admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-08-13 11:27:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
SecLists/Discovery/Web-Content/README.md
Ignacio J. Perez Portal 1307cdeef8 fix(docs): Corrected product name
2025-01-25 07:22:00 -03:00

6.1 KiB
Raw Blame History

Web discovery wordlists

AdobeCQ-AEM.txt

Use for: Discovering sensitive filepaths of Adobe Experience Manager Creation date: Oct 1, 2017 No updates have been made to this wordlist since its creation.

AdobeXML.fuzz.txt

Use for: Discovering sensitive filepaths of Adobe ColdFusion Creation date: Aug 27, 2012 No updates have been made to this wordlist since its creation.

Apache.fuzz.txt

Use for: Discvering sensitive content in Apache web servers. Date of last update: Jan 26, 2015

ApacheTomcat.fuzz.txt

Use for: Discovering sensitive content in Apache Tomcat servers. Date of last update: Dec 14, 2017

CGI-HTTP-POST-Windows.fuzz.txt

Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, Microsoft FrontPage Source: https://github.com/deepak0401/Front-Page-Exploit Date of last update: Aug 27, 2012 The last version of FrontPage was released on 2003.

CGI-HTTP-POST.fuzz.txt

Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI". Date of last update: Aug 27, 2012

This wordlist tests for the following vulnerabilities:

  • Default password in the Nortel Meridian private branch exchange telephone switching system. Source: Nikto.
  • XSS in the "Bajie HTTP JServer" (software site completely defunct, no archives exist). Source: Nikto
  • CGI Vulnerability in an unknown system (payload lastlines.cgi?process) which would allow attackers to "read arbitrary files and/or execute commands". Source: Nikto
  • Remote File Include in myPHPNuke. Source: Nessus
  • DoS in the "D-Link Ethernet/Fast Ethernet Print Server DP-300+". Source: Sullo's Security Advisory Archive.

CGI-Microsoft.fuzz.txt

Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems. Date of last update: Aug 27, 2012

raft-* wordlists

Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: Google's RAFT

combined_words.txt

Use for: discovering files
This list is automatically updated by a github action whenever any of the lists it's composed by is modified.

This list is a combination of the following wordlists:

  • big.txt
  • common.txt
  • raft-large-words-lowercase.txt
  • raft-large-words.txt
  • raft-medium-words-lowercase.txt
  • raft-medium-words.txt
  • raft-small-words-lowercase.txt
  • raft-small-words.txt

combined_directories.txt

Use for: discovering files and directories
This list is automatically updated by a github action whenever any of the lists it's composed by is modified.

This list is a combination of the following wordlists:

  • apache.txt
  • combined_words.txt
  • directory-list-1.0.txt
  • directory-list-2.3-big.txt
  • directory-list-2.3-medium.txt
  • directory-list-2.3-small.txt
  • raft-large-directories-lowercase.txt
  • raft-large-directories.txt
  • raft-medium-directories-lowercase.txt
  • raft-medium-directories.txt
  • raft-small-directories-lowercase.txt
  • raft-small-directories.txt
  • common_directories.txt

Usage

Use for: discovering files and directories

Source

This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.

dsstorewordlist.txt

SOURCE: https://github.com/aels/subdirectories-discover

Perfect wordlist to discover directories and files on target site with tools like ffuf.

  • It was collected by parsing Alexa top-million sites for .DS_Store files (https://en.wikipedia.org/wiki/.DS_Store), extracting all the found files, and then extracting found file and directory names from around 300k real websites.
  • Then sorted by probability and removed strings with one occurrence.
  • resulted file you can download is below. Happy Hunting!

vulnerability-scan_j2ee-websites_WEB-INF.txt

Use for: discovering sensitive j2ee files exploiting a lfi

References:

Frontpage.fuzz.txt

Use for: Fuzzing for common filepaths in webpages designed with Microsoft Frontpage

Year of the first release of Microsoft Frontpage: 1997 Year of the last release of Microsoft Frontpage: 2003

Date of last update: Oct 14, 2010

Web-Server-Java-Servlet-Runner-Adobe-JRun

Use for: Fuzzing for common filepaths in webpages served with Java Servlet Runner (Adobe JRun)

Year of the first release of Java Servlet Runner (Adobe JRun): 1997 Year of the last release of Java Servlet Runner (Adobe JRun): 2007

Date of last update: Oct 14, 2010

Web-Server-Oracle-Sun-iPlanet.txt

Use for: Fuzzing for common filepaths in webpages served with Oracle Sun iPlanet

Year of the first release of Sun-iPlanet (Adobe JRun): 1994 Year of the last release of Sun-iPlanet (Adobe JRun): 2017

Date of last update: Oct 14, 2010

Web-Server-Glassfish-Sun-Microsystems.txt

Use for: Fuzzing for common filepaths in webpages served with Glassfish - Sun Microsystems

Year of the first release of Glassfish: 2005 Glassfish is still in recieving updates as of 2024.

Date of last update: Oct 14, 2010