idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,228 Commits 1 Branch 0 Tags
55f526662be0c7d459333b4e9c23ea4631fd8f2e
Commit Graph

1228 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dominique RIGHETTO 1c2fb11278 Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
0x00gum ed0b32f5ce Some New DB Extensions 2020-09-13 20:04:25 +03:00
Dominique RIGHETTO 234dfabf72 Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO ba87953a08 Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
shelld3v 0f328c377d Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
shelld3v aff66805e0 Add more API endpoints 2020-09-07 16:49:32 +07:00
Daehee Park 850d3b10f1 XSS payloads from OFJAAAH 2020-08-30 14:40:59 -07:00
Dirk Wetter 4c954f2226 Fix and extend German word list 
This is a complete replacement of lang-german.txt. As mentioned before
the list was in wrong format (7 Bit) and couldn't reflect the German
Umlaute (see e.g. #485, #440, #439) at all.

The best I found so far and could serve as a starting point was
a gist from @MarvinJWendt, see

https://gist.github.com/MarvinJWendt/2f4f4154b8ae218600eb091a5706b5f4

Instead of ~8MB it's even bigger (~29MB).

Cheers, Dirk
 2020-08-25 11:14:17 +02:00
Dirk Wetter 0ccff1e425 Create german_misc.txt 
Hi there,

this is a list of modern German words. Source is myself :-) and merged are some new words from the semi-official language bible (Duden, new edition 2020). Idea was from a pentest where too simple words from the current world just were allowed.

Actually I wanted to add this to ``Miscellaneous/lang-german.txt`` but this file is somewhat broken, and I didn't want to add it to a broken file (I read this before here but as a reminder Umlaute are missing (file is 7 bit US ASCII) and some words just don't make sense like Aangriff, AanschlusS, Bil (is Danish/Norwegian), Bikuspidat, Cgeknatter, Cfamilien,CharaktergroBe,... Probably like 30% of the content is useless. IMHO this file needs to be replaced.

Some of the words in this PR like **Schmähgedicht** appear also in ``Passwords/dutch_common_wordlist.txt`` which kind of surprised me. But I thought it would be important to add those words to a separate file bc users might not look there.

Cheers, Dirk
 2020-08-21 12:01:37 +02:00
realArcherL 5501592986 Updated with more keywords and version numbers 
Based on the Bugcrowd level-up talk (https://youtu.be/NPDp7GHmMa0)
 2020-08-18 17:47:27 +05:30
cbk914 e06aacd937 Revert "Merge pull request #4 from danielmiessler/master" 
This reverts commit c266835781, reversing
changes made to fd4968f43b.
 2020-08-11 14:25:56 +02:00
cbk914 af33ee93bc Add 500 worst passwords 2020-08-11 14:19:17 +02:00
haxxinen 783b5edf73 Create quick-SQLi.txt 2020-08-06 10:35:03 +02:00
LethargicLeprechaun 74c24b574f move words to correct places 2020-07-25 06:06:44 -07:00
cbk914 c266835781 Merge pull request #4 from danielmiessler/master 
Pull
 2020-07-24 18:43:39 +02:00
Dominic cc16fe8813 Merge branch 'master' into patch-1 2020-07-22 13:44:30 -04:00
g0tmi1k e3d31edd19 Merge pull request #466 from bugbounty69/master 
Added all HTML Attributes list

Source: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
 2020-07-22 16:25:47 +01:00
g0tmi1k dea731202f Merge pull request #471 from maxkleinke/master 
renamed files in Passwords/Default-Credentials for better parsing
 2020-07-22 16:25:27 +01:00
g0tmi1k a93ecd7f91 Merge pull request #472 from righettod/master 
Add characters that can break a MongoDB query when JS expression is used

Source: https://github.com/Charlie-belmer/vulnerable-node-app/blob/master/app/routes/user.route.js#L8
 2020-07-22 16:25:07 +01:00
g0tmi1k 31ee70aeef Merge pull request #473 from mrajput7/master 
Update golang.txt

Source: https://www.dropbox.com/s/ir2b56j3zt7vz0a/golang_handlefunc_combined?dl=0
 2020-07-22 16:24:33 +01:00
g0tmi1k a3b77e1170 Merge pull request #475 from joegoerlich/patch-1 
Update sap.txt
 2020-07-22 16:24:13 +01:00
g0tmi1k 3a9cac0384 Merge pull request #474 from chudyPB/master 
Update sap.txt
 2020-07-22 16:24:02 +01:00
g0tmi1k 5fc3e6a208 Merge pull request #476 from toxydose/patch-1 
Add some common ports
 2020-07-22 16:23:04 +01:00
g0tmi1k a6e3f77e4d Merge pull request #477 from g0tmi1k/misc 
Few fixes
 2020-07-22 16:22:48 +01:00
g0t mi1k df66ea4c82 Fix issues with wordlists 2020-07-22 16:19:47 +01:00
g0t mi1k 3567cf6fc0 Writable locations Windows 
Source: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md

accesschk -w -s -q -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Interactive "C:\Program Files" >> programfiles.txt

accesschk -w -s -q -u Users "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Everyone "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Interactive "C:\Program Files (x86)" >> programfilesx86.txt

accesschk -w -s -q -u Users "C:\Windows" >> windows.txt
accesschk -w -s -q -u Everyone "C:\Windows" >> windows.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Windows" >> windows.txt
accesschk -w -s -q -u Interactive "C:\Windows" >> windows.txt
 2020-07-22 16:05:54 +01:00
Alexander Bridges a628a652be Add some common ports 
https://www.sonicwall.com/support/knowledge-base/running-sslvpn-on-a-different-tcp-port/170503249443105/
https://www.router-switch.com/faq/difference-between-https-port-443-and-8443.html
https://www.speedguide.net/port.php?port=8008
 2020-07-22 03:23:00 +03:00
joegoerlich d16951bd86 Update sap.txt 
Added URLs related to [CVE-2020-6287].
 2020-07-21 10:11:10 +02:00
chudyPB da33a2b4a4 Update sap.txt 2020-07-21 09:34:10 +02:00
Mohit Narayan Rajput 99d3e2ab22 Update golang.txt 2020-07-19 01:34:21 -04:00
cbk914 fd4968f43b Merge pull request #3 from danielmiessler/master 
Update
 2020-07-19 05:22:50 +02:00
Dominique RIGHETTO 00f10f8513 Add character that can break a MongoDB query when JS expression is used 2020-07-18 18:00:24 +02:00
Maximilian Kleinke e3ae394144 renamed files in Passwords/Default-Credentials for better parsing 2020-07-18 13:59:44 +02:00
g0tmi1k b883fc123a Merge pull request #467 from GovindPalakkal/patch-2 
Update swagger.txt
 2020-07-17 22:05:28 +01:00
g0tmi1k 62786ce702 Update CONTRIBUTORS.md 2020-07-17 22:01:21 +01:00
g0tmi1k ad309eabee Merge pull request #468 from govolution/patch-6 
Update telnet-betterdefaultpasslist.txt

Source: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 2020-07-17 21:56:37 +01:00
cbk914 8dc1c82fb9 Merge pull request #2 from danielmiessler/master 
Update
 2020-07-12 22:30:37 +02:00
govolution ff84e4dafa Update telnet-betterdefaultpasslist.txt 
source for new passwords: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 2020-07-11 17:51:50 +02:00
D3lT4 c5ce1780eb Update swagger.txt 2020-07-08 23:37:59 +05:30
bugbounty69 0f3c1db17c Added all HTML Attributes list 2020-07-08 00:25:11 +00:00
WhiteDot c8cfb4666b Update raft-large-files.txt 
added some file names
 2020-07-06 22:54:56 +05:30
Dominic 3ae69babfa Add new Swagger UI path 
Just stumbled upon that URL, search `inurl:swagger/ui/index` for examples.
 2020-06-30 08:53:21 -04:00
g0tmi1k dd5960e18e Merge pull request #459 from clem9669/patch-3 
Minor change
 2020-06-18 15:34:59 +01:00
g0tmi1k 456a3b0fe8 Merge pull request #460 from clem9669/patch-4 
PR about the issue: #438
 2020-06-18 15:20:05 +01:00
clem9669 7da5c78bf7 PR about the issue: #438 
Typo
https://github.com/danielmiessler/SecLists/issues/438
 2020-06-18 14:18:55 +00:00
clem9669 c4002baa24 Minor change 
Added 1 line for good practice
 2020-06-18 14:15:16 +00:00
g0tmi1k 227e072758 Merge pull request #458 from PinkDraconian/patch-2 
Added scientific notation entries
 2020-06-16 13:18:56 +01:00
PinkDraconian cf1ca8ec62 Added scientific notation entries 2020-06-16 12:36:29 +02:00
g0tmi1k 4626422418 Merge pull request #457 from PinkDraconian/patch-1 
Added true and false to the fuzzing list
 2020-06-16 11:24:19 +01:00
PinkDraconian 8679c2d6fe Added true and false to the fuzzing list 
Changing json field to true or false could have interesting results on an endpoint when fuzzing.
 2020-06-16 12:21:04 +02:00