admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-08 22:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,347 Commits 2 Branches 29 Tags
Commit Graph

168 Commits

Author SHA1 Message Date
g0tmi1k
635fadadf8
Merge pull request #708 from D3vil0per/patch-2 
Added methods from IANA source

Source: http://www.iana.org/assignments/http-methods/http-methods.xhtml#methods
 2022-04-26 17:26:16 +01:00
indigo-sadland
694b4873eb
Nginx merge slashes path traversal vulnerability payload 2022-04-18 00:26:27 -07:00
indigo-sadland
46671534b5
unicode encoded lfi payload 2022-04-16 19:26:33 +03:00
indigo-sadland
6117632c0d
unicode encoded lfi payload 2022-04-16 19:05:01 +03:00
indigo-sadland
c49917ce1a
unicode encoded lfi payload 2022-04-16 18:58:45 +03:00
indigo-sadland
ce75be351d
unicode encoded lfi payload 2022-04-16 18:50:38 +03:00
D3vil0per
7a42879a46
Added methods from IANA source 
Source: http://www.iana.org/assignments/http-methods/http-methods.xhtml#methods
 2022-04-02 14:25:20 +02:00
g0tmi1k
c54e07f5d8
Merge pull request #671 from righettod/feature_issue_654 
PR for issue 654 (environment identifiers dict)
 2022-02-02 23:39:00 +00:00
Dominique RIGHETTO
9e778c6046
Add results from FR + BE sub domains 2021-11-26 11:48:46 +01:00
Dominique RIGHETTO
f86abe0dde
Add new entries after extraction from LU domains from MAjestic file 
See PR comment
 2021-11-24 14:00:08 +01:00
elitejake
3c543908bf
Add PURGE method 2021-11-24 11:19:38 +00:00
Dominique RIGHETTO
55dcca61cf
Sorting ASC 2021-11-24 11:57:48 +01:00
Dominique RIGHETTO
57fa66e37e
Enrich with results from auchan.lu 2021-11-24 11:46:57 +01:00
Dominique RIGHETTO
d68129fe2d
Add missing entries from sgbt.lu 2021-11-24 11:44:29 +01:00
Dominique RIGHETTO
9b653b08af
Enrich with sgbt.lu results 
Cmd: `curl -sk "https://crt.sh/?q=sgbt.lu&output=json" | jq -r ".[].name_value" | cut -d'.' -f1 | sort -u`
 2021-11-24 11:42:45 +01:00
Dominique RIGHETTO
6d37719fd4
Enrich with total.com sub domains results 
Command: `curl -sk "https://crt.sh/?q=total.com&output=json" | jq -r ".[].name_value" | cut -d'.' -f1 | sort -u`
 2021-11-24 11:41:17 +01:00
Dominique RIGHETTO
0c61f25372
Add UAG 2021-11-24 11:33:31 +01:00
Dominique RIGHETTO
9d3ac03fd0
Initial adding 2021-11-24 11:25:10 +01:00
g0t mi1k
6b00e5cf53 Fix formatting 2021-11-24 10:13:43 +00:00
g0tmi1k
4030e1b6ce
Merge pull request #660 from noraj/patch-1 
Update fuzz-Bo0oM.txt

Source: https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt
 2021-11-24 09:53:58 +00:00
Dominique RIGHETTO
6e3e64f1f5
Add IBM MQSeries common channel names 2021-11-17 09:33:49 +01:00
Alexandre ZANNI
484ab9e986
Update fuzz-Bo0oM.txt 2021-10-07 11:03:42 +02:00
g0t mi1k
efeb38808c Replace ' ' with ' ' (Empty Characters) 2021-08-28 21:05:13 +01:00
g0tmi1k
177f25ba69
Merge pull request #625 from cbk914/master 
Some additions

Source: http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
 2021-08-27 21:14:37 +01:00
Gabriel
fb613f25bf
Add "-" and remove duplicate "_" entry 
Fixes #612
 2021-07-13 14:42:14 +01:00
cbk914
9a871facf1
Merge branch 'danielmiessler:master' into master 2021-06-26 23:06:55 +02:00
Annihilat0r
495c8a6c3f
Add NoSQL payload 2021-05-29 13:21:29 +03:00
cbk914
cb4febae37 Merge branch 'danielmiessler:master' into master 2021-05-11 16:10:42 +02:00
Alex G
66e5827639
Add master.mdf MSSQL path to Windows LFI 2021-02-19 22:42:27 +01:00
g0tmi1k
6372096eab
Merge pull request #561 from kazkansouh/ldap-fuzzing 
Standard LDAP attribute and classes lists

Source: ldapsearch -s base -b cn=Subschema  "(objectclass=*)" attributetypes -LLL | sed -e ':x N ; s/\n // ; tx ; P ; s/^.*\n//; tx' | grep -e '^a' | cut -d "'" -f 2 | sort -u
 2021-02-11 21:25:40 +00:00
g0tmi1k
af40e7f267
Merge pull request #519 from arjunshibu/master 
Added http-request-methods.txt
 2021-02-11 20:27:53 +00:00
Karim Kanso
840067b851 add standard ldap attribute and classes lists 2021-01-20 15:38:59 +00:00
cbk914
003bfef95f
Merge pull request #6 from danielmiessler/master 
Update
 2020-11-12 02:44:53 +01:00
cbk914
d2a20595fc Update 2020-11-05 16:41:54 +01:00
g0t mi1k
d4ebb09709 dos2unix 2020-11-04 11:45:59 +00:00
Chris H
08925a1fae
Update email-top-100-domains.txt 
added missing mail domain
 2020-11-03 13:06:10 +01:00
g0tmi1k
6d164b9672
Merge pull request #527 from soufianetahiri/master 
Added actuator default paths and created new XSS fuzzing list

Source: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/production-ready-endpoints.html
 2020-11-03 11:39:11 +00:00
Soufiane Tahiri
a100ade82e
Create XSS-Fuzzing 
High rate hit XSS payloads
 2020-10-23 10:56:16 +02:00
cbk914
ae8aabcfed Merge branch 'master' of https://github.com/cbk914/SecLists 2020-09-30 16:37:47 +02:00
Arjun Shibu
9d298b2121
Create http-request-methods.txt 
Useful for fuzzing endpoints
 2020-09-25 20:06:30 +05:30
Luke Paris
52f1658a0c
Removed destructive SQL statements 
Those two lines are downright irresponsible, someone is going to use this list to fuzz a web application and accidentally nuke a production database.
 2020-09-17 15:02:40 +02:00
g0tmi1k
f1f3750803
Merge pull request #480 from haxxinen/patch-1 
Create quick-SQLi.txt
 2020-09-16 07:29:18 +01:00
g0tmi1k
c5ba0f44e4
Merge pull request #493 from daehee/master 
XSS payloads from OFJAAAH

Source: https://ghostbin.co/paste/qo23j
 2020-09-16 07:27:07 +01:00
g0tmi1k
0b7d119f74
Merge pull request #501 from righettod/master 
Add payloads to identify the template engine used

- https://portswigger.net/research/server-side-template-injection
- https://github.com/epinna/tplmap
 2020-09-16 07:23:39 +01:00
Daniel Neal
68fe48d9dd
Add string js or injection 2020-09-14 21:55:24 -07:00
Dominique RIGHETTO
1361ac96c1
Fix typos 2020-09-14 14:30:00 +02:00
Dominique RIGHETTO
1c2fb11278
Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
Dominique RIGHETTO
234dfabf72
Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO
ba87953a08
Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
Daehee Park
850d3b10f1 XSS payloads from OFJAAAH 2020-08-30 14:40:59 -07:00