idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,297 Commits 1 Branch 0 Tags
master
Commit Graph

161 Commits

Author SHA1 Message Date
g0tmi1k
c54e07f5d8 Merge pull request #671 from righettod/feature_issue_654 
PR for issue 654 (environment identifiers dict)
 2022-02-02 23:39:00 +00:00
Dominique RIGHETTO
9e778c6046 Add results from FR + BE sub domains 2021-11-26 11:48:46 +01:00
Dominique RIGHETTO
f86abe0dde Add new entries after extraction from LU domains from MAjestic file 
See PR comment
 2021-11-24 14:00:08 +01:00
elitejake
3c543908bf Add PURGE method 2021-11-24 11:19:38 +00:00
Dominique RIGHETTO
55dcca61cf Sorting ASC 2021-11-24 11:57:48 +01:00
Dominique RIGHETTO
57fa66e37e Enrich with results from auchan.lu 2021-11-24 11:46:57 +01:00
Dominique RIGHETTO
d68129fe2d Add missing entries from sgbt.lu 2021-11-24 11:44:29 +01:00
Dominique RIGHETTO
9b653b08af Enrich with sgbt.lu results 
Cmd: `curl -sk "https://crt.sh/?q=sgbt.lu&output=json" | jq -r ".[].name_value" | cut -d'.' -f1 | sort -u`
 2021-11-24 11:42:45 +01:00
Dominique RIGHETTO
6d37719fd4 Enrich with total.com sub domains results 
Command: `curl -sk "https://crt.sh/?q=total.com&output=json" | jq -r ".[].name_value" | cut -d'.' -f1 | sort -u`
 2021-11-24 11:41:17 +01:00
Dominique RIGHETTO
0c61f25372 Add UAG 2021-11-24 11:33:31 +01:00
Dominique RIGHETTO
9d3ac03fd0 Initial adding 2021-11-24 11:25:10 +01:00
g0t mi1k
6b00e5cf53 Fix formatting 2021-11-24 10:13:43 +00:00
g0tmi1k
4030e1b6ce Merge pull request #660 from noraj/patch-1 
Update fuzz-Bo0oM.txt

Source: https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt
 2021-11-24 09:53:58 +00:00
Dominique RIGHETTO
6e3e64f1f5 Add IBM MQSeries common channel names 2021-11-17 09:33:49 +01:00
Alexandre ZANNI
484ab9e986 Update fuzz-Bo0oM.txt 2021-10-07 11:03:42 +02:00
g0t mi1k
efeb38808c Replace ' ' with ' ' (Empty Characters) 2021-08-28 21:05:13 +01:00
g0tmi1k
177f25ba69 Merge pull request #625 from cbk914/master 
Some additions

Source: http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
 2021-08-27 21:14:37 +01:00
Gabriel
fb613f25bf Add "-" and remove duplicate "_" entry 
Fixes #612
 2021-07-13 14:42:14 +01:00
cbk914
9a871facf1 Merge branch 'danielmiessler:master' into master 2021-06-26 23:06:55 +02:00
Annihilat0r
495c8a6c3f Add NoSQL payload 2021-05-29 13:21:29 +03:00
cbk914
cb4febae37 Merge branch 'danielmiessler:master' into master 2021-05-11 16:10:42 +02:00
Alex G
66e5827639 Add master.mdf MSSQL path to Windows LFI 2021-02-19 22:42:27 +01:00
g0tmi1k
6372096eab Merge pull request #561 from kazkansouh/ldap-fuzzing 
Standard LDAP attribute and classes lists

Source: ldapsearch -s base -b cn=Subschema  "(objectclass=*)" attributetypes -LLL | sed -e ':x N ; s/\n // ; tx ; P ; s/^.*\n//; tx' | grep -e '^a' | cut -d "'" -f 2 | sort -u
 2021-02-11 21:25:40 +00:00
g0tmi1k
af40e7f267 Merge pull request #519 from arjunshibu/master 
Added http-request-methods.txt
 2021-02-11 20:27:53 +00:00
Karim Kanso
840067b851 add standard ldap attribute and classes lists 2021-01-20 15:38:59 +00:00
cbk914
003bfef95f Merge pull request #6 from danielmiessler/master 
Update
 2020-11-12 02:44:53 +01:00
cbk914
d2a20595fc Update 2020-11-05 16:41:54 +01:00
g0t mi1k
d4ebb09709 dos2unix 2020-11-04 11:45:59 +00:00
Chris H
08925a1fae Update email-top-100-domains.txt 
added missing mail domain
 2020-11-03 13:06:10 +01:00
g0tmi1k
6d164b9672 Merge pull request #527 from soufianetahiri/master 
Added actuator default paths and created new XSS fuzzing list

Source: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/production-ready-endpoints.html
 2020-11-03 11:39:11 +00:00
Soufiane Tahiri
a100ade82e Create XSS-Fuzzing 
High rate hit XSS payloads
 2020-10-23 10:56:16 +02:00
cbk914
ae8aabcfed Merge branch 'master' of https://github.com/cbk914/SecLists 2020-09-30 16:37:47 +02:00
Arjun Shibu
9d298b2121 Create http-request-methods.txt 
Useful for fuzzing endpoints
 2020-09-25 20:06:30 +05:30
Luke Paris
52f1658a0c Removed destructive SQL statements 
Those two lines are downright irresponsible, someone is going to use this list to fuzz a web application and accidentally nuke a production database.
 2020-09-17 15:02:40 +02:00
g0tmi1k
f1f3750803 Merge pull request #480 from haxxinen/patch-1 
Create quick-SQLi.txt
 2020-09-16 07:29:18 +01:00
g0tmi1k
c5ba0f44e4 Merge pull request #493 from daehee/master 
XSS payloads from OFJAAAH

Source: https://ghostbin.co/paste/qo23j
 2020-09-16 07:27:07 +01:00
g0tmi1k
0b7d119f74 Merge pull request #501 from righettod/master 
Add payloads to identify the template engine used

- https://portswigger.net/research/server-side-template-injection
- https://github.com/epinna/tplmap
 2020-09-16 07:23:39 +01:00
Daniel Neal
68fe48d9dd Add string js or injection 2020-09-14 21:55:24 -07:00
Dominique RIGHETTO
1361ac96c1 Fix typos 2020-09-14 14:30:00 +02:00
Dominique RIGHETTO
1c2fb11278 Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
Dominique RIGHETTO
234dfabf72 Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO
ba87953a08 Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
Daehee Park
850d3b10f1 XSS payloads from OFJAAAH 2020-08-30 14:40:59 -07:00
cbk914
e06aacd937 Revert "Merge pull request #4 from danielmiessler/master" 
This reverts commit c266835781, reversing
changes made to fd4968f43b.
 2020-08-11 14:25:56 +02:00
haxxinen
783b5edf73 Create quick-SQLi.txt 2020-08-06 10:35:03 +02:00
Dominique RIGHETTO
00f10f8513 Add character that can break a MongoDB query when JS expression is used 2020-07-18 18:00:24 +02:00
PinkDraconian
cf1ca8ec62 Added scientific notation entries 2020-06-16 12:36:29 +02:00
PinkDraconian
8679c2d6fe Added true and false to the fuzzing list 
Changing json field to true or false could have interesting results on an endpoint when fuzzing.
 2020-06-16 12:21:04 +02:00
g0tmi1k
d76b8f6691 Merge pull request #452 from noraj/patch-1 
Create LFI-gracefulsecurity-windows.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/
 2020-06-12 09:57:44 +01:00
g0tmi1k
b2865e0492 Merge pull request #453 from noraj/patch-2 
Create LFI-gracefulsecurity-linux.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-linux/
 2020-06-12 09:57:09 +01:00