admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-07 21:46:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
968 Commits 2 Branches 29 Tags
Commit Graph

968 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
g0tmi1k
a3924f7a71
Merge pull request #498 from shelld3v/patch-4 
Add some endpoints
 2020-09-16 07:24:41 +01:00
g0tmi1k
0c40a01395
Merge pull request #500 from 0x00gum/patch-2 
Some New DB Extensions
 2020-09-16 07:24:13 +01:00
g0tmi1k
0b7d119f74
Merge pull request #501 from righettod/master 
Add payloads to identify the template engine used

- https://portswigger.net/research/server-side-template-injection
- https://github.com/epinna/tplmap
 2020-09-16 07:23:39 +01:00
g0tmi1k
411cae8e5b
Merge pull request #502 from danrneal/patch-1 
Add string js or injection
 2020-09-16 07:22:43 +01:00
Daniel Neal
68fe48d9dd
Add string js or injection 2020-09-14 21:55:24 -07:00
Dominique RIGHETTO
1361ac96c1
Fix typos 2020-09-14 14:30:00 +02:00
Dominique RIGHETTO
1c2fb11278
Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
0x00gum
ed0b32f5ce
Some New DB Extensions 2020-09-13 20:04:25 +03:00
Dominique RIGHETTO
234dfabf72
Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO
ba87953a08
Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
shelld3v
0f328c377d
Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
g0tmi1k
e3d31edd19
Merge pull request #466 from bugbounty69/master 
Added all HTML Attributes list

Source: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
2020.3 		2020-07-22 16:25:47 +01:00
g0tmi1k
dea731202f
Merge pull request #471 from maxkleinke/master 
renamed files in Passwords/Default-Credentials for better parsing
 2020-07-22 16:25:27 +01:00
g0tmi1k
a93ecd7f91
Merge pull request #472 from righettod/master 
Add characters that can break a MongoDB query when JS expression is used

Source: https://github.com/Charlie-belmer/vulnerable-node-app/blob/master/app/routes/user.route.js#L8
 2020-07-22 16:25:07 +01:00
g0tmi1k
31ee70aeef
Merge pull request #473 from mrajput7/master 
Update golang.txt

Source: https://www.dropbox.com/s/ir2b56j3zt7vz0a/golang_handlefunc_combined?dl=0
 2020-07-22 16:24:33 +01:00
g0tmi1k
a3b77e1170
Merge pull request #475 from joegoerlich/patch-1 
Update sap.txt
 2020-07-22 16:24:13 +01:00
g0tmi1k
3a9cac0384
Merge pull request #474 from chudyPB/master 
Update sap.txt
 2020-07-22 16:24:02 +01:00
g0tmi1k
5fc3e6a208
Merge pull request #476 from toxydose/patch-1 
Add some common ports
 2020-07-22 16:23:04 +01:00
g0tmi1k
a6e3f77e4d
Merge pull request #477 from g0tmi1k/misc 
Few fixes
 2020-07-22 16:22:48 +01:00
g0t mi1k
df66ea4c82 Fix issues with wordlists 2020-07-22 16:19:47 +01:00
g0t mi1k
3567cf6fc0 Writable locations Windows 
Source: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md

accesschk -w -s -q -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Interactive "C:\Program Files" >> programfiles.txt

accesschk -w -s -q -u Users "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Everyone "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Interactive "C:\Program Files (x86)" >> programfilesx86.txt

accesschk -w -s -q -u Users "C:\Windows" >> windows.txt
accesschk -w -s -q -u Everyone "C:\Windows" >> windows.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Windows" >> windows.txt
accesschk -w -s -q -u Interactive "C:\Windows" >> windows.txt
 2020-07-22 16:05:54 +01:00
Alexander Bridges
a628a652be
Add some common ports 
https://www.sonicwall.com/support/knowledge-base/running-sslvpn-on-a-different-tcp-port/170503249443105/
https://www.router-switch.com/faq/difference-between-https-port-443-and-8443.html
https://www.speedguide.net/port.php?port=8008
 2020-07-22 03:23:00 +03:00
joegoerlich
d16951bd86
Update sap.txt 
Added URLs related to [CVE-2020-6287].
 2020-07-21 10:11:10 +02:00
chudyPB
da33a2b4a4
Update sap.txt 2020-07-21 09:34:10 +02:00
Mohit Narayan Rajput
99d3e2ab22
Update golang.txt 2020-07-19 01:34:21 -04:00
Dominique RIGHETTO
00f10f8513
Add character that can break a MongoDB query when JS expression is used 2020-07-18 18:00:24 +02:00
Maximilian Kleinke
e3ae394144 renamed files in Passwords/Default-Credentials for better parsing 2020-07-18 13:59:44 +02:00
g0tmi1k
b883fc123a
Merge pull request #467 from GovindPalakkal/patch-2 
Update swagger.txt
 2020-07-17 22:05:28 +01:00
g0tmi1k
62786ce702
Update CONTRIBUTORS.md 2020-07-17 22:01:21 +01:00
g0tmi1k
ad309eabee
Merge pull request #468 from govolution/patch-6 
Update telnet-betterdefaultpasslist.txt

Source: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 2020-07-17 21:56:37 +01:00
govolution
ff84e4dafa
Update telnet-betterdefaultpasslist.txt 
source for new passwords: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 2020-07-11 17:51:50 +02:00
D3lT4
c5ce1780eb
Update swagger.txt 2020-07-08 23:37:59 +05:30
bugbounty69
0f3c1db17c
Added all HTML Attributes list 2020-07-08 00:25:11 +00:00
g0tmi1k
dd5960e18e
Merge pull request #459 from clem9669/patch-3 
Minor change
 2020-06-18 15:34:59 +01:00
g0tmi1k
456a3b0fe8
Merge pull request #460 from clem9669/patch-4 
PR about the issue: #438
 2020-06-18 15:20:05 +01:00
clem9669
7da5c78bf7
PR about the issue: #438 
Typo
https://github.com/danielmiessler/SecLists/issues/438
 2020-06-18 14:18:55 +00:00
clem9669
c4002baa24
Minor change 
Added 1 line for good practice
 2020-06-18 14:15:16 +00:00
g0tmi1k
227e072758
Merge pull request #458 from PinkDraconian/patch-2 
Added scientific notation entries
 2020-06-16 13:18:56 +01:00
PinkDraconian
cf1ca8ec62
Added scientific notation entries 2020-06-16 12:36:29 +02:00
g0tmi1k
4626422418
Merge pull request #457 from PinkDraconian/patch-1 
Added true and false to the fuzzing list
 2020-06-16 11:24:19 +01:00
PinkDraconian
8679c2d6fe
Added true and false to the fuzzing list 
Changing json field to true or false could have interesting results on an endpoint when fuzzing.
 2020-06-16 12:21:04 +02:00
g0tmi1k
958dd563e0
Merge pull request #455 from Techbrunch/patch-1 
Update swagger.txt
 2020-06-12 11:21:37 +01:00
Techbrunch
baf37cc800
Update swagger.txt 
Update swagger.txt
 2020-06-12 11:23:06 +02:00
g0tmi1k
d76b8f6691
Merge pull request #452 from noraj/patch-1 
Create LFI-gracefulsecurity-windows.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/
 2020-06-12 09:57:44 +01:00
g0tmi1k
b2865e0492
Merge pull request #453 from noraj/patch-2 
Create LFI-gracefulsecurity-linux.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-linux/
 2020-06-12 09:57:09 +01:00
g0tmi1k
5ecb8e85b2
Merge pull request #454 from sheimo/patch-1 
Create sqli.auth.bypass.txt

Source: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
Source: http://www.lifeoverpentest.com/2018/03/sql-injection-login-bypass-cheat-sheet.html
 2020-06-12 09:56:17 +01:00
sheimo
6757058b8c
Create sqli.auth.bypass.txt 
This is a thorough SQL injection authentication bypass list. Each source below was combined to a text file and sorted.

Source: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
Source: http://www.lifeoverpentest.com/2018/03/sql-injection-login-bypass-cheat-sheet.html
 2020-06-11 23:24:34 -05:00
Alexandre ZANNI
7dd955a544
Create LFI-gracefulsecurity-linux.txt 2020-06-11 16:49:45 +02:00
Alexandre ZANNI
6945f3e779
Create LFI-gracefulsecurity-windows.txt 2020-06-11 16:48:39 +02:00
g0tmi1k
1a9c3d47ed
Merge pull request #446 from its0x08/patch-1 
TYPO fixed: some lines start with space.
 2020-06-09 17:09:55 +01:00