There's Nothing so Permanent as Temporary
bo0om / fuzz.txt Goto Github PK
View Code? Open in Web Editor NEWPotentially dangerous files
Home Page: https://t.me/webpwn
License: Do What The F*ck You Want To Public License
fuzz.txt's Introduction
fuzz.txt's People
Contributors
Stargazers
Watchers
Forkers
allyshka h0wl dimawebmaker raum01 uziuser arsenyll ngo c002 own2pwn putsi notsofunny therawman security-geeks robinl1 coreb1t imangazalievforks sireof diegslva nikalexey aethereternity lmkhuyen cyber01 secfb fb11 lowk3v mmg1 chemouri wisdark gr0upr1sk mgcfish xsseng xiaohuihui1113 jsvazic 0xvic jbarcia ketlerd cmscardoso alexlauerman slowmistio grayhats hackinglz bbhunter pentestjosh cryptosecdev shahid1996 longjohncoder nmbr7 eastrd gitbork dgotrik shaunstanislauslau idkwim holinder4s hack121 ouadiagamrane mehrdad-shokri sry309 bradleyball nbolabs w00t3k 5up3rc jamalmo jespinhara bipabo1l mharjac prosecurity yolosec modulexcite maleus andrielc ilovecode2018 atombug mosesrenegade suhailms nhanledinh sts0mrg0 rootstage rootsystem2010 dyjakan securux exrienz peeren pentesting proxy-gem himanshudas thezedwards pnigos n0n3m4 al00000000al santinoled ibadr3 diegosantosc l9c moldabekov jjsdub556 kingofthebeat deevroman xacce zshell31 ergozfuzz.txt's Issues
[Improvement] Some new checks
.circleci/.firebase.secrets.json.enc
.circleci/.firebase.secrets.json
Add /debug/routes and /routes
Если загуглить как посмотреть все роуты ASP.NET, много рекомендаций в первой выдаче - создать новый роут /debug/routes или /routes, который их будет перечислять. Возможно, такие же "рекомендации" есть и для других фреймворков.
https://www.meziantou.net/list-all-routes-in-an-asp-net-core-application.htm
https://stackoverflow.com/questions/41908957/get-all-registered-routes-in-asp-net-core
Добавить:
debug/routes
routes
Two entries were detected by akamai
This was reported in danielmiessler/SecLists#943
Two entries in the list was caught by akamai waf
remote/fgt_lang?lang=/../../../../////////////////////////bin/sslvpnd
remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
This is meant to be an informative notice so no immediate actions need to be taken.
Add phpbb
How about adding /phpbb path?
I think this word should be added
I think this word should be added
vtigercrm
.dmp and .sav
.dmp and .sav
.dmp is sometimes generated by windows unattended upgrade/migration scripts/tools
.sav commom for doze nimdas to name their +1 old backup of registry hives
.sys while you're at it.. pagefile(s)
.out
Add checks for Spring Boot Actuator
Consider adding checks for Spring Boot Actuator, which if openly accessible in production can be leveraged to run trace, dump memory, manipulate environment variables, etc. [1][2][3]
/actuator
/actuator/auditevents
/actuator/autoconfig
/actuator/beans
/actuator/caches
/actuator/conditions
/actuator/configprops
/actuator/env
/actuator/flyway
/actuator/health
/actuator/httptrace
/actuator/info
/actuator/integrationgraph
/actuator/loggers
/actuator/liquibase
/actuator/metrics
/actuator/mappings
/actuator/scheduledtasks
/actuator/sessions
/actuator/shutdown
/actuator/threaddump
/actuator/heapdump
/actuator/jolokia
/actuator/logfile
/actuator/prometheus
.bak
.bak
g
g
Add security.txt
I think if there are robots.txt in you wordlist, it would be nice to add security.txt file:
.well-known/security.txt
script to run it?
script to run it?
images
Any image file could be dangerous; people will click on to open.
PDFs are in themselves dangerous, esp if they execute scripts inside.
validation-key.txt
N
Suggest removing logout
Not sure if you want a PR for this, but I suggest removing potential logout URLs. They are a lot more problematic than useful in my opinion, and don't fit this targeted list well.
logout
logout.asp
logout/
Add fuzz.txt
Add fuzz.txt to the list. How is it dangerous? SkriptKiddies could use this to find out how the listed files are dangerous, and use them.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.