Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2025-12-15 21:34:10 +01:00
Code Issues Projects Releases Wiki Activity
4935 commits 2 branches 30 tags 2.3 GiB
Commit graph

293 commits

Author SHA1 Message Date
ipentest
b2cf6971c9 Add ipentest to contributors 2020-02-12 11:46:44 -05:00
S7X Deckard Case
b8e87ad36c Added the entire XSS Cheat Sheet of PortSwigger, their HTML events and tags. 2019-11-18 09:33:26 +01:00
Camas
eb2cd4518a Remove extra newline 2019-11-08 23:32:46 +00:00
Camas
a7184dd1f7 Fix line endings 2019-11-08 15:09:15 +00:00
Parth Malhotra
01b280755c
Create 1-4_all_letters_a-z.txt 2019-11-07 21:50:55 +05:30
Luke Anderson
68f8d60da5
Fix Fuzzing Types (Fixes #339) 2019-10-05 00:35:43 +09:30
g0tmi1k
327cc859ee Quick rename 2019-08-13 12:50:53 +01:00
g0tmi1k
5bbc1e6fe3 Close #329 - Bo0oM's fuzz.txt 
Source: https://github.com/Bo0oM/fuzz.txt
 2019-08-13 12:50:20 +01:00
g0tmi1k
3fc464d156 Add XSS without parentheses and semi-colons 
Source: https://portswigger.net/blog/xss-without-parentheses-and-semi-colons
 2019-05-22 12:15:42 +01:00
g0tmi1k
9239f0a284 find . -name '*_*' -exec rename 's/_/-/g' "{}" \; 2019-05-08 11:54:39 +01:00
g0tmi1k
a65f6bd665 Close #291 - Fix encoding issues 
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
 2019-05-08 11:04:00 +01:00
g0tmi1k
7b1f14989c Quick move about 2019-04-12 13:52:47 +01:00
g0tmi1k
3f2c0d33d2 Quick clean up of locations 2019-04-10 13:22:39 +01:00
g0tmi1k
12751dbbf0 Fix #288 - Add graphql 
Source: https://graphql.org/learn/serving-over-http/
 2019-04-10 13:18:25 +01:00
g0tmi1k
b9483d00b7 Sort out a few more filenmae issues 2019-04-10 11:32:07 +01:00
g0tmi1k
437478ce7b Fix #284 #285 - useragents-ie.txt 2019-04-10 10:19:12 +01:00
Alexandre ZANNI
cfe4b16023
Update LFI-JHADDIX.txt 
fix typo + add 1 entry
 2019-03-10 17:11:22 +01:00
Infected Drake
0400e0bbc1
A wrong payload corrected 
The payload on line 18 contains a misspelled event handler `OnpOinTeReENer`. Corrected it properly.
 2019-02-09 12:13:28 +05:30
g0tmi1k
7ed3f897df
Merge pull request #237 from s0md3v/patch-1 
+5 payloads, some enhancements
 2019-01-08 18:11:33 +00:00
Prinzhorn
1eae4d51f0 Strip HTML from LFI-LFISuite-pathtotest-huge.txt 2018-12-18 10:13:49 +01:00
g0tmi1k
47b1829910
Merge pull request #241 from g0tmi1k/ua 
Added various User Agent strings
 2018-11-26 10:09:44 +00:00
g0tmi1k
b99b0ed28f Added various User Agent strings 
Source: https://developers.whatismybrowser.com/useragents/explore/
 2018-11-26 09:56:22 +00:00
Somdev Sangwan
bb180d4e27
changed %3B to %26 (I'm sleep deprived sorry) 2018-11-21 14:53:27 +05:30
Somdev Sangwan
31167686f0
+5 payloads, some enhancements 2018-11-21 14:45:08 +05:30
Michael Henriksen
2dab37db43 Add best performing payloads from the XSS Polyglot Challenge 2018-11-01 07:37:16 +01:00
g0tmi1k
d68ba5f9ed Rename "_" -> "-" & found a few new homes 2018-10-15 13:08:10 +01:00
Somdev Sangwan
cebebee4b5
Create XSS-Somdev.txt 2018-10-15 02:13:17 +05:30
g0tmi1k
9f73b7e81a Add LFISuite 
Source: https://github.com/D35m0nd142/LFISuite
 2018-07-25 13:51:06 +01:00
Karan Saini
3911f92c82
Added numeric combinations 
Text files of numeric combinations (with leading zeros) for use during enumeration
 2018-04-08 00:54:51 +05:30
Daniel Miessler
25323690ce
Merge pull request #185 from ryan-wendel/master 
Update XSS-JHADDIX.txt
 2018-03-23 12:05:55 -07:00
Ryan Wendel
619f3afb71
Update XSS-JHADDIX.txt 
Removed offensive term from wordlist.
 2018-03-23 10:01:05 -06:00
g0tmi1k
3f79d071ce Quick move about 2018-03-21 17:47:29 +00:00
g0tmi1k
5278477235 Close #106 - XXE-Fuzzing / Grep PHP Auditing 2018-03-21 17:19:17 +00:00
g0tmi1k
401af588f6 Close #88 - Fuzzing List Integer fields 
Source: https://github.com/arvinddoraiswamy/mywebappscripts/blob/master/FuzzLists/numeric_fields_only.txt
 2018-03-21 16:30:38 +00:00
g0tmi1k
7b6b792312 Close #69 - Fix SQLi Polyglot 
Source: https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/

Source: https://twitter.com/SymbianSyMoh/status/707685783801454594
 2018-03-21 16:29:03 +00:00
g0tmi1k
9ae73c2ceb Add "Big List of Naughty Strings" 
Source: https://github.com/minimaxir/big-list-of-naughty-strings
 2018-03-21 16:20:10 +00:00
g0tmi1k
26cf832f9d Close ##152 - PHP base64 filter file read (XXE_Fuzzing) 2018-03-21 16:13:09 +00:00
g0tmi1k
d2282eee97 Added ] in (Fix #131) 2018-03-07 11:46:03 +00:00
g0tmi1k
7611257a60 Quick rename of files 2018-03-05 11:03:11 +00:00
g0tmi1k
7a55e1871c Remove pointless files. 2018-03-05 09:52:00 +00:00
Daniel Miessler
49a6d721ff
Merge pull request #128 from g0tmi1k/structure 
Structure Clean Up
 2018-03-04 12:23:06 -08:00
Daniel Miessler
7cf6e78ff5 Addded Darkweb 10,100,1K,10K to Passwords. 2018-01-02 21:46:14 -08:00
g0tmi1k
25d4ac447e rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
g0tmi1k
a97be9373e Started sorting "Miscellaneous/" & "Fuzzing/" 2017-07-11 13:53:16 +01:00
g0tmi1k
6f69a35b5e Started clean up on "Discovery/Web_Content" 2017-07-11 13:36:01 +01:00
Jason Haddix
02b09becc3 Rename NoSQL to NoSQL.txt 2017-06-28 11:25:52 -07:00
Jason Haddix
46de2f6727 Create NoSQL 2017-06-28 11:25:16 -07:00
Daniel Miessler
ffce0051e4 Merge pull request #113 from ilyaglow/fix/bitquark-subdomains-location 
Move bitquark subdomains list to Discovery
 2017-05-11 21:51:25 -04:00
Daniel Miessler
7b131262e6 Merge pull request #110 from sneakerhax/add-useragents-ie 
Add useragents-ie
 2017-05-11 21:51:00 -04:00
Daniel Miessler
9aab1014e9 Merge pull request #92 from alexlauerman/master 
Improved test cases
 2017-05-11 21:47:55 -04:00
Ilya Glotov
2f921032f0
Move bitquark subdomains list to Discovery 2017-04-07 16:15:55 +03:00
Sneakerhax
d1b104a46f Add useragents-ie 2017-03-06 15:04:31 -08:00
Alex Lauerman
382c44dd97 Improved test cases 
Includes parameter entities and OOB test case.
 2016-10-29 20:11:36 -05:00
Daniel Miessler
b012b32ee4 Added 0xsobky's Ultimate XSS Polyglot. 2016-07-20 10:54:35 -07:00
Daniel Miessler
4cd6f77ac1 Added Bitquark's Top 100K Subdomains. 2016-07-20 10:50:27 -07:00
Daniel Miessler
b4f21b34f5 Added BruteLogic's XSS strings. 2016-07-20 10:02:28 -07:00
Daniel Miessler
601038eb4e Added @Brutelogic's brilliant XSS Cheatsheet. 2016-07-13 12:58:49 -07:00
g0tmi1k
457997fd6a Changing permissions to everything matches - 0644 2016-05-17 12:04:45 +01:00
Daniel Miessler
486d847fd7 Merge pull request #41 from lukebeer/master 
commix.py INJECT_HERE payloads, all credits & thanks to commix devs.
 2016-01-04 13:26:39 -08:00
Jason Haddix
1d1030ec28 Create XXE_Fuzzing.txt 2015-11-27 15:51:45 -08:00
lukebeer
68c75f1c5d commix.py INJECT_HERE payloads, all credits & thanks to commix devs. 2015-11-09 14:35:06 +00:00
Jason Haddix
34aaaa98a3 Update SQLi_Polyglots.txt 2015-11-03 12:51:43 -08:00
Daniel Miessler
5504f74836 JSON fuzzing list submitted by Danny Chrastil. 2015-09-08 21:18:33 -07:00
Daniel Miessler
cafd775959 Added addition XSS polyglot. 2015-08-18 04:36:13 -07:00
Daniel Miessler
44d69f4678 Added XSS polyglots from polyglot.innerht.ml 2015-08-18 04:34:39 -07:00
Daniel Miessler
7690b959ec Moar directory motionz. 2015-08-04 10:53:50 -07:00
Daniel Miessler
32591928bd Added XSS vectors. 2015-06-11 15:10:12 -07:00
Daniel Miessler
fa2fd76540 Updated polyglot list. 2015-03-12 23:37:55 -07:00
Daniel Miessler
4a11eb48b1 Added polyglots. 2015-03-12 23:36:01 -07:00
JT
8c76412dac Update JHADDIX_LFI.txt 2015-01-26 20:22:10 +08:00
Jay Turla
726901c931 Create LDAP_FUZZ.txt 2014-11-19 15:31:08 +08:00
Jay Turla
39802ff82f Update XML_FUZZ 2014-11-19 15:27:31 +08:00
Jay Turla
3570ebcd2f Update XML_FUZZ 
Adding some payloads
 2014-11-19 15:21:10 +08:00
Jason Haddix
73c85e7d64 Create XML_FUZZ 2014-07-28 08:11:08 -07:00
Jason Haddix
6fae683c4d Update JHADDIX_FORMATSTRING 2014-07-28 08:06:35 -07:00
Jason Haddix
f0683ecead Create JHADDIX_FORMATSTRING 
initial dump
 2014-07-27 05:44:08 -07:00
Jason Haddix
2eaeada471 Update Generic_SQLi 2014-07-23 03:48:38 -07:00
Jason Haddix
13e3bbb403 Create Generic_SQLi 
cant remember where this is from =/
 2014-07-23 03:42:58 -07:00
jhaddix
96910294b0 Create JHADDIX_HTML5sec_Injections.txt 
initial HTML5Sec list
 2014-06-29 10:46:13 -07:00
Daniel Miessler
9dc0d15475 Added top 100 adobe passwords. 2013-12-21 10:18:08 -06:00
jhaddix
1574930a75 updated LFI list and added laudanum shells 2013-03-15 15:44:46 -07:00
jhaddix
0e3255e359 removed offending spaces 2013-03-12 12:56:21 -07:00
jhaddix
951ea38c65 LFI List 2013-03-12 12:02:43 -07:00
jhaddix
b258cbf37c XSS Strings with context 
XSS Strings with context iformation for those who want to know wtf the
xss is trying to do.
 2013-03-12 11:55:39 -07:00
jhaddix
026561d226 SSI Injections 2013-03-12 11:46:37 -07:00
jhaddix
e0e9382ea4 Revert "Revert "renamed"" 
This reverts commit d4f558be88.
 2013-03-12 11:40:46 -07:00
jhaddix
d4f558be88 Revert "renamed" 
This reverts commit 38ea38d9c5.
 2013-03-12 11:38:21 -07:00
jhaddix
38ea38d9c5 renamed 2013-03-12 11:12:52 -07:00
jhaddix
a2181239c9 Chnages naming structure 2013-03-12 11:09:21 -07:00
jhaddix
7a45990b37 Create advanced_xss_jhaddix.txt 
A list I've compiled from various sources, some from the html5sec.org challenge, so slight modifications may be necessary.
 2013-02-05 21:59:13 -08:00
Daniel Miessler
b9e6418c48 Many additions to the repository... 2012-08-26 20:04:09 -07:00
Daniel Miessler
90c26a2558 Changed name of SS fuzzing list... 2012-05-21 22:04:45 -07:00
Daniel Miessler
c6491fc635 Added fuzzing list from SkullSecurity... 2012-05-21 22:03:34 -07:00