Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2025-12-23 09:15:21 +01:00
Code Issues Projects Releases Wiki Activity
SecLists/Discovery/Web-Content
History
ItsIgnacioPortal 3eeef85284 fix(docs): Removed leftover text from git merge conflict
2025-01-25 06:31:38 -03:00
..
api Improve readme files for better clarity and usage examples 2024-11-05 21:58:51 +08:00
BurpSuite-ParamMiner
CMS [Github Action] Automated trickest wordlists update. 2024-12-19 10:04:05 +00:00
Domino-Hunter Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
dutch Removed offensive/harmful entries in files. 2024-03-29 12:29:53 -07:00
SVNDigger Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
trickest-robots-disallowed-wordlists [Github Action] Automated trickest wordlists update. 2024-12-19 19:03:27 +00:00
URLs Improve readme files for better clarity and usage examples 2024-11-05 21:58:51 +08:00
Web-Services
AdobeCQ-AEM.txt Cleanup and enhancement 2022-08-08 18:28:59 +02:00
AdobeXML.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
aem2.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Apache.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
apache.txt
ApacheTomcat.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
axis.txt
big.txt Merge pull request #1073 from newyork167/master 2024-11-20 10:08:16 +00:00
burp-parameter-names.txt Sync with param-miner master repo 2022-04-10 10:04:13 +02:00
CGI-HTTP-POST-Windows.fuzz.txt
CGI-HTTP-POST.fuzz.txt
CGI-Microsoft.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
CGI-XPlatform.fuzz.txt
CGIs.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
coldfusion.txt
combined_directories.txt Added gem/rack better errors 2024-08-14 17:11:52 -04:00
combined_words.txt Added gem/rack better errors 2024-08-14 17:11:52 -04:00
common-and-dutch.txt Adds activation to common.txt 2022-07-23 16:42:03 +02:00
common-and-french.txt
common-and-italian.txt
common-and-portuguese.txt
common-and-spanish.txt
common-api-endpoints-mazen160.txt
Common-DB-Backups.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Common-PHP-Filenames.txt
common.txt Added reportserver directory at common.txt, reference : https://learn.microsoft.com/en-us/sql/reporting-services/install-windows/configure-report-server-urls-ssrs-configuration-manager?view=sql-server-ver16 2024-11-21 04:41:29 +08:00
common_directories.txt feat(wordlist): created 'common_directories.txt' wordlist 2024-09-10 22:52:36 -03:00
CommonBackdoors-ASP.fuzz.txt
CommonBackdoors-JSP.fuzz.txt
CommonBackdoors-PHP.fuzz.txt removed non php shells 2022-02-09 21:42:25 -05:00
CommonBackdoors-PL.fuzz.txt
confluence-administration.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
default-web-root-directory-linux.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
default-web-root-directory-windows.txt
directory-list-1.0.txt
directory-list-2.3-big.txt Removed offensive/harmful entries in files. 2024-03-29 12:29:53 -07:00
directory-list-2.3-medium.txt Removed offensive/harmful entries in files. 2024-03-29 12:29:53 -07:00
directory-list-2.3-small.txt
directory-list-lowercase-2.3-big.txt
directory-list-lowercase-2.3-medium.txt
directory-list-lowercase-2.3-small.txt
dirsearch.txt Trace.axd has been added to dirsearch.txt which can expose sensitive information about the target 2023-09-08 10:40:41 +05:30
domino-dirs-coldfusion39.txt
domino-endpoints-coldfusion39.txt
dsstorewordlist.txt Added dsstorewordlist.txt 2022-11-08 19:15:13 -03:00
elmah.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
FatwireCMS.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
fnf-fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
forefront-identity-management.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Frontpage.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
frontpage.txt
golang.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
graphql.txt
hashicorp-consul-api.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
hashicorp-vault.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
hpsmh.txt
HTTP-POST-Microsoft.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Hyperion.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
hyperion.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
iis-systemweb.txt Create iis-systemweb.txt 2022-06-27 19:20:19 +02:00
IIS.fuzz.txt remove new line at the end 2024-11-11 19:44:42 +08:00
iplanet.txt
JavaScript-Miners.txt
JavaServlets-Common.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
jboss.txt
Jenkins-Hudson.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
JRun.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
jrun.txt
keycloak.txt Update keycloak.txt 2024-01-06 10:21:48 +03:30
KitchensinkDirectories.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
LinuxFileList.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
local-ports.txt
Logins.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
LotusNotes.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
netware.txt
nginx.txt
ntlm-directories.txt Create ntlm-directories.txt 2024-03-30 17:28:41 +01:00
oauth-oidc-scopes.txt
Oracle-EBS-wordlist.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
oracle.txt removed new line at the start 2023-11-24 18:56:43 +08:00
Oracle9i.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
OracleAppServer.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Passwords.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
PHP.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
proxy-conf.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Public-Source-Repo-Issues.json
pulsesecure.txt Update Pulse Secure VPN wordlist 2023-03-10 17:31:35 +01:00
quickhits.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
raft-large-directories-lowercase.txt Typos 2023-09-23 09:15:11 +02:00
raft-large-directories.txt Typos 2023-09-23 09:15:11 +02:00
raft-large-extensions-lowercase.txt Add server.js extension 2022-12-22 15:09:37 +00:00
raft-large-extensions.txt Add server.js extension 2022-12-22 15:09:37 +00:00
raft-large-files-lowercase.txt Typos 2023-09-23 09:15:11 +02:00
raft-large-files.txt Typos 2023-09-23 09:15:11 +02:00
raft-large-words-lowercase.txt
raft-large-words.txt
raft-medium-directories-lowercase.txt
raft-medium-directories.txt
raft-medium-extensions-lowercase.txt Add server.js extension 2022-12-22 15:09:37 +00:00
raft-medium-extensions.txt Add server.js extension 2022-12-22 15:09:37 +00:00
raft-medium-files-lowercase.txt
raft-medium-files.txt
raft-medium-words-lowercase.txt
raft-medium-words.txt Update raft-medium-words.txt 2023-10-05 11:54:47 +02:00
raft-small-directories-lowercase.txt
raft-small-directories.txt
raft-small-extensions-lowercase.txt
raft-small-extensions.txt
raft-small-files-lowercase.txt
raft-small-files.txt
raft-small-words-lowercase.txt
raft-small-words.txt raft-small-words.txt: Added more source code versioning systems 2022-06-23 19:36:36 -03:00
Randomfiles.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
README.md fix(docs): Removed leftover text from git merge conflict 2025-01-25 06:31:38 -03:00
reverse-proxy-inconsistencies.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
ror.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Roundcube-123.txt
rssfeed-files.txt Add files via upload 2024-07-04 07:57:17 +02:00
sap-analytics-cloud.txt Add files via upload 2023-03-09 13:38:45 +01:00
sap.txt
sharepoint-ennumeration.txt Update sharepoint-ennumeration.txt 2022-06-29 11:00:16 +02:00
spring-boot.txt Merge pull request #807 from righettod/feature_update_springboot 2022-11-22 12:09:25 +00:00
SunAppServerGlassfish.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
sunas.txt
SuniPlanet.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
swagger.txt Update swagger.txt 2024-11-21 12:42:33 +04:00
tests.txt
tftp.fuzz.txt
tomcat.txt
UnixDotfiles.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
uri-from-top-55-most-popular-apps.txt Update uri-from-top-55-most-popular-apps.txt 2022-06-29 11:10:56 +02:00
url-params_from-top-55-most-popular-apps.txt Update and rename top-apk-params.txt to url-params_from-top-55-most-popular-apps.txt 2022-06-28 15:15:08 +02:00
versioning_metafiles.txt
Vignette.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
vulnerability-scan_j2ee-websites_WEB-INF.txt chore: Renamed "WEB-INF-dict.txt" to "vulnerability-scan_j2ee-websites_WEB-INF.txt" 2023-03-17 04:13:03 -03:00
web-all-content-types.txt Merge branch 'master' into sync 2024-12-20 02:45:55 -03:00
web-extensions-big.txt Added .vue file extension at web-extensions-big, reference : https://vuejs.org/api/sfc-spec 2024-11-22 06:46:22 +08:00
web-extensions.txt added .json 2024-11-11 02:15:04 +08:00
web-mutations.txt
weblogic.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
websphere.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
wso2-enterprise-integrator.txt added wso2 api manager endpoint /services/WorkflowCallbackService?wsdl 2023-09-20 20:18:49 +02:00

README.md

Web discovery wordlists

AdobeCQ-AEM.txt

Use for: Discovering sensitive filepaths of Adobe Experience Manager Creation date: Oct 1, 2017 No updates have been made to this wordlist since its creation.

AdobeXML.fuzz.txt

Use for: Discovering sensitive filepaths of Adobe ColdFusion Creation date: Aug 27, 2012 No updates have been made to this wordlist since its creation.

Apache.fuzz.txt

Use for: Discvering sensitive content in Apache web servers. Date of last update: Jan 26, 2015

ApacheTomcat.fuzz.txt

Use for: Discovering sensitive content in Apache Tomcat servers. Date of last update: Dec 14, 2017

CGI-HTTP-POST-Windows.fuzz.txt

Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, Microsoft FrontPage Source: https://github.com/deepak0401/Front-Page-Exploit Date of last update: Aug 27, 2012 The last version of FrontPage was released on 2003.

CGI-HTTP-POST.fuzz.txt

Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI". Date of last update: Aug 27, 2012

This wordlist tests for the following vulnerabilities:

  • Default password in the Nortel Meridian private branch exchange telephone switching system. Source: Nikto.
  • XSS in the "Bajie HTTP JServer" (software site completely defunct, no archives exist). Source: Nikto
  • CGI Vulnerability in an unknown system (payload lastlines.cgi?process) which would allow attackers to "read arbitrary files and/or execute commands". Source: Nikto
  • Remote File Include in myPHPNuke. Source: Nessus
  • DoS in the "D-Link Ethernet/Fast Ethernet Print Server DP-300+". Source: Sullo's Security Advisory Archive.

CGI-Microsoft.fuzz.txt

Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems. Date of last update: Aug 27, 2012

raft-* wordlists

Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: Google's RAFT

combined_words.txt

Overview

This list is a combination of the following wordlists:

  • big.txt
  • common.txt
  • raft-large-words-lowercase.txt
  • raft-large-words.txt
  • raft-medium-words-lowercase.txt
  • raft-medium-words.txt
  • raft-small-words-lowercase.txt
  • raft-small-words.txt

Usage

Use for: discovering files

Source

This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.

combined_directories.txt

Overview

This list is a combination of the following wordlists:

  • apache.txt
  • combined_words.txt
  • directory-list-1.0.txt
  • directory-list-2.3-big.txt
  • directory-list-2.3-medium.txt
  • directory-list-2.3-small.txt
  • raft-large-directories-lowercase.txt
  • raft-large-directories.txt
  • raft-medium-directories-lowercase.txt
  • raft-medium-directories.txt
  • raft-small-directories-lowercase.txt
  • raft-small-directories.txt
  • common_directories.txt

Usage

Use for: discovering files and directories

Source

This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.

dsstorewordlist.txt

Overview

Perfect wordlist to discover directories and files on target site with tools like ffuf.

Usage

Use for: discovering directories and files

Source

Source: https://github.com/aels/subdirectories-discover

References

  • It was collected by parsing Alexa top-million sites for .DS_Store files (https://en.wikipedia.org/wiki/.DS_Store), extracting all the found files, and then extracting found file and directory names from around 300k real websites.
  • Then sorted by probability and removed strings with one occurrence.
  • resulted file you can download is below. Happy Hunting!

vulnerability-scan_j2ee-websites_WEB-INF.txt

Overview

Use for: discovering sensitive j2ee files exploiting a lfi

References