idan/SecLists
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,051 Commits 1 Branch 0 Tags
e9127d389b5e13d93f781f6c6db3f68e450eeff5
Commit Graph

1051 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
g0tmi1k
e9127d389b Merge pull request #556 from govolution/patch-7 
Update ssh-betterdefaultpasslist.txt

Source: https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
 2021-02-11 20:53:34 +00:00
g0tmi1k
1e286083e4 Merge pull request #552 from mwoolweaver/patch-1 
Add default password for jailbroken iOS (iPhone, iPad, iPod Touch, AppleTV)

Source: https://blog.elcomsoft.com/2020/05/ios-jailbreaks-ssh-and-root-password/
 2021-02-11 20:52:35 +00:00
g0tmi1k
42a8b633de Merge pull request #551 from m4p0/master 
Added Zyxel default username and password (CVE-2020-29583 / CVE-2016-10401)

Source: https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
 2021-02-11 20:51:37 +00:00
g0tmi1k
ad24e5dcd1 Merge pull request #549 from righettod/Feature_548 
Add ".well-known/jwks.json" path to common.txt file.

Source:

- https://auth0.com/docs/tokens/json-web-tokens/json-web-key-sets
- https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html#amazon-cognito-user-pools-using-tokens-step-2
- https://blogs.akamai.com/2019/10/verify-jwt-with-json-web-key-set-jwks-in-api-gateway.html
 2021-02-11 20:50:33 +00:00
g0tmi1k
cd52c8428a Merge pull request #547 from fiLLLip/patch-1 
Add humans.txt

Source: http://humanstxt.org/
 2021-02-11 20:49:46 +00:00
g0tmi1k
751900cbde Merge pull request #544 from mxrch/master 
Adding .git to big.txt
 2021-02-11 20:49:15 +00:00
g0tmi1k
5fc0aeffe4 Merge pull request #543 from rf-peixoto/patch-1 
Upload 2020-200_most_used_passwords.txt

Source: https://nordpass.com/most-common-passwords-list/
 2021-02-11 20:48:56 +00:00
g0tmi1k
c4b84c2392 Merge pull request #542 from redstonedesigner/master 
Add EFF Dice lists

Source: https://eff.org/dice
 2021-02-11 20:48:23 +00:00
g0tmi1k
5ec9d37a15 Merge pull request #540 from kazkansouh/mime-types-iana 
refreshed mime/content-types

Source: https://www.iana.org/assignments/media-types/media-types.xml

```
curl https://www.iana.org/assignments/media-types/media-types.xml -s | xpath -q -e '//file/text()' | tr '[[:upper:]]' '[[:lower:]]'
```
 2021-02-11 20:47:27 +00:00
g0tmi1k
9fbf6cb419 Merge pull request #524 from t0-git/patch-1 
Adding new .git entries and .svnignore.
 2021-02-11 20:28:23 +00:00
g0tmi1k
af40e7f267 Merge pull request #519 from arjunshibu/master 
Added http-request-methods.txt
 2021-02-11 20:27:53 +00:00
govolution
e12b9a1499 Update ssh-betterdefaultpasslist.txt 
added zyxel hard coded credentials (see https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/)
 2021-01-06 17:05:59 +01:00
Michael Woolweaver
83660320c8 Add default password for jailbroken iOS 
once jailbroken this is the default password for both root and mobile
 2021-01-05 13:50:44 -06:00
m4p0
ac068e75b5 Added Zyxel default username and password based on CVE-2020-29583 and CVE-2016-10401 2021-01-05 09:08:32 +01:00
Dominique RIGHETTO
38581fac54 Add ".well-known/jwks.json" path 
Add path to the JSON Web Key Sets file.
This file is documented [here](https://auth0.com/docs/tokens/json-web-tokens/json-web-key-sets)
 2020-12-27 16:35:37 +01:00
Filip Andre Larsen Tomren
8327e45d92 Add humans.txt to common list 
'humans.txt' is common as specified http://humanstxt.org. At least as
common as 'humans', without having to specify extension in tools like 'dirb'.
 2020-12-08 14:53:06 +01:00
mxrch
fb4aaabc63 Update big.txt 2020-11-21 00:16:16 +01:00
rf-peixoto
26b3b873b0 Create 2020-200_most_used_passwords.txt 
Add list of the two hundred most used passwords in 2020, compiled by Nordpass.
 2020-11-19 21:08:49 -03:00
redstonedesigner
967cbdbc61 Add EFF Dice lists (2/2) 2020-11-19 12:05:08 +00:00
redstonedesigner
beaba346ae Add EFF Dice lists (1/2) 2020-11-19 12:03:45 +00:00
Karim Kanso
a6f2ed757f refreshed content-types from www.iana.org/assignments/media-types/media-types.xml 2020-11-17 11:48:56 +00:00
g0tmi1k
9f4d672e98 Merge pull request #517 from righettod/master 
Add path to a common ManageEngine endpoint

Source: https://righettod.eu/#4-vulns
 2020-11-11 12:00:53 +00:00
g0tmi1k
ac861e371d Merge pull request #509 from ArgentEnergy/spring-boot-redis 
Spring Boot Redis paths.
 2020-11-06 11:51:25 +00:00
g0tmi1k
e6333a39d6 Merge pull request #537 from g0tmi1k/misc 
dos2unix
 2020-11-04 11:46:58 +00:00
g0t mi1k
d4ebb09709 dos2unix 2020-11-04 11:45:59 +00:00
g0tmi1k
7d7b9f70e9 Merge pull request #536 from g0tmi1k/misc 
dos2unix
 2020-11-04 00:01:12 +00:00
g0t mi1k
50ec8b1dc6 dos2unix 2020-11-03 23:57:08 +00:00
g0tmi1k
12513fd8ad Merge pull request #518 from clem9669/patch-5 
Adding nextcloud & owncloud to common.txt

Source: https://help.dreamhost.com/hc/en-us/articles/235545207-Step-by-step-guide-to-deploy-Nextcloud-on-DreamCompute
 2020-11-03 22:00:16 +00:00
g0tmi1k
2c64f30675 Merge pull request #513 from vulf/vulf/add_webshells_list 
Added a list of popular web shells

The list includes the filenames of webshells in https://github.com/xl7dev/WebShell , https://github.com/TheBinitGhimire/Web-Shells and FuzzDB.
 2020-11-03 14:11:05 +00:00
g0tmi1k
d21b80c755 Merge pull request #535 from Floppynator/patch-1 
Update email-top-100-domains.txt
 2020-11-03 12:16:28 +00:00
g0tmi1k
31d0f3f90b Merge pull request #534 from shelld3v/patch-5 
Added Donald Trump leaked passwords (2016 + 2020)
 2020-11-03 12:12:44 +00:00
Chris H
08925a1fae Update email-top-100-domains.txt 
added missing mail domain
 2020-11-03 13:06:10 +01:00
shelld3v
7f8c28c6e0 Added Donald Trump leaked passwords (2016 + 2020) 2020-11-03 18:55:07 +07:00
g0tmi1k
c0b6a73bb9 Merge pull request #533 from g0tmi1k/misc 
2020.4 Release
 2020-11-03 11:54:26 +00:00
g0t mi1k
4006e184ba Update CONTRIBUTORS 2020-11-03 11:53:17 +00:00
g0t mi1k
59a8f512af Add Magento webshells 2020-11-03 11:51:54 +00:00
g0t mi1k
75f5d656c1 Add Invisible control characters 2020-11-03 11:51:18 +00:00
g0tmi1k
6d164b9672 Merge pull request #527 from soufianetahiri/master 
Added actuator default paths and created new XSS fuzzing list

Source: https://docs.spring.io/spring-boot/docs/1.5.x/reference/html/production-ready-endpoints.html
 2020-11-03 11:39:11 +00:00
g0tmi1k
449d7a84cd Merge pull request #528 from drwetter/patch-4 
Add CMS login

https://processwire.com/docs/security/admin/
 2020-11-02 21:12:18 +00:00
g0tmi1k
cea2a72bae Merge pull request #506 from LabanSkollerDefensify/patch-1 
Add NDES and SCEP URLs

/certsrv/mscep/mscep.dll: https://docs.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure
/certsrv/mscep_admin: https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx
 2020-11-02 21:11:53 +00:00
g0tmi1k
a6c94e1798 Merge pull request #526 from m4p0/master 
Added default usernames for SAP
 2020-11-02 21:00:11 +00:00
g0tmi1k
d2fdef60e8 Merge pull request #525 from n3k00n3/master 
Adding passwords found on public leak from Nord.
 2020-11-02 20:59:44 +00:00
g0tmi1k
953255cc39 Merge pull request #523 from MusicGivesMeLife/master 
BiblePass Project
 2020-11-02 20:58:57 +00:00
g0tmi1k
fe2aa9e7b0 Merge pull request #521 from realArcherL/master 
Slight correction with version numbers from earlier PR also added new endpoints
 2020-11-02 20:57:49 +00:00
g0tmi1k
2ce45ec6b8 Merge pull request #512 from aayushsonu/master 
Update names.txt
 2020-11-02 19:07:19 +00:00
g0tmi1k
c2e6ced5fa Merge pull request #505 from device33/patch-1 
Update apache.txt

source: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/development_guide/sect-apache_mod_cluster-manager_application
 2020-11-02 19:06:07 +00:00
Dirk Wetter
f7577f68cb Add CMS login 
Processwire is a CMS which I recently encountered during a pentest. /processwire is the login (compare /typo3 or /wp-login.php)
 2020-10-23 13:14:04 +02:00
Soufiane Tahiri
a100ade82e Create XSS-Fuzzing 
High rate hit XSS payloads
 2020-10-23 10:56:16 +02:00
Soufiane Tahiri
a8e73cb425 Added actuator default paths 
Added actuator paths
 2020-10-23 10:51:19 +02:00
mapo
c9f5aedbc2 Added default usernames for SAP 2020-10-20 18:34:32 +02:00