SecLists/Discovery/Web-Content/README.md

Web discovery wordlists

AdobeCQ-AEM.txt

Use for: Discovering sensitive filepaths of Adobe Experience Manager Creation date: Oct 1, 2017 No updates have been made to this wordlist since its creation.

AdobeXML.fuzz.txt

Use for: Discovering sensitive filepaths of Adobe ColdFusion Creation date: Aug 27, 2012 No updates have been made to this wordlist since its creation.

Apache.fuzz.txt

Use for: Discvering sensitive content in Apache web servers. Date of last update: Jan 26, 2015

ApacheTomcat.fuzz.txt

Use for: Discovering sensitive content in Apache Tomcat servers. Date of last update: Dec 14, 2017

raft-* wordlists

Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: Google's RAFT

combined_words.txt

Overview

This list is a combination of the following wordlists:

• big.txt
• common.txt
• raft-large-words-lowercase.txt
• raft-large-words.txt
• raft-medium-words-lowercase.txt
• raft-medium-words.txt
• raft-small-words-lowercase.txt
• raft-small-words.txt

Usage

Use for: discovering files

Source

This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.

combined_directories.txt

Overview

This list is a combination of the following wordlists:

• apache.txt
• combined_words.txt
• directory-list-1.0.txt
• directory-list-2.3-big.txt
• directory-list-2.3-medium.txt
• directory-list-2.3-small.txt
• raft-large-directories-lowercase.txt
• raft-large-directories.txt
• raft-medium-directories-lowercase.txt
• raft-medium-directories.txt
• raft-small-directories-lowercase.txt
• raft-small-directories.txt
• common_directories.txt <<<<<<< HEAD

Usage

Use for: discovering files and directories

Source

This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.

dsstorewordlist.txt

Overview

Perfect wordlist to discover directories and files on target site with tools like ffuf.

Usage

Use for: discovering directories and files

Source

Source: https://github.com/aels/subdirectories-discover

References

• It was collected by parsing Alexa top-million sites for .DS_Store files (https://en.wikipedia.org/wiki/.DS_Store), extracting all the found files, and then extracting found file and directory names from around 300k real websites.
• Then sorted by probability and removed strings with one occurrence.
• resulted file you can download is below. Happy Hunting!

vulnerability-scan_j2ee-websites_WEB-INF.txt

Overview

Use for: discovering sensitive j2ee files exploiting a lfi

References

• https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
• https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml
• https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java