idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,121 Commits 1 Branch 0 Tags
6c1044b617ffc3a2242eaf72858d104f4c580fbe
Commit Graph

1121 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dominique RIGHETTO
1c2fb11278 Add file with special vars used by template engines 
The objective is to identify the engine once an expression evaluation pattern was identified.
 2020-09-14 14:28:12 +02:00
0x00gum
ed0b32f5ce Some New DB Extensions 2020-09-13 20:04:25 +03:00
Dominique RIGHETTO
234dfabf72 Add an expression using expression inlining for Thymeleaf 
See https://www.thymeleaf.org/doc/tutorials/3.0/usingthymeleaf.html#expression-inlining
Added it because I have discovered that, when StringTemplateResolver is used, then expression like ${42*42} is not resolved
 2020-09-13 11:04:15 +02:00
Dominique RIGHETTO
ba87953a08 Add expression for Velocity engine 2020-09-13 09:33:41 +02:00
shelld3v
0f328c377d Update raft-large-directories.txt 2020-09-07 17:32:37 +07:00
shelld3v
aff66805e0 Add more API endpoints 2020-09-07 16:49:32 +07:00
Daehee Park
850d3b10f1 XSS payloads from OFJAAAH 2020-08-30 14:40:59 -07:00
Dirk Wetter
4c954f2226 Fix and extend German word list 
This is a complete replacement of lang-german.txt. As mentioned before
the list was in wrong format (7 Bit) and couldn't reflect the German
Umlaute (see e.g. #485, #440, #439) at all.

The best I found so far and could serve as a starting point was
a gist from @MarvinJWendt, see

https://gist.github.com/MarvinJWendt/2f4f4154b8ae218600eb091a5706b5f4

Instead of ~8MB it's even bigger (~29MB).

Cheers, Dirk
 2020-08-25 11:14:17 +02:00
Dirk Wetter
0ccff1e425 Create german_misc.txt 
Hi there,

this is a list of modern German words. Source is myself :-) and merged are some new words from the semi-official language bible (Duden, new edition 2020). Idea was from a pentest where too simple words from the current world just were allowed.

Actually I wanted to add this to ``Miscellaneous/lang-german.txt`` but this file is somewhat broken, and I didn't want to add it to a broken file (I read this before here but as a reminder Umlaute are missing (file is 7 bit US ASCII) and some words just don't make sense like Aangriff, AanschlusS, Bil (is Danish/Norwegian), Bikuspidat, Cgeknatter, Cfamilien,CharaktergroBe,... Probably like 30% of the content is useless. IMHO this file needs to be replaced.

Some of the words in this PR like **Schmähgedicht** appear also in ``Passwords/dutch_common_wordlist.txt`` which kind of surprised me. But I thought it would be important to add those words to a separate file bc users might not look there.

Cheers, Dirk
 2020-08-21 12:01:37 +02:00
realArcherL
5501592986 Updated with more keywords and version numbers 
Based on the Bugcrowd level-up talk (https://youtu.be/NPDp7GHmMa0)
 2020-08-18 17:47:27 +05:30
haxxinen
783b5edf73 Create quick-SQLi.txt 2020-08-06 10:35:03 +02:00
LethargicLeprechaun
74c24b574f move words to correct places 2020-07-25 06:06:44 -07:00
Dominic
cc16fe8813 Merge branch 'master' into patch-1 2020-07-22 13:44:30 -04:00
g0tmi1k
e3d31edd19 Merge pull request #466 from bugbounty69/master 
Added all HTML Attributes list

Source: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
 2020-07-22 16:25:47 +01:00
g0tmi1k
dea731202f Merge pull request #471 from maxkleinke/master 
renamed files in Passwords/Default-Credentials for better parsing
 2020-07-22 16:25:27 +01:00
g0tmi1k
a93ecd7f91 Merge pull request #472 from righettod/master 
Add characters that can break a MongoDB query when JS expression is used

Source: https://github.com/Charlie-belmer/vulnerable-node-app/blob/master/app/routes/user.route.js#L8
 2020-07-22 16:25:07 +01:00
g0tmi1k
31ee70aeef Merge pull request #473 from mrajput7/master 
Update golang.txt

Source: https://www.dropbox.com/s/ir2b56j3zt7vz0a/golang_handlefunc_combined?dl=0
 2020-07-22 16:24:33 +01:00
g0tmi1k
a3b77e1170 Merge pull request #475 from joegoerlich/patch-1 
Update sap.txt
 2020-07-22 16:24:13 +01:00
g0tmi1k
3a9cac0384 Merge pull request #474 from chudyPB/master 
Update sap.txt
 2020-07-22 16:24:02 +01:00
g0tmi1k
5fc3e6a208 Merge pull request #476 from toxydose/patch-1 
Add some common ports
 2020-07-22 16:23:04 +01:00
g0tmi1k
a6e3f77e4d Merge pull request #477 from g0tmi1k/misc 
Few fixes
 2020-07-22 16:22:48 +01:00
g0t mi1k
df66ea4c82 Fix issues with wordlists 2020-07-22 16:19:47 +01:00
g0t mi1k
3567cf6fc0 Writable locations Windows 
Source: https://github.com/api0cradle/UltimateAppLockerByPassList/blob/master/Generic-AppLockerbypasses.md

accesschk -w -s -q -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -q -u Interactive "C:\Program Files" >> programfiles.txt

accesschk -w -s -q -u Users "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Everyone "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Program Files (x86)" >> programfilesx86.txt
accesschk -w -s -q -u Interactive "C:\Program Files (x86)" >> programfilesx86.txt

accesschk -w -s -q -u Users "C:\Windows" >> windows.txt
accesschk -w -s -q -u Everyone "C:\Windows" >> windows.txt
accesschk -w -s -q -u "Authenticated Users" "C:\Windows" >> windows.txt
accesschk -w -s -q -u Interactive "C:\Windows" >> windows.txt
 2020-07-22 16:05:54 +01:00
Alexander Bridges
a628a652be Add some common ports 
https://www.sonicwall.com/support/knowledge-base/running-sslvpn-on-a-different-tcp-port/170503249443105/
https://www.router-switch.com/faq/difference-between-https-port-443-and-8443.html
https://www.speedguide.net/port.php?port=8008
 2020-07-22 03:23:00 +03:00
joegoerlich
d16951bd86 Update sap.txt 
Added URLs related to [CVE-2020-6287].
 2020-07-21 10:11:10 +02:00
chudyPB
da33a2b4a4 Update sap.txt 2020-07-21 09:34:10 +02:00
Mohit Narayan Rajput
99d3e2ab22 Update golang.txt 2020-07-19 01:34:21 -04:00
Dominique RIGHETTO
00f10f8513 Add character that can break a MongoDB query when JS expression is used 2020-07-18 18:00:24 +02:00
Maximilian Kleinke
e3ae394144 renamed files in Passwords/Default-Credentials for better parsing 2020-07-18 13:59:44 +02:00
g0tmi1k
b883fc123a Merge pull request #467 from GovindPalakkal/patch-2 
Update swagger.txt
 2020-07-17 22:05:28 +01:00
g0tmi1k
62786ce702 Update CONTRIBUTORS.md 2020-07-17 22:01:21 +01:00
g0tmi1k
ad309eabee Merge pull request #468 from govolution/patch-6 
Update telnet-betterdefaultpasslist.txt

Source: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 2020-07-17 21:56:37 +01:00
govolution
ff84e4dafa Update telnet-betterdefaultpasslist.txt 
source for new passwords: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 2020-07-11 17:51:50 +02:00
D3lT4
c5ce1780eb Update swagger.txt 2020-07-08 23:37:59 +05:30
bugbounty69
0f3c1db17c Added all HTML Attributes list 2020-07-08 00:25:11 +00:00
Dominic
3ae69babfa Add new Swagger UI path 
Just stumbled upon that URL, search `inurl:swagger/ui/index` for examples.
 2020-06-30 08:53:21 -04:00
g0tmi1k
dd5960e18e Merge pull request #459 from clem9669/patch-3 
Minor change
 2020-06-18 15:34:59 +01:00
g0tmi1k
456a3b0fe8 Merge pull request #460 from clem9669/patch-4 
PR about the issue: #438
 2020-06-18 15:20:05 +01:00
clem9669
7da5c78bf7 PR about the issue: #438 
Typo
https://github.com/danielmiessler/SecLists/issues/438
 2020-06-18 14:18:55 +00:00
clem9669
c4002baa24 Minor change 
Added 1 line for good practice
 2020-06-18 14:15:16 +00:00
g0tmi1k
227e072758 Merge pull request #458 from PinkDraconian/patch-2 
Added scientific notation entries
 2020-06-16 13:18:56 +01:00
PinkDraconian
cf1ca8ec62 Added scientific notation entries 2020-06-16 12:36:29 +02:00
g0tmi1k
4626422418 Merge pull request #457 from PinkDraconian/patch-1 
Added true and false to the fuzzing list
 2020-06-16 11:24:19 +01:00
PinkDraconian
8679c2d6fe Added true and false to the fuzzing list 
Changing json field to true or false could have interesting results on an endpoint when fuzzing.
 2020-06-16 12:21:04 +02:00
g0tmi1k
958dd563e0 Merge pull request #455 from Techbrunch/patch-1 
Update swagger.txt
 2020-06-12 11:21:37 +01:00
Techbrunch
baf37cc800 Update swagger.txt 
Update swagger.txt
 2020-06-12 11:23:06 +02:00
g0tmi1k
d76b8f6691 Merge pull request #452 from noraj/patch-1 
Create LFI-gracefulsecurity-windows.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/
 2020-06-12 09:57:44 +01:00
g0tmi1k
b2865e0492 Merge pull request #453 from noraj/patch-2 
Create LFI-gracefulsecurity-linux.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-linux/
 2020-06-12 09:57:09 +01:00
g0tmi1k
5ecb8e85b2 Merge pull request #454 from sheimo/patch-1 
Create sqli.auth.bypass.txt

Source: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
Source: http://www.lifeoverpentest.com/2018/03/sql-injection-login-bypass-cheat-sheet.html
 2020-06-12 09:56:17 +01:00
sheimo
6757058b8c Create sqli.auth.bypass.txt 
This is a thorough SQL injection authentication bypass list. Each source below was combined to a text file and sorted.

Source: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
Source: http://www.lifeoverpentest.com/2018/03/sql-injection-login-bypass-cheat-sheet.html
 2020-06-11 23:24:34 -05:00