admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-08 22:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,068 Commits 2 Branches 29 Tags
Commit Graph

135 Commits

Author SHA1 Message Date
g0tmi1k
6372096eab
Merge pull request #561 from kazkansouh/ldap-fuzzing 
Standard LDAP attribute and classes lists

Source: ldapsearch -s base -b cn=Subschema  "(objectclass=*)" attributetypes -LLL | sed -e ':x N ; s/\n // ; tx ; P ; s/^.*\n//; tx' | grep -e '^a' | cut -d "'" -f 2 | sort -u
 2021-02-11 21:25:40 +00:00
g0tmi1k
af40e7f267
Merge pull request #519 from arjunshibu/master 
Added http-request-methods.txt
 2021-02-11 20:27:53 +00:00
Karim Kanso
840067b851 add standard ldap attribute and classes lists 2021-01-20 15:38:59 +00:00
g0t mi1k
d4ebb09709 dos2unix 2020-11-04 11:45:59 +00:00
Chris H
08925a1fae
Update email-top-100-domains.txt 
added missing mail domain
 2020-11-03 13:06:10 +01:00
g0tmi1k
6d164b9672
Merge pull request #527 from soufianetahiri/master 
Added actuator default paths and created new XSS fuzzing list

Source: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/production-ready-endpoints.html
 2020-11-03 11:39:11 +00:00
Soufiane Tahiri
a100ade82e
Create XSS-Fuzzing 
High rate hit XSS payloads
 2020-10-23 10:56:16 +02:00
Arjun Shibu
9d298b2121
Create http-request-methods.txt 
Useful for fuzzing endpoints
 2020-09-25 20:06:30 +05:30
Luke Paris
52f1658a0c
Removed destructive SQL statements 
Those two lines are downright irresponsible, someone is going to use this list to fuzz a web application and accidentally nuke a production database.
 2020-09-17 15:02:40 +02:00
g0tmi1k
f1f3750803
Merge pull request #480 from haxxinen/patch-1 
Create quick-SQLi.txt
 2020-09-16 07:29:18 +01:00
g0tmi1k
c5ba0f44e4
Merge pull request #493 from daehee/master 
XSS payloads from OFJAAAH

Source: https://ghostbin.co/paste/qo23j
 2020-09-16 07:27:07 +01:00
g0tmi1k
0b7d119f74
Merge pull request #501 from righettod/master 
Add payloads to identify the template engine used

- https://portswigger.net/research/server-side-template-injection
- https://github.com/epinna/tplmap
 2020-09-16 07:23:39 +01:00
Daniel Neal
68fe48d9dd
Add string js or injection 2020-09-14 21:55:24 -07:00
Dominique RIGHETTO
1361ac96c1
Fix typos 2020-09-14 14:30:00 +02:00
Dominique RIGHETTO
1c2fb11278
Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
Dominique RIGHETTO
234dfabf72
Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO
ba87953a08
Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
Daehee Park
850d3b10f1 XSS payloads from OFJAAAH 2020-08-30 14:40:59 -07:00
haxxinen
783b5edf73
Create quick-SQLi.txt 2020-08-06 10:35:03 +02:00
Dominique RIGHETTO
00f10f8513
Add character that can break a MongoDB query when JS expression is used 2020-07-18 18:00:24 +02:00
PinkDraconian
cf1ca8ec62
Added scientific notation entries 2020-06-16 12:36:29 +02:00
PinkDraconian
8679c2d6fe
Added true and false to the fuzzing list 
Changing json field to true or false could have interesting results on an endpoint when fuzzing.
 2020-06-16 12:21:04 +02:00
g0tmi1k
d76b8f6691
Merge pull request #452 from noraj/patch-1 
Create LFI-gracefulsecurity-windows.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/
 2020-06-12 09:57:44 +01:00
g0tmi1k
b2865e0492
Merge pull request #453 from noraj/patch-2 
Create LFI-gracefulsecurity-linux.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-linux/
 2020-06-12 09:57:09 +01:00
sheimo
6757058b8c
Create sqli.auth.bypass.txt 
This is a thorough SQL injection authentication bypass list. Each source below was combined to a text file and sorted.

Source: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
Source: http://www.lifeoverpentest.com/2018/03/sql-injection-login-bypass-cheat-sheet.html
 2020-06-11 23:24:34 -05:00
Alexandre ZANNI
7dd955a544
Create LFI-gracefulsecurity-linux.txt 2020-06-11 16:49:45 +02:00
Alexandre ZANNI
6945f3e779
Create LFI-gracefulsecurity-windows.txt 2020-06-11 16:48:39 +02:00
g0tmi1k
245984882a
Merge pull request #442 from kazkansouh/standardise-line-end 
Standardise line endings
 2020-05-28 11:11:35 +01:00
Jamie Scott
5b5cafaa47
Adding the not in operator 
Adding the not in operator as another thing to check or test. It will equivalently act as { $ne: 1 } only it functions within an array.
 2020-05-28 00:34:48 -07:00
Karim Kanso
607c3293b4 strip trailing whitespace 2020-05-27 14:26:51 +01:00
kegan
54ac7074da
add nested traversal strings for /etc/passwd 2020-05-18 18:12:12 -05:00
Dominique RIGHETTO
984af30974
Add the expression for the Dust engine 2020-05-03 10:52:17 +02:00
Dominique RIGHETTO
aecd8036ca
Add the expression for the doT engine 2020-05-03 10:30:48 +02:00
g0tmi1k
09d5a27cf7
Merge pull request #421 from storenth/master 
Update the fuzz-Bo0oM.txt with more ';'

Source: https://twitter.com/11xuxx/status/1247496768054591489
 2020-04-29 17:52:49 +01:00
Kirill Z
6466bd0ed2
Add more XSS 2020-04-27 20:19:33 +07:00
Kirill Z
561d6236c2
Update the fuzz-Bo0oM.txt with more ';' 2020-04-27 20:09:53 +07:00
Dominique RIGHETTO
611d47caf3
Add a version of the payload for CodeContext 
Add the payload "42*42" to the fuzzing list in order to cover the "Code context" detection point mentioned in the https://portswigger.net/web-security/server-side-template-injection training
 2020-04-25 09:13:06 +02:00
g0tmi1k
a7dbde1ec9
Merge pull request #412 from righettod/master 
Collection of template engines expression

Source: https://github.com/expressjs/express/wiki#template-engines
 2020-04-20 10:06:06 +01:00
g0tmi1k
b3b337e6f1
Merge pull request #390 from ipentest/add-ipentest 
Added top 100 email domains to Seclists/Fuzzing

Source: https://email-verify.my-addr.com/list-of-most-popular-email-domains.php
 2020-04-20 10:04:42 +01:00
Dominique RIGHETTO
1bd30300de
Add a initial collection of template engines expression 2020-04-18 17:16:20 +02:00
Antoine Guilbaud
13b1f18901 add a common windows lfi path 2020-04-15 12:49:42 +02:00
milangfx
e82e5e5026 add /apidocs/api-docs.json, /api-docs 2020-04-01 14:42:20 +02:00
ipentest
b2cf6971c9 Add ipentest to contributors 2020-02-12 11:46:44 -05:00
S7X Deckard Case
b8e87ad36c Added the entire XSS Cheat Sheet of PortSwigger, their HTML events and tags. 2019-11-18 09:33:26 +01:00
Camas
eb2cd4518a Remove extra newline 2019-11-08 23:32:46 +00:00
Camas
a7184dd1f7 Fix line endings 2019-11-08 15:09:15 +00:00
Parth Malhotra
01b280755c
Create 1-4_all_letters_a-z.txt 2019-11-07 21:50:55 +05:30
Luke Anderson
68f8d60da5
Fix Fuzzing Types (Fixes #339) 2019-10-05 00:35:43 +09:30
g0tmi1k
327cc859ee Quick rename 2019-08-13 12:50:53 +01:00
g0tmi1k
5bbc1e6fe3 Close #329 - Bo0oM's fuzz.txt 
Source: https://github.com/Bo0oM/fuzz.txt
 2019-08-13 12:50:20 +01:00