mirror of https://github.com/danielmiessler/SecLists synced 2025-12-06 08:53:59 +01:00

History

github-actions[bot] 58bb752eb7 [Github Action] Automated trickest wordlists update.		2025-11-29 10:07:29 +00:00
..
trickest-cms-wordlist	[Github Action] Automated trickest wordlists update.	2025-11-29 10:07:29 +00:00
Adobe-AEM_2021.txt	fix(docs): Moved 'aem2.txt' into the CMS directory	2025-02-21 20:30:29 -03:00
AdobeCQ-AEM_2017.txt	fix(docs): Moved 'aem2.txt' into the CMS directory	2025-02-21 20:30:29 -03:00
bluedit.txt	feat(wordlist): Added wordlist for Bluedit CMS	2025-11-04 19:10:04 -03:00
caobox-cms.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
cms-configuration-files.txt	Update cms-configuration-files.txt	2024-02-02 10:19:29 +01:00
ColdFusion.fuzz.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
Django.txt	Create Django.txt	2020-05-09 10:53:35 +02:00
dotnetnuke.txt	Adding wordlist for DotNetNuke resources	2022-12-20 14:18:21 -06:00
drupal-themes.fuzz.txt	rename 's/_/-/g'	2017-08-23 14:55:06 +01:00
Drupal.txt	Create Drupal.txt	2020-04-16 20:33:25 +02:00
flyspray-1.0RC4.txt	Add "-" to split up words, moved files since PR accepted	2018-03-05 10:30:27 +00:00
joomla-plugins.fuzz.txt	strip trailing whitespace	2020-05-27 14:26:51 +01:00
joomla-themes.fuzz.txt	rename 's/_/-/g'	2017-08-23 14:55:06 +01:00
kentico-cms-modules-themes.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
liferay_dxp_default_portlets.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
modx-revolution-plugins	Create a wordlist of Modx Revolution CMS packages	2019-09-27 15:38:49 +03:00
Oracle-EBS-wordlist.txt	fix(wordlist): merged duplicate Oracle EBS wordlists	2025-02-21 20:54:47 -03:00
php-nuke.fuzz.txt	rename 's/_/-/g'	2017-08-23 14:55:06 +01:00
piwik-3.0.4.txt	Add "-" to split up words, moved files since PR accepted	2018-03-05 10:30:27 +00:00
README.md	fix(docs): Moved 'aem2.txt' into the CMS directory	2025-02-21 20:30:29 -03:00
SAP.fuzz.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
Sharepoint-Ennumeration.txt	fix(docs): Moved 'sharepoint-ennumeration.txt' into the CMS directory	2025-02-21 20:41:23 -03:00
Sharepoint.txt	fix(wordlist): renamed wordlist 'Sharepoint.fuzz.txt' to 'Sharepoint.txt'	2025-02-21 20:59:15 -03:00
shopware.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
sitecore	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
Sitefinity-fuzz.txt	rename 's/_/-/g'	2017-08-23 14:55:06 +01:00
sitemap-magento.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
SiteMinder.fuzz.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
symfony-315-demo.txt	rename 's/_/-/g'	2017-08-23 14:55:06 +01:00
symphony-267-xslt-cms.txt	rename 's/_/-/g'	2017-08-23 14:55:06 +01:00
Umbraco.fuzz.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
Umbraco.txt	Standardize leading slases in web conent	2023-05-18 23:55:53 +12:00
wordpress.fuzz.txt	Update wordpress.fuzz.txt	2024-10-28 14:52:49 +01:00
wp-plugins.fuzz.txt	add site-editor and mail-masta	2022-09-15 04:06:39 +02:00
wp-themes.fuzz.txt	rename 's/_/-/g'	2017-08-23 14:55:06 +01:00

README.md

CMS Wordlists

These wordlists are specific to Content Management Systems.

AdobeCQ-AEM_2017.txt

Use for: Discovering sensitive filepaths of Adobe Experience Manager Creation date: Oct 1, 2017 No updates have been made to this wordlist since its creation.

Oracle-EBS-wordlist.txt

Use for: Fuzzing for common filepaths of Oracle E-Business Suite (EBS) version 11.

EBS v11 exposes:

usernames
ports
OS information
protocol information
Unauthenticated file upload
Cookie contents
SHA-1 hashed passwords

As an Unauthenticated user it's also possible to:

Create forms
Get servlets status
Get certain configuration files

Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telling-us/

Date of last update: Oct 7, 2019