admin/SecLists

Fork 0

mirror of https://github.com/danielmiessler/SecLists.git synced 2025-06-21 18:31:18 +00:00

History

github-actions[bot] 483e6c7914 [Github Action] Automated trickest wordlists update.

2025-06-18 10:04:05 +00:00

trickest-cms-wordlist

[Github Action] Automated trickest wordlists update.

2025-06-18 10:04:05 +00:00

Adobe-AEM_2021.txt

…

AdobeCQ-AEM_2017.txt

…

caobox-cms.txt

…

cms-configuration-files.txt

…

ColdFusion.fuzz.txt

…

Django.txt

…

dotnetnuke.txt

…

drupal-themes.fuzz.txt

…

Drupal.txt

…

flyspray-1.0RC4.txt

…

joomla-plugins.fuzz.txt

…

joomla-themes.fuzz.txt

…

kentico-cms-modules-themes.txt

…

liferay_dxp_default_portlets.txt

…

modx-revolution-plugins

…

Oracle-EBS-wordlist.txt

…

php-nuke.fuzz.txt

…

piwik-3.0.4.txt

…

README.md

…

SAP.fuzz.txt

…

Sharepoint-Ennumeration.txt

…

Sharepoint.txt

…

shopware.txt

…

sitecore

…

Sitefinity-fuzz.txt

…

sitemap-magento.txt

…

SiteMinder.fuzz.txt

…

symfony-315-demo.txt

…

symphony-267-xslt-cms.txt

…

Umbraco.fuzz.txt

…

Umbraco.txt

…

wordpress.fuzz.txt

…

wp-plugins.fuzz.txt

…

wp-themes.fuzz.txt

…

README.md

CMS Wordlists

These wordlists are specific to Content Management Systems.

AdobeCQ-AEM_2017.txt

Use for: Discovering sensitive filepaths of Adobe Experience Manager Creation date: Oct 1, 2017 No updates have been made to this wordlist since its creation.

Oracle-EBS-wordlist.txt

Use for: Fuzzing for common filepaths of Oracle E-Business Suite (EBS) version 11.

EBS v11 exposes:

usernames
ports
OS information
protocol information
Unauthenticated file upload
Cookie contents
SHA-1 hashed passwords

As an Unauthenticated user it's also possible to:

Create forms
Get servlets status
Get certain configuration files

Reference: https://the-infosec.com/2017/03/29/do-you-know-what-your-erp-is-telling-us/

Date of last update: Oct 7, 2019