admin/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-05-31 18:51:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
SecLists/Discovery/Web-Content/README.md
g0tmi1k 5f50c63cb9
Merge pull request #1100 from StepSisStuck/better-readmes 
feat(docs): Improve readme files for better clarity and usage examples
2024-11-20 10:20:43 +00:00

71 lines
2.1 KiB
Markdown
Raw Blame History

# Web discovery wordlists
## combined_words.txt
### Overview
This list is a combination of the following wordlists:
- big.txt
- common.txt
- raft-large-words-lowercase.txt
- raft-large-words.txt
- raft-medium-words-lowercase.txt
- raft-medium-words.txt
- raft-small-words-lowercase.txt
- raft-small-words.txt
### Usage
Use for: discovering files
### Source
This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.
## combined_directories.txt
### Overview
This list is a combination of the following wordlists:
- apache.txt
- combined_words.txt
- directory-list-1.0.txt
- directory-list-2.3-big.txt
- directory-list-2.3-medium.txt
- directory-list-2.3-small.txt
- raft-large-directories-lowercase.txt
- raft-large-directories.txt
- raft-medium-directories-lowercase.txt
- raft-medium-directories.txt
- raft-small-directories-lowercase.txt
- raft-small-directories.txt
- common_directories.txt
### Usage
Use for: discovering files and directories
### Source
This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.
## dsstorewordlist.txt
### Overview
Perfect wordlist to discover directories and files on target site with tools like ffuf.
### Usage
Use for: discovering directories and files
### Source
Source: https://github.com/aels/subdirectories-discover
### References
- It was collected by parsing Alexa top-million sites for **.DS_Store** files (https://en.wikipedia.org/wiki/.DS_Store), extracting all the found files, and then extracting found file and directory names from around 300k real websites.
- Then sorted by probability and removed strings with one occurrence.
- resulted file you can download is below. Happy Hunting!
## vulnerability-scan_j2ee-websites_WEB-INF.txt
### Overview
Use for: discovering sensitive j2ee files exploiting a lfi
### References
- https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
- https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
Reference in New Issue View Git Blame Copy Permalink