idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
928 Commits 1 Branch 0 Tags
8679c2d6fe015537d0d879c9f71a3ed11814f336
Commit Graph

114 Commits

Author SHA1 Message Date
PinkDraconian 8679c2d6fe Added true and false to the fuzzing list 
Changing json field to true or false could have interesting results on an endpoint when fuzzing.
 2020-06-16 12:21:04 +02:00
g0tmi1k d76b8f6691 Merge pull request #452 from noraj/patch-1 
Create LFI-gracefulsecurity-windows.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/
 2020-06-12 09:57:44 +01:00
g0tmi1k b2865e0492 Merge pull request #453 from noraj/patch-2 
Create LFI-gracefulsecurity-linux.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-linux/
 2020-06-12 09:57:09 +01:00
sheimo 6757058b8c Create sqli.auth.bypass.txt 
This is a thorough SQL injection authentication bypass list. Each source below was combined to a text file and sorted.

Source: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
Source: http://www.lifeoverpentest.com/2018/03/sql-injection-login-bypass-cheat-sheet.html
 2020-06-11 23:24:34 -05:00
Alexandre ZANNI 7dd955a544 Create LFI-gracefulsecurity-linux.txt 2020-06-11 16:49:45 +02:00
Alexandre ZANNI 6945f3e779 Create LFI-gracefulsecurity-windows.txt 2020-06-11 16:48:39 +02:00
g0tmi1k 245984882a Merge pull request #442 from kazkansouh/standardise-line-end 
Standardise line endings
 2020-05-28 11:11:35 +01:00
Jamie Scott 5b5cafaa47 Adding the not in operator 
Adding the not in operator as another thing to check or test. It will equivalently act as { $ne: 1 } only it functions within an array.
 2020-05-28 00:34:48 -07:00
Karim Kanso 607c3293b4 strip trailing whitespace 2020-05-27 14:26:51 +01:00
kegan 54ac7074da add nested traversal strings for /etc/passwd 2020-05-18 18:12:12 -05:00
Dominique RIGHETTO 984af30974 Add the expression for the Dust engine 2020-05-03 10:52:17 +02:00
Dominique RIGHETTO aecd8036ca Add the expression for the doT engine 2020-05-03 10:30:48 +02:00
g0tmi1k 09d5a27cf7 Merge pull request #421 from storenth/master 
Update the fuzz-Bo0oM.txt with more ';'

Source: https://twitter.com/11xuxx/status/1247496768054591489
 2020-04-29 17:52:49 +01:00
Kirill Z 6466bd0ed2 Add more XSS 2020-04-27 20:19:33 +07:00
Kirill Z 561d6236c2 Update the fuzz-Bo0oM.txt with more ';' 2020-04-27 20:09:53 +07:00
Dominique RIGHETTO 611d47caf3 Add a version of the payload for CodeContext 
Add the payload "42*42" to the fuzzing list in order to cover the "Code context" detection point mentioned in the https://portswigger.net/web-security/server-side-template-injection training
 2020-04-25 09:13:06 +02:00
g0tmi1k a7dbde1ec9 Merge pull request #412 from righettod/master 
Collection of template engines expression

Source: https://github.com/expressjs/express/wiki#template-engines
 2020-04-20 10:06:06 +01:00
g0tmi1k b3b337e6f1 Merge pull request #390 from ipentest/add-ipentest 
Added top 100 email domains to Seclists/Fuzzing

Source: https://email-verify.my-addr.com/list-of-most-popular-email-domains.php
 2020-04-20 10:04:42 +01:00
Dominique RIGHETTO 1bd30300de Add a initial collection of template engines expression 2020-04-18 17:16:20 +02:00
Antoine Guilbaud 13b1f18901 add a common windows lfi path 2020-04-15 12:49:42 +02:00
milangfx e82e5e5026 add /apidocs/api-docs.json, /api-docs 2020-04-01 14:42:20 +02:00
ipentest b2cf6971c9 Add ipentest to contributors 2020-02-12 11:46:44 -05:00
S7X Deckard Case b8e87ad36c Added the entire XSS Cheat Sheet of PortSwigger, their HTML events and tags. 2019-11-18 09:33:26 +01:00
Camas eb2cd4518a Remove extra newline 2019-11-08 23:32:46 +00:00
Camas a7184dd1f7 Fix line endings 2019-11-08 15:09:15 +00:00
Parth Malhotra 01b280755c Create 1-4_all_letters_a-z.txt 2019-11-07 21:50:55 +05:30
Luke Anderson 68f8d60da5 Fix Fuzzing Types (Fixes #339) 2019-10-05 00:35:43 +09:30
g0tmi1k 327cc859ee Quick rename 2019-08-13 12:50:53 +01:00
g0tmi1k 5bbc1e6fe3 Close #329 - Bo0oM's fuzz.txt 
Source: https://github.com/Bo0oM/fuzz.txt
 2019-08-13 12:50:20 +01:00
g0tmi1k 3fc464d156 Add XSS without parentheses and semi-colons 
Source: https://portswigger.net/blog/xss-without-parentheses-and-semi-colons
 2019-05-22 12:15:42 +01:00
g0tmi1k 9239f0a284 find . -name '*_*' -exec rename 's/_/-/g' "{}" \; 2019-05-08 11:54:39 +01:00
g0tmi1k a65f6bd665 Close #291 - Fix encoding issues 
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
 2019-05-08 11:04:00 +01:00
g0tmi1k 7b1f14989c Quick move about 2019-04-12 13:52:47 +01:00
g0tmi1k 3f2c0d33d2 Quick clean up of locations 2019-04-10 13:22:39 +01:00
g0tmi1k 12751dbbf0 Fix #288 - Add graphql 
Source: https://graphql.org/learn/serving-over-http/
 2019-04-10 13:18:25 +01:00
g0tmi1k b9483d00b7 Sort out a few more filenmae issues 2019-04-10 11:32:07 +01:00
g0tmi1k 437478ce7b Fix #284 #285 - useragents-ie.txt 2019-04-10 10:19:12 +01:00
Alexandre ZANNI cfe4b16023 Update LFI-JHADDIX.txt 
fix typo + add 1 entry
 2019-03-10 17:11:22 +01:00
Infected Drake 0400e0bbc1 A wrong payload corrected 
The payload on line 18 contains a misspelled event handler `OnpOinTeReENer`. Corrected it properly.
 2019-02-09 12:13:28 +05:30
g0tmi1k 7ed3f897df Merge pull request #237 from s0md3v/patch-1 
+5 payloads, some enhancements
 2019-01-08 18:11:33 +00:00
Prinzhorn 1eae4d51f0 Strip HTML from LFI-LFISuite-pathtotest-huge.txt 2018-12-18 10:13:49 +01:00
g0tmi1k 47b1829910 Merge pull request #241 from g0tmi1k/ua 
Added various User Agent strings
 2018-11-26 10:09:44 +00:00
g0tmi1k b99b0ed28f Added various User Agent strings 
Source: https://developers.whatismybrowser.com/useragents/explore/
 2018-11-26 09:56:22 +00:00
Somdev Sangwan bb180d4e27 changed %3B to %26 (I'm sleep deprived sorry) 2018-11-21 14:53:27 +05:30
Somdev Sangwan 31167686f0 +5 payloads, some enhancements 2018-11-21 14:45:08 +05:30
Michael Henriksen 2dab37db43 Add best performing payloads from the XSS Polyglot Challenge 2018-11-01 07:37:16 +01:00
g0tmi1k d68ba5f9ed Rename "_" -> "-" & found a few new homes 2018-10-15 13:08:10 +01:00
Somdev Sangwan cebebee4b5 Create XSS-Somdev.txt 2018-10-15 02:13:17 +05:30
g0tmi1k 9f73b7e81a Add LFISuite 
Source: https://github.com/D35m0nd142/LFISuite
 2018-07-25 13:51:06 +01:00
Karan Saini 3911f92c82 Added numeric combinations 
Text files of numeric combinations (with leading zeros) for use during enumeration
 2018-04-08 00:54:51 +05:30