admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-08 05:57:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
678 Commits 2 Branches 29 Tags
Commit Graph

60 Commits

Author SHA1 Message Date
Ricardo
6d15c05bc4
Include .well-known/apple-app-site-association 
Include .well-known/apple-app-site-association
Ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
 2019-04-12 16:25:47 +01:00
toxydose
3251b35d54 update login endpoints 2019-04-10 15:54:03 +03:00
toxydose
6aa736a75a ShoreTel Connect login page GHDB-ID:5172 2019-04-10 15:47:27 +03:00
toxydose
94cc83dbda add endpoints without trailing slashes 2019-04-10 15:42:15 +03:00
g0tmi1k
12751dbbf0 Fix #288 - Add graphql 
Source: https://graphql.org/learn/serving-over-http/
 2019-04-10 13:18:25 +01:00
g0tmi1k
ed69bd3738
Merge pull request #282 from drwetter/master 
Suggestion to avoid license files to be added per accident
 2019-03-19 09:30:26 +00:00
Dirk Wetter
9da980c4da Suggestion to avoid license files to be added per accident 
Some license files carry the extension .txt which requires
a thorough look to distinguish them from payloads with the
same extension.
 2019-03-19 10:20:36 +01:00
Zawadi Done
eca7232058
Update IIS.fuzz.txt 
https://twitter.com/mrr0y4l3/status/1106602488495525888?s=12
 2019-03-18 20:00:54 +01:00
Dirk
cea5abf93d Adding more springboot entrypoints 2019-03-17 11:47:50 +01:00
g0tmi1k
6830bbe052
Merge pull request #278 from tkisason/patch-1 
Update spring-boot.txt

Source: https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
 2019-03-16 20:31:21 +00:00
ArgentEnergy
7fa417a3d5 Added more AEM paths. 2019-03-15 21:43:31 -03:00
ArgentEnergy
ae88fbed37 Added Swagger paths. 2019-03-15 21:18:17 -03:00
Tonimir Kisasondi
eaccabd89a
Update spring-boot.txt 2019-03-15 22:37:48 +01:00
Tonimir Kisasondi
61b92c599d
Update spring-boot.txt 
Added some other paths according to:
https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
 2019-03-15 22:26:08 +01:00
Andrei Conache
807b08a7eb
add /admin-console directory 2019-02-08 17:16:37 +01:00
g0tmi1k
8f3802fd51
Merge pull request #262 from g0tmi1k/websphere 
Fix #255 - Add more wps
 2019-01-07 15:55:58 +00:00
g0tmi1k
758842d94f Fix #255 - Add more wps 2019-01-07 15:55:10 +00:00
g0tmi1k
5e1dc9cc79 Fix #259 - Recover from bad merge 2019-01-07 15:40:56 +00:00
Daniel Miessler
778b16115f Added https://github.com/g0tmi1k to the project leaders list. 2018-12-31 11:53:56 -08:00
toxydose
5e043e22ba merged FatwireCMS.fuzz.txt fatwire.txt 2018-12-11 04:32:05 +02:00
toxydose
24c955345f contains the same, and less than FatwireCMS.fuzz.txt 2018-12-11 04:12:44 +02:00
toxydose
4bda908742 merged two domino endpoints files 2018-12-11 04:01:38 +02:00
toxydose
82671ffafc add login.html endpoint 2018-12-11 02:27:08 +02:00
toxydose
dd08d4aacb merged two IIS wordlists, deleted file. 2018-12-08 17:22:44 +02:00
toxydose
c638cb3055 File containing the same strings that are included to jboss.txt 2018-12-08 17:05:37 +02:00
toxydose
6aedd5e95d deleted duplicate file vignette.txt that duplicates Vignette.fuzz.txt but do not contains slashes 2018-12-08 17:01:56 +02:00
toxydose
1182e89d55 delete file containing duplicate entries from netware.txt 2018-12-08 16:58:00 +02:00
toxydose
ea352ed2ce - sorted alphabetically 
- removed duplicates
- merged unique with "ColdFusion.fuzz2.txt"
- deleted "ColdFusion.fuzz2.txt"
 2018-12-07 16:22:34 +02:00
toxydose
412153b437 add Atlassian Confluence login endpoints 
Reference: https://confluence.atlassian.com/doc/customizing-the-login-page-163938553.html
 2018-12-06 00:56:47 +02:00
toxydose
277b243d61 add slashes. Some servers are redirecting from folders without slashes to folders with slashes in the end of URI, and 302 is returned instead of 200 2018-12-02 02:39:55 +02:00
toxydose
aac5204f75 add clientaccesspolicy.xml and crossdomain.xml files which are usually contains unsafe wildcarded configurations. 2018-12-02 02:23:41 +02:00
tomcodes
613af9601e Add HashiCorp Vault GUI default URL to quickhits.txt 2018-11-21 16:11:47 +01:00
tomcodes
ff8406d36b Add sonar-project.properties file to quickhits.txt 2018-11-21 15:54:22 +01:00
tomcodes
214a277412 Add AWS CodeDeploy appspec.yml file to quickhits.txt 2018-11-21 15:21:42 +01:00
Alexander Bridges
a53dae2a76
Add /wp-json/wp/v2/users 
Add /wp-json/wp/v2/users WP REST API endpoint which exposes sensitive information - list of all WP users, which could be used for brute-force attacks.
 2018-10-31 23:27:00 +02:00
Alexander Bridges
dbfa5e2b1e
Add some WP rest API endpoints 
reference: http://v2.wp-api.org/
 2018-10-31 23:19:31 +02:00
Alexander Bridges
85cc7eeadf
Added cpanel login page 
reference: https://www.webhostinghub.com/help/learn/cpanel/getting-started/how-to-login-to-cpanel
 2018-10-30 01:00:31 +02:00
g0tmi1k
3327ec8b40
Merge pull request #229 from drwetter/patch-1 
Correct 1 typo in typo3 login ;-)
 2018-10-23 12:53:05 +01:00
Dirk Wetter
e8b1df5f84
Correct 1 typo in typo3 login 
/typo3/in is IMHO not the login.
 2018-10-23 13:50:09 +02:00
Alexander Bridges
2ced567e86
Add Wordpress and Shopware login pages 
Added common Wordpress and Shopware CMS's login forms.

References:
https://premium.wpmudev.org/blog/find-wordpress-login/
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/wordpress.fuzz.txt
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/shopware.txt
 2018-10-23 13:46:26 +03:00
Alexander Bridges
5a88be0c4f
Add Shopware common sensitive files wordlist. 
Shopware is open source e-commerce software 
https://github.com/shopware/shopware 
Shopware wordlist was not presented in this directory. The file should be improved and expanded
 2018-10-17 17:19:53 +03:00
g0tmi1k
d68ba5f9ed Rename "_" -> "-" & found a few new homes 2018-10-15 13:08:10 +01:00
CyberSemtex
a9e9e80884 Deleted the params and functions wordlists. Merged the boring_headers and headers file together then created a version with uppercases 1st letters (including after dashes) and a full uppercase version. Every file have been sorted with -u option to delete duplicates. Hit me up if you find something wrong. 2018-10-04 23:46:58 +02:00
CyberSemtex
a2f0c2cb00 Added the wordlists from param-miner extension of BurpSuite by @albinowax 2018-10-04 23:45:21 +02:00
objectified
bc97ca41f5 added wordlist for Spring Boot (Actuator) 2018-08-23 20:22:01 +02:00
g0tmi1k
201e2abfb5 Close #195 - Confluence administration 
Source: https://confluence.atlassian.com/doc/using-apache-to-limit-access-to-the-confluence-administration-interface-216433019.html
 2018-07-05 07:21:57 +01:00
g0tmi1k
3f79d071ce Quick move about 2018-03-21 17:47:29 +00:00
g0tmi1k
c524f768bf Close #148 - More Lotus Domino 
Source: https://github.com/danielmiessler/SecLists/issues/148
Source: 6300758c46/modules/auxiliary/scanner/lotus/lotus_domino_version.rb
Source: 583d0a5ade/domi_owned/fingerprint.py (L60-L72)
 2018-03-21 17:07:45 +00:00
g0tmi1k
2ff356ee2a Add domi-owned 
Source: https://github.com/coldfusion39/domi-owned
 2018-03-21 17:04:37 +00:00
g0tmi1k
df9697d189 Add Domino-Hunter 
Source: https://sourceforge.net/projects/dominohunter/
 2018-03-21 16:59:57 +00:00