Merge pull request #1155 from ItsIgnacioPortal/sync

Discovery/Web-Content/README.md

@@ -1,5 +1,48 @@
 # Web discovery wordlists
 
+## AdobeCQ-AEM.txt
+Use for: Discovering sensitive filepaths of **Adobe Experience Manager**
+Creation date: Oct 1, 2017
+No updates have been made to this wordlist since its creation.
+
+## AdobeXML.fuzz.txt
+Use for: Discovering sensitive filepaths of **Adobe ColdFusion**
+Creation date: Aug 27, 2012
+No updates have been made to this wordlist since its creation.
+
+## Apache.fuzz.txt
+Use for: Discvering sensitive content in Apache web servers.
+Date of last update: Jan 26, 2015
+
+## ApacheTomcat.fuzz.txt
+Use for: Discovering sensitive content in Apache Tomcat servers.
+Date of last update: Dec 14, 2017
+
+## CGI-HTTP-POST-Windows.fuzz.txt
+Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, [Microsoft FrontPage](https://en.wikipedia.org/wiki/Microsoft_FrontPage)
+Source: https://github.com/deepak0401/Front-Page-Exploit
+Date of last update: Aug 27, 2012
+The last version of FrontPage was released on 2003.
+
+## CGI-HTTP-POST.fuzz.txt
+Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI". 
+Date of last update: Aug 27, 2012
+
+This wordlist tests for the following vulnerabilities:
+- Default password in the [Nortel Meridian](https://en.wikipedia.org/wiki/Nortel_Meridian) private branch exchange **telephone switching system**. Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1167).
+- XSS in the **"Bajie HTTP JServer"** (software site completely defunct, no archives exist). Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L803)
+- CGI Vulnerability in an unknown system (payload `lastlines.cgi?process`) which would allow attackers to "read arbitrary files and/or execute commands". Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1036)
+- Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836)
+- DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt).
+
+## CGI-Microsoft.fuzz.txt
+Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems.
+Date of last update: Aug 27, 2012
+
+## raft-* wordlists
+Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications.
+Source: [Google's RAFT](https://code.google.com/archive/p/raft/)
+
 ## combined_words.txt
 
 Use for: discovering files    
@@ -37,6 +80,13 @@ This list is a combination of the following wordlists:
 - raft-small-directories.txt
 - common_directories.txt
 
+### Usage
+Use for: discovering files and directories
+
+### Source
+This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.
+
+
 ## dsstorewordlist.txt
 
 SOURCE: https://github.com/aels/subdirectories-discover