admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-08 14:07:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
837 Commits 2 Branches 29 Tags
Commit Graph

217 Commits

Author SHA1 Message Date
reydc
1fb8561d9c
Update graphql.txt 2020-02-23 10:20:31 -03:00
Dominique RIGHETTO
cb37e5b03d
Create reverse-proxy-inconsistencies.txt 2020-01-22 09:03:34 +01:00
Dominique RIGHETTO
44b3fdedf2
Add entries from a blog about content discovery in API 
Blog url: https://blog.jonlu.ca/posts/experiments-and-growth-hacking
 2020-01-03 16:22:45 +01:00
Dominique RIGHETTO
f7314e9c34
Add entry from Portswigger WebAcademy 
Entry found in labs from https://portswigger.net/web-security/access-control
 2019-12-29 11:50:12 +01:00
Camas
eb2cd4518a Remove extra newline 2019-11-08 23:32:46 +00:00
Camas
a7184dd1f7 Fix line endings 2019-11-08 15:09:15 +00:00
Ricardo
5bdfce1568
Hidden SNMP community in Cisco SG220 series 
Reference: https://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_default_snmp.pdf
 2019-11-08 10:39:12 +00:00
davidegirardi
78190b79a6 Add CICS transaction list 2019-11-03 11:50:45 +01:00
Dominique RIGHETTO
9f94cae21b
Add local ports for scan 2019-10-21 17:49:56 +02:00
Tonimir Kisasondi
b472dfc528
added jolokia 
See https://jolokia.org/

Gets exposed in combination with springboot.
 2019-10-13 22:04:35 +02:00
Dominique RIGHETTO
5c917b1cba
Add dictionary for GraphQL 
Help to detect GraphQL endpoint
 2019-10-11 17:19:05 +02:00
Dominique RIGHETTO
b93f54f4fb
Add VIM and NANO backup file 2019-10-11 15:55:38 +02:00
XalfiE
5d2567ab0e
Oracle EBS wordlist addition 
Oracle EBS wordlist addition
 2019-10-07 13:12:51 +03:00
Tonimir Kisasondi
7afc0c42a7
adds mappings and restart 
This list is missing mappings and restart. Just added them.
 2019-10-03 10:11:17 +02:00
Dirk Wetter
3ce96b82d4
Update with entries from Wikipedia 
...see https://en.wikipedia.org/wiki/List_of_/.well-known/_services_offered_by_webservers
 2019-10-02 21:35:58 +02:00
Dirk Wetter
d7bf9b91bd
Add some .well-known dir entries 
*  Add 1x apple-app-site-association, as it also can appear in docroot: https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html

  *  put .well-known in alphabetical order

  * Added more from IANA registry: https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml

There might be still more URI -- Apple didn't seem to have registered their URI either at IANA either (process see  https://tools.ietf.org/html/rfc5785#5.1).)
 2019-09-30 15:47:38 +02:00
g0tmi1k
7148816422
Merge branch 'master' into master 2019-09-30 10:47:53 +01:00
g0tmi1k
ed0e6e1e1e
Merge pull request #343 from draguntsow/patch-1 
Create a wordlist of Modx Revolution CMS packages

Source: https://modx.com/
 2019-09-30 10:44:43 +01:00
Nikos Gk
dcf5d8162c
Update with missing common endpoints 
Update list following discussion on Twitter: https://twitter.com/NahamSec/status/1177672652011343873
 2019-09-28 19:20:35 +03:00
draguntsow
ddb5adf3d5
Create a wordlist of Modx Revolution CMS packages 
The list of plugins is collected from the info provided on the official site.
 2019-09-27 15:38:49 +03:00
dotan3
95df7943d6 Add Laravel related urls 2019-09-25 11:32:24 +02:00
Adrien
4d0073c4cd
Added new files path 2019-08-17 23:29:16 +02:00
g0tmi1k
162c2ee368
Merge pull request #328 from hisxo/patch-1 
Create symfony wordlist (for LFI/Path Traversal)

Source: https://github.com/hisxo/wordlist
 2019-08-13 04:36:15 -07:00
Eric Range
93e236b118
Update quickhits.txt 2019-08-13 10:21:15 +02:00
Eric Range
a71d0b11fd
new config file locations 
config files for the "Damn Vulnerable Web Application (DVWA)" app.
 2019-08-13 10:18:39 +02:00
BlackPearl01
07dd8118ad
Create symfony wordlist (for LFI/Path Traversal) 
Hello,

I created this wordlist because I had a Path Traversal vulnerability in an environment with Symfony. This wordlist has helped me a lot and I hope she can help others.

Adrien
 2019-08-03 22:01:45 +02:00
Alexander Bridges
4cdabd6555
add Dot CMS login endpoint 
source: https://dotcms.com/docs/latest/logging-into-dotcms
 2019-07-28 02:57:16 +03:00
Alexander Bridges
b0a709be71
add weevely.php shell endpoint 2019-07-26 14:55:28 +03:00
Alexander Bridges
09e93df441
add /phpmyadmin/ endpoints 2019-07-20 23:56:12 +03:00
g0tmi1k
11b967a88f Merge branch 'master' of https://github.com/danielmiessler/SecLists into misc 
# Conflicts:
#	Discovery/Infrastructure/common-router-ips.txt
 2019-07-09 12:15:28 +01:00
g0tmi1k
f455dc518a Sort common-router-ip by pop 2019-07-09 12:06:25 +01:00
g0tmi1k
503c57f500
Merge pull request #314 from jakobhuss/patch-1 
Non valid ipv4
 2019-07-05 17:22:13 +01:00
Alexander Bridges
c5c705134f
Sitecore CMS endpoints 
#### Sources:

Sitecore CMS:  https://www.sitecore.com/

Sensitive endpoints: https://doc.sitecore.com/developers/90/platform-administration-and-architecture/en/deny-anonymous-users-access-to-a-folder.html

Sitecore docs:  
https://doc.sitecore.com/legacy-docs/SC72/sitecore-web-service-sc65-a4.pdf
https://doc.sitecore.com/SdnArchive/upload/sitecore7/75/sitecore_security_hardening_guide-sc75-usletter.pdf
 2019-07-05 19:14:54 +03:00
Alexander Bridges
eae5072a6e
add bower.json dependencies file 
Contains sensitive info
https://zellwk.com/blog/bower/
 2019-07-05 18:53:08 +03:00
Alexander Bridges
ee0e0b01a5
few login endpoints 2019-07-05 18:50:29 +03:00
jakobhuss
0c97bfa509
Non valid ipv4 2019-07-05 13:53:59 +02:00
g0tmi1k
c9a56c3fe0
Merge pull request #312 from g0tmi1k/richelieu 
Add richelieu
 2019-07-03 14:11:25 +01:00
g0tmi1k
ad53a28ba0 Rename a few filesto match 2019-07-03 14:11:00 +01:00
waawaa
4a5f06c053
Missing paths with known RCE vulnerabilities 
Some paths are missing which have known RCE vulnerabilities
 2019-07-02 09:31:42 +02:00
g0tmi1k
7f083ceb07 Close #217 - Add api_wordlist 
Source: https://github.com/chrislockard/api_wordlist
 2019-05-08 12:22:03 +01:00
g0tmi1k
9239f0a284 find . -name '*_*' -exec rename 's/_/-/g' "{}" \; 2019-05-08 11:54:39 +01:00
g0tmi1k
a65f6bd665 Close #291 - Fix encoding issues 
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
 2019-05-08 11:04:00 +01:00
g0tmi1k
8e1f1ae56a Close #294 - Add /weblogic/ready 2019-05-07 18:20:26 +01:00
Ricardo
6d15c05bc4
Include .well-known/apple-app-site-association 
Include .well-known/apple-app-site-association
Ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
 2019-04-12 16:25:47 +01:00
toxydose
3251b35d54 update login endpoints 2019-04-10 15:54:03 +03:00
toxydose
6aa736a75a ShoreTel Connect login page GHDB-ID:5172 2019-04-10 15:47:27 +03:00
toxydose
94cc83dbda add endpoints without trailing slashes 2019-04-10 15:42:15 +03:00
g0tmi1k
611ba969ec Move location 2019-04-10 13:31:17 +01:00
g0tmi1k
12751dbbf0 Fix #288 - Add graphql 
Source: https://graphql.org/learn/serving-over-http/
 2019-04-10 13:18:25 +01:00
g0tmi1k
ed69bd3738
Merge pull request #282 from drwetter/master 
Suggestion to avoid license files to be added per accident
 2019-03-19 09:30:26 +00:00