Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-04-18 04:51:13 +02:00
Code Issues Projects Releases Wiki Activity
SecLists/Discovery/Web-Content
History
ItsIgnacioPortal 904bba3374
chore(wordlist): Removed redundant wordlist 
The wordlist 'directory-list-1.0.txt' does not add much to this repository because, as explained within the wordlist itself, it's only the first draft of what would become the final version of the wordlist. It's recommended to use one of the '2.3' dirbuster wordlists instead of this one.
2025-07-17 20:03:29 -03:00
..
api fix(wordlist): Added missing terms to API Actions wordlist 2025-03-04 17:31:09 -03:00
BurpSuite-ParamMiner Rename "_" -> "-" & found a few new homes 2018-10-15 13:08:10 +01:00
CMS [Github Action] Automated trickest wordlists update. 2025-07-07 10:04:15 +00:00
Domino-Hunter Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
dutch chore(wordlist): Removed duplicate wordlist 'without_spaces.txt' 2025-02-22 03:20:03 -03:00
File-Extensions-Universal-SVNDigger-Project feat(docs): Renamed 'SVNDigger' folder to a more descriptive folder name 2025-02-21 20:15:56 -03:00
LEGACY-SERVICES feat(docs): Added criteria for the LEGACY-SERVICES category 2025-02-21 21:01:10 -03:00
Programming-Language-Specific feat(docs): Added documentation for the 'Java-Spring-Boot.txt' wordlist 2025-06-24 23:18:03 -03:00
Service-Specific chore(docs): Fixed markdown formatting 2025-06-24 23:02:53 -03:00
trickest-robots-disallowed-wordlists [Github Action] Automated trickest wordlists update. 2025-07-17 14:03:48 +00:00
URLs Added url used in CVE-2025-31324 to urls-SAP.txt 2025-04-28 18:09:13 +02:00
Web-Servers feat(docs): Added documentation for 'IIS-POST.txt' 2025-02-21 23:03:11 -03:00
ActiveDirectory-small.txt Create ActiveDirectory-small.txt 2025-06-30 10:21:33 -07:00
AdobeXML.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
big.txt Merge pull request #1073 from newyork167/master 2024-11-20 10:08:16 +00:00
burp-parameter-names.txt Sync with param-miner master repo 2022-04-10 10:04:13 +02:00
coldfusion.txt standardisze line endings 2020-05-27 14:10:50 +01:00
combined_directories.txt [Github Action] Updated combined_directories.txt 2025-03-21 22:31:27 +00:00
combined_words.txt [Github Action] Updated combined_words.txt 2025-06-21 22:55:22 +00:00
common-api-endpoints-mazen160.txt Add "-" to split up words, moved files since PR accepted 2018-03-05 10:30:27 +00:00
Common-DB-Backups.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
common.txt feat(wordlist): Added mcp-server.txt entries to common.txt 2025-06-21 19:54:12 -03:00
common_directories.txt feat(wordlist): Added more permutations to 'common_directories.txt' 2025-07-17 19:58:20 -03:00
default-web-root-directory-linux.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
default-web-root-directory-windows.txt Quick move about 2018-03-21 17:47:29 +00:00
directory-list-2.3-big.txt Removed offensive/harmful entries in files. 2024-03-29 12:29:53 -07:00
directory-list-2.3-medium.txt Removed offensive/harmful entries in files. 2024-03-29 12:29:53 -07:00
directory-list-2.3-small.txt Discovery: Fix spelling and hyphenate some words 2021-03-13 23:23:27 +01:00
directory-list-lowercase-2.3-big.txt Discovery: Fix spelling and hyphenate some words 2021-03-13 23:23:27 +01:00
directory-list-lowercase-2.3-medium.txt Discovery: Fix spelling and hyphenate some words 2021-03-13 23:23:27 +01:00
directory-list-lowercase-2.3-small.txt Discovery: Fix spelling and hyphenate some words 2021-03-13 23:23:27 +01:00
domino-dirs-coldfusion39.txt Close #291 - Fix encoding issues 2019-05-08 11:04:00 +01:00
domino-endpoints-coldfusion39.txt merged two domino endpoints files 2018-12-11 04:01:38 +02:00
dsstorewordlist.txt Added dsstorewordlist.txt 2022-11-08 19:15:13 -03:00
graphql.txt add ___graphql to Discovery/Web-Content/graphql.txt,https://github.com/danielmiessler/SecLists/issues/642 2021-08-28 11:44:02 +08:00
hashicorp-consul-api.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
hashicorp-vault.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
JavaScript-Miners.txt Add "-" to split up words, moved files since PR accepted 2018-03-05 10:30:27 +00:00
JavaServlets-Common.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
LinuxFileList.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Logins.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
mcp-server.txt feat(wordlist): Added a dictionary for Model Context Protocol server discovery. (PR #1216) 2025-06-21 15:53:26 -03:00
Microsoft-Frontpage.txt fix(wordlist): renamed wordlist 'Frontpage.fuzz.txt' to 'Microsoft-Frontpage.txt' 2025-02-18 01:48:56 -03:00
netware.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
ntlm-directories.txt Create ntlm-directories.txt 2024-03-30 17:28:41 +01:00
oauth-oidc-scopes.txt Added a couple of scopes 2021-10-18 01:36:33 +00:00
Oracle9i.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
OracleAppServer.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Passwords.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Proxy-Auto-Configuration-Files.txt fix(wordlist): Renamed 'proxy-conf.fuzz.txt' to 'Proxy-Auto-Configuration-Files.txt' 2025-02-21 22:59:10 -03:00
Public-Source-Repo-Issues.json Rename Public-Source-Repo-Issues.txt to Public-Source-Repo-Issues.json 2020-05-24 13:07:50 +02:00
quickhits.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
raft-large-directories-lowercase.txt fix(wordlist): Fixed bad formatting in raft-* wordlists 2025-02-22 04:56:43 -03:00
raft-large-directories.txt fix(wordlist): Fixed bad formatting in raft-* wordlists 2025-02-22 04:56:43 -03:00
raft-large-extensions-lowercase.txt Add server.js extension 2022-12-22 15:09:37 +00:00
raft-large-extensions.txt Add server.js extension 2022-12-22 15:09:37 +00:00
raft-large-files-lowercase.txt Typos 2023-09-23 09:15:11 +02:00
raft-large-files.txt Typos 2023-09-23 09:15:11 +02:00
raft-large-words-lowercase.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
raft-large-words.txt Fix #259 - Recover from bad merge 2019-01-07 15:40:56 +00:00
raft-medium-directories-lowercase.txt fix(wordlist): Fixed bad formatting in raft-* wordlists 2025-02-22 04:56:43 -03:00
raft-medium-directories.txt fix(wordlist): Fixed bad formatting in raft-* wordlists 2025-02-22 04:56:43 -03:00
raft-medium-extensions-lowercase.txt Add server.js extension 2022-12-22 15:09:37 +00:00
raft-medium-extensions.txt Add server.js extension 2022-12-22 15:09:37 +00:00
raft-medium-files-lowercase.txt Add waybackverify.txt filename to raft medium and large lists 2021-07-13 13:09:49 +02:00
raft-medium-files.txt Add waybackverify.txt filename to raft medium and large lists 2021-07-13 13:09:49 +02:00
raft-medium-words-lowercase.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
raft-medium-words.txt Update raft-medium-words.txt 2023-10-05 11:54:47 +02:00
raft-small-directories-lowercase.txt fix(wordlist): Fixed bad formatting in raft-* wordlists 2025-02-22 04:56:43 -03:00
raft-small-directories.txt fix(wordlist): Fixed bad formatting in raft-* wordlists 2025-02-22 04:56:43 -03:00
raft-small-extensions-lowercase.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
raft-small-extensions.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
raft-small-files-lowercase.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
raft-small-files.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
raft-small-words-lowercase.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
raft-small-words.txt raft-small-words.txt: Added more source code versioning systems 2022-06-23 19:36:36 -03:00
README.md fix(docs): Typo 2025-06-24 23:01:18 -03:00
reverse-proxy-inconsistencies.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
Roundcube-123.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
rssfeed-files.txt Add files via upload 2024-07-04 07:57:17 +02:00
sap-analytics-cloud.txt Add files via upload 2023-03-09 13:38:45 +01:00
SAP-NetWeaver.txt fix(wordlist): Renamed 'sap.txt' to 'SAP-NetWeaver.txt' 2025-02-21 22:34:57 -03:00
SOAP-functions.txt feat(docs): Removed mis-categorized 'Web-Services' folder 2025-02-18 02:58:14 -03:00
tftp.fuzz.txt rename 's/_/-/g' 2017-08-23 14:55:06 +01:00
UnixDotfiles.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
uri-from-top-55-most-popular-apps.txt Update uri-from-top-55-most-popular-apps.txt 2022-06-29 11:10:56 +02:00
url-params_from-top-55-most-popular-apps.txt Update and rename top-apk-params.txt to url-params_from-top-55-most-popular-apps.txt 2022-06-28 15:15:08 +02:00
versioning_metafiles.txt Create versioning_metafiles.txt 2021-02-20 20:41:53 +01:00
vulnerability-scan_j2ee-websites_WEB-INF.txt chore: Renamed "WEB-INF-dict.txt" to "vulnerability-scan_j2ee-websites_WEB-INF.txt" 2023-03-17 04:13:03 -03:00
web-all-content-types.txt feat(wordlist): Added IANA mime-types to "web-all-content-types.txt" (PR #1204) 2025-05-26 03:24:29 -03:00
web-extensions-big.txt Added .vue file extension at web-extensions-big, reference : https://vuejs.org/api/sfc-spec 2024-11-22 06:46:22 +08:00
web-extensions.txt added .json 2024-11-11 02:15:04 +08:00
web-mutations.txt Add VIM and NANO backup file 2019-10-11 15:55:38 +02:00
wso2-enterprise-integrator.txt added wso2 api manager endpoint /services/WorkflowCallbackService?wsdl 2023-09-20 20:18:49 +02:00

README.md

Web discovery wordlists

AdobeXML.fuzz.txt

Use for: Discovering sensitive filepaths of Adobe ColdFusion

Creation date: Aug 27, 2012

No updates have been made to this wordlist since its creation.

raft-* wordlists

Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications.

Source: Google's RAFT

combined_words.txt

Use for: discovering files
This list is automatically updated by a github action whenever any of the lists it's composed by is modified.

This list is a combination of the following wordlists:

  • big.txt
  • common.txt
  • raft-large-words-lowercase.txt
  • raft-large-words.txt
  • raft-medium-words-lowercase.txt
  • raft-medium-words.txt
  • raft-small-words-lowercase.txt
  • raft-small-words.txt

combined_directories.txt

Use for: discovering files and directories

This list is automatically updated by a github action whenever any of the lists it's composed by is modified.

These are the wordlists that compose this wordlist:

  • apache.txt
  • combined_words.txt
  • directory-list-1.0.txt
  • directory-list-2.3-big.txt
  • directory-list-2.3-medium.txt
  • directory-list-2.3-small.txt
  • raft-large-directories-lowercase.txt
  • raft-large-directories.txt
  • raft-medium-directories-lowercase.txt
  • raft-medium-directories.txt
  • raft-small-directories-lowercase.txt
  • raft-small-directories.txt
  • common_directories.txt

dsstorewordlist.txt

Use for: discovering files and directories

This wordlist was collected by parsing Alexa top-million sites for .DS_Store files, extracting all the found files, and then extracting found file and directory names from around 300k real websites. The files were then sorted by probability and one-occurrence strings were removed.

Source: https://github.com/aels/subdirectories-discover

vulnerability-scan_j2ee-websites_WEB-INF.txt

Use for: discovering sensitive j2ee files exploiting a lfi

References:

Microsoft-Frontpage.txt

Use for: Fuzzing for common filepaths in webpages designed with Microsoft Frontpage

Year of the first release of Microsoft Frontpage: 1997

Year of the last release of Microsoft Frontpage: 2003

Date of last update: Oct 14, 2010

graphql.txt

Use for: Fuzzing for common filepaths in webpages that use the GraphQL Query Language

reverse-proxy-inconsistencies.txt

Use for: Detecting the backend admin/console interfaces and tomcat manager interfaces hiding behind reverse proxies by leveraging inconsistencies in how certain requests are handled.

See: A fresh look on reverse proxy related attacks | acunetix.com | Aleksei Tiurin | 2019-01-22

web-all-content-types.txt

Use for: Discovering allowed media types (aka MIME types, content types), typically for file uploads in web applications. Note: List contains all lowercase values for consistency and to follow standard convention. According to RFC 2045, MIME types, subtypes, and parameter names are not case-sensitive. However, in the wild, some servers may accept uppercase values while rejecting lowercase equivalents.

Date updated: May 24, 2025

Official source: https://www.iana.org/assignments/media-types/media-types.xhtml

mcp-server.txt

Use for: Discover instances of a Model Context Protocol server.

Date updated: June 21, 2025

Sources: