danielmiessler/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2024-09-11 10:55:33 +03:00
Code Issues Projects Releases Wiki Activity
3,716 Commits 1 Branch 26 Tags 2 GiB
master
Commit Graph

3716 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
g0tmi1k
f455dc518a Sort common-router-ip by pop 2019-07-09 12:06:25 +01:00
g0tmi1k
503c57f500
Merge pull request #314 from jakobhuss/patch-1 
Non valid ipv4
 2019-07-05 17:22:13 +01:00
g0tmi1k
c94bdb754c
Merge pull request #315 from toxydose/master 
Created Sitecore CMS wordlist + minor endpoint updates.

Sitecore CMS:  https://www.sitecore.com/

Sensitive endpoints: https://doc.sitecore.com/developers/90/platform-administration-and-architecture/en/deny-anonymous-users-access-to-a-folder.html

Sitecore docs:  
https://doc.sitecore.com/legacy-docs/SC72/sitecore-web-service-sc65-a4.pdf
https://doc.sitecore.com/SdnArchive/upload/sitecore7/75/sitecore_security_hardening_guide-sc75-usletter.pdf

Contains sensitive info
https://zellwk.com/blog/bower/
 2019-07-05 17:20:28 +01:00
Alexander Bridges
c5c705134f
Sitecore CMS endpoints 
#### Sources:

Sitecore CMS:  https://www.sitecore.com/

Sensitive endpoints: https://doc.sitecore.com/developers/90/platform-administration-and-architecture/en/deny-anonymous-users-access-to-a-folder.html

Sitecore docs:  
https://doc.sitecore.com/legacy-docs/SC72/sitecore-web-service-sc65-a4.pdf
https://doc.sitecore.com/SdnArchive/upload/sitecore7/75/sitecore_security_hardening_guide-sc75-usletter.pdf
 2019-07-05 19:14:54 +03:00
Alexander Bridges
eae5072a6e
add bower.json dependencies file 
Contains sensitive info
https://zellwk.com/blog/bower/
 2019-07-05 18:53:08 +03:00
Alexander Bridges
ee0e0b01a5
few login endpoints 2019-07-05 18:50:29 +03:00
jakobhuss
0c97bfa509
Non valid ipv4 2019-07-05 13:53:59 +02:00
g0tmi1k
c9a56c3fe0
Merge pull request #312 from g0tmi1k/richelieu 
Add richelieu
 2019-07-03 14:11:25 +01:00
g0tmi1k
ad53a28ba0 Rename a few filesto match 2019-07-03 14:11:00 +01:00
g0tmi1k
cb68eaf66a Add richelieu 
Source: https://github.com/tarraschk/richelieu
 2019-07-03 14:04:48 +01:00
g0tmi1k
e06b13d36d
Merge pull request #310 from waawaa/patch-1 
Missing paths with known RCE vulnerabilities

- https://www.exploit-db.com/exploits/46814
- https://www.exploit-db.com/exploits/43458
- https://paper.seebug.org/910/
- https://techblog.mediaservice.net/2018/07/cve-2017-10271-oracle-weblogic-server-remote-command-execution-sleep-detection-payload/
 2019-07-02 14:16:55 +01:00
waawaa
4a5f06c053
Missing paths with known RCE vulnerabilities 
Some paths are missing which have known RCE vulnerabilities
 2019-07-02 09:31:42 +02:00
g0tmi1k
b0cbe86a20
Merge pull request #306 from g0tmi1k/phpinfo 
Add a few more filenames

Based on https://anotherhackerblog.com/exploiting-file-uploads-pt1/
 2019-06-07 11:07:47 +01:00
g0tmi1k
4257643de8 Add a few more filenames 
based on https://anotherhackerblog.com/exploiting-file-uploads-pt1/
 2019-06-07 11:06:35 +01:00
g0tmi1k
23901ce7b6 Fix make-*.sh files 2019-06-07 10:59:39 +01:00
g0tmi1k
b5de230180
Merge pull request #305 from g0tmi1k/guardicore 
Add MSSQL from guardicore: labs_campaigns-Nansh0u

Source: https://github.com/guardicore/labs_campaigns/blob/master/Nansh0u/common_passwords.txt
Source: https://github.com/guardicore/labs_campaigns/blob/master/Nansh0u/common_usernames.txt
 2019-05-30 12:24:56 +01:00
g0tmi1k
6d1ff64270 Add MSSQL from guardicore: labs_campaigns-Nansh0u 
Source: https://github.com/guardicore/labs_campaigns/blob/master/Nansh0u/common_passwords.txt
Source: https://github.com/guardicore/labs_campaigns/blob/master/Nansh0u/common_usernames.txt
 2019-05-30 12:20:13 +01:00
g0tmi1k
28db64c6e2
Merge pull request #304 from g0tmi1k/xss 
Add XSS without parentheses and semi-colons

Source: https://portswigger.net/blog/xss-without-parentheses-and-semi-colons
 2019-05-22 12:18:18 +01:00
g0tmi1k
3fc464d156 Add XSS without parentheses and semi-colons 
Source: https://portswigger.net/blog/xss-without-parentheses-and-semi-colons
 2019-05-22 12:15:42 +01:00
g0tmi1k
a176d0ccff
Merge pull request #301 from g0tmi1k/Fixes 
Give credit where its due!
 2019-05-08 15:35:25 +01:00
g0tmi1k
1c84d5f112 Give credit where its due! 2019-05-08 12:46:39 +01:00
g0tmi1k
379fba7854
Merge pull request #300 from g0tmi1k/Fixes 
Better filenames
 2019-05-08 12:30:24 +01:00
g0tmi1k
c731e1c9aa Better filenames 2019-05-08 12:28:10 +01:00
g0tmi1k
37fce3b2c1
Merge pull request #299 from g0tmi1k/Fixes 
Source: https://github.com/chrislockard/api_wordlist
 2019-05-08 12:22:50 +01:00
g0tmi1k
7f083ceb07 Close #217 - Add api_wordlist 
Source: https://github.com/chrislockard/api_wordlist
 2019-05-08 12:22:03 +01:00
g0tmi1k
782d018267 Cleaned up filename phpBB 2019-05-08 12:08:11 +01:00
g0tmi1k
9239f0a284 find . -name '*_*' -exec rename 's/_/-/g' "{}" \; 2019-05-08 11:54:39 +01:00
g0tmi1k
bb915befb2
Merge pull request #298 from g0tmi1k/Fixes 
Close #291 - Fix encoding issues

```
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
```
 2019-05-08 11:08:05 +01:00
g0tmi1k
a65f6bd665 Close #291 - Fix encoding issues 
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
 2019-05-08 11:04:00 +01:00
g0tmi1k
3c8ddaf468
Merge pull request #297 from g0tmi1k/Fixes 
Close #293 - Ten Million Passwords

Source: https://xato.net/today-i-am-releasing-ten-million-passwords-b6278bbe7495

https://wpengine.com/unmasked/

https://mega.nz/#!SdYnkJRJ!HmD04LH8Gk8JtlNG6O2NnF2yH9qWJPWtSXbLU2ZR9Q8


```
$ awk -F '\t' '{print $1}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-usernames.txt
$ awk -F '\t' '{print $2}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-passwords.txt
$ awk -F '\t' '{print $1}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | grep -v ' 1 ' | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-usernames-dup.txt
$ awk -F '\t' '{print $2}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | grep -v ' 1 ' | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-passwords-dup.txt
```
 2019-05-08 10:33:10 +01:00
g0tmi1k
6d3b37a3c9 Close #293 - Ten Million Passwords 
Source: https://xato.net/today-i-am-releasing-ten-million-passwords-b6278bbe7495

https://wpengine.com/unmasked/

https://mega.nz/#!SdYnkJRJ!HmD04LH8Gk8JtlNG6O2NnF2yH9qWJPWtSXbLU2ZR9Q8

$ awk -F '\t' '{print $1}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-usernames.txt
$ awk -F '\t' '{print $2}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-passwords.txt
$ awk -F '\t' '{print $1}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | grep -v ' 1 ' | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-usernames-dup.txt
$ awk -F '\t' '{print $2}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | grep -v ' 1 ' | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-passwords-dup.txt
 2019-05-08 10:30:38 +01:00
g0tmi1k
004af903c4
Merge pull request #296 from g0tmi1k/Fixes 
Close #294 - Add /weblogic/ready
 2019-05-07 18:20:50 +01:00
g0tmi1k
8e1f1ae56a Close #294 - Add /weblogic/ready 2019-05-07 18:20:26 +01:00
g0tmi1k
9e5f97fac5
Merge pull request #292 from Beverdam/master 
Added NCSC top 100K most used passwords

Source: https://www.ncsc.gov.uk/static-assets/documents/PwnedPasswordTop100k.txt
https://www.ncsc.gov.uk/blog-post/passwords-passwords-everywhere
 2019-05-07 17:49:26 +01:00
Beverdam
c1c63869ba
Rename 100k_most_used_passwords_NCS.txt to 100k_most_used_passwords_NCSC.txt 
Changed filename
 2019-04-22 19:32:00 +02:00
Beverdam
80700778d8
Added NCSC top 100K used passwords 
Based of https://www.ncsc.gov.uk/static-assets/documents/PwnedPasswordTop100k.txt and https://www.ncsc.gov.uk/blog-post/passwords-passwords-everywhere
 2019-04-22 19:30:54 +02:00
g0tmi1k
181bd743eb
Merge pull request #290 from ricardojba/master 
Include .well-known/apple-app-site-association

Source: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
 2019-04-12 16:31:18 +01:00
Ricardo
42dacbbfa0
Merge pull request #1 from ricardojba/ricardojba-apple-app-site-association 
Include .well-known/apple-app-site-association
 2019-04-12 16:26:13 +01:00
Ricardo
6d15c05bc4
Include .well-known/apple-app-site-association 
Include .well-known/apple-app-site-association
Ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
 2019-04-12 16:25:47 +01:00
g0tmi1k
011d276f2a Merge branch 'master' of github.com:danielmiessler/SecLists 2019-04-12 14:35:07 +01:00
g0tmi1k
7b1f14989c Quick move about 2019-04-12 13:52:47 +01:00
g0tmi1k
7ccb85c376
Merge pull request #289 from toxydose/master 
minor updates
 2019-04-10 14:16:40 +01:00
toxydose
3251b35d54 update login endpoints 2019-04-10 15:54:03 +03:00
toxydose
6aa736a75a ShoreTel Connect login page GHDB-ID:5172 2019-04-10 15:47:27 +03:00
toxydose
94cc83dbda add endpoints without trailing slashes 2019-04-10 15:42:15 +03:00
Alexander Bridges
1883989647
Merge pull request #5 from danielmiessler/master 
update
 2019-04-10 15:38:55 +03:00
g0tmi1k
611ba969ec Move location 2019-04-10 13:31:17 +01:00
g0tmi1k
9e977458eb Add PHP Magic Hashes 
Source: https://www.whitehatsec.com/blog/magic-hashes/
 2019-04-10 13:29:50 +01:00
g0tmi1k
3f2c0d33d2 Quick clean up of locations 2019-04-10 13:22:39 +01:00
g0tmi1k
12751dbbf0 Fix #288 - Add graphql 
Source: https://graphql.org/learn/serving-over-http/
 2019-04-10 13:18:25 +01:00