2aae32e656
Some checks are pending
Readme updater - Updates readme with latest stats / update-readme (push) Waiting to run
|
||
|---|---|---|
| .. | ||
| api | ||
| BurpSuite-ParamMiner | ||
| CMS | ||
| Domino-Hunter | ||
| dutch | ||
| File-Extensions-Universal-SVNDigger-Project | ||
| LEGACY-SERVICES | ||
| Programming-Language-Specific | ||
| Service-Specific | ||
| trickest-robots-disallowed-wordlists | ||
| URLs | ||
| Web-Servers | ||
| AdobeXML.fuzz.txt | ||
| big.txt | ||
| burp-parameter-names.txt | ||
| coldfusion.txt | ||
| combined_directories.txt | ||
| combined_words.txt | ||
| common-and-dutch.txt | ||
| common-and-french.txt | ||
| common-and-italian.txt | ||
| common-and-portuguese.txt | ||
| common-and-spanish.txt | ||
| common-api-endpoints-mazen160.txt | ||
| Common-DB-Backups.txt | ||
| common.txt | ||
| common_directories.txt | ||
| default-web-root-directory-linux.txt | ||
| default-web-root-directory-windows.txt | ||
| directory-list-1.0.txt | ||
| directory-list-2.3-big.txt | ||
| directory-list-2.3-medium.txt | ||
| directory-list-2.3-small.txt | ||
| directory-list-lowercase-2.3-big.txt | ||
| directory-list-lowercase-2.3-medium.txt | ||
| directory-list-lowercase-2.3-small.txt | ||
| domino-dirs-coldfusion39.txt | ||
| domino-endpoints-coldfusion39.txt | ||
| dsstorewordlist.txt | ||
| graphql.txt | ||
| hashicorp-consul-api.txt | ||
| hashicorp-vault.txt | ||
| JavaScript-Miners.txt | ||
| JavaServlets-Common.fuzz.txt | ||
| LinuxFileList.txt | ||
| Logins.fuzz.txt | ||
| Microsoft-Frontpage.txt | ||
| netware.txt | ||
| ntlm-directories.txt | ||
| oauth-oidc-scopes.txt | ||
| Oracle9i.fuzz.txt | ||
| OracleAppServer.fuzz.txt | ||
| Passwords.fuzz.txt | ||
| Proxy-Auto-Configuration-Files.txt | ||
| Public-Source-Repo-Issues.json | ||
| quickhits.txt | ||
| raft-large-directories-lowercase.txt | ||
| raft-large-directories.txt | ||
| raft-large-extensions-lowercase.txt | ||
| raft-large-extensions.txt | ||
| raft-large-files-lowercase.txt | ||
| raft-large-files.txt | ||
| raft-large-words-lowercase.txt | ||
| raft-large-words.txt | ||
| raft-medium-directories-lowercase.txt | ||
| raft-medium-directories.txt | ||
| raft-medium-extensions-lowercase.txt | ||
| raft-medium-extensions.txt | ||
| raft-medium-files-lowercase.txt | ||
| raft-medium-files.txt | ||
| raft-medium-words-lowercase.txt | ||
| raft-medium-words.txt | ||
| raft-small-directories-lowercase.txt | ||
| raft-small-directories.txt | ||
| raft-small-extensions-lowercase.txt | ||
| raft-small-extensions.txt | ||
| raft-small-files-lowercase.txt | ||
| raft-small-files.txt | ||
| raft-small-words-lowercase.txt | ||
| raft-small-words.txt | ||
| README.md | ||
| reverse-proxy-inconsistencies.txt | ||
| Roundcube-123.txt | ||
| rssfeed-files.txt | ||
| sap-analytics-cloud.txt | ||
| SAP-NetWeaver.txt | ||
| SOAP-functions.txt | ||
| tftp.fuzz.txt | ||
| UnixDotfiles.fuzz.txt | ||
| uri-from-top-55-most-popular-apps.txt | ||
| url-params_from-top-55-most-popular-apps.txt | ||
| versioning_metafiles.txt | ||
| vulnerability-scan_j2ee-websites_WEB-INF.txt | ||
| web-all-content-types.txt | ||
| web-extensions-big.txt | ||
| web-extensions.txt | ||
| web-mutations.txt | ||
| wso2-enterprise-integrator.txt | ||
Web discovery wordlists
AdobeXML.fuzz.txt
Use for: Discovering sensitive filepaths of Adobe ColdFusion
Creation date: Aug 27, 2012
No updates have been made to this wordlist since its creation.
raft-* wordlists
Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications.
Source: Google's RAFT
combined_words.txt
Use for: discovering files
This list is automatically updated by a github action whenever any of the lists it's composed by is modified.
This list is a combination of the following wordlists:
- big.txt
- common.txt
- raft-large-words-lowercase.txt
- raft-large-words.txt
- raft-medium-words-lowercase.txt
- raft-medium-words.txt
- raft-small-words-lowercase.txt
- raft-small-words.txt
combined_directories.txt
Use for: discovering files and directories
This list is automatically updated by a github action whenever any of the lists it's composed by is modified.
These are the wordlists that compose this wordlist:
- apache.txt
- combined_words.txt
- directory-list-1.0.txt
- directory-list-2.3-big.txt
- directory-list-2.3-medium.txt
- directory-list-2.3-small.txt
- raft-large-directories-lowercase.txt
- raft-large-directories.txt
- raft-medium-directories-lowercase.txt
- raft-medium-directories.txt
- raft-small-directories-lowercase.txt
- raft-small-directories.txt
- common_directories.txt
dsstorewordlist.txt
Use for: discovering files and directories
This wordlist was collected by parsing Alexa top-million sites for .DS_Store files, extracting all the found files, and then extracting found file and directory names from around 300k real websites. The files were then sorted by probability and one-occurrence strings were removed.
Source: https://github.com/aels/subdirectories-discover
vulnerability-scan_j2ee-websites_WEB-INF.txt
Use for: discovering sensitive j2ee files exploiting a lfi
References:
- https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
- https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
Microsoft-Frontpage.txt
Use for: Fuzzing for common filepaths in webpages designed with Microsoft Frontpage
Year of the first release of Microsoft Frontpage: 1997
Year of the last release of Microsoft Frontpage: 2003
Date of last update: Oct 14, 2010
graphql.txt
Use for: Fuzzing for common filepaths in webpages that use the GraphQL Query Language
reverse-proxy-inconsistencies.txt
Use for: Detecting the backend admin/console interfaces and tomcat manager interfaces hiding behind reverse proxies by leveraging inconsistencies in how certain requests are handled.
See: A fresh look on reverse proxy related attacks | acunetix.com | Aleksei Tiurin | 2019-01-22