.dreamhost.com/hc/en-us/articles/235545207-Step-by-step-guide-to-deploy-Nextcloud-on-DreamCompute
 2020-11-03 22:00:16 +00:00
g0tmi1k
6d164b9672
Merge pull request #527 from soufianetahiri/master 
Added actuator default paths and created new XSS fuzzing list

Source: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/production-ready-endpoints.html
 2020-11-03 11:39:11 +00:00
g0tmi1k
449d7a84cd
Merge pull request #528 from drwetter/patch-4 
Add CMS login

https://processwire.com/docs/security/admin/
 2020-11-02 21:12:18 +00:00
g0tmi1k
cea2a72bae
Merge pull request #506 from LabanSkollerDefensify/patch-1 
Add NDES and SCEP URLs

/certsrv/mscep/mscep.dll: https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure
/certsrv/mscep_admin: https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx
 2020-11-02 21:11:53 +00:00
g0tmi1k
fe2aa9e7b0
Merge pull request #521 from realArcherL/master 
Slight correction with version numbers from earlier PR also added new endpoints
 2020-11-02 20:57:49 +00:00
Dirk Wetter
f7577f68cb
Add CMS login 
Processwire is a CMS which I recently encountered during a pentest. /processwire is the login (compare /typo3 or /wp-login.php)
 2020-10-23 13:14:04 +02:00
Soufiane Tahiri
a8e73cb425
Added actuator default paths 
Added actuator paths
 2020-10-23 10:51:19 +02:00
t0-git
8d60339a5f
Adding new git entries and .svnignore. 2020-10-07 21:02:51 +02:00
realArcherL
2d9b4effe7
Corrected the v3 repetition and added new ones. 
api and /graph
 2020-10-03 16:13:08 +05:30
clem9669
6150a902f3
Adding nextcloud & owncloud to common.txt 
Nextcloud & ownCloud are two famous software for creating and using file hosting service.
PS: this adding might also be done on bigger discovery list because none of big list contains them
 2020-10-02 08:30:11 +00:00
Dominique RIGHETTO
fee58c17da
Add path to a common ManageEngine endpoint 
Add path to a endpoint often exposed to anonymous user by ManageEngine products.
See https://www.manageengine.com/
 2020-10-02 08:32:34 +02:00
cbk914
ae8aabcfed Merge branch 'master' of https://github.com/cbk914/SecLists 2020-09-30 16:37:47 +02:00
ArgentEnergy
505a333e9f Spring Boot Redis paths. Discloses details of Redis version, amount of keys in each database, memory size, etc.... 2020-09-25 20:01:00 -03:00
Laban Sköllermark
940dc91637
Add NDES and SCEP URLs 
Microsoft Network Device Enrollment Service (NDES) is used to enroll
devices such as Cisco routers and iPhones with a device certificate
issued by Active Directory Certificate Services (ADCS) Certification
Authority (CA) via the Simple Certificate Enrollment Protocol (SCEP).

Add the following URLs:

* /certsrv/mscep_admin - admin page of Network Device Enrollment Service
  (NDES)
* /certsrv/mscep/mscep.dll - Simple Certificate Enrollment Protocol
  (SCEP) server endpoint
 2020-09-23 14:49:24 +02:00
device33
c126de81ab
Update apache.txt 
add mod_cluster-manager
 2020-09-23 10:55:23 +02:00
g0tmi1k
ca6bf04c05
Merge pull request #465 from dee-see/patch-1 
Add new Swagger UI path
 2020-09-16 07:30:38 +01:00
g0tmi1k
3e29513e3b
Merge pull request #484 from realArcherL/patch-1 
Updated with more keywords and version numbers

- Source: https://youtu.be/NPDp7GHmMa0
 2020-09-16 07:28:58 +01:00
g0tmi1k
a274ffba57
Merge pull request #495 from shelld3v/patch-1 
Add more API endpoints
 2020-09-16 07:25:58 +01:00
g0tmi1k
a3924f7a71
Merge pull request #498 from shelld3v/patch-4 
Add some endpoints
 2020-09-16 07:24:41 +01:00
0x00gum
ed0b32f5ce
Some New DB Extensions 2020-09-13 20:04:25 +03:00
shelld3v
0f328c377d
Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
shelld3v
aff66805e0
Add more API endpoints 2020-09-07 16:49:32 +07:00
realArcherL
5501592986
Updated with more keywords and version numbers 
Based on the Bugcrowd level-up talk (https://youtu.be/NPDp7GHmMa0)
 2020-08-18 17:47:27 +05:30
cbk914
e06aacd937 Revert "Merge pull request #4 from danielmiessler/master" 
This reverts commit c266835781, reversing
changes made to fd4968f43b.
 2020-08-11 14:25:56 +02:00
Dominic
cc16fe8813
Merge branch 'master' into patch-1 2020-07-22 13:44:30 -04:00
g0tmi1k
31ee70aeef
Merge pull request #473 from mrajput7/master 
Update golang.txt

Source: https://www.dropbox.com/s/ir2b56j3zt7vz0a/golang_handlefunc_combined?dl=0
 2020-07-22 16:24:33 +01:00
g0tmi1k
a3b77e1170
Merge pull request #475 from joegoerlich/patch-1 
Update sap.txt
 2020-07-22 16:24:13 +01:00
joegoerlich
d16951bd86
Update sap.txt 
Added URLs related to [CVE-2020-6287].
 2020-07-21 10:11:10 +02:00
chudyPB
da33a2b4a4
Update sap.txt 2020-07-21 09:34:10 +02:00
Mohit Narayan Rajput
99d3e2ab22
Update golang.txt 2020-07-19 01:34:21 -04:00
D3lT4
c5ce1780eb
Update swagger.txt 2020-07-08 23:37:59 +05:30
WhiteDot
c8cfb4666b
Update raft-large-files.txt 
added some file names
 2020-07-06 22:54:56 +05:30
Dominic
3ae69babfa
Add new Swagger UI path 
Just stumbled upon that URL, search `inurl:swagger/ui/index` for examples.
 2020-06-30 08:53:21 -04:00
clem9669
c4002baa24
Minor change 
Added 1 line for good practice
 2020-06-18 14:15:16 +00:00
Techbrunch
baf37cc800
Update swagger.txt 
Update swagger.txt
 2020-06-12 11:23:06 +02:00
0x08
7db405b01c
TYPO fixed: some lines start with space. 2020-06-06 01:13:59 +03:00
g0tmi1k
6beba93eac
Merge pull request #427 from Failsafe-0verflowme/patch-1 
Update common.txt
 2020-06-05 16:30:13 +01:00
Karim Kanso
607c3293b4 strip trailing whitespace 2020-05-27 14:26:51 +01:00
Karim Kanso
a3416ba706 standardisze line endings 2020-05-27 14:10:50 +01:00
g0tmi1k
9a14bdb7ca
Merge pull request #441 from cactuschibre/master 
Reorder and add more Actuator endpoints

Source; https://apereo.github.io/cas/development/monitoring/Monitoring-Statistics.html
 2020-05-27 10:42:10 +01:00
g0tmi1k
67947cfae1
Merge pull request #435 from righettod/master 
Add WWW and HTML folders
 2020-05-27 09:54:21 +01:00
cactuschibre
017b233805
Reorder and add more Actuator endpoints 2020-05-26 16:28:58 +02:00
guest20
6ccd6853d4
Rename Public-Source-Repo-Issues.txt to Public-Source-Repo-Issues.json 
This file is full of json, which might upset someone writing a script that assumes *.txt files are just url fragments....
 2020-05-24 13:07:50 +02:00
Dominique RIGHETTO
9763b2a76d
Add www folder 2020-05-23 11:37:49 +02:00
Dominique RIGHETTO
6350b61e1d
Add missing ending / 2020-05-23 11:36:17 +02:00
Dominique RIGHETTO
e790c509b8
Ass html folder 2020-05-23 11:34:37 +02:00
pbafe
888cdaa13a
Create Django.txt 
Updated on April 20th, the contents include all the files of Django between version 3.0.5 and 2.1
 2020-05-09 10:53:35 +02:00
g0tmi1k
86c6e6314f
Merge pull request #430 from cnotin/patch-1 
Add .well-known entries

Source: 
- https://gist.github.com/quickbreach/3bddfdf193b3d988b0e07d07dbac0da0
- https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
- https://mercure.rocks/spec#discovery
 2020-05-08 12:07:45 +01:00
g0tmi1k
47e882f5d9
Merge pull request #405 from soufianetahiri/patch-1 
add swagger path
 2020-05-08 12:06:57 +01:00
Clément Notin
123be76ca1
Add .well-known entries 2020-05-08 01:14:12 +02:00
0verflowme
ffc8d2bf32
Update common.txt 2020-05-03 19:53:03 +05:30
Moritz
fbab21e873 Added default Directory-Wordlist from Dirbuster 2020-04-28 16:48:25 +02:00
alisabzeghabaei
4efdac9a7e
some new php backdoor names. 
new backdoor name added from https://github.com/JohnTroony/php-webshells repository.
 2020-04-27 03:51:20 +04:30
pbafe
5a8df75c4b
Create Drupal.txt 2020-04-16 20:33:25 +02:00
Wellington Moraes
83a500c9d4 renamed to correct name 2020-04-07 08:52:35 -03:00
Soufiane Tahiri
c368fc5f80
add swagger path 2020-04-02 12:06:36 +02:00
Tibo-le-canard
697537b256
Adding actuator endpoints 2020-04-01 14:53:34 +02:00
socketz
c51120382e
Added wp-content/debug.log 2020-03-30 15:18:48 +02:00
Alexandre ZANNI
220d997033 fix architecture 
fix https://github.com/danielmiessler/SecLists/issues/398
 2020-03-16 14:44:20 +01:00
reydc
1fb8561d9c
Update graphql.txt 2020-02-23 10:20:31 -03:00
Dominique RIGHETTO
cb37e5b03d
Create reverse-proxy-inconsistencies.txt 2020-01-22 09:03:34 +01:00
Dominique RIGHETTO
44b3fdedf2
Add entries from a blog about content discovery in API 
Blog url: https://blog.jonlu.ca/posts/experiments-and-growth-hacking
 2020-01-03 16:22:45 +01:00
Dominique RIGHETTO
f7314e9c34
Add entry from Portswigger WebAcademy 
Entry found in labs from https://portswigger.net/web-security/access-control
 2019-12-29 11:50:12 +01:00
Camas
eb2cd4518a Remove extra newline 2019-11-08 23:32:46 +00:00
Camas
a7184dd1f7 Fix line endings 2019-11-08 15:09:15 +00:00
Dominique RIGHETTO
9f94cae21b
Add local ports for scan 2019-10-21 17:49:56 +02:00
Tonimir Kisasondi
b472dfc528
added jolokia 
See https://jolokia.org/

Gets exposed in combination with springboot.
 2019-10-13 22:04:35 +02:00
Dominique RIGHETTO
5c917b1cba
Add dictionary for GraphQL 
Help to detect GraphQL endpoint
 2019-10-11 17:19:05 +02:00
Dominique RIGHETTO
b93f54f4fb
Add VIM and NANO backup file 2019-10-11 15:55:38 +02:00
XalfiE
5d2567ab0e
Oracle EBS wordlist addition 
Oracle EBS wordlist addition
 2019-10-07 13:12:51 +03:00
Tonimir Kisasondi
7afc0c42a7
adds mappings and restart 
This list is missing mappings and restart. Just added them.
 2019-10-03 10:11:17 +02:00
Dirk Wetter
3ce96b82d4
Update with entries from Wikipedia 
...see https://en.wikipedia.org/wiki/List_of_/.well-known/_services_offered_by_webservers
 2019-10-02 21:35:58 +02:00
Dirk Wetter
d7bf9b91bd
Add some .well-known dir entries 
*  Add 1x apple-app-site-association, as it also can appear in docroot: https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html

  *  put .well-known in alphabetical order

  * Added more from IANA registry: https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml

There might be still more URI -- Apple didn't seem to have registered their URI either at IANA either (process see  https://tools.ietf.org/html/rfc5785#5.1).)
 2019-09-30 15:47:38 +02:00
g0tmi1k
7148816422
Merge branch 'master' into master 2019-09-30 10:47:53 +01:00
g0tmi1k
ed0e6e1e1e
Merge pull request #343 from draguntsow/patch-1 
Create a wordlist of Modx Revolution CMS packages

Source: https://modx.com/
 2019-09-30 10:44:43 +01:00
Nikos Gk
dcf5d8162c
Update with missing common endpoints 
Update list following discussion on Twitter: https://twitter.com/NahamSec/status/1177672652011343873
 2019-09-28 19:20:35 +03:00
draguntsow
ddb5adf3d5
Create a wordlist of Modx Revolution CMS packages 
The list of plugins is collected from the info provided on the official site.
 2019-09-27 15:38:49 +03:00
dotan3
95df7943d6 Add Laravel related urls 2019-09-25 11:32:24 +02:00
Adrien
4d0073c4cd
Added new files path 2019-08-17 23:29:16 +02:00
g0tmi1k
162c2ee368
Merge pull request #328 from hisxo/patch-1 
Create symfony wordlist (for LFI/Path Traversal)

Source: https://github.com/hisxo/wordlist
 2019-08-13 04:36:15 -07:00
Eric Range
93e236b118
Update quickhits.txt 2019-08-13 10:21:15 +02:00
Eric Range
a71d0b11fd
new config file locations 
config files for the "Damn Vulnerable Web Application (DVWA)" app.
 2019-08-13 10:18:39 +02:00
BlackPearl01
07dd8118ad
Create symfony wordlist (for LFI/Path Traversal) 
Hello,

I created this wordlist because I had a Path Traversal vulnerability in an environment with Symfony. This wordlist has helped me a lot and I hope she can help others.

Adrien
 2019-08-03 22:01:45 +02:00
Alexander Bridges
4cdabd6555
add Dot CMS login endpoint 
source: https://dotcms.com/docs/latest/logging-into-dotcms
 2019-07-28 02:57:16 +03:00
Alexander Bridges
b0a709be71
add weevely.php shell endpoint 2019-07-26 14:55:28 +03:00
Alexander Bridges
09e93df441
add /phpmyadmin/ endpoints 2019-07-20 23:56:12 +03:00
Alexander Bridges
c5c705134f
Sitecore CMS endpoints 
#### Sources:

Sitecore CMS:  https://www.sitecore.com/

Sensitive endpoints: https://doc.sitecore.com/developers/90/platform-administration-and-architecture/en/deny-anonymous-users-access-to-a-folder.html

Sitecore docs:  
https://doc.sitecore.com/legacy-docs/SC72/sitecore-web-service-sc65-a4.pdf
https://doc.sitecore.com/SdnArchive/upload/sitecore7/75/sitecore_security_hardening_guide-sc75-usletter.pdf
 2019-07-05 19:14:54 +03:00
Alexander Bridges
eae5072a6e
add bower.json dependencies file 
Contains sensitive info
https://zellwk.com/blog/bower/
 2019-07-05 18:53:08 +03:00
Alexander Bridges
ee0e0b01a5
few login endpoints 2019-07-05 18:50:29 +03:00
g0tmi1k
c9a56c3fe0
Merge pull request #312 from g0tmi1k/richelieu 
Add richelieu
 2019-07-03 14:11:25 +01:00
g0tmi1k
ad53a28ba0 Rename a few filesto match 2019-07-03 14:11:00 +01:00
waawaa
4a5f06c053
Missing paths with known RCE vulnerabilities 
Some paths are missing which have known RCE vulnerabilities
 2019-07-02 09:31:42 +02:00
g0tmi1k
7f083ceb07 Close #217 - Add api_wordlist 
Source: https://github.com/chrislockard/api_wordlist
 2019-05-08 12:22:03 +01:00
g0tmi1k
9239f0a284 find . -name '*_*' -exec rename 's/_/-/g' "{}" \; 2019-05-08 11:54:39 +01:00
g0tmi1k
a65f6bd665 Close #291 - Fix encoding issues 
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
 2019-05-08 11:04:00 +01:00
g0tmi1k
8e1f1ae56a Close #294 - Add /weblogic/ready 2019-05-07 18:20:26 +01:00
Ricardo
6d15c05bc4
Include .well-known/apple-app-site-association 
Include .well-known/apple-app-site-association
Ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
 2019-04-12 16:25:47 +01:00
toxydose
3251b35d54 update login endpoints 2019-04-10 15:54:03 +03:00
toxydose
6aa736a75a ShoreTel Connect login page GHDB-ID:5172 2019-04-10 15:47:27 +03:00
toxydose
94cc83dbda add endpoints without trailing slashes 2019-04-10 15:42:15 +03:00
g0tmi1k
12751dbbf0 Fix #288 - Add graphql 
Source: https://graphql.org/learn/serving-over-http/
 2019-04-10 13:18:25 +01:00
g0tmi1k
ed69bd3738
Merge pull request #282 from drwetter/master 
Suggestion to avoid license files to be added per accident
 2019-03-19 09:30:26 +00:00
Dirk Wetter
9da980c4da Suggestion to avoid license files to be added per accident 
Some license files carry the extension .txt which requires
a thorough look to distinguish them from payloads with the
same extension.
 2019-03-19 10:20:36 +01:00
Zawadi Done
eca7232058
Update IIS.fuzz.txt 
https://twitter.com/mrr0y4l3/status/1106602488495525888?s=12
 2019-03-18 20:00:54 +01:00
Dirk
cea5abf93d Adding more springboot entrypoints 2019-03-17 11:47:50 +01:00
g0tmi1k
6830bbe052
Merge pull request #278 from tkisason/patch-1 
Update spring-boot.txt

Source: https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
 2019-03-16 20:31:21 +00:00
ArgentEnergy
7fa417a3d5 Added more AEM paths. 2019-03-15 21:43:31 -03:00
ArgentEnergy
ae88fbed37 Added Swagger paths. 2019-03-15 21:18:17 -03:00
Tonimir Kisasondi
eaccabd89a
Update spring-boot.txt 2019-03-15 22:37:48 +01:00
Tonimir Kisasondi
61b92c599d
Update spring-boot.txt 
Added some other paths according to:
https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
 2019-03-15 22:26:08 +01:00
Andrei Conache
807b08a7eb
add /admin-console directory 2019-02-08 17:16:37 +01:00
g0tmi1k
8f3802fd51
Merge pull request #262 from g0tmi1k/websphere 
Fix #255 - Add more wps
 2019-01-07 15:55:58 +00:00
g0tmi1k
758842d94f Fix #255 - Add more wps 2019-01-07 15:55:10 +00:00
g0tmi1k
5e1dc9cc79 Fix #259 - Recover from bad merge 2019-01-07 15:40:56 +00:00
Daniel Miessler
778b16115f Added https://github.com/g0tmi1k to the project leaders list. 2018-12-31 11:53:56 -08:00
toxydose
5e043e22ba merged FatwireCMS.fuzz.txt fatwire.txt 2018-12-11 04:32:05 +02:00
toxydose
24c955345f contains the same, and less than FatwireCMS.fuzz.txt 2018-12-11 04:12:44 +02:00
toxydose
4bda908742 merged two domino endpoints files 2018-12-11 04:01:38 +02:00
toxydose
82671ffafc add login.html endpoint 2018-12-11 02:27:08 +02:00
toxydose
dd08d4aacb merged two IIS wordlists, deleted file. 2018-12-08 17:22:44 +02:00
toxydose
c638cb3055 File containing the same strings that are included to jboss.txt 2018-12-08 17:05:37 +02:00
toxydose
6aedd5e95d deleted duplicate file vignette.txt that duplicates Vignette.fuzz.txt but do not contains slashes 2018-12-08 17:01:56 +02:00
toxydose
1182e89d55 delete file containing duplicate entries from netware.txt 2018-12-08 16:58:00 +02:00
toxydose
ea352ed2ce - sorted alphabetically 
- removed duplicates
- merged unique with "ColdFusion.fuzz2.txt"
- deleted "ColdFusion.fuzz2.txt"
 2018-12-07 16:22:34 +02:00
toxydose
412153b437 add Atlassian Confluence login endpoints 
Reference: https://confluence.atlassian.com/doc/customizing-the-login-page-163938553.html
 2018-12-06 00:56:47 +02:00
toxydose
277b243d61 add slashes. Some servers are redirecting from folders without slashes to folders with slashes in the end of URI, and 302 is returned instead of 200 2018-12-02 02:39:55 +02:00
toxydose
aac5204f75 add clientaccesspolicy.xml and crossdomain.xml files which are usually contains unsafe wildcarded configurations. 2018-12-02 02:23:41 +02:00
tomcodes
613af9601e Add HashiCorp Vault GUI default URL to quickhits.txt 2018-11-21 16:11:47 +01:00
tomcodes
ff8406d36b Add sonar-project.properties file to quickhits.txt 2018-11-21 15:54:22 +01:00
tomcodes
214a277412 Add AWS CodeDeploy appspec.yml file to quickhits.txt 2018-11-21 15:21:42 +01:00
Alexander Bridges
a53dae2a76
Add /wp-json/wp/v2/users 
Add /wp-json/wp/v2/users WP REST API endpoint which exposes sensitive information - list of all WP users, which could be used for brute-force attacks.
 2018-10-31 23:27:00 +02:00
Alexander Bridges
dbfa5e2b1e
Add some WP rest API endpoints 
reference: http://v2.wp-api.org/
 2018-10-31 23:19:31 +02:00
Alexander Bridges
85cc7eeadf
Added cpanel login page 
reference: https://www.webhostinghub.com/help/learn/cpanel/getting-started/how-to-login-to-cpanel
 2018-10-30 01:00:31 +02:00
g0tmi1k
3327ec8b40
Merge pull request #229 from drwetter/patch-1 
Correct 1 typo in typo3 login ;-)
 2018-10-23 12:53:05 +01:00
Dirk Wetter
e8b1df5f84
Correct 1 typo in typo3 login 
/typo3/in is IMHO not the login.
 2018-10-23 13:50:09 +02:00
Alexander Bridges
2ced567e86
Add Wordpress and Shopware login pages 
Added common Wordpress and Shopware CMS's login forms.

References:
https://premium.wpmudev.org/blog/find-wordpress-login/
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/wordpress.fuzz.txt
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/shopware.txt
 2018-10-23 13:46:26 +03:00
Alexander Bridges
5a88be0c4f
Add Shopware common sensitive files wordlist. 
Shopware is open source e-commerce software 
https://github.com/shopware/shopware 
Shopware wordlist was not presented in this directory. The file should be improved and expanded
 2018-10-17 17:19:53 +03:00
g0tmi1k
d68ba5f9ed Rename "_" -> "-" & found a few new homes 2018-10-15 13:08:10 +01:00
CyberSemtex
a9e9e80884 Deleted the params and functions wordlists. Merged the boring_headers and headers file together then created a version with uppercases 1st letters (including after dashes) and a full uppercase version. Every file have been sorted with -u option to delete duplicates. Hit me up if you find something wrong. 2018-10-04 23:46:58 +02:00
CyberSemtex
a2f0c2cb00 Added the wordlists from param-miner extension of BurpSuite by @albinowax 2018-10-04 23:45:21 +02:00
objectified
bc97ca41f5 added wordlist for Spring Boot (Actuator) 2018-08-23 20:22:01 +02:00
g0tmi1k
201e2abfb5 Close #195 - Confluence administration 
Source: https://confluence.atlassian.com/doc/using-apache-to-limit-access-to-the-confluence-administration-interface-216433019.html
 2018-07-05 07:21:57 +01:00
g0tmi1k
3f79d071ce Quick move about 2018-03-21 17:47:29 +00:00
g0tmi1k
c524f768bf Close #148 - More Lotus Domino 
Source: https://github.com/danielmiessler/SecLists/issues/148
Source: 6300758c46/modules/auxiliary/scanner/lotus/lotus_domino_version.rb
Source: 583d0a5ade/domi_owned/fingerprint.py (L60-L72)
 2018-03-21 17:07:45 +00:00
g0tmi1k
2ff356ee2a Add domi-owned 
Source: https://github.com/coldfusion39/domi-owned
 2018-03-21 17:04:37 +00:00
g0tmi1k
df9697d189 Add Domino-Hunter 
Source: https://sourceforge.net/projects/dominohunter/
 2018-03-21 16:59:57 +00:00
g0tmi1k
7a9a7c6c35 Close #135 - Default web roots (WIP!) 2018-03-21 16:50:02 +00:00
g0tmi1k
2b697209a8 Close #127 - Merge similar WebLogic files 
Command:
cat Weblogic.fuzz.txt weblogic.txt | sed -e 's/^\///' -e 's/ $//' | sort -u | sed -e 's/^/\//' > /tmp/weblogic.txt; mv {/tmp/,}weblogic.txt
cat Websphere.fuzz.txt websphere.txt | sed -e 's/^\///' -e 's/ $//' | sort -u | sed -e 's/^/\//' > /tmp/websphere.txt; mv {/tmp/,}websphere.txt
 2018-03-21 16:44:33 +00:00
g0tmi1k
bddd77825e Close #145 - Update Common_PHP_Filenames.txt (admin*.php) 2018-03-21 16:14:59 +00:00
g0tmi1k
1863878864 Close #153 - Update ApacheTomcat.fuzz.txt 2018-03-21 16:10:27 +00:00
g0tmi1k
1e13b9dc15 Close #177 - Update apache.txt (Add php.ini) 2018-03-21 16:03:59 +00:00
Daniel Miessler
befbd5b20d
Merge pull request #168 from tomcodes/master 
Add gitlab related urls to quickhits.txt
 2018-03-19 19:14:58 -07:00
g0tmi1k
08f12147a3 Add "-" to split up words, moved files since PR accepted 
- PRs: #122, #123, #125, #126, #136, #146, #149, #162, #174, #176
 2018-03-05 10:30:27 +00:00
Thomas Arthus
4f664bb240 Merge remote-tracking branch 'upstream/master' 2018-03-05 10:48:09 +01:00
g0tmi1k
b794d53a28 Add "Web-Shells" 2017-12-20 16:32:34 +00:00
g0tmi1k
25d4ac447e rename 's/_/-/g' 2017-08-23 14:55:06 +01:00