idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
681 Commits 1 Branch 0 Tags
80700778d8b06ea92b676210b9cdfaa8db073857
Commit Graph

681 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
toxydose 277b243d61 add slashes. Some servers are redirecting from folders without slashes to folders with slashes in the end of URI, and 302 is returned instead of 200 2018-12-02 02:39:55 +02:00
toxydose aac5204f75 add clientaccesspolicy.xml and crossdomain.xml files which are usually contains unsafe wildcarded configurations. 2018-12-02 02:23:41 +02:00
Alexander Bridges 86b091eab3 Merge pull request #2 from danielmiessler/master 
upd
 2018-12-02 01:57:09 +02:00
g0tmi1k b8da13eb6e Update README.md 2018-11-26 10:20:38 +00:00
g0tmi1k 691bc9bd72 Merge pull request #242 from g0tmi1k/misc 
Add install information
 2018-11-26 10:19:59 +00:00
g0tmi1k b51d03d478 Add install information 2018-11-26 10:19:38 +00:00
g0tmi1k 47b1829910 Merge pull request #241 from g0tmi1k/ua 
Added various User Agent strings
 2018-11-26 10:09:44 +00:00
g0tmi1k b99b0ed28f Added various User Agent strings 
Source: https://developers.whatismybrowser.com/useragents/explore/
 2018-11-26 09:56:22 +00:00
g0tmi1k 75ebcd1e1f Merge pull request #240 from vinnytroia/1m_domains 
Added top 1m Alexa domains 

Source: https://www.alexa.com/topsites
 2018-11-23 10:01:54 +00:00
Vinny Troia fa07cbd407 Added top 1m Alexa domains - sorted and replaced . with - 2018-11-23 04:58:33 -05:00
g0tmi1k ea79b4facb Merge pull request #239 from tomcodes/master 
Add sonar-project.properties and default HashiChorp Vault url to quickhits.txt

Source: https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
 2018-11-21 15:16:08 +00:00
tomcodes 613af9601e Add HashiCorp Vault GUI default URL to quickhits.txt 2018-11-21 16:11:47 +01:00
tomcodes ff8406d36b Add sonar-project.properties file to quickhits.txt 2018-11-21 15:54:22 +01:00
g0tmi1k 933f1d5fba Merge pull request #238 from tomcodes/master 
Add AWS CodeDeploy appspec.yml file to quickhits.txt

Source: https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file.html
 2018-11-21 14:42:13 +00:00
tomcodes 214a277412 Add AWS CodeDeploy appspec.yml file to quickhits.txt 2018-11-21 15:21:42 +01:00
Somdev Sangwan bb180d4e27 changed %3B to %26 (I'm sleep deprived sorry) 2018-11-21 14:53:27 +05:30
Somdev Sangwan 31167686f0 +5 payloads, some enhancements 2018-11-21 14:45:08 +05:30
g0tmi1k e5b7acdea2 Merge pull request #234 from Martin407/patch-1 
Removed duplicate entry
 2018-11-13 17:01:10 +00:00
Martin407 86306f8d03 Removed duplicate entry 2018-11-13 11:57:59 -05:00
g0tmi1k f28cd4a37c Merge pull request #232 from michenriksen/master 
Add best performing payloads from the XSS Polyglot Challenge

Source: https://polyglot.innerht.ml/
 2018-11-01 08:09:01 +00:00
Michael Henriksen 2dab37db43 Add best performing payloads from the XSS Polyglot Challenge 2018-11-01 07:37:16 +01:00
g0tmi1k f8343e454d Merge pull request #231 from toxydose/master 
WP REST API v2 endpoints

Source: http://v2.wp-api.org/
 2018-10-31 21:31:17 +00:00
Alexander Bridges a53dae2a76 Add /wp-json/wp/v2/users 
Add /wp-json/wp/v2/users WP REST API endpoint which exposes sensitive information - list of all WP users, which could be used for brute-force attacks.
 2018-10-31 23:27:00 +02:00
Alexander Bridges dbfa5e2b1e Add some WP rest API endpoints 
reference: http://v2.wp-api.org/
 2018-10-31 23:19:31 +02:00
g0tmi1k e36d634b08 Merge pull request #230 from toxydose/master 
Add cpanel login page

Source: https://www.webhostinghub.com/help/learn/cpanel/getting-started/how-to-login-to-cpanel
 2018-10-30 18:02:16 +00:00
Alexander Bridges 85cc7eeadf Added cpanel login page 
reference: https://www.webhostinghub.com/help/learn/cpanel/getting-started/how-to-login-to-cpanel
 2018-10-30 01:00:31 +02:00
Alexander Bridges b4940b0a08 Merge pull request #1 from danielmiessler/master 
update
 2018-10-26 11:51:35 +03:00
g0tmi1k 3327ec8b40 Merge pull request #229 from drwetter/patch-1 
Correct 1 typo in typo3 login ;-)
 2018-10-23 12:53:05 +01:00
g0tmi1k f5fcb3ca9b Merge pull request #228 from toxydose/master 
Add Wordpress, Django, Flask and Shopware login pages
 2018-10-23 12:51:09 +01:00
Dirk Wetter e8b1df5f84 Correct 1 typo in typo3 login 
/typo3/in is IMHO not the login.
 2018-10-23 13:50:09 +02:00
Alexander Bridges 2ced567e86 Add Wordpress and Shopware login pages 
Added common Wordpress and Shopware CMS's login forms.

References:
https://premium.wpmudev.org/blog/find-wordpress-login/
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/wordpress.fuzz.txt
https://github.com/toxydose/SecLists/blob/master/Discovery/Web-Content/CMS/shopware.txt
 2018-10-23 13:46:26 +03:00
g0tmi1k 6a18428339 Merge pull request #227 from toxydose/master 
Add Shopware common sensitive files wordlist.
 2018-10-17 15:22:55 +01:00
Alexander Bridges 5a88be0c4f Add Shopware common sensitive files wordlist. 
Shopware is open source e-commerce software 
https://github.com/shopware/shopware 
Shopware wordlist was not presented in this directory. The file should be improved and expanded
 2018-10-17 17:19:53 +03:00
g0tmi1k 42d23ebe37 Merge pull request #225 from g0tmi1k/fixes 
Fixes
 2018-10-15 13:09:51 +01:00
g0tmi1k 4c09aaf6c0 Add IP address header fields 
Source: https://stackoverflow.com/questions/1384410/php-getenvremote-addr-serious-side-effects
 2018-10-15 13:08:28 +01:00
g0tmi1k d68ba5f9ed Rename "_" -> "-" & found a few new homes 2018-10-15 13:08:10 +01:00
g0tmi1k d0d7aa5a60 Sort out README 2018-10-15 13:07:39 +01:00
g0tmi1k 7efce4c385 Merge pull request #224 from s0md3v/patch-1 
Hand crafted XSS payloads to bypass WAFs

Source: https://github.com/s0md3v/AwesomeXSS
 2018-10-15 11:43:19 +01:00
Somdev Sangwan cebebee4b5 Create XSS-Somdev.txt 2018-10-15 02:13:17 +05:30
g0tmi1k 11bea7627e Merge pull request #223 from govolution/patch-3 
Update telnet-betterdefaultpasslist.txt

Source: https://github.com/govolution/betterdefaultpasslist/blob/master/sources.txt
 2018-10-10 11:23:52 +01:00
g0tmi1k 31775a887e Merge pull request #222 from govolution/patch-2 
Update ssh-betterdefaultpasslist.txt

Source: https://github.com/govolution/betterdefaultpasslist/blob/master/sources.txt
 2018-10-10 11:23:16 +01:00
g0tmi1k 19e46c19bc Merge pull request #221 from govolution/patch-1 
Add 1 default credential

Source: https://app.vagrantup.com/brunofpereira/boxes/ubuntu-base
 2018-10-10 11:22:38 +01:00
govolution ecb24ff385 Update telnet-betterdefaultpasslist.txt 
For sources please refer: https://github.com/govolution/betterdefaultpasslist/blob/master/sources.txt
 2018-10-10 05:57:27 +02:00
govolution 84bd8f017a Update ssh-betterdefaultpasslist.txt 
Sources: https://github.com/govolution/betterdefaultpasslist/blob/master/sources.txt
 2018-10-10 05:55:43 +02:00
govolution 7928dde3c2 Update mysql-betterdefaultpasslist.txt 2018-10-10 05:52:05 +02:00
govolution c6017c2357 Update mysql-betterdefaultpasslist.txt 2018-10-10 05:48:03 +02:00
g0tmi1k 9588809bce Merge pull request #220 from JensTimmerman/patch-1 
add default passwords for zenitel devices

Source: https://wiki.zenitel.com/wiki/Password_(IP_Stations)
 2018-10-08 14:41:00 +01:00
Jens Timmerman c57af9dcf6 add default passwords for zenitel devices 
as documented at https://wiki.zenitel.com/wiki/Password_(IP_Stations)
 2018-10-08 15:39:30 +02:00
g0tmi1k 4779684635 Merge pull request #219 from kongwenbin/master 
Add new word list for Content Type
 2018-10-07 18:27:20 +01:00
Wen Bin fe2a64f4a1 Add new word list 
I have been using this word list for a long time. Just realised that SecLists don't have a similar list such as this, so I have decided to upload it to share with the community.
 2018-10-08 00:51:57 +08:00