From cacdb800e122f40b33484340debaee79a69f4cc1 Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Tue, 10 Sep 2024 23:05:47 -0300 Subject: [PATCH 01/12] fix(docs): Added 'common_directories' to the list of ingredients of 'combined_directories.txt' --- Discovery/Web-Content/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 5d23598f993..67a6181c72a 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -36,6 +36,7 @@ This list is a combination of the following wordlists: - raft-small-directories-lowercase.txt - raft-small-directories.txt - common_directories.txt +<<<<<<< HEAD ### Usage Use for: discovering files and directories @@ -43,6 +44,7 @@ Use for: discovering files and directories ### Source This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified. + ## dsstorewordlist.txt ### Overview From 6098b46cf4ba03da020305cd35b46f18134bc445 Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 03:08:21 -0300 Subject: [PATCH 02/12] feat(docs): Added documentation for 'raft-*' wordlists --- Discovery/Web-Content/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 67a6181c72a..b74ec444a09 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -1,5 +1,9 @@ # Web discovery wordlists +## raft-* wordlists +Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. +Source: [Google's RAFT](https://code.google.com/archive/p/raft/) + ## combined_words.txt ### Overview From d930d4d0b6aeb4c28dfcbebbf18d08a5cb49de8c Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 03:26:50 -0300 Subject: [PATCH 03/12] feat(docs): Added documentation for 'AdobeCQ-AEM.txt' wordlist --- Discovery/Web-Content/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index b74ec444a09..9d428a64498 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -1,5 +1,9 @@ # Web discovery wordlists +## AdobeCQ-AEM.txt +Use for: Discovering sensitive filepaths of Adobe Experience Manager +Creation date: Oct 1, 2017 + ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: [Google's RAFT](https://code.google.com/archive/p/raft/) From 1f23fe12de4d97b216ea46b9c8ff8618236c8e68 Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 03:33:59 -0300 Subject: [PATCH 04/12] feat(docs): Added documentation for 'AdobeXML.fuzz.txt' wordlist --- Discovery/Web-Content/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 9d428a64498..4f083fe5da3 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -3,6 +3,10 @@ ## AdobeCQ-AEM.txt Use for: Discovering sensitive filepaths of Adobe Experience Manager Creation date: Oct 1, 2017 +## AdobeXML.fuzz.txt +Use for: Discovering sensitive filepaths of **Adobe ColdFusion** +Creation date: Aug 27, 2012 +No updates have been made to this wordlist since its creation. ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. From 2934760da2e197bbcc94bc1580f586542a1dd547 Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 03:34:43 -0300 Subject: [PATCH 05/12] feat(docs): Added note about outdated contents for the 'AdobeCQ-AEM.txt' wordlist --- Discovery/Web-Content/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 4f083fe5da3..43a056f6c8d 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -1,8 +1,10 @@ # Web discovery wordlists ## AdobeCQ-AEM.txt -Use for: Discovering sensitive filepaths of Adobe Experience Manager +Use for: Discovering sensitive filepaths of **Adobe Experience Manager** Creation date: Oct 1, 2017 +No updates have been made to this wordlist since its creation. + ## AdobeXML.fuzz.txt Use for: Discovering sensitive filepaths of **Adobe ColdFusion** Creation date: Aug 27, 2012 From b9b87f379b294ed5b5a6bdf5e2d0969505abe4f3 Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 03:37:34 -0300 Subject: [PATCH 06/12] feat(docs): Added documentation for 'Apache.fuzz.txt' wordlist --- Discovery/Web-Content/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 43a056f6c8d..2fbee614811 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -10,6 +10,10 @@ Use for: Discovering sensitive filepaths of **Adobe ColdFusion** Creation date: Aug 27, 2012 No updates have been made to this wordlist since its creation. +## Apache.fuzz.txt +Use for: Discvering sensitive content in Apache web servers. +Date of last update: Jan 26, 2015 + ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: [Google's RAFT](https://code.google.com/archive/p/raft/) From d7acb339ce08a2a709529bf3a2e62bd9ce4ae2d1 Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 03:41:45 -0300 Subject: [PATCH 07/12] feat(docs): Added documentation for 'ApacheTomcat.fuzz.txt' wordlist --- Discovery/Web-Content/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 2fbee614811..eaa3eede5d4 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -14,6 +14,10 @@ No updates have been made to this wordlist since its creation. Use for: Discvering sensitive content in Apache web servers. Date of last update: Jan 26, 2015 +## ApacheTomcat.fuzz.txt +Use for: Discovering sensitive content in Apache Tomcat servers. +Date of last update: Dec 14, 2017 + ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: [Google's RAFT](https://code.google.com/archive/p/raft/) From a693ec13e1938edc8cfec8d993183199489274e2 Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 04:02:40 -0300 Subject: [PATCH 08/12] feat(docs): Added documentation for 'CGI-HTTP-POST-Windows.fuzz.txt' wordlist --- Discovery/Web-Content/README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index eaa3eede5d4..b07c8d92447 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -18,6 +18,12 @@ Date of last update: Jan 26, 2015 Use for: Discovering sensitive content in Apache Tomcat servers. Date of last update: Dec 14, 2017 +## CGI-HTTP-POST-Windows.fuzz.txt +Use for: Exploiting various vulnerabilities in the now defunct WYSIWYG HTML editor and website administration tool, [Microsoft FrontPage](https://en.wikipedia.org/wiki/Microsoft_FrontPage) +Source: https://github.com/deepak0401/Front-Page-Exploit +Date of last update: Aug 27, 2012 +The last version of FrontPage was released on 2003. + ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: [Google's RAFT](https://code.google.com/archive/p/raft/) From ad28dd602408c95eaa12beb043907d26e4d1c97f Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 04:54:35 -0300 Subject: [PATCH 09/12] feat(docs): Added documentation for 'CGI-HTTP-POST.fuzz.txt' wordlist --- Discovery/Web-Content/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index b07c8d92447..52fed24d462 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -24,6 +24,17 @@ Source: https://github.com/deepak0401/Front-Page-Exploit Date of last update: Aug 27, 2012 The last version of FrontPage was released on 2003. +## CGI-HTTP-POST.fuzz.txt +Use for: Exploiting/Discovering various vulnerabilities in extremely old systems (Circa 1998) that use "CGI". +Date of last update: Aug 27, 2012 + +This wordlist tests for the following vulnerabilities: +- Default password in the [Nortel Meridian](https://en.wikipedia.org/wiki/Nortel_Meridian) private branch exchange **telephone switching system**. Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1167). +- XSS in the **"Bajie HTTP JServer"** (software site completely defunct, no archives exist). Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L803) +- CGI Vulnerability in an unknown system (payload `lastlines.cgi?process`) which would allow attackers to "read arbitrary files and/or execute commands". Source: [Nikto](https://github.com/sullo/nikto/blob/07653b73cb711972df72a8c66191468705a9b14e/program/databases/db_tests#L1036) +- Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836) +- DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt). + ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: [Google's RAFT](https://code.google.com/archive/p/raft/) From 11d3fdbc2e3cbbe3e8706a97ff3c231b412e3c27 Mon Sep 17 00:00:00 2001 From: "Ignacio J. Perez Portal" <5990@protonmail.com> Date: Wed, 11 Sep 2024 05:08:19 -0300 Subject: [PATCH 10/12] feat(docs): Added documentation for 'CGI-Microsoft.fuzz.txt' wordlist --- Discovery/Web-Content/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index 52fed24d462..d1a9b104c4a 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -35,6 +35,10 @@ This wordlist tests for the following vulnerabilities: - Remote File Include in **[myPHPNuke](https://web.archive.org/web/20140812223623/http://www.myphpnuke.com/)**. Source: [Nessus](https://www.tenable.com/plugins/nessus/11836) - DoS in the **"D-Link Ethernet/Fast Ethernet Print Server DP-300+"**. Source: [Sullo's Security Advisory Archive](https://raw.githubusercontent.com/sullo/advisory-archives/master/phenoelit.de_dp-300.txt). +## CGI-Microsoft.fuzz.txt +Use for: Exploiting/Discovering various vulnerabilities in miscelaneous CGI scripts that run on Microsoft operating systems. +Date of last update: Aug 27, 2012 + ## raft-* wordlists Use for: Directory and file brute-forcing leading to identification of vulnerabilities in web applications. Source: [Google's RAFT](https://code.google.com/archive/p/raft/) From b7b57cbc9ad153b5cb70010753a78fc7cb18d097 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 25 Jan 2025 09:31:16 +0000 Subject: [PATCH 11/12] [Github Action] Automated readme update. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 388c5281fb9..07b0367c6c8 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ This project is maintained by [Daniel Miessler](https://danielmiessler.com/), [J ### Repository details -Size of a complete clone of SecLists is currently at `1.8 GB` +Size of a complete clone of SecLists is currently at `1.9 GB` Cloning this repository should take 6-7 minutes at 5MB/s speeds. From 3eeef85284a608e81599b07971ed35cae17d4aea Mon Sep 17 00:00:00 2001 From: ItsIgnacioPortal <5990@protonmail.com> Date: Sat, 25 Jan 2025 06:31:38 -0300 Subject: [PATCH 12/12] fix(docs): Removed leftover text from git merge conflict --- Discovery/Web-Content/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md index d1a9b104c4a..a9a065a0889 100644 --- a/Discovery/Web-Content/README.md +++ b/Discovery/Web-Content/README.md @@ -79,7 +79,6 @@ This list is a combination of the following wordlists: - raft-small-directories-lowercase.txt - raft-small-directories.txt - common_directories.txt -<<<<<<< HEAD ### Usage Use for: discovering files and directories