admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-07 21:46:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
985 Commits 2 Branches 29 Tags
Commit Graph

985 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
g0tmi1k
ca6bf04c05
Merge pull request #465 from dee-see/patch-1 
Add new Swagger UI path
 2020-09-16 07:30:38 +01:00
g0tmi1k
e4e65c3510
Merge pull request #478 from LethargicLeprechaun/master 
10-million-password-list-top-1000000.txt Corrections
 2020-09-16 07:30:17 +01:00
g0tmi1k
f1f3750803
Merge pull request #480 from haxxinen/patch-1 
Create quick-SQLi.txt
 2020-09-16 07:29:18 +01:00
g0tmi1k
3e29513e3b
Merge pull request #484 from realArcherL/patch-1 
Updated with more keywords and version numbers

- Source: https://youtu.be/NPDp7GHmMa0
 2020-09-16 07:28:58 +01:00
g0tmi1k
924c558fd8
Merge pull request #485 from drwetter/patch-4 
Create german_misc.txt
 2020-09-16 07:28:31 +01:00
g0tmi1k
fbe21a0c99
Merge pull request #492 from drwetter/fix_germanpw.txt 
Fix and extend German word list

Source: https://gist.github.com/MarvinJWendt/2f4f4154b8ae218600eb091a5706b5f4
 2020-09-16 07:27:37 +01:00
g0tmi1k
c5ba0f44e4
Merge pull request #493 from daehee/master 
XSS payloads from OFJAAAH

Source: https://ghostbin.co/paste/qo23j
 2020-09-16 07:27:07 +01:00
g0tmi1k
a274ffba57
Merge pull request #495 from shelld3v/patch-1 
Add more API endpoints
 2020-09-16 07:25:58 +01:00
g0tmi1k
a3924f7a71
Merge pull request #498 from shelld3v/patch-4 
Add some endpoints
 2020-09-16 07:24:41 +01:00
g0tmi1k
0c40a01395
Merge pull request #500 from 0x00gum/patch-2 
Some New DB Extensions
 2020-09-16 07:24:13 +01:00
g0tmi1k
0b7d119f74
Merge pull request #501 from righettod/master 
Add payloads to identify the template engine used

- https://portswigger.net/research/server-side-template-injection
- https://github.com/epinna/tplmap
 2020-09-16 07:23:39 +01:00
g0tmi1k
411cae8e5b
Merge pull request #502 from danrneal/patch-1 
Add string js or injection
 2020-09-16 07:22:43 +01:00
Daniel Neal
68fe48d9dd
Add string js or injection 2020-09-14 21:55:24 -07:00
Dominique RIGHETTO
1361ac96c1
Fix typos 2020-09-14 14:30:00 +02:00
Dominique RIGHETTO
1c2fb11278
Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
0x00gum
ed0b32f5ce
Some New DB Extensions 2020-09-13 20:04:25 +03:00
Dominique RIGHETTO
234dfabf72
Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO
ba87953a08
Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
shelld3v
0f328c377d
Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
shelld3v
aff66805e0
Add more API endpoints 2020-09-07 16:49:32 +07:00
Daehee Park
850d3b10f1 XSS payloads from OFJAAAH 2020-08-30 14:40:59 -07:00
Dirk Wetter
4c954f2226 Fix and extend German word list 
This is a complete replacement of lang-german.txt. As mentioned before
the list was in wrong format (7 Bit) and couldn't reflect the German
Umlaute (see e.g. #485, #440, #439) at all.

The best I found so far and could serve as a starting point was
a gist from @MarvinJWendt, see

https://gist.github.com/MarvinJWendt/2f4f4154b8ae218600eb091a5706b5f4

Instead of ~8MB it's even bigger (~29MB).

Cheers, Dirk
 2020-08-25 11:14:17 +02:00
Dirk Wetter
0ccff1e425
Create german_misc.txt 
Hi there,

this is a list of modern German words. Source is myself :-) and merged are some new words from the semi-official language bible (Duden, new edition 2020). Idea was from a pentest where too simple words from the current world just were allowed.

Actually I wanted to add this to ``Miscellaneous/lang-german.txt`` but this file is somewhat broken, and I didn't want to add it to a broken file (I read this before here but as a reminder Umlaute are missing (file is 7 bit US ASCII) and some words just don't make sense like Aangriff, AanschlusS, Bil (is Danish/Norwegian), Bikuspidat, Cgeknatter, Cfamilien,CharaktergroBe,... Probably like 30% of the content is useless. IMHO this file needs to be replaced.

Some of the words in this PR like **Schmähgedicht** appear also in ``Passwords/dutch_common_wordlist.txt`` which kind of surprised me. But I thought it would be important to add those words to a separate file bc users might not look there.

Cheers, Dirk
 2020-08-21 12:01:37 +02:00
realArcherL
5501592986
Updated with more keywords and version numbers 
Based on the Bugcrowd level-up talk (https://youtu.be/NPDp7GHmMa0)
 2020-08-18 17:47:27 +05:30
haxxinen
783b5edf73
Create quick-SQLi.txt 2020-08-06 10:35:03 +02:00
LethargicLeprechaun
74c24b574f move words to correct places 2020-07-25 06:06:44 -07:00
Dominic
cc16fe8813
Merge branch 'master' into patch-1 2020-07-22 13:44:30 -04:00
g0tmi1k
e3d31edd19
Merge pull request #466 from bugbounty69/master 
Added all HTML Attributes list

Source: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
2020.3 		2020-07-22 16:25:47 +01:00
g0tmi1k
dea731202f
Merge pull request #471 from maxkleinke/master 
renamed files in Passwords/Default-Credentials for better parsing
 2020-07-22 16:25:27 +01:00
g0tmi1k
a93ecd7f91
Merge pull request #472 from righettod/master 
Add characters that can break a MongoDB query when JS expression is used

Source: https://github.com/Charlie-belmer/vulnerable-node-app/blob/master/app/routes/user.route.js#L8
 2020-07-22 16:25:07 +01:00
g0tmi1k
31ee70aeef
Merge pull request #473 from mrajput7/master 
Update golang.txt

Source: https://www.dropbox.com/s/ir2b56j3zt7vz0a/golang_handlefunc_combined?dl=0
 2020-07-22 16:24:33 +01:00
g0tmi1k
a3b77e1170
Merge pull request #475 from joegoerlich/patch-1 
Update sap.txt
 2020-07-22 16:24:13 +01:00
g0tmi1k
3a9cac0384
Merge pull request #474 from chudyPB/master 
Update sap.txt
 2020-07-22 16:24:02 +01:00
g0tmi1k
5fc3e6a208
Merge pull request #476 from toxydose/patch-1 
Add some common ports
 2020-07-22 16:23:04 +01:00
g0tmi1k
a6e3f77e4d
Merge pull request #477 from g0tmi1k/misc 
Few fixes
 2020-07-22 16:22:48 +01:00
g0t mi1k
df66ea4c82 Fix issues with wordlists 2020-07-22 16:19:47 +01:00
g0t mi1k
3567cf6fc0 Writable locations Windows 
Source: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md

accesschk -w -s -q -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Interactive "C:\Program Files" >> programfiles.txt

accesschk -w -s -q -u Users "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Everyone "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Interactive "C:\Program Files (x86)" >> programfilesx86.txt

accesschk -w -s -q -u Users "C:\Windows" >> windows.txt
accesschk -w -s -q -u Everyone "C:\Windows" >> windows.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Windows" >> windows.txt
accesschk -w -s -q -u Interactive "C:\Windows" >> windows.txt
 2020-07-22 16:05:54 +01:00
Alexander Bridges
a628a652be
Add some common ports 
https://www.sonicwall.com/support/knowledge-base/running-sslvpn-on-a-different-tcp-port/170503249443105/
https://www.router-switch.com/faq/difference-between-https-port-443-and-8443.html
https://www.speedguide.net/port.php?port=8008
 2020-07-22 03:23:00 +03:00
joegoerlich
d16951bd86
Update sap.txt 
Added URLs related to [CVE-2020-6287].
 2020-07-21 10:11:10 +02:00
chudyPB
da33a2b4a4
Update sap.txt 2020-07-21 09:34:10 +02:00
Mohit Narayan Rajput
99d3e2ab22
Update golang.txt 2020-07-19 01:34:21 -04:00
Dominique RIGHETTO
00f10f8513
Add character that can break a MongoDB query when JS expression is used 2020-07-18 18:00:24 +02:00
Maximilian Kleinke
e3ae394144 renamed files in Passwords/Default-Credentials for better parsing 2020-07-18 13:59:44 +02:00
g0tmi1k
b883fc123a
Merge pull request #467 from GovindPalakkal/patch-2 
Update swagger.txt
 2020-07-17 22:05:28 +01:00
g0tmi1k
62786ce702
Update CONTRIBUTORS.md 2020-07-17 22:01:21 +01:00
g0tmi1k
ad309eabee
Merge pull request #468 from govolution/patch-6 
Update telnet-betterdefaultpasslist.txt

Source: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 2020-07-17 21:56:37 +01:00
govolution
ff84e4dafa
Update telnet-betterdefaultpasslist.txt 
source for new passwords: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 2020-07-11 17:51:50 +02:00
D3lT4
c5ce1780eb
Update swagger.txt 2020-07-08 23:37:59 +05:30
bugbounty69
0f3c1db17c
Added all HTML Attributes list 2020-07-08 00:25:11 +00:00
Dominic
3ae69babfa
Add new Swagger UI path 
Just stumbled upon that URL, search `inurl:swagger/ui/index` for examples.
 2020-06-30 08:53:21 -04:00