z0rs
/
bugbounty-wordlist
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Documentation.

This commit is contained in:
Ciaran 2023-02-11 13:12:44 +00:00
parent 1529ec1095
commit 0430dec54f
3 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -4,6 +4,18 @@ Wordlists I use for recon and content discovery on programs from hackerone and b
# How I use these lists?
## android.txt
This is just the command I use to launch an android VM to use with MobileSecurityFramework as Geny motion is having issues with the GPU drivers I have on Linux.
## breakpoints.txt
These are commands that can be run the dev tools console of Chromium based browsers.
## burp-plugins.txt
These are some of the plugins for Burp I have installed but does not mean I have turned on at all times. I try not to rely on plugins too much as they distract you from looking at the core application.
## http.txt
I use this as my initial discovery list.
@ -23,3 +35,19 @@ I generally use this if I find some sort of API/RPC type endpoint like /api to d
I use this this after discovery API objects to try map out what actions are supported.
For example say you found /api, then you found /api/account and then you run this wordlist and you find /api/account/auth
## regex.txt
You can use these in the burp suite search function, Logger++ or Highlight and Extract plugin.
## xss.txt
This is just a basic taint query I use to then trace through the application so I can easily search for "taint" and then see where it is located and which characters are escaped.
## secrets.txt
These were triggering WAFs too frequently so I split them out into their own file. Generally you are likely better off using Burps built in interesting files but this wordlist is nice and small.
## *.vmoptions files
These tune the JVM for the JRE that ships with BurpSuite. I have modified the garbage collection algorithm to use a more efficient algorithm and I have applied several graphics related tweaks.

5
burp-plugins.txt
View File

@ -1,10 +1,7 @@
Turbo Intruder
HTTP Request Smuggler
Collaborator Everywhere
JWT Editor
Param Miner
UUID Detector
JS Miner
CSRF Scanner
OAUTH Scan
InQL
OAUTH Scan

2
regex.txt
View File

@ -1 +1 @@
(api|\/api\/|\/v[1-10]\/|\/\d*\.\d*\/)
(api|\/api\/|\/v[1-10]\/|\/\d*\.\d*\/)