admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-10 02:04:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,119 Commits 2 Branches 29 Tags
Commit Graph

259 Commits

Author SHA1 Message Date
Dominique RIGHETTO
f86abe0dde
Add new entries after extraction from LU domains from MAjestic file 
See PR comment
 2021-11-24 14:00:08 +01:00
elitejake
3c543908bf
Add PURGE method 2021-11-24 11:19:38 +00:00
Dominique RIGHETTO
55dcca61cf
Sorting ASC 2021-11-24 11:57:48 +01:00
Dominique RIGHETTO
57fa66e37e
Enrich with results from auchan.lu 2021-11-24 11:46:57 +01:00
Dominique RIGHETTO
d68129fe2d
Add missing entries from sgbt.lu 2021-11-24 11:44:29 +01:00
Dominique RIGHETTO
9b653b08af
Enrich with sgbt.lu results 
Cmd: `curl -sk "https://crt.sh/?q=sgbt.lu&output=json" | jq -r ".[].name_value" | cut -d'.' -f1 | sort -u`
 2021-11-24 11:42:45 +01:00
Dominique RIGHETTO
6d37719fd4
Enrich with total.com sub domains results 
Command: `curl -sk "https://crt.sh/?q=total.com&output=json" | jq -r ".[].name_value" | cut -d'.' -f1 | sort -u`
 2021-11-24 11:41:17 +01:00
Dominique RIGHETTO
0c61f25372
Add UAG 2021-11-24 11:33:31 +01:00
Dominique RIGHETTO
9d3ac03fd0
Initial adding 2021-11-24 11:25:10 +01:00
g0t mi1k
6b00e5cf53 Fix formatting 2021-11-24 10:13:43 +00:00
g0tmi1k
4030e1b6ce
Merge pull request #660 from noraj/patch-1 
Update fuzz-Bo0oM.txt

Source: https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt
 2021-11-24 09:53:58 +00:00
Dominique RIGHETTO
6e3e64f1f5
Add IBM MQSeries common channel names 2021-11-17 09:33:49 +01:00
Alexandre ZANNI
484ab9e986
Update fuzz-Bo0oM.txt 2021-10-07 11:03:42 +02:00
g0t mi1k
efeb38808c Replace ' ' with ' ' (Empty Characters) 2021-08-28 21:05:13 +01:00
g0tmi1k
177f25ba69
Merge pull request #625 from cbk914/master 
Some additions

Source: http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
 2021-08-27 21:14:37 +01:00
Gabriel
fb613f25bf
Add "-" and remove duplicate "_" entry 
Fixes #612
 2021-07-13 14:42:14 +01:00
cbk914
9a871facf1
Merge branch 'danielmiessler:master' into master 2021-06-26 23:06:55 +02:00
Annihilat0r
495c8a6c3f
Add NoSQL payload 2021-05-29 13:21:29 +03:00
cbk914
cb4febae37 Merge branch 'danielmiessler:master' into master 2021-05-11 16:10:42 +02:00
Alex G
66e5827639
Add master.mdf MSSQL path to Windows LFI 2021-02-19 22:42:27 +01:00
g0tmi1k
6372096eab
Merge pull request #561 from kazkansouh/ldap-fuzzing 
Standard LDAP attribute and classes lists

Source: ldapsearch -s base -b cn=Subschema  "(objectclass=*)" attributetypes -LLL | sed -e ':x N ; s/\n // ; tx ; P ; s/^.*\n//; tx' | grep -e '^a' | cut -d "'" -f 2 | sort -u
 2021-02-11 21:25:40 +00:00
g0tmi1k
af40e7f267
Merge pull request #519 from arjunshibu/master 
Added http-request-methods.txt
 2021-02-11 20:27:53 +00:00
Karim Kanso
840067b851 add standard ldap attribute and classes lists 2021-01-20 15:38:59 +00:00
cbk914
003bfef95f
Merge pull request #6 from danielmiessler/master 
Update
 2020-11-12 02:44:53 +01:00
cbk914
d2a20595fc Update 2020-11-05 16:41:54 +01:00
g0t mi1k
d4ebb09709 dos2unix 2020-11-04 11:45:59 +00:00
Chris H
08925a1fae
Update email-top-100-domains.txt 
added missing mail domain
 2020-11-03 13:06:10 +01:00
g0tmi1k
6d164b9672
Merge pull request #527 from soufianetahiri/master 
Added actuator default paths and created new XSS fuzzing list

Source: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/production-ready-endpoints.html
 2020-11-03 11:39:11 +00:00
Soufiane Tahiri
a100ade82e
Create XSS-Fuzzing 
High rate hit XSS payloads
 2020-10-23 10:56:16 +02:00
cbk914
ae8aabcfed Merge branch 'master' of https://github.com/cbk914/SecLists 2020-09-30 16:37:47 +02:00
Arjun Shibu
9d298b2121
Create http-request-methods.txt 
Useful for fuzzing endpoints
 2020-09-25 20:06:30 +05:30
Luke Paris
52f1658a0c
Removed destructive SQL statements 
Those two lines are downright irresponsible, someone is going to use this list to fuzz a web application and accidentally nuke a production database.
 2020-09-17 15:02:40 +02:00
g0tmi1k
f1f3750803
Merge pull request #480 from haxxinen/patch-1 
Create quick-SQLi.txt
 2020-09-16 07:29:18 +01:00
g0tmi1k
c5ba0f44e4
Merge pull request #493 from daehee/master 
XSS payloads from OFJAAAH

Source: https://ghostbin.co/paste/qo23j
 2020-09-16 07:27:07 +01:00
g0tmi1k
0b7d119f74
Merge pull request #501 from righettod/master 
Add payloads to identify the template engine used

- https://portswigger.net/research/server-side-template-injection
- https://github.com/epinna/tplmap
 2020-09-16 07:23:39 +01:00
Daniel Neal
68fe48d9dd
Add string js or injection 2020-09-14 21:55:24 -07:00
Dominique RIGHETTO
1361ac96c1
Fix typos 2020-09-14 14:30:00 +02:00
Dominique RIGHETTO
1c2fb11278
Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
Dominique RIGHETTO
234dfabf72
Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO
ba87953a08
Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
Daehee Park
850d3b10f1 XSS payloads from OFJAAAH 2020-08-30 14:40:59 -07:00
cbk914
e06aacd937 Revert "Merge pull request #4 from danielmiessler/master" 
This reverts commit c266835781dfddaecff5a1adab7dc79815fac236, reversing
changes made to fd4968f43b933c7f381332d0a8dfb28fe60dda93.
 2020-08-11 14:25:56 +02:00
haxxinen
783b5edf73
Create quick-SQLi.txt 2020-08-06 10:35:03 +02:00
Dominique RIGHETTO
00f10f8513
Add character that can break a MongoDB query when JS expression is used 2020-07-18 18:00:24 +02:00
PinkDraconian
cf1ca8ec62
Added scientific notation entries 2020-06-16 12:36:29 +02:00
PinkDraconian
8679c2d6fe
Added true and false to the fuzzing list 
Changing json field to true or false could have interesting results on an endpoint when fuzzing.
 2020-06-16 12:21:04 +02:00
g0tmi1k
d76b8f6691
Merge pull request #452 from noraj/patch-1 
Create LFI-gracefulsecurity-windows.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/
 2020-06-12 09:57:44 +01:00
g0tmi1k
b2865e0492
Merge pull request #453 from noraj/patch-2 
Create LFI-gracefulsecurity-linux.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-linux/
 2020-06-12 09:57:09 +01:00
sheimo
6757058b8c
Create sqli.auth.bypass.txt 
This is a thorough SQL injection authentication bypass list. Each source below was combined to a text file and sorted.

Source: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
Source: http://www.lifeoverpentest.com/2018/03/sql-injection-login-bypass-cheat-sheet.html
 2020-06-11 23:24:34 -05:00
Alexandre ZANNI
7dd955a544
Create LFI-gracefulsecurity-linux.txt 2020-06-11 16:49:45 +02:00