idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,049 Commits 1 Branch 0 Tags
1e286083e4248aabd80bada1ff40e54ce99487b1
Commit Graph

292 Commits

Author SHA1 Message Date
g0tmi1k
ad24e5dcd1 Merge pull request #549 from righettod/Feature_548 
Add ".well-known/jwks.json" path to common.txt file.

Source:

- https://auth0.com/docs/tokens/json-web-tokens/json-web-key-sets
- https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html#amazon-cognito-user-pools-using-tokens-step-2
- https://blogs.akamai.com/2019/10/verify-jwt-with-json-web-key-set-jwks-in-api-gateway.html
 2021-02-11 20:50:33 +00:00
g0tmi1k
cd52c8428a Merge pull request #547 from fiLLLip/patch-1 
Add humans.txt

Source: http://humanstxt.org/
 2021-02-11 20:49:46 +00:00
g0tmi1k
751900cbde Merge pull request #544 from mxrch/master 
Adding .git to big.txt
 2021-02-11 20:49:15 +00:00
g0tmi1k
5ec9d37a15 Merge pull request #540 from kazkansouh/mime-types-iana 
refreshed mime/content-types

Source: https://www.iana.org/assignments/media-types/media-types.xml

```
curl https://www.iana.org/assignments/media-types/media-types.xml -s | xpath -q -e '//file/text()' | tr '[[:upper:]]' '[[:lower:]]'
```
 2021-02-11 20:47:27 +00:00
g0tmi1k
9fbf6cb419 Merge pull request #524 from t0-git/patch-1 
Adding new .git entries and .svnignore.
 2021-02-11 20:28:23 +00:00
Dominique RIGHETTO
38581fac54 Add ".well-known/jwks.json" path 
Add path to the JSON Web Key Sets file.
This file is documented [here](https://auth0.com/docs/tokens/json-web-tokens/json-web-key-sets)
 2020-12-27 16:35:37 +01:00
Filip Andre Larsen Tomren
8327e45d92 Add humans.txt to common list 
'humans.txt' is common as specified http://humanstxt.org. At least as
common as 'humans', without having to specify extension in tools like 'dirb'.
 2020-12-08 14:53:06 +01:00
mxrch
fb4aaabc63 Update big.txt 2020-11-21 00:16:16 +01:00
Karim Kanso
a6f2ed757f refreshed content-types from www.iana.org/assignments/media-types/media-types.xml 2020-11-17 11:48:56 +00:00
g0tmi1k
9f4d672e98 Merge pull request #517 from righettod/master 
Add path to a common ManageEngine endpoint

Source: https://righettod.eu/#4-vulns
 2020-11-11 12:00:53 +00:00
g0tmi1k
ac861e371d Merge pull request #509 from ArgentEnergy/spring-boot-redis 
Spring Boot Redis paths.
 2020-11-06 11:51:25 +00:00
g0tmi1k
12513fd8ad Merge pull request #518 from clem9669/patch-5 
Adding nextcloud & owncloud to common.txt

Source: https://help.dreamhost.com/hc/en-us/articles/235545207-Step-by-step-guide-to-deploy-Nextcloud-on-DreamCompute
 2020-11-03 22:00:16 +00:00
g0tmi1k
6d164b9672 Merge pull request #527 from soufianetahiri/master 
Added actuator default paths and created new XSS fuzzing list

Source: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/production-ready-endpoints.html
 2020-11-03 11:39:11 +00:00
g0tmi1k
449d7a84cd Merge pull request #528 from drwetter/patch-4 
Add CMS login

https://processwire.com/docs/security/admin/
 2020-11-02 21:12:18 +00:00
g0tmi1k
cea2a72bae Merge pull request #506 from LabanSkollerDefensify/patch-1 
Add NDES and SCEP URLs

/certsrv/mscep/mscep.dll: https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure
/certsrv/mscep_admin: https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx
 2020-11-02 21:11:53 +00:00
g0tmi1k
fe2aa9e7b0 Merge pull request #521 from realArcherL/master 
Slight correction with version numbers from earlier PR also added new endpoints
 2020-11-02 20:57:49 +00:00
Dirk Wetter
f7577f68cb Add CMS login 
Processwire is a CMS which I recently encountered during a pentest. /processwire is the login (compare /typo3 or /wp-login.php)
 2020-10-23 13:14:04 +02:00
Soufiane Tahiri
a8e73cb425 Added actuator default paths 
Added actuator paths
 2020-10-23 10:51:19 +02:00
t0-git
8d60339a5f Adding new git entries and .svnignore. 2020-10-07 21:02:51 +02:00
realArcherL
2d9b4effe7 Corrected the v3 repetition and added new ones. 
api and /graph
 2020-10-03 16:13:08 +05:30
clem9669
6150a902f3 Adding nextcloud & owncloud to common.txt 
Nextcloud & ownCloud are two famous software for creating and using file hosting service.
PS: this adding might also be done on bigger discovery list because none of big list contains them
 2020-10-02 08:30:11 +00:00
Dominique RIGHETTO
fee58c17da Add path to a common ManageEngine endpoint 
Add path to a endpoint often exposed to anonymous user by ManageEngine products.
See https://www.manageengine.com/
 2020-10-02 08:32:34 +02:00
ArgentEnergy
505a333e9f Spring Boot Redis paths. Discloses details of Redis version, amount of keys in each database, memory size, etc.... 2020-09-25 20:01:00 -03:00
Laban Sköllermark
940dc91637 Add NDES and SCEP URLs 
Microsoft Network Device Enrollment Service (NDES) is used to enroll
devices such as Cisco routers and iPhones with a device certificate
issued by Active Directory Certificate Services (ADCS) Certification
Authority (CA) via the Simple Certificate Enrollment Protocol (SCEP).

Add the following URLs:

* /certsrv/mscep_admin - admin page of Network Device Enrollment Service
  (NDES)
* /certsrv/mscep/mscep.dll - Simple Certificate Enrollment Protocol
  (SCEP) server endpoint
 2020-09-23 14:49:24 +02:00
device33
c126de81ab Update apache.txt 
add mod_cluster-manager
 2020-09-23 10:55:23 +02:00
g0tmi1k
ca6bf04c05 Merge pull request #465 from dee-see/patch-1 
Add new Swagger UI path
 2020-09-16 07:30:38 +01:00
g0tmi1k
3e29513e3b Merge pull request #484 from realArcherL/patch-1 
Updated with more keywords and version numbers

- Source: https://youtu.be/NPDp7GHmMa0
 2020-09-16 07:28:58 +01:00
g0tmi1k
a274ffba57 Merge pull request #495 from shelld3v/patch-1 
Add more API endpoints
 2020-09-16 07:25:58 +01:00
g0tmi1k
a3924f7a71 Merge pull request #498 from shelld3v/patch-4 
Add some endpoints
 2020-09-16 07:24:41 +01:00
0x00gum
ed0b32f5ce Some New DB Extensions 2020-09-13 20:04:25 +03:00
shelld3v
0f328c377d Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
shelld3v
aff66805e0 Add more API endpoints 2020-09-07 16:49:32 +07:00
realArcherL
5501592986 Updated with more keywords and version numbers 
Based on the Bugcrowd level-up talk (https://youtu.be/NPDp7GHmMa0)
 2020-08-18 17:47:27 +05:30
Dominic
cc16fe8813 Merge branch 'master' into patch-1 2020-07-22 13:44:30 -04:00
g0tmi1k
31ee70aeef Merge pull request #473 from mrajput7/master 
Update golang.txt

Source: https://www.dropbox.com/s/ir2b56j3zt7vz0a/golang_handlefunc_combined?dl=0
 2020-07-22 16:24:33 +01:00
g0tmi1k
a3b77e1170 Merge pull request #475 from joegoerlich/patch-1 
Update sap.txt
 2020-07-22 16:24:13 +01:00
g0tmi1k
3a9cac0384 Merge pull request #474 from chudyPB/master 
Update sap.txt
 2020-07-22 16:24:02 +01:00
g0tmi1k
5fc3e6a208 Merge pull request #476 from toxydose/patch-1 
Add some common ports
 2020-07-22 16:23:04 +01:00
g0t mi1k
3567cf6fc0 Writable locations Windows 
Source: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md

accesschk -w -s -q -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Interactive "C:\Program Files" >> programfiles.txt

accesschk -w -s -q -u Users "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Everyone "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Interactive "C:\Program Files (x86)" >> programfilesx86.txt

accesschk -w -s -q -u Users "C:\Windows" >> windows.txt
accesschk -w -s -q -u Everyone "C:\Windows" >> windows.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Windows" >> windows.txt
accesschk -w -s -q -u Interactive "C:\Windows" >> windows.txt
 2020-07-22 16:05:54 +01:00
Alexander Bridges
a628a652be Add some common ports 
https://www.sonicwall.com/support/knowledge-base/running-sslvpn-on-a-different-tcp-port/170503249443105/
https://www.router-switch.com/faq/difference-between-https-port-443-and-8443.html
https://www.speedguide.net/port.php?port=8008
 2020-07-22 03:23:00 +03:00
joegoerlich
d16951bd86 Update sap.txt 
Added URLs related to [CVE-2020-6287].
 2020-07-21 10:11:10 +02:00
chudyPB
da33a2b4a4 Update sap.txt 2020-07-21 09:34:10 +02:00
Mohit Narayan Rajput
99d3e2ab22 Update golang.txt 2020-07-19 01:34:21 -04:00
D3lT4
c5ce1780eb Update swagger.txt 2020-07-08 23:37:59 +05:30
Dominic
3ae69babfa Add new Swagger UI path 
Just stumbled upon that URL, search `inurl:swagger/ui/index` for examples.
 2020-06-30 08:53:21 -04:00
clem9669
c4002baa24 Minor change 
Added 1 line for good practice
 2020-06-18 14:15:16 +00:00
Techbrunch
baf37cc800 Update swagger.txt 
Update swagger.txt
 2020-06-12 11:23:06 +02:00
0x08
7db405b01c TYPO fixed: some lines start with space. 2020-06-06 01:13:59 +03:00
g0tmi1k
6beba93eac Merge pull request #427 from Failsafe-0verflowme/patch-1 
Update common.txt
 2020-06-05 16:30:13 +01:00
g0tmi1k
9aa4f93db1 Merge pull request #433 from MomIsBestFriend/Fix-425 
Fixed typo in Discovery/Variables/secret-keywords.txt
 2020-06-05 16:29:54 +01:00