Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-01-01 21:54:06 +01:00
Code Issues Projects Releases Wiki Activity
SecLists/Discovery/Web-Content/api/README.md
Stanly 6b931eb4be Improve readme files for better clarity and usage examples 
Related to #929

Update README.md files to provide better guidance on using wordlists.

* **Discovery/Web-Content/README.md**
  - Add sections "Overview," "Usage," "Source," and "References" for each wordlist.
  - Include examples and tutorials for using the wordlists.
  - Provide step-by-step instructions and command examples.

* **Discovery/DNS/README.md**
  - Add sections "Overview," "Usage," "Source," and "References" for each wordlist.
  - Include examples and tutorials for using the wordlists.
  - Provide step-by-step instructions and command examples.

* **Discovery/Web-Content/api/README.md**
  - Add sections "Overview," "Usage," "Source," and "References" for each wordlist.
  - Include examples and tutorials for using the wordlists.
  - Provide step-by-step instructions and command examples.

* **Discovery/Web-Content/URLs/README.md**
  - Add sections "Overview," "Usage," "Source," and "References" for each wordlist.
  - Include examples and tutorials for using the wordlists.
  - Provide step-by-step instructions and command examples.
2024-11-05 21:58:51 +08:00

105 lines
2.6 KiB
Markdown
Raw Blame History

# API Wordlist
A wordlist of API names used for fuzzing web application APIs.
## api_seen_in_wild.txt
### Overview
This file contains API function names that have been observed in the wild.
### Usage
Use for: fuzzing web application APIs
### Source
Source: Collected from various sources
## actions.txt
### Overview
This file contains all API function name verbs.
### Usage
Use for: fuzzing web application APIs
### Source
Source: Collected from various sources
## objects.txt
### Overview
This file contains all API function name nouns.
### Usage
Use for: fuzzing web application APIs
### Source
Source: Collected from various sources
## actions-uppercase.txt
### Overview
This file contains API function name verbs with the leading character in upper-case.
### Usage
Use for: fuzzing web application APIs
### Source
Source: Collected from various sources
## actions-lowercase.txt
### Overview
This file contains API function name verbs with the leading character in lower-case.
### Usage
Use for: fuzzing web application APIs
### Source
Source: Collected from various sources
## objects-uppercase.txt
### Overview
This file contains API function name nouns with the leading character in upper-case.
### Usage
Use for: fuzzing web application APIs
### Source
Source: Collected from various sources
## objects-lowercase.txt
### Overview
This file contains API function name nouns with the leading character in lower-case.
### Usage
Use for: fuzzing web application APIs
### Source
Source: Collected from various sources
## api-endpoints-res.txt
### Overview
This file is a combination of all the files above.
### Usage
Use for: fuzzing web application APIs
### Source
Source: Collected from various sources
## Usage Instructions
1. In Burp Suite, send an API request you want to fuzz to Intruder.
2. Remove the existing API function call, and replace it with two § characters for each text file you want to use.
3. On the "Positions" tab, set Attack type to "Cluster Bomb".
4. On the "Payloads" tab, select 1 for the first Payload set drop-down, then select a Payload type of "Runtime file" and navigate to the directory you downloaded these text files to. Select "actions.txt".
5. Repeat step 4 by setting Payload set 2 to "objects.txt".
6. (Optional step - add more payload sets and set them to "objects.txt" to test for multi-part objects like "UserAccount")
7. Start the attack!
## Comments
If you use this and it's helpful, I'd love to hear about it! (@dagorim). If you think I've missed any obvious word choices, I'd love to hear about that as well, or feel free to add them.
Reference in a new issue View git blame Copy permalink