idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
928 Commits 1 Branch 0 Tags
8679c2d6fe015537d0d879c9f71a3ed11814f336
Commit Graph

114 Commits

Author SHA1 Message Date
PinkDraconian
8679c2d6fe Added true and false to the fuzzing list 
Changing json field to true or false could have interesting results on an endpoint when fuzzing.
 2020-06-16 12:21:04 +02:00
g0tmi1k
d76b8f6691 Merge pull request #452 from noraj/patch-1 
Create LFI-gracefulsecurity-windows.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/
 2020-06-12 09:57:44 +01:00
g0tmi1k
b2865e0492 Merge pull request #453 from noraj/patch-2 
Create LFI-gracefulsecurity-linux.txt

Source: https://gracefulsecurity.com/path-traversal-cheat-sheet-linux/
 2020-06-12 09:57:09 +01:00
sheimo
6757058b8c Create sqli.auth.bypass.txt 
This is a thorough SQL injection authentication bypass list. Each source below was combined to a text file and sorted.

Source: https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
Source: http://www.lifeoverpentest.com/2018/03/sql-injection-login-bypass-cheat-sheet.html
 2020-06-11 23:24:34 -05:00
Alexandre ZANNI
7dd955a544 Create LFI-gracefulsecurity-linux.txt 2020-06-11 16:49:45 +02:00
Alexandre ZANNI
6945f3e779 Create LFI-gracefulsecurity-windows.txt 2020-06-11 16:48:39 +02:00
g0tmi1k
245984882a Merge pull request #442 from kazkansouh/standardise-line-end 
Standardise line endings
 2020-05-28 11:11:35 +01:00
Jamie Scott
5b5cafaa47 Adding the not in operator 
Adding the not in operator as another thing to check or test. It will equivalently act as { $ne: 1 } only it functions within an array.
 2020-05-28 00:34:48 -07:00
Karim Kanso
607c3293b4 strip trailing whitespace 2020-05-27 14:26:51 +01:00
kegan
54ac7074da add nested traversal strings for /etc/passwd 2020-05-18 18:12:12 -05:00
Dominique RIGHETTO
984af30974 Add the expression for the Dust engine 2020-05-03 10:52:17 +02:00
Dominique RIGHETTO
aecd8036ca Add the expression for the doT engine 2020-05-03 10:30:48 +02:00
g0tmi1k
09d5a27cf7 Merge pull request #421 from storenth/master 
Update the fuzz-Bo0oM.txt with more ';'

Source: https://twitter.com/11xuxx/status/1247496768054591489
 2020-04-29 17:52:49 +01:00
Kirill Z
6466bd0ed2 Add more XSS 2020-04-27 20:19:33 +07:00
Kirill Z
561d6236c2 Update the fuzz-Bo0oM.txt with more ';' 2020-04-27 20:09:53 +07:00
Dominique RIGHETTO
611d47caf3 Add a version of the payload for CodeContext 
Add the payload "42*42" to the fuzzing list in order to cover the "Code context" detection point mentioned in the https://portswigger.net/web-security/server-side-template-injection training
 2020-04-25 09:13:06 +02:00
g0tmi1k
a7dbde1ec9 Merge pull request #412 from righettod/master 
Collection of template engines expression

Source: https://github.com/expressjs/express/wiki#template-engines
 2020-04-20 10:06:06 +01:00
g0tmi1k
b3b337e6f1 Merge pull request #390 from ipentest/add-ipentest 
Added top 100 email domains to Seclists/Fuzzing

Source: https://email-verify.my-addr.com/list-of-most-popular-email-domains.php
 2020-04-20 10:04:42 +01:00
Dominique RIGHETTO
1bd30300de Add a initial collection of template engines expression 2020-04-18 17:16:20 +02:00
Antoine Guilbaud
13b1f18901 add a common windows lfi path 2020-04-15 12:49:42 +02:00
milangfx
e82e5e5026 add /apidocs/api-docs.json, /api-docs 2020-04-01 14:42:20 +02:00
ipentest
b2cf6971c9 Add ipentest to contributors 2020-02-12 11:46:44 -05:00
S7X Deckard Case
b8e87ad36c Added the entire XSS Cheat Sheet of PortSwigger, their HTML events and tags. 2019-11-18 09:33:26 +01:00
Camas
eb2cd4518a Remove extra newline 2019-11-08 23:32:46 +00:00
Camas
a7184dd1f7 Fix line endings 2019-11-08 15:09:15 +00:00
Parth Malhotra
01b280755c Create 1-4_all_letters_a-z.txt 2019-11-07 21:50:55 +05:30
Luke Anderson
68f8d60da5 Fix Fuzzing Types (Fixes #339) 2019-10-05 00:35:43 +09:30
g0tmi1k
327cc859ee Quick rename 2019-08-13 12:50:53 +01:00
g0tmi1k
5bbc1e6fe3 Close #329 - Bo0oM's fuzz.txt 
Source: https://github.com/Bo0oM/fuzz.txt
 2019-08-13 12:50:20 +01:00
g0tmi1k
3fc464d156 Add XSS without parentheses and semi-colons 
Source: https://portswigger.net/blog/xss-without-parentheses-and-semi-colons
 2019-05-22 12:15:42 +01:00
g0tmi1k
9239f0a284 find . -name '*_*' -exec rename 's/_/-/g' "{}" \; 2019-05-08 11:54:39 +01:00
g0tmi1k
a65f6bd665 Close #291 - Fix encoding issues 
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
 2019-05-08 11:04:00 +01:00
g0tmi1k
7b1f14989c Quick move about 2019-04-12 13:52:47 +01:00
g0tmi1k
3f2c0d33d2 Quick clean up of locations 2019-04-10 13:22:39 +01:00
g0tmi1k
12751dbbf0 Fix #288 - Add graphql 
Source: https://graphql.org/learn/serving-over-http/
 2019-04-10 13:18:25 +01:00
g0tmi1k
b9483d00b7 Sort out a few more filenmae issues 2019-04-10 11:32:07 +01:00
g0tmi1k
437478ce7b Fix #284 #285 - useragents-ie.txt 2019-04-10 10:19:12 +01:00
Alexandre ZANNI
cfe4b16023 Update LFI-JHADDIX.txt 
fix typo + add 1 entry
 2019-03-10 17:11:22 +01:00
Infected Drake
0400e0bbc1 A wrong payload corrected 
The payload on line 18 contains a misspelled event handler `OnpOinTeReENer`. Corrected it properly.
 2019-02-09 12:13:28 +05:30
g0tmi1k
7ed3f897df Merge pull request #237 from s0md3v/patch-1 
+5 payloads, some enhancements
 2019-01-08 18:11:33 +00:00
Prinzhorn
1eae4d51f0 Strip HTML from LFI-LFISuite-pathtotest-huge.txt 2018-12-18 10:13:49 +01:00
g0tmi1k
47b1829910 Merge pull request #241 from g0tmi1k/ua 
Added various User Agent strings
 2018-11-26 10:09:44 +00:00
g0tmi1k
b99b0ed28f Added various User Agent strings 
Source: https://developers.whatismybrowser.com/useragents/explore/
 2018-11-26 09:56:22 +00:00
Somdev Sangwan
bb180d4e27 changed %3B to %26 (I'm sleep deprived sorry) 2018-11-21 14:53:27 +05:30
Somdev Sangwan
31167686f0 +5 payloads, some enhancements 2018-11-21 14:45:08 +05:30
Michael Henriksen
2dab37db43 Add best performing payloads from the XSS Polyglot Challenge 2018-11-01 07:37:16 +01:00
g0tmi1k
d68ba5f9ed Rename "_" -> "-" & found a few new homes 2018-10-15 13:08:10 +01:00
Somdev Sangwan
cebebee4b5 Create XSS-Somdev.txt 2018-10-15 02:13:17 +05:30
g0tmi1k
9f73b7e81a Add LFISuite 
Source: https://github.com/D35m0nd142/LFISuite
 2018-07-25 13:51:06 +01:00
Karan Saini
3911f92c82 Added numeric combinations 
Text files of numeric combinations (with leading zeros) for use during enumeration
 2018-04-08 00:54:51 +05:30