admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-12 02:05:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,220 Commits 2 Branches 29 Tags
Commit Graph

1220 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
g0tmi1k
a6c94e1798
Merge pull request #526 from m4p0/master 
Added default usernames for SAP
 2020-11-02 21:00:11 +00:00
g0tmi1k
d2fdef60e8
Merge pull request #525 from n3k00n3/master 
Adding passwords found on public leak from Nord.
 2020-11-02 20:59:44 +00:00
g0tmi1k
953255cc39
Merge pull request #523 from MusicGivesMeLife/master 
BiblePass Project
 2020-11-02 20:58:57 +00:00
g0tmi1k
fe2aa9e7b0
Merge pull request #521 from realArcherL/master 
Slight correction with version numbers from earlier PR also added new endpoints
 2020-11-02 20:57:49 +00:00
g0tmi1k
2ce45ec6b8
Merge pull request #512 from aayushsonu/master 
Update names.txt
 2020-11-02 19:07:19 +00:00
g0tmi1k
c2e6ced5fa
Merge pull request #505 from device33/patch-1 
Update apache.txt

source: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/development_guide/sect-apache_mod_cluster-manager_application
 2020-11-02 19:06:07 +00:00
Dirk Wetter
f7577f68cb
Add CMS login 
Processwire is a CMS which I recently encountered during a pentest. /processwire is the login (compare /typo3 or /wp-login.php)
 2020-10-23 13:14:04 +02:00
Soufiane Tahiri
a100ade82e
Create XSS-Fuzzing 
High rate hit XSS payloads
 2020-10-23 10:56:16 +02:00
Soufiane Tahiri
a8e73cb425
Added actuator default paths 
Added actuator paths
 2020-10-23 10:51:19 +02:00
mapo
c9f5aedbc2 Added default usernames for SAP 2020-10-20 18:34:32 +02:00
Fernando Pinheiro
16593c1287 remove equal pass 2020-10-14 15:19:57 -03:00
Fernando Pinheiro
f139e0774f Adding passwords from PUBLIC leak 2020-10-14 15:15:22 -03:00
t0-git
8d60339a5f
Adding new git entries and .svnignore. 2020-10-07 21:02:51 +02:00
MusicGivesMeLife
2047e272cf
BiblePass Project 2020-10-06 00:58:51 -04:00
realArcherL
2d9b4effe7
Corrected the v3 repetition and added new ones. 
api and /graph
 2020-10-03 16:13:08 +05:30
realArcherL
56843de14a
Merge pull request #1 from danielmiessler/master 
Updating fork
 2020-10-03 16:08:52 +05:30
clem9669
6150a902f3
Adding nextcloud & owncloud to common.txt 
Nextcloud & ownCloud are two famous software for creating and using file hosting service.
PS: this adding might also be done on bigger discovery list because none of big list contains them
 2020-10-02 08:30:11 +00:00
Dominique RIGHETTO
fee58c17da
Add path to a common ManageEngine endpoint 
Add path to a endpoint often exposed to anonymous user by ManageEngine products.
See https://www.manageengine.com/
 2020-10-02 08:32:34 +02:00
vulf
84e78e898a Added a list of popular web shells 2020-10-01 19:34:44 +05:30
aayushsonu
cb1658be59
Update names.txt 2020-10-01 16:49:24 +05:30
cbk914
ae8aabcfed Merge branch 'master' of https://github.com/cbk914/SecLists 2020-09-30 16:37:47 +02:00
ArgentEnergy
505a333e9f Spring Boot Redis paths. Discloses details of Redis version, amount of keys in each database, memory size, etc.... 2020-09-25 20:01:00 -03:00
Arjun Shibu
9d298b2121
Create http-request-methods.txt 
Useful for fuzzing endpoints
 2020-09-25 20:06:30 +05:30
Laban Sköllermark
940dc91637
Add NDES and SCEP URLs 
Microsoft Network Device Enrollment Service (NDES) is used to enroll
devices such as Cisco routers and iPhones with a device certificate
issued by Active Directory Certificate Services (ADCS) Certification
Authority (CA) via the Simple Certificate Enrollment Protocol (SCEP).

Add the following URLs:

* /certsrv/mscep_admin - admin page of Network Device Enrollment Service
  (NDES)
* /certsrv/mscep/mscep.dll - Simple Certificate Enrollment Protocol
  (SCEP) server endpoint
 2020-09-23 14:49:24 +02:00
device33
c126de81ab
Update apache.txt 
add mod_cluster-manager
 2020-09-23 10:55:23 +02:00
cbk914
b66822b6e7
Merge pull request #5 from danielmiessler/master 
Update
 2020-09-20 15:36:24 +02:00
g0tmi1k
d5271820d0
Merge pull request #503 from Paradoxis/master 
Removed destructive SQL statements
 2020-09-17 14:16:24 +01:00
Luke Paris
52f1658a0c
Removed destructive SQL statements 
Those two lines are downright irresponsible, someone is going to use this list to fuzz a web application and accidentally nuke a production database.
 2020-09-17 15:02:40 +02:00
g0tmi1k
ca6bf04c05
Merge pull request #465 from dee-see/patch-1 
Add new Swagger UI path
 2020-09-16 07:30:38 +01:00
g0tmi1k
e4e65c3510
Merge pull request #478 from LethargicLeprechaun/master 
10-million-password-list-top-1000000.txt Corrections
 2020-09-16 07:30:17 +01:00
g0tmi1k
f1f3750803
Merge pull request #480 from haxxinen/patch-1 
Create quick-SQLi.txt
 2020-09-16 07:29:18 +01:00
g0tmi1k
3e29513e3b
Merge pull request #484 from realArcherL/patch-1 
Updated with more keywords and version numbers

- Source: https://youtu.be/NPDp7GHmMa0
 2020-09-16 07:28:58 +01:00
g0tmi1k
924c558fd8
Merge pull request #485 from drwetter/patch-4 
Create german_misc.txt
 2020-09-16 07:28:31 +01:00
g0tmi1k
fbe21a0c99
Merge pull request #492 from drwetter/fix_germanpw.txt 
Fix and extend German word list

Source: https://gist.github.com/MarvinJWendt/2f4f4154b8ae218600eb091a5706b5f4
 2020-09-16 07:27:37 +01:00
g0tmi1k
c5ba0f44e4
Merge pull request #493 from daehee/master 
XSS payloads from OFJAAAH

Source: https://ghostbin.co/paste/qo23j
 2020-09-16 07:27:07 +01:00
g0tmi1k
a274ffba57
Merge pull request #495 from shelld3v/patch-1 
Add more API endpoints
 2020-09-16 07:25:58 +01:00
g0tmi1k
a3924f7a71
Merge pull request #498 from shelld3v/patch-4 
Add some endpoints
 2020-09-16 07:24:41 +01:00
g0tmi1k
0c40a01395
Merge pull request #500 from 0x00gum/patch-2 
Some New DB Extensions
 2020-09-16 07:24:13 +01:00
g0tmi1k
0b7d119f74
Merge pull request #501 from righettod/master 
Add payloads to identify the template engine used

- https://portswigger.net/research/server-side-template-injection
- https://github.com/epinna/tplmap
 2020-09-16 07:23:39 +01:00
g0tmi1k
411cae8e5b
Merge pull request #502 from danrneal/patch-1 
Add string js or injection
 2020-09-16 07:22:43 +01:00
Daniel Neal
68fe48d9dd
Add string js or injection 2020-09-14 21:55:24 -07:00
Dominique RIGHETTO
1361ac96c1
Fix typos 2020-09-14 14:30:00 +02:00
Dominique RIGHETTO
1c2fb11278
Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
0x00gum
ed0b32f5ce
Some New DB Extensions 2020-09-13 20:04:25 +03:00
Dominique RIGHETTO
234dfabf72
Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO
ba87953a08
Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
shelld3v
0f328c377d
Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
shelld3v
aff66805e0
Add more API endpoints 2020-09-07 16:49:32 +07:00
Daehee Park
850d3b10f1 XSS payloads from OFJAAAH 2020-08-30 14:40:59 -07:00
Dirk Wetter
4c954f2226 Fix and extend German word list 
This is a complete replacement of lang-german.txt. As mentioned before
the list was in wrong format (7 Bit) and couldn't reflect the German
Umlaute (see e.g. #485, #440, #439) at all.

The best I found so far and could serve as a starting point was
a gist from @MarvinJWendt, see

https://gist.github.com/MarvinJWendt/2f4f4154b8ae218600eb091a5706b5f4

Instead of ~8MB it's even bigger (~29MB).

Cheers, Dirk
 2020-08-25 11:14:17 +02:00