Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-01-17 05:36:51 +01:00
Code Issues Projects Releases Wiki Activity
SecLists/Discovery/Web-Content/Programming-Language-Specific
History
ItsIgnacioPortal 11a47a36b8
feat(docs): Added documentation for the 'Java-Spring-Boot.txt' wordlist 
Related to #1220
2025-06-24 23:18:03 -03:00
..
ASP.NET
Common-PHP-Filenames.txt
CommonBackdoors-JSP.fuzz.txt
CommonBackdoors-PHP.fuzz.txt
CommonBackdoors-PL.fuzz.txt
golang.txt
Java-Spring-Boot.txt feat(wordlist): Added prefixes to deal with Java-Spring-Boot being behind spring-cloud-gateway (PR #1220) 2025-06-24 23:00:15 -03:00
PHP.fuzz.txt
README.md feat(docs): Added documentation for the 'Java-Spring-Boot.txt' wordlist 2025-06-24 23:18:03 -03:00
ror.txt

README.md

Java-Spring-Boot.txt

Use for: Detecting actuator endpoints, and testing for RCEs in Spring-Boot instances.

Note that it's possible for a spring-boot backend to be behind a spring-cloud-gateway, which may only route all traffic prefixed with /api/ to the backend. Consider fuzzing the starting prefix api with many different values to find what reaches the backend. A recommended wordlist to fuzz this value with is at Fuzzing/Miscellaneous/schemes.txt