lzh/SecLists
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,552 Commits 1 Branch 19 Tags
master
Commit Graph

1552 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
g0tmi1k decd3cb559 Merge pull request #831 from g0tmi1k/master 
Update contributors (2022.4)
2022.4 		2022-11-22 12:56:36 +00:00
g0t mi1k c44e49aa3c Update contributors (2022.4) 2022-11-22 12:54:06 +00:00
g0tmi1k 7575cbdf93 Merge pull request #828 from CountablyInfinite/master 
Added content discovery for Liferay DXP default portlets
 2022-11-22 12:24:31 +00:00
g0tmi1k 9df8137868 Merge pull request #825 from its0x08/patch-2 
Dedupe wordlists
 2022-11-22 12:23:09 +00:00
g0tmi1k cd30475c1a Merge pull request #824 from cosad3s/master 
fuzz-Bo0oM.txt: "WAF friendly" version
 2022-11-22 12:22:36 +00:00
g0tmi1k 65a2170f83 Merge pull request #822 from ItsIgnacioPortal/etc_files_github_action 
Fixed etc files github action
 2022-11-22 12:20:55 +00:00
g0tmi1k 88552f1608 Merge pull request #804 from 0xbuz3R/patch-1 
Update js.txt
 2022-11-22 12:16:37 +00:00
g0tmi1k ad92e2255c Merge pull request #817 from ItsIgnacioPortal/master 
Fix github action "Wordlist Updater - Awesome list of secrets in environment variables"
 2022-11-22 12:16:00 +00:00
g0tmi1k eb3803c324 Merge pull request #815 from hakxcore/patch-1 
Update CommonAdminBase64.txt
 2022-11-22 12:15:19 +00:00
g0tmi1k b8b0cde981 Merge pull request #814 from xmagor/master 
Update LFI-Jhaddix.txt
 2022-11-22 12:14:41 +00:00
g0tmi1k ca9d413d7e Merge pull request #813 from abhishekmorla/master 
added new backupfiles in wordpress fuzz list

Source: https://www.linkedin.com/feed/update/urn:li:activity:6979486318774923264/
 2022-11-22 12:14:19 +00:00
g0tmi1k 8d52809a0a Merge pull request #812 from tacticthreat/patch-1 
Create hashicorp-consul-api.txt

Source: HashiCorp documentation
 2022-11-22 12:13:03 +00:00
g0tmi1k e870061b86 Merge pull request #811 from tacticthreat/patch-2 
Create salesforce-aura-objects.txt

Source: Salesforces' documentation
 2022-11-22 12:12:18 +00:00
g0tmi1k 4296f91216 Merge pull request #810 from gypsydiver/wp-plugins-update 
add site-editor and mail-masta to wp-plugins.fuzz.txt
 2022-11-22 12:11:39 +00:00
g0tmi1k 517c44b24e Merge pull request #808 from InTruder-Sec/master 
Added more API directories for web application  enumeration
 2022-11-22 12:10:51 +00:00
g0tmi1k 2ce0271683 Merge pull request #807 from righettod/feature_update_springboot 
[spring-boot.txt] Add new endpoints

- https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.actuator.management.server.base-path
- https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints
 2022-11-22 12:09:25 +00:00
g0tmi1k 76d436287d Merge pull request #805 from its0x08/patch-1 
chore: Add WEB-INF list

Source:
- https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
- https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
 2022-11-22 12:08:32 +00:00
g0tmi1k f2dda11292 Merge pull request #803 from vah13/patch-1 
update default-passwords.csv

Source: https://redrays.io/cve-2020-6369-patch-bypass/
 2022-11-22 12:06:44 +00:00
g0tmi1k ad20e71dbc Merge pull request #801 from righettod/feature_adobe_aem 
[AdobeCQ-AEM.txt] Cleanup and enrichment.

Source: 

- https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security-checklist.html#restrict-access
- https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/dispatcher-configuration.html?lang=en#testing-dispatcher-security
 2022-11-22 12:05:49 +00:00
g0tmi1k 56c8071b6d Merge pull request #800 from righettod/feature_gha_check_file_slash 
Add Github workflow to check for entries starting with "/".
 2022-11-22 12:02:46 +00:00
g0tmi1k 2752f1bf21 Merge pull request #746 from cyberpathogen2018/patch-1 
Fixed typo on line 26

Source: https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
 2022-11-22 12:00:42 +00:00
g0tmi1k 8d08bb324d Merge pull request #798 from rodnt/patch-1 
Spring Boot RCE involving JMX enabled

Source: https://github.com/pyn3rd/Spring-Boot-Vulnerability#0x05-spring-boot-rce-involving-jmx-enabled
 2022-11-22 11:58:45 +00:00
CountablyInfinite 59ca9892ba added content discovery for liferay dxp portlets 2022-11-17 20:19:41 +01:00
0x08 5a4acd41bd fix: Dedupe wordlist 2022-11-07 13:01:06 +03:00
0x08 2b6d44ccc4 fix: Dedupe wordlist 2022-11-07 12:34:57 +03:00
0x08 256f4f7d35 fix: Dedupe wordlist 2022-11-07 12:32:42 +03:00
0x08 21b131cd57 fix: Dedupe wordlist 2022-11-07 12:23:37 +03:00
0x08 b9a53f09be fix: Dedupe wordlist 
- Removed duplicated entries.
 2022-11-07 12:18:49 +03:00
0x08 f5cbff84dc Merge branch 'danielmiessler:master' into patch-1 2022-11-03 12:58:32 +03:00
g0tmi1k 74a331a039 [Github Action] Updated LFI-etc-files-of-all-linux-packages.txt 2022-11-01 20:38:52 +00:00
Sébastien Copin db6c286085 fuzz-Bo0oM.txt: "WAF friendly" version 
sed  -r '/(passwd|.htaccess|.asa|.ini|var\/log|%252e%252e|%2e%2e|^\..+)/d' ./fuzz-Bo0oM.txt > ./fuzz-Bo0oM-friendly.txt

Tested against Akamai. For less "Access Denied" issues.
 2022-11-01 16:54:15 +01:00
Dominique RIGHETTO fa80ebcc92 Remove test data 2022-11-01 16:09:57 +01:00
Dominique RIGHETTO 21009d0f90 Update default_cics_transactions.txt 2022-11-01 16:07:41 +01:00
Dominique RIGHETTO 4f9d7ea8f9 Fix error 2022-11-01 16:07:27 +01:00
Dominique RIGHETTO ee7654154f Update default_cics_transactions.txt 2022-11-01 16:05:44 +01:00
Dominique RIGHETTO d29e1b281e Update check-file-for-starting-slash 2022-11-01 16:05:09 +01:00
Dominique RIGHETTO 2522c0e676 Update default_cics_transactions.txt 2022-11-01 16:02:44 +01:00
Dominique RIGHETTO 0b84c0180c Fix error 2022-11-01 16:02:23 +01:00
Dominique RIGHETTO 03fcf37318 Update default_cics_transactions.txt 2022-11-01 15:58:01 +01:00
Dominique RIGHETTO 6f084283ff Update wordlist-validator_verify_entries_for_starting_with_slash.yml 2022-11-01 15:57:43 +01:00
Dominique RIGHETTO 24f756e4b9 Update default_cics_transactions.txt 2022-11-01 15:56:15 +01:00
Dominique RIGHETTO 063b3f4593 Update wordlist-validator_verify_entries_for_starting_with_slash.yml 2022-11-01 15:56:05 +01:00
Dominique RIGHETTO e8c5a5346b Update and rename check-file-for starting-slash to check-file-for-starting-slash 2022-11-01 15:55:59 +01:00
Dominique RIGHETTO cbf9e0ff56 Update default_cics_transactions.txt 2022-11-01 15:52:09 +01:00
Dominique RIGHETTO 08ef31d5d2 Update wordlist-validator_verify_entries_for_starting_with_slash.yml 2022-11-01 15:51:53 +01:00
Dominique RIGHETTO 5a9dcad637 Create check-file-for starting-slash 2022-11-01 15:49:11 +01:00
Dominique RIGHETTO df2a292dbb Update default_cics_transactions.txt 2022-11-01 15:39:28 +01:00
Dominique RIGHETTO dcd04ba2f7 Update wordlist-validator_verify_entries_for_starting_with_slash.yml 2022-11-01 15:39:18 +01:00
Dominique RIGHETTO 18e858ded3 Update default_cics_transactions.txt 2022-11-01 15:31:37 +01:00
Dominique RIGHETTO c0f3478eda Change approach 2022-11-01 15:31:27 +01:00