Adam Katora
|
3f7ca8a35d
|
Add .hta to web-extensions.txt
|
2023-02-25 21:09:55 -05:00 |
|
blaidd
|
f06a8c5061
|
remove old invalid entries of swagger-ui
|
2023-02-11 03:55:38 -03:00 |
|
Blaidd
|
74da3d7c8c
|
add **swagger-ui/ path
|
2023-02-09 10:57:16 -03:00 |
|
Mohammed Diaa
|
ca01196bc3
|
Use more descriptive names for Trickest wordlists
|
2023-01-16 13:58:06 +02:00 |
|
0x08
|
2b4afcc59e
|
chore: Add new entries
|
2023-01-05 22:20:49 +03:00 |
|
Dominique RIGHETTO
|
5501ad52c3
|
Add server.js extension
|
2022-12-22 15:09:37 +00:00 |
|
Dominique RIGHETTO
|
aed62548a5
|
Reset to remote master state
|
2022-12-22 15:05:08 +00:00 |
|
Dominique RIGHETTO
|
ab0fba3838
|
Add .server.js extension
|
2022-12-21 19:15:32 +00:00 |
|
sean
|
07e50c34d3
|
Adding wordlist for DotNetNuke resources
|
2022-12-20 14:18:21 -06:00 |
|
GitHub Action
|
8d45daf9fe
|
[Github Action] Updated combined_words.txt
|
2022-11-27 17:44:18 +00:00 |
|
Dominique RIGHETTO
|
506027e8a9
|
Enrich content
|
2022-11-27 18:43:11 +01:00 |
|
Krzysztof Zając
|
0665d0fe72
|
Fresher backups in Discovery/Web-Content/quickhits.txt
|
2022-11-25 13:32:56 +01:00 |
|
Mohammed Diaa
|
28f570631a
|
Add Trickest-Technologies wordlists
|
2022-11-23 13:10:46 +02:00 |
|
Mohammed Diaa
|
d806325fe8
|
Add Trickest-Robots wordlists
|
2022-11-23 13:09:58 +02:00 |
|
Ignacio J. Perez Portal
|
c859bc7d3d
|
Merge branch 'master' into dsstore
|
2022-11-23 04:21:05 +00:00 |
|
g0tmi1k
|
7575cbdf93
|
Merge pull request #828 from CountablyInfinite/master
Added content discovery for Liferay DXP default portlets
|
2022-11-22 12:24:31 +00:00 |
|
g0tmi1k
|
88552f1608
|
Merge pull request #804 from 0xbuz3R/patch-1
Update js.txt
|
2022-11-22 12:16:37 +00:00 |
|
g0tmi1k
|
ca9d413d7e
|
Merge pull request #813 from abhishekmorla/master
added new backupfiles in wordpress fuzz list
Source: https://www.linkedin.com/feed/update/urn:li:activity:6979486318774923264/
|
2022-11-22 12:14:19 +00:00 |
|
g0tmi1k
|
8d52809a0a
|
Merge pull request #812 from tacticthreat/patch-1
Create hashicorp-consul-api.txt
Source: HashiCorp documentation
|
2022-11-22 12:13:03 +00:00 |
|
g0tmi1k
|
e870061b86
|
Merge pull request #811 from tacticthreat/patch-2
Create salesforce-aura-objects.txt
Source: Salesforces' documentation
|
2022-11-22 12:12:18 +00:00 |
|
g0tmi1k
|
4296f91216
|
Merge pull request #810 from gypsydiver/wp-plugins-update
add site-editor and mail-masta to wp-plugins.fuzz.txt
|
2022-11-22 12:11:39 +00:00 |
|
g0tmi1k
|
517c44b24e
|
Merge pull request #808 from InTruder-Sec/master
Added more API directories for web application enumeration
|
2022-11-22 12:10:51 +00:00 |
|
g0tmi1k
|
2ce0271683
|
Merge pull request #807 from righettod/feature_update_springboot
[spring-boot.txt] Add new endpoints
- https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.actuator.management.server.base-path
- https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints
|
2022-11-22 12:09:25 +00:00 |
|
g0tmi1k
|
76d436287d
|
Merge pull request #805 from its0x08/patch-1
chore: Add WEB-INF list
Source:
- https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
- https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
|
2022-11-22 12:08:32 +00:00 |
|
g0tmi1k
|
ad20e71dbc
|
Merge pull request #801 from righettod/feature_adobe_aem
[AdobeCQ-AEM.txt] Cleanup and enrichment.
Source:
- https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security-checklist.html#restrict-access
- https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-configuration.html?lang=en#testing-dispatcher-security
|
2022-11-22 12:05:49 +00:00 |
|
g0tmi1k
|
2752f1bf21
|
Merge pull request #746 from cyberpathogen2018/patch-1
Fixed typo on line 26
Source: https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
|
2022-11-22 12:00:42 +00:00 |
|
CountablyInfinite
|
59ca9892ba
|
added content discovery for liferay dxp portlets
|
2022-11-17 20:19:41 +01:00 |
|
PinkDev1
|
6362c3e275
|
Added dsstorewordlist.txt
|
2022-11-08 19:15:13 -03:00 |
|
RR
|
aacc4cd2c1
|
Removed duplicate entries
applied unique to the wordlist removing any duplicates from list
|
2022-10-20 11:31:56 -04:00 |
|
RR
|
69388e96f9
|
Update hashicorp-consul-api.txt
removed two comment lines
|
2022-10-03 14:54:49 -04:00 |
|
RR
|
5c356da2f6
|
Update salesforce-aura-objects.txt
removed comment lines
|
2022-10-03 13:24:28 -04:00 |
|
abhishekmorla
|
6f8c6e9226
|
added new backupfiles in wordpress fuzz list
|
2022-09-25 23:08:54 +05:30 |
|
RR
|
4bc885b5dd
|
Create salesforce-aura-objects.txt
|
2022-09-15 14:44:34 -04:00 |
|
RR
|
960a60fa44
|
Create hashicorp-consul-api.txt
|
2022-09-15 14:41:28 -04:00 |
|
Fernando Mendoza
|
62a7e2bf18
|
add site-editor and mail-masta
|
2022-09-15 04:06:39 +02:00 |
|
0x08
|
9aa9cbe8d8
|
chore: Add entry to the README.md
|
2022-09-11 20:29:45 +03:00 |
|
Deep Dhakate
|
e987cfe049
|
Update README.md
|
2022-09-09 16:51:28 +05:30 |
|
Deep Dhakate
|
d923f12bc2
|
Update README.md
|
2022-09-08 13:08:14 +05:30 |
|
Deep Dhakate
|
ec1bc6a782
|
Add files via upload
|
2022-09-08 13:05:55 +05:30 |
|
Dominique RIGHETTO
|
94f9cd4103
|
Add missing ones from last doc versions
|
2022-09-05 18:29:15 +02:00 |
|
Dominique RIGHETTO
|
390477fdc5
|
Add endpoints
|
2022-09-05 18:19:14 +02:00 |
|
0x08
|
a8b1094090
|
chore: Add WEB-INF list
## Add `WEB-INF` list.
Used to test LFI on j2ee webapps.
### Reference:
- [https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3](https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3)
- [https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml](https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml)
- [https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java](https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java)
|
2022-08-30 22:26:05 +03:00 |
|
d3xt4r
|
5ef677051c
|
Update js.txt
|
2022-08-27 01:14:03 +05:30 |
|
Dominique RIGHETTO
|
dadb6f6ebc
|
Cleanup and enhancement
|
2022-08-08 18:28:59 +02:00 |
|
Rodolfo Tavares
|
2a5e2b03a9
|
Spring Boot RCE involving JMX enabled
Extracted from https://github.com/pyn3rd/Spring-Boot-Vulnerability#0x05-spring-boot-rce-involving-jmx-enabled
|
2022-08-03 12:18:24 -03:00 |
|
GitHub Action
|
ef791ad197
|
[Github Action] Updated combined_directories.txt
|
2022-08-02 09:54:34 +00:00 |
|
g0tmi1k
|
507b65ef47
|
Merge pull request #701 from chashtag/master
Added more PHP web shells
|
2022-08-02 07:15:37 +01:00 |
|
g0tmi1k
|
4b2f826fed
|
Merge pull request #713 from TheQmaks/master
ISPSystem BillManager - list of api endpoints for hostings penetration tests
Source: https://docs.ispsystem.com/billmanager/developer-section/billmanager-api
|
2022-08-02 06:57:38 +01:00 |
|
g0tmi1k
|
593324addc
|
Merge pull request #767 from shelld3v/patch-10
Update dirsearch.txt
|
2022-08-02 06:45:45 +01:00 |
|
GitHub Action
|
1ef4dcb96e
|
[Github Action] Updated combined_words.txt
|
2022-08-02 05:34:58 +00:00 |
|
g0tmi1k
|
ce9f9588b7
|
Merge pull request #776 from ItsIgnacioPortal/fVersioning-systems
raft-small-words.txt: Added more source code versioning systems
Source: https://nitter.kavin.rocks/intigriti/status/1533050946212839424
|
2022-08-02 06:33:45 +01:00 |
|
g0tmi1k
|
ddd078f4ab
|
Merge pull request #781 from J-GainSec/patch-1
Create top-apk-params.txt
Source:
https://gist.github.com/nullenc0de/be4d0ac216ee4fecab5493555089b28d
https://twitter.com/nullenc0de/status/1425973675715612672
https://gist.github.com/nullenc0de/e9d1f2a8a0a38c9bfcb5bdb9fc7191ea
|
2022-08-02 06:28:30 +01:00 |
|
g0tmi1k
|
b949a69cca
|
Merge pull request #782 from J-GainSec/patch-2
Create sharepoint.txt
Source: https://github.com/GainSec/TreeHouse-Wordlists/blob/master/Microsoft%20SharePoint.txt
|
2022-08-02 06:26:49 +01:00 |
|
g0tmi1k
|
baa6e8599b
|
Merge pull request #783 from J-GainSec/patch-3
Create iis-systemweb.txt
Source: https://github.com/GainSec/TreeHouse-Wordlists/blob/master/IIS_Systemweb_fuzz-WL.txt
|
2022-08-02 06:25:56 +01:00 |
|
g0tmi1k
|
7fb9827bfc
|
Merge pull request #784 from J-GainSec/patch-4
Create forefront-identity-management
Source: https://raw.githubusercontent.com/GainSec/TreeHouse-Wordlists/master/Microsoft-Forefront-Identity-Management-2010.txt
|
2022-08-02 06:25:23 +01:00 |
|
g0tmi1k
|
1ebd15c9e5
|
Merge pull request #786 from J-GainSec/patch-5
Create uri-from-top-55-most-popular-apps.txt
Source:
https://github.com/danielmiessler/SecLists/pull/781#issuecomment-1168353194
https://twitter.com/nullenc0de/status/1425973675715612672
https://gist.github.com/nullenc0de/e9d1f2a8a0a38c9bfcb5bdb9fc7191ea
|
2022-08-02 06:22:46 +01:00 |
|
Dominique RIGHETTO
|
20cb80229b
|
Add ssh key file name
|
2022-08-02 06:19:51 +02:00 |
|
GitHub Action
|
51bad1c320
|
[Github Action] Updated combined_words.txt
|
2022-08-01 23:11:39 +00:00 |
|
Wouter Kobes
|
f752b04a32
|
Adds activation to common.txt
|
2022-07-23 16:42:03 +02:00 |
|
J-GainSec
|
cda67688e9
|
Update uri-from-top-55-most-popular-apps.txt
Removed a few useless entries
|
2022-06-29 11:10:56 +02:00 |
|
J-GainSec
|
76fbcb2289
|
Update sharepoint-ennumeration.txt
Removed any entries with // or /// and reran uniq
|
2022-06-29 11:00:16 +02:00 |
|
J-GainSec
|
cccdb40cef
|
Update sharepoint-ennumeration.txt
Removed double slashes
|
2022-06-28 21:34:27 +02:00 |
|
J-GainSec
|
00cb49844d
|
Update and rename sharepoint.txt to sharepoint-ennumeration.txt
Changed name
|
2022-06-28 21:32:55 +02:00 |
|
J-GainSec
|
77e7ea50cf
|
Update uri-from-top-55-most-popular-apps.txt
Removed leading slashes.
|
2022-06-28 21:30:54 +02:00 |
|
J-GainSec
|
0a09279658
|
Rename forefront-identity-management to forefront-identity-management.txt
|
2022-06-28 15:37:41 +02:00 |
|
J-GainSec
|
944a8deaf0
|
Create uri-from-top-55-most-popular-apps.txt
Removed trailing slashes
|
2022-06-28 15:17:38 +02:00 |
|
J-GainSec
|
8cf0fbdc71
|
Update and rename top-apk-params.txt to url-params_from-top-55-most-popular-apps.txt
Updated name
|
2022-06-28 15:15:08 +02:00 |
|
J-GainSec
|
06b0cddb2a
|
Create forefront-identity-management
Sourced from https://raw.githubusercontent.com/GainSec/TreeHouse-Wordlists/master/Microsoft-Forefront-Identity-Management-2010.txt
Wordlist for Microsoft Forefront Identity Management 2010
|
2022-06-27 19:25:35 +02:00 |
|
J-GainSec
|
6a191793da
|
Create iis-systemweb.txt
Sourced from https://github.com/GainSec/TreeHouse-Wordlists/blob/master/IIS_Systemweb_fuzz-WL.txt
A IIS /system_web/ wordlist.
|
2022-06-27 19:20:19 +02:00 |
|
J-GainSec
|
051d84c9e7
|
Create sharepoint.txt
Sourced from https://github.com/GainSec/TreeHouse-Wordlists/blob/master/Microsoft%20SharePoint.txt
A Microsoft Sharepoint wordlist
|
2022-06-27 19:18:05 +02:00 |
|
J-GainSec
|
9a6b80ed19
|
Create top-apk-params.txt
Parameters from the Top 55 Android applications.
|
2022-06-27 19:06:01 +02:00 |
|
PinkDev1
|
ba70a134d9
|
raft-small-words.txt: Added more source code versioning systems
Source: https://nitter.kavin.rocks/intigriti/status/1533050946212839424
|
2022-06-23 19:36:36 -03:00 |
|
Pham Sy Minh
|
355b691d5e
|
Update dirsearch.txt
|
2022-06-18 13:52:57 +07:00 |
|
cyberpathogen2018
|
ab7098789d
|
Fixed typo on line 26
typo could result in false negative results.
|
2022-04-30 23:19:40 -04:00 |
|
GitHub Action
|
4eb28683ab
|
[Github Action] Updated combined_words.txt
|
2022-04-26 16:51:13 +00:00 |
|
GitHub Action
|
939734974b
|
[Github Action] Updated combined_directories.txt
|
2022-04-26 16:33:54 +00:00 |
|
g0tmi1k
|
9bf9f2ea2a
|
Merge pull request #696 from ItsIgnacioPortal/master
Create universally useful combined web discovery wordlists which auto-update
|
2022-04-26 17:32:16 +01:00 |
|
g0tmi1k
|
2e82613b9b
|
Merge pull request #712 from righettod/master
Sync with param-miner master repository.
1. Take content of the file **params** from the [PortSwigger/param-miner](https://github.com/PortSwigger/param-miner/blob/master/resources/params) repository (master branch).
2. Take the content of the file **burp-parameter-names.txt** from the [SecLists](https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/burp-parameter-names.txt) repository (master branch).
3. Unify the both content removing the duplicates via `cat params burp-parameter-names.txt | sort -u > burp-parameter-names.txt`.
4. Add the parameter named **api-version** found into this [blog post](https://medium.com/xm-cyber/10-ways-of-gaining-control-over-azure-function-apps-7e7b84367ce6) about attacking Azure function apps.
|
2022-04-26 17:25:07 +01:00 |
|
Ben M Stokland
|
a7d0fc30a1
|
Add Hangfire console
https://docs.hangfire.io/en/latest/configuration/using-dashboard.html
https://www.shodan.io/search?query=http.title%3A%22hangfire%22
|
2022-04-20 21:32:18 +02:00 |
|
Anatoliy
|
dcb3b852f9
|
Add files via upload
|
2022-04-13 23:44:43 +03:00 |
|
Dominique RIGHETTO
|
ac544a1876
|
Sync with param-miner master repo
|
2022-04-10 10:04:13 +02:00 |
|
PinkDev1
|
2147ad87f7
|
quickhits.txt: restored to its initial state
My previous two commits should've been on a different branch, Woops
|
2022-02-21 06:41:14 +00:00 |
|
PinkDev1
|
66672f7299
|
quickhits.txt: Added more files
Extracted from ShhGit: https://github.com/eth0izzle/shhgit/blob/master/config.yaml
|
2022-02-21 06:34:36 +00:00 |
|
PinkDev1
|
58df3b3401
|
quickhits.txt: Removed trailing "/"
|
2022-02-21 06:32:19 +00:00 |
|
chashtag
|
a6f336de8c
|
removed non php shells
|
2022-02-09 21:42:25 -05:00 |
|
chashtag
|
6428e57575
|
Added more we shells
Removed spaces from file name
|
2022-02-09 21:37:00 -05:00 |
|
g0tmi1k
|
168584fdc6
|
Merge pull request #651 from cbk914/master
Spring paths update
|
2022-02-02 23:41:04 +00:00 |
|
Paul Werther
|
8b17578f93
|
add opcache to raft large directory list, #683
|
2022-02-01 15:32:17 +01:00 |
|
g0tmi1k
|
58370984a4
|
Merge pull request #687 from righettod/master
Add "h2-console" word
https://mp.weixin.qq.com/s/Yn5U8WHGJZbTJsxwUU3UiQ
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console
https://www.shodan.io/search?query=http.title%3A%22H2+Console%22
|
2022-01-31 23:22:06 +00:00 |
|
g0tmi1k
|
2dac179038
|
Merge pull request #685 from wdahlenburg/master
Adding Spring Boot Gateway Actuator
https://wya.pl/2021/12/20/bring-your-own-ssrf-the-gateway-actuator/
|
2022-01-31 23:20:57 +00:00 |
|
PinkDev1
|
90a1f6ad0a
|
Delete test.txt
|
2022-01-29 06:24:47 +00:00 |
|
PinkDev1
|
136146f3ef
|
Create README.md at Discovery/Web-Content
I feel like every folder on this repo should have a README. Some wordlists have very confusing names
|
2022-01-29 06:23:04 +00:00 |
|
GitHub Action
|
590c1e39ed
|
[Github Action] Updated combined_words.txt
|
2022-01-29 06:07:16 +00:00 |
|
PinkDev1
|
35149384ca
|
This is a github action test
|
2022-01-29 06:06:05 +00:00 |
|
GitHub Action
|
07375693f8
|
[Github Action] Updated combined_directories.txt
|
2022-01-29 06:05:17 +00:00 |
|
PinkDev1
|
c5857eefaf
|
Delete combined_words.txt
|
2022-01-29 06:04:02 +00:00 |
|
GitHub Action
|
7271aab5ab
|
[Github Action] Updated combined_words.txt
|
2022-01-29 05:48:35 +00:00 |
|
PinkDev1
|
b2ee580771
|
This is a github action test
|
2022-01-29 05:47:26 +00:00 |
|
PinkDev1
|
4158fd7b53
|
Delete combined_words.txt
|
2022-01-29 05:47:05 +00:00 |
|
PinkDev1
|
8b78386e0f
|
This is a github action test
|
2022-01-29 05:43:30 +00:00 |
|