idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,297 Commits 1 Branch 0 Tags
master
Commit Graph

1297 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Laban Sköllermark
940dc91637 Add NDES and SCEP URLs 
Microsoft Network Device Enrollment Service (NDES) is used to enroll
devices such as Cisco routers and iPhones with a device certificate
issued by Active Directory Certificate Services (ADCS) Certification
Authority (CA) via the Simple Certificate Enrollment Protocol (SCEP).

Add the following URLs:

* /certsrv/mscep_admin - admin page of Network Device Enrollment Service
  (NDES)
* /certsrv/mscep/mscep.dll - Simple Certificate Enrollment Protocol
  (SCEP) server endpoint
 2020-09-23 14:49:24 +02:00
device33
c126de81ab Update apache.txt 
add mod_cluster-manager
 2020-09-23 10:55:23 +02:00
cbk914
b66822b6e7 Merge pull request #5 from danielmiessler/master 
Update
 2020-09-20 15:36:24 +02:00
g0tmi1k
d5271820d0 Merge pull request #503 from Paradoxis/master 
Removed destructive SQL statements
 2020-09-17 14:16:24 +01:00
Luke Paris
52f1658a0c Removed destructive SQL statements 
Those two lines are downright irresponsible, someone is going to use this list to fuzz a web application and accidentally nuke a production database.
 2020-09-17 15:02:40 +02:00
g0tmi1k
ca6bf04c05 Merge pull request #465 from dee-see/patch-1 
Add new Swagger UI path
 2020-09-16 07:30:38 +01:00
g0tmi1k
e4e65c3510 Merge pull request #478 from LethargicLeprechaun/master 
10-million-password-list-top-1000000.txt Corrections
 2020-09-16 07:30:17 +01:00
g0tmi1k
f1f3750803 Merge pull request #480 from haxxinen/patch-1 
Create quick-SQLi.txt
 2020-09-16 07:29:18 +01:00
g0tmi1k
3e29513e3b Merge pull request #484 from realArcherL/patch-1 
Updated with more keywords and version numbers

- Source: https://youtu.be/NPDp7GHmMa0
 2020-09-16 07:28:58 +01:00
g0tmi1k
924c558fd8 Merge pull request #485 from drwetter/patch-4 
Create german_misc.txt
 2020-09-16 07:28:31 +01:00
g0tmi1k
fbe21a0c99 Merge pull request #492 from drwetter/fix_germanpw.txt 
Fix and extend German word list

Source: https://gist.github.com/MarvinJWendt/2f4f4154b8ae218600eb091a5706b5f4
 2020-09-16 07:27:37 +01:00
g0tmi1k
c5ba0f44e4 Merge pull request #493 from daehee/master 
XSS payloads from OFJAAAH

Source: https://ghostbin.co/paste/qo23j
 2020-09-16 07:27:07 +01:00
g0tmi1k
a274ffba57 Merge pull request #495 from shelld3v/patch-1 
Add more API endpoints
 2020-09-16 07:25:58 +01:00
g0tmi1k
a3924f7a71 Merge pull request #498 from shelld3v/patch-4 
Add some endpoints
 2020-09-16 07:24:41 +01:00
g0tmi1k
0c40a01395 Merge pull request #500 from 0x00gum/patch-2 
Some New DB Extensions
 2020-09-16 07:24:13 +01:00
g0tmi1k
0b7d119f74 Merge pull request #501 from righettod/master 
Add payloads to identify the template engine used

- https://portswigger.net/research/server-side-template-injection
- https://github.com/epinna/tplmap
 2020-09-16 07:23:39 +01:00
g0tmi1k
411cae8e5b Merge pull request #502 from danrneal/patch-1 
Add string js or injection
 2020-09-16 07:22:43 +01:00
Daniel Neal
68fe48d9dd Add string js or injection 2020-09-14 21:55:24 -07:00
Dominique RIGHETTO
1361ac96c1 Fix typos 2020-09-14 14:30:00 +02:00
Dominique RIGHETTO
1c2fb11278 Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
0x00gum
ed0b32f5ce Some New DB Extensions 2020-09-13 20:04:25 +03:00
Dominique RIGHETTO
234dfabf72 Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO
ba87953a08 Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
shelld3v
0f328c377d Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
shelld3v
aff66805e0 Add more API endpoints 2020-09-07 16:49:32 +07:00
Daehee Park
850d3b10f1 XSS payloads from OFJAAAH 2020-08-30 14:40:59 -07:00
Dirk Wetter
4c954f2226 Fix and extend German word list 
This is a complete replacement of lang-german.txt. As mentioned before
the list was in wrong format (7 Bit) and couldn't reflect the German
Umlaute (see e.g. #485, #440, #439) at all.

The best I found so far and could serve as a starting point was
a gist from @MarvinJWendt, see

https://gist.github.com/MarvinJWendt/2f4f4154b8ae218600eb091a5706b5f4

Instead of ~8MB it's even bigger (~29MB).

Cheers, Dirk
 2020-08-25 11:14:17 +02:00
Dirk Wetter
0ccff1e425 Create german_misc.txt 
Hi there,

this is a list of modern German words. Source is myself :-) and merged are some new words from the semi-official language bible (Duden, new edition 2020). Idea was from a pentest where too simple words from the current world just were allowed.

Actually I wanted to add this to ``Miscellaneous/lang-german.txt`` but this file is somewhat broken, and I didn't want to add it to a broken file (I read this before here but as a reminder Umlaute are missing (file is 7 bit US ASCII) and some words just don't make sense like Aangriff, AanschlusS, Bil (is Danish/Norwegian), Bikuspidat, Cgeknatter, Cfamilien,CharaktergroBe,... Probably like 30% of the content is useless. IMHO this file needs to be replaced.

Some of the words in this PR like **Schmähgedicht** appear also in ``Passwords/dutch_common_wordlist.txt`` which kind of surprised me. But I thought it would be important to add those words to a separate file bc users might not look there.

Cheers, Dirk
 2020-08-21 12:01:37 +02:00
realArcherL
5501592986 Updated with more keywords and version numbers 
Based on the Bugcrowd level-up talk (https://youtu.be/NPDp7GHmMa0)
 2020-08-18 17:47:27 +05:30
cbk914
e06aacd937 Revert "Merge pull request #4 from danielmiessler/master" 
This reverts commit c266835781, reversing
changes made to fd4968f43b.
 2020-08-11 14:25:56 +02:00
cbk914
af33ee93bc Add 500 worst passwords 2020-08-11 14:19:17 +02:00
haxxinen
783b5edf73 Create quick-SQLi.txt 2020-08-06 10:35:03 +02:00
LethargicLeprechaun
74c24b574f move words to correct places 2020-07-25 06:06:44 -07:00
cbk914
c266835781 Merge pull request #4 from danielmiessler/master 
Pull
 2020-07-24 18:43:39 +02:00
Dominic
cc16fe8813 Merge branch 'master' into patch-1 2020-07-22 13:44:30 -04:00
g0tmi1k
e3d31edd19 Merge pull request #466 from bugbounty69/master 
Added all HTML Attributes list

Source: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
 2020-07-22 16:25:47 +01:00
g0tmi1k
dea731202f Merge pull request #471 from maxkleinke/master 
renamed files in Passwords/Default-Credentials for better parsing
 2020-07-22 16:25:27 +01:00
g0tmi1k
a93ecd7f91 Merge pull request #472 from righettod/master 
Add characters that can break a MongoDB query when JS expression is used

Source: https://github.com/Charlie-belmer/vulnerable-node-app/blob/master/app/routes/user.route.js#L8
 2020-07-22 16:25:07 +01:00
g0tmi1k
31ee70aeef Merge pull request #473 from mrajput7/master 
Update golang.txt

Source: https://www.dropbox.com/s/ir2b56j3zt7vz0a/golang_handlefunc_combined?dl=0
 2020-07-22 16:24:33 +01:00
g0tmi1k
a3b77e1170 Merge pull request #475 from joegoerlich/patch-1 
Update sap.txt
 2020-07-22 16:24:13 +01:00
g0tmi1k
3a9cac0384 Merge pull request #474 from chudyPB/master 
Update sap.txt
 2020-07-22 16:24:02 +01:00
g0tmi1k
5fc3e6a208 Merge pull request #476 from toxydose/patch-1 
Add some common ports
 2020-07-22 16:23:04 +01:00
g0tmi1k
a6e3f77e4d Merge pull request #477 from g0tmi1k/misc 
Few fixes
 2020-07-22 16:22:48 +01:00
g0t mi1k
df66ea4c82 Fix issues with wordlists 2020-07-22 16:19:47 +01:00
g0t mi1k
3567cf6fc0 Writable locations Windows 
Source: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md

accesschk -w -s -q -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Interactive "C:\Program Files" >> programfiles.txt

accesschk -w -s -q -u Users "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Everyone "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Interactive "C:\Program Files (x86)" >> programfilesx86.txt

accesschk -w -s -q -u Users "C:\Windows" >> windows.txt
accesschk -w -s -q -u Everyone "C:\Windows" >> windows.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Windows" >> windows.txt
accesschk -w -s -q -u Interactive "C:\Windows" >> windows.txt
 2020-07-22 16:05:54 +01:00
Alexander Bridges
a628a652be Add some common ports 
https://www.sonicwall.com/support/knowledge-base/running-sslvpn-on-a-different-tcp-port/170503249443105/
https://www.router-switch.com/faq/difference-between-https-port-443-and-8443.html
https://www.speedguide.net/port.php?port=8008
 2020-07-22 03:23:00 +03:00
joegoerlich
d16951bd86 Update sap.txt 
Added URLs related to [CVE-2020-6287].
 2020-07-21 10:11:10 +02:00
chudyPB
da33a2b4a4 Update sap.txt 2020-07-21 09:34:10 +02:00
Mohit Narayan Rajput
99d3e2ab22 Update golang.txt 2020-07-19 01:34:21 -04:00
cbk914
fd4968f43b Merge pull request #3 from danielmiessler/master 
Update
 2020-07-19 05:22:50 +02:00