Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-02-23 07:58:31 +01:00
Code Issues Projects Releases Wiki Activity
SecLists/Discovery/Web-Content
History
Ignacio J. Perez Portal a693ec13e1 feat(docs): Added documentation for 'CGI-HTTP-POST-Windows.fuzz.txt' wordlist
2025-01-25 06:27:26 -03:00
..
api Improve readme files for better clarity and usage examples 2024-11-05 21:58:51 +08:00
BurpSuite-ParamMiner
CMS [Github Action] Automated trickest wordlists update. 2024-12-19 10:04:05 +00:00
Domino-Hunter
dutch Removed offensive/harmful entries in files. 2024-03-29 12:29:53 -07:00
SVNDigger
trickest-robots-disallowed-wordlists [Github Action] Automated trickest wordlists update. 2024-12-19 19:03:27 +00:00
URLs Improve readme files for better clarity and usage examples 2024-11-05 21:58:51 +08:00
Web-Services
AdobeCQ-AEM.txt
AdobeXML.fuzz.txt
aem2.txt
Apache.fuzz.txt
apache.txt
ApacheTomcat.fuzz.txt
axis.txt
big.txt Merge pull request #1073 from newyork167/master 2024-11-20 10:08:16 +00:00
burp-parameter-names.txt
CGI-HTTP-POST-Windows.fuzz.txt
CGI-HTTP-POST.fuzz.txt
CGI-Microsoft.fuzz.txt
CGI-XPlatform.fuzz.txt
CGIs.txt
coldfusion.txt
combined_directories.txt Added gem/rack better errors 2024-08-14 17:11:52 -04:00
combined_words.txt Added gem/rack better errors 2024-08-14 17:11:52 -04:00
common-and-dutch.txt
common-and-french.txt
common-and-italian.txt
common-and-portuguese.txt
common-and-spanish.txt
common-api-endpoints-mazen160.txt
Common-DB-Backups.txt
Common-PHP-Filenames.txt
common.txt Added reportserver directory at common.txt, reference : https://learn.microsoft.com/en-us/sql/reporting-services/install-windows/configure-report-server-urls-ssrs-configuration-manager?view=sql-server-ver16 2024-11-21 04:41:29 +08:00
common_directories.txt feat(wordlist): created 'common_directories.txt' wordlist 2024-09-10 22:52:36 -03:00
CommonBackdoors-ASP.fuzz.txt
CommonBackdoors-JSP.fuzz.txt
CommonBackdoors-PHP.fuzz.txt
CommonBackdoors-PL.fuzz.txt
confluence-administration.txt
default-web-root-directory-linux.txt
default-web-root-directory-windows.txt
directory-list-1.0.txt
directory-list-2.3-big.txt Removed offensive/harmful entries in files. 2024-03-29 12:29:53 -07:00
directory-list-2.3-medium.txt Removed offensive/harmful entries in files. 2024-03-29 12:29:53 -07:00
directory-list-2.3-small.txt
directory-list-lowercase-2.3-big.txt
directory-list-lowercase-2.3-medium.txt
directory-list-lowercase-2.3-small.txt
dirsearch.txt
domino-dirs-coldfusion39.txt
domino-endpoints-coldfusion39.txt
dsstorewordlist.txt
elmah.txt
FatwireCMS.fuzz.txt
fnf-fuzz.txt
forefront-identity-management.txt
Frontpage.fuzz.txt
frontpage.txt
golang.txt
graphql.txt
hashicorp-consul-api.txt
hashicorp-vault.txt
hpsmh.txt
HTTP-POST-Microsoft.fuzz.txt
Hyperion.fuzz.txt
hyperion.txt
iis-systemweb.txt
IIS.fuzz.txt remove new line at the end 2024-11-11 19:44:42 +08:00
iplanet.txt
JavaScript-Miners.txt
JavaServlets-Common.fuzz.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
jboss.txt
Jenkins-Hudson.txt
JRun.fuzz.txt
jrun.txt
keycloak.txt Update keycloak.txt 2024-01-06 10:21:48 +03:30
KitchensinkDirectories.fuzz.txt
LinuxFileList.txt Standardize leading slases in web conent 2023-05-18 23:55:53 +12:00
local-ports.txt
Logins.fuzz.txt
LotusNotes.fuzz.txt
netware.txt
nginx.txt
ntlm-directories.txt Create ntlm-directories.txt 2024-03-30 17:28:41 +01:00
oauth-oidc-scopes.txt
Oracle-EBS-wordlist.txt
oracle.txt
Oracle9i.fuzz.txt
OracleAppServer.fuzz.txt
Passwords.fuzz.txt
PHP.fuzz.txt
proxy-conf.fuzz.txt
Public-Source-Repo-Issues.json
pulsesecure.txt
quickhits.txt
raft-large-directories-lowercase.txt
raft-large-directories.txt
raft-large-extensions-lowercase.txt
raft-large-extensions.txt
raft-large-files-lowercase.txt
raft-large-files.txt
raft-large-words-lowercase.txt
raft-large-words.txt
raft-medium-directories-lowercase.txt
raft-medium-directories.txt
raft-medium-extensions-lowercase.txt
raft-medium-extensions.txt
raft-medium-files-lowercase.txt
raft-medium-files.txt
raft-medium-words-lowercase.txt
raft-medium-words.txt
raft-small-directories-lowercase.txt
raft-small-directories.txt
raft-small-extensions-lowercase.txt
raft-small-extensions.txt
raft-small-files-lowercase.txt
raft-small-files.txt
raft-small-words-lowercase.txt
raft-small-words.txt
Randomfiles.fuzz.txt
README.md feat(docs): Added documentation for 'CGI-HTTP-POST-Windows.fuzz.txt' wordlist 2025-01-25 06:27:26 -03:00
reverse-proxy-inconsistencies.txt
ror.txt
Roundcube-123.txt
rssfeed-files.txt Add files via upload 2024-07-04 07:57:17 +02:00
sap-analytics-cloud.txt
sap.txt
sharepoint-ennumeration.txt
spring-boot.txt
SunAppServerGlassfish.fuzz.txt
sunas.txt
SuniPlanet.fuzz.txt
swagger.txt Update swagger.txt 2024-11-21 12:42:33 +04:00
tests.txt
tftp.fuzz.txt
tomcat.txt
UnixDotfiles.fuzz.txt
uri-from-top-55-most-popular-apps.txt
url-params_from-top-55-most-popular-apps.txt
versioning_metafiles.txt
Vignette.fuzz.txt
vulnerability-scan_j2ee-websites_WEB-INF.txt
web-all-content-types.txt Merge branch 'master' into sync 2024-12-20 02:45:55 -03:00
web-extensions-big.txt Added .vue file extension at web-extensions-big, reference : https://vuejs.org/api/sfc-spec 2024-11-22 06:46:22 +08:00
web-extensions.txt added .json 2024-11-11 02:15:04 +08:00
web-mutations.txt
weblogic.txt
websphere.txt
wso2-enterprise-integrator.txt

README.md

Web discovery wordlists

AdobeCQ-AEM.txt

Use for: Discovering sensitive filepaths of Adobe Experience Manager Creation date: Oct 1, 2017 No updates have been made to this wordlist since its creation.

AdobeXML.fuzz.txt

Use for: Discovering sensitive filepaths of Adobe ColdFusion Creation date: Aug 27, 2012 No updates have been made to this wordlist since its creation.

Apache.fuzz.txt

Use for: Discvering sensitive content in Apache web servers. Date of last update: Jan 26, 2015

ApacheTomcat.fuzz.txt

Use for: Discovering sensitive content in Apache Tomcat servers. Date of last update: Dec 14, 2017

CGI-HTTP-POST-Windows.fuzz.txt

Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, Microsoft FrontPage Source: https://github.com/deepak0401/Front-Page-Exploit Date of last update: Aug 27, 2012 The last version of FrontPage was released on 2003.

raft-* wordlists

Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: Google's RAFT

combined_words.txt

Overview

This list is a combination of the following wordlists:

  • big.txt
  • common.txt
  • raft-large-words-lowercase.txt
  • raft-large-words.txt
  • raft-medium-words-lowercase.txt
  • raft-medium-words.txt
  • raft-small-words-lowercase.txt
  • raft-small-words.txt

Usage

Use for: discovering files

Source

This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.

combined_directories.txt

Overview

This list is a combination of the following wordlists:

  • apache.txt
  • combined_words.txt
  • directory-list-1.0.txt
  • directory-list-2.3-big.txt
  • directory-list-2.3-medium.txt
  • directory-list-2.3-small.txt
  • raft-large-directories-lowercase.txt
  • raft-large-directories.txt
  • raft-medium-directories-lowercase.txt
  • raft-medium-directories.txt
  • raft-small-directories-lowercase.txt
  • raft-small-directories.txt
  • common_directories.txt <<<<<<< HEAD

Usage

Use for: discovering files and directories

Source

This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.

dsstorewordlist.txt

Overview

Perfect wordlist to discover directories and files on target site with tools like ffuf.

Usage

Use for: discovering directories and files

Source

Source: https://github.com/aels/subdirectories-discover

References

  • It was collected by parsing Alexa top-million sites for .DS_Store files (https://en.wikipedia.org/wiki/.DS_Store), extracting all the found files, and then extracting found file and directory names from around 300k real websites.
  • Then sorted by probability and removed strings with one occurrence.
  • resulted file you can download is below. Happy Hunting!

vulnerability-scan_j2ee-websites_WEB-INF.txt

Overview

Use for: discovering sensitive j2ee files exploiting a lfi

References