admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-07 21:46:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
734 Commits 2 Branches 29 Tags
Commit Graph

75 Commits

Author SHA1 Message Date
Eric Range
93e236b118
Update quickhits.txt 2019-08-13 10:21:15 +02:00
Eric Range
a71d0b11fd
new config file locations 
config files for the "Damn Vulnerable Web Application (DVWA)" app.
 2019-08-13 10:18:39 +02:00
Alexander Bridges
4cdabd6555
add Dot CMS login endpoint 
source: https://dotcms.com/docs/latest/logging-into-dotcms
 2019-07-28 02:57:16 +03:00
Alexander Bridges
b0a709be71
add weevely.php shell endpoint 2019-07-26 14:55:28 +03:00
Alexander Bridges
09e93df441
add /phpmyadmin/ endpoints 2019-07-20 23:56:12 +03:00
Alexander Bridges
c5c705134f
Sitecore CMS endpoints 
#### Sources:

Sitecore CMS:  https://www.sitecore.com/

Sensitive endpoints: https://doc.sitecore.com/developers/90/platform-administration-and-architecture/en/deny-anonymous-users-access-to-a-folder.html

Sitecore docs:  
https://doc.sitecore.com/legacy-docs/SC72/sitecore-web-service-sc65-a4.pdf
https://doc.sitecore.com/SdnArchive/upload/sitecore7/75/sitecore_security_hardening_guide-sc75-usletter.pdf
 2019-07-05 19:14:54 +03:00
Alexander Bridges
eae5072a6e
add bower.json dependencies file 
Contains sensitive info
https://zellwk.com/blog/bower/
 2019-07-05 18:53:08 +03:00
Alexander Bridges
ee0e0b01a5
few login endpoints 2019-07-05 18:50:29 +03:00
g0tmi1k
c9a56c3fe0
Merge pull request #312 from g0tmi1k/richelieu 
Add richelieu
 2019-07-03 14:11:25 +01:00
g0tmi1k
ad53a28ba0 Rename a few filesto match 2019-07-03 14:11:00 +01:00
waawaa
4a5f06c053
Missing paths with known RCE vulnerabilities 
Some paths are missing which have known RCE vulnerabilities
 2019-07-02 09:31:42 +02:00
g0tmi1k
7f083ceb07 Close #217 - Add api_wordlist 
Source: https://github.com/chrislockard/api_wordlist
 2019-05-08 12:22:03 +01:00
g0tmi1k
9239f0a284 find . -name '*_*' -exec rename 's/_/-/g' "{}" \; 2019-05-08 11:54:39 +01:00
g0tmi1k
a65f6bd665 Close #291 - Fix encoding issues 
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
 2019-05-08 11:04:00 +01:00
g0tmi1k
8e1f1ae56a Close #294 - Add /weblogic/ready 2019-05-07 18:20:26 +01:00
Ricardo
6d15c05bc4
Include .well-known/apple-app-site-association 
Include .well-known/apple-app-site-association
Ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
 2019-04-12 16:25:47 +01:00
toxydose
3251b35d54 update login endpoints 2019-04-10 15:54:03 +03:00
toxydose
6aa736a75a ShoreTel Connect login page GHDB-ID:5172 2019-04-10 15:47:27 +03:00
toxydose
94cc83dbda add endpoints without trailing slashes 2019-04-10 15:42:15 +03:00
g0tmi1k
12751dbbf0 Fix #288 - Add graphql 
Source: https://graphql.org/learn/serving-over-http/
 2019-04-10 13:18:25 +01:00
g0tmi1k
ed69bd3738
Merge pull request #282 from drwetter/master 
Suggestion to avoid license files to be added per accident
 2019-03-19 09:30:26 +00:00
Dirk Wetter
9da980c4da Suggestion to avoid license files to be added per accident 
Some license files carry the extension .txt which requires
a thorough look to distinguish them from payloads with the
same extension.
 2019-03-19 10:20:36 +01:00
Zawadi Done
eca7232058
Update IIS.fuzz.txt 
https://twitter.com/mrr0y4l3/status/1106602488495525888?s=12
 2019-03-18 20:00:54 +01:00
Dirk
cea5abf93d Adding more springboot entrypoints 2019-03-17 11:47:50 +01:00
g0tmi1k
6830bbe052
Merge pull request #278 from tkisason/patch-1 
Update spring-boot.txt

Source: https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
 2019-03-16 20:31:21 +00:00
ArgentEnergy
7fa417a3d5 Added more AEM paths. 2019-03-15 21:43:31 -03:00
ArgentEnergy
ae88fbed37 Added Swagger paths. 2019-03-15 21:18:17 -03:00
Tonimir Kisasondi
eaccabd89a
Update spring-boot.txt 2019-03-15 22:37:48 +01:00
Tonimir Kisasondi
61b92c599d
Update spring-boot.txt 
Added some other paths according to:
https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
 2019-03-15 22:26:08 +01:00
Andrei Conache
807b08a7eb
add /admin-console directory 2019-02-08 17:16:37 +01:00
g0tmi1k
8f3802fd51
Merge pull request #262 from g0tmi1k/websphere 
Fix #255 - Add more wps
 2019-01-07 15:55:58 +00:00
g0tmi1k
758842d94f Fix #255 - Add more wps 2019-01-07 15:55:10 +00:00
g0tmi1k
5e1dc9cc79 Fix #259 - Recover from bad merge 2019-01-07 15:40:56 +00:00
Daniel Miessler
778b16115f Added https://github.com/g0tmi1k to the project leaders list. 2018-12-31 11:53:56 -08:00
toxydose
5e043e22ba merged FatwireCMS.fuzz.txt fatwire.txt 2018-12-11 04:32:05 +02:00
toxydose
24c955345f contains the same, and less than FatwireCMS.fuzz.txt 2018-12-11 04:12:44 +02:00
toxydose
4bda908742 merged two domino endpoints files 2018-12-11 04:01:38 +02:00
toxydose
82671ffafc add login.html endpoint 2018-12-11 02:27:08 +02:00
toxydose
dd08d4aacb merged two IIS wordlists, deleted file. 2018-12-08 17:22:44 +02:00
toxydose
c638cb3055 File containing the same strings that are included to jboss.txt 2018-12-08 17:05:37 +02:00
toxydose
6aedd5e95d deleted duplicate file vignette.txt that duplicates Vignette.fuzz.txt but do not contains slashes 2018-12-08 17:01:56 +02:00
toxydose
1182e89d55 delete file containing duplicate entries from netware.txt 2018-12-08 16:58:00 +02:00
toxydose
ea352ed2ce - sorted alphabetically 
- removed duplicates
- merged unique with "ColdFusion.fuzz2.txt"
- deleted "ColdFusion.fuzz2.txt"
 2018-12-07 16:22:34 +02:00
toxydose
412153b437 add Atlassian Confluence login endpoints 
Reference: https://confluence.atlassian.com/doc/customizing-the-login-page-163938553.html
 2018-12-06 00:56:47 +02:00
toxydose
277b243d61 add slashes. Some servers are redirecting from folders without slashes to folders with slashes in the end of URI, and 302 is returned instead of 200 2018-12-02 02:39:55 +02:00
toxydose
aac5204f75 add clientaccesspolicy.xml and crossdomain.xml files which are usually contains unsafe wildcarded configurations. 2018-12-02 02:23:41 +02:00
tomcodes
613af9601e Add HashiCorp Vault GUI default URL to quickhits.txt 2018-11-21 16:11:47 +01:00
tomcodes
ff8406d36b Add sonar-project.properties file to quickhits.txt 2018-11-21 15:54:22 +01:00
tomcodes
214a277412 Add AWS CodeDeploy appspec.yml file to quickhits.txt 2018-11-21 15:21:42 +01:00
Alexander Bridges
a53dae2a76
Add /wp-json/wp/v2/users 
Add /wp-json/wp/v2/users WP REST API endpoint which exposes sensitive information - list of all WP users, which could be used for brute-force attacks.
 2018-10-31 23:27:00 +02:00