Split secrets/waf triggering requests into new file.
I use the http.txt file as a general first go to wordlist. I noticed over time and with some targets that it is highly likely to trigger a WAF and get the rest of your requests blocked. So I have moved most of the offending words into a secrets.txt file.
This commit is contained in:
Ciaran
parent
094789c346
commit
85d0e0a2e3
|
|
@ -36,6 +36,7 @@ service
|
||||||
show
|
show
|
||||||
signin
|
signin
|
||||||
signup
|
signup
|
||||||
|
sso-settings
|
||||||
suggest
|
suggest
|
||||||
surveys
|
surveys
|
||||||
transaction
|
transaction
|
||||||
|
|
|
||||||
30
http.txt
30
http.txt
|
|
@ -80,13 +80,9 @@ authorization
|
||||||
auth-ui
|
auth-ui
|
||||||
billing
|
billing
|
||||||
BitKeeper
|
BitKeeper
|
||||||
.build
|
|
||||||
build
|
build
|
||||||
builds
|
builds
|
||||||
.bzr
|
|
||||||
callback
|
callback
|
||||||
.chef
|
|
||||||
.chef/credentials
|
|
||||||
cicd
|
cicd
|
||||||
circleci
|
circleci
|
||||||
cms
|
cms
|
||||||
|
|
@ -94,18 +90,14 @@ cms/api
|
||||||
common/oauth2/v2.0/
|
common/oauth2/v2.0/
|
||||||
conf
|
conf
|
||||||
conf/defaults.ini
|
conf/defaults.ini
|
||||||
.config
|
|
||||||
.config/
|
|
||||||
config
|
config
|
||||||
config/credentials.yml.enc
|
config/credentials.yml.enc
|
||||||
config/slack.yml
|
config/slack.yml
|
||||||
conf/zoo.cfg
|
conf/zoo.cfg
|
||||||
.core
|
|
||||||
core
|
core
|
||||||
coupons
|
coupons
|
||||||
credentials.yml
|
credentials.yml
|
||||||
custom.ini
|
custom.ini
|
||||||
._darcs
|
|
||||||
dashboard
|
dashboard
|
||||||
debug
|
debug
|
||||||
debugger
|
debugger
|
||||||
|
|
@ -115,13 +107,10 @@ docs
|
||||||
elements
|
elements
|
||||||
enduserapp
|
enduserapp
|
||||||
en-us/rest
|
en-us/rest
|
||||||
.env
|
|
||||||
example
|
example
|
||||||
examples
|
examples
|
||||||
fixtures3.json
|
fixtures3.json
|
||||||
fixtures3.yml
|
fixtures3.yml
|
||||||
.git
|
|
||||||
.gitconfig
|
|
||||||
grafana
|
grafana
|
||||||
grafana/api/
|
grafana/api/
|
||||||
grafana/grafana.ini
|
grafana/grafana.ini
|
||||||
|
|
@ -134,18 +123,10 @@ gw-web/api/
|
||||||
habitat/plan.sh
|
habitat/plan.sh
|
||||||
header
|
header
|
||||||
health
|
health
|
||||||
.hg
|
|
||||||
.hta
|
|
||||||
.htaccess
|
|
||||||
.htpasswd
|
|
||||||
.htpasswd-old
|
|
||||||
.htpasswd_test
|
|
||||||
jenkins
|
jenkins
|
||||||
js
|
js
|
||||||
jwks
|
jwks
|
||||||
jwks.json
|
jwks.json
|
||||||
.kube
|
|
||||||
.kube/config
|
|
||||||
kube_config_cluster.yml
|
kube_config_cluster.yml
|
||||||
kustomization.yml
|
kustomization.yml
|
||||||
legacy
|
legacy
|
||||||
|
|
@ -172,6 +153,7 @@ openid/register
|
||||||
organizations
|
organizations
|
||||||
password_resets
|
password_resets
|
||||||
password.txt
|
password.txt
|
||||||
|
permissions
|
||||||
personal
|
personal
|
||||||
php.ini
|
php.ini
|
||||||
platform/api/
|
platform/api/
|
||||||
|
|
@ -179,6 +161,7 @@ probe
|
||||||
prod
|
prod
|
||||||
prometheus
|
prometheus
|
||||||
prometheus.yml
|
prometheus.yml
|
||||||
|
proxy
|
||||||
public
|
public
|
||||||
rapidoc
|
rapidoc
|
||||||
Readme.md
|
Readme.md
|
||||||
|
|
@ -190,12 +173,13 @@ rest/api/2
|
||||||
rest/api/2/
|
rest/api/2/
|
||||||
risk
|
risk
|
||||||
robots.txt
|
robots.txt
|
||||||
|
route
|
||||||
|
routes
|
||||||
saml2/idp/sso
|
saml2/idp/sso
|
||||||
script
|
script
|
||||||
.secret
|
|
||||||
.secrets
|
|
||||||
secret.yml
|
secret.yml
|
||||||
server-status
|
server-status
|
||||||
|
service
|
||||||
sessions
|
sessions
|
||||||
settings
|
settings
|
||||||
spec3.json
|
spec3.json
|
||||||
|
|
@ -206,14 +190,11 @@ staged
|
||||||
staging
|
staging
|
||||||
static
|
static
|
||||||
static_configs.yml
|
static_configs.yml
|
||||||
.svn
|
|
||||||
swagger
|
swagger
|
||||||
swagger.json
|
swagger.json
|
||||||
swagger-ui
|
swagger-ui
|
||||||
swagger_ui
|
swagger_ui
|
||||||
telegraf.conf
|
telegraf.conf
|
||||||
.terraform
|
|
||||||
.tmp
|
|
||||||
token
|
token
|
||||||
tokens
|
tokens
|
||||||
uploads
|
uploads
|
||||||
|
|
@ -221,6 +202,7 @@ user
|
||||||
user/2fa
|
user/2fa
|
||||||
user-info
|
user-info
|
||||||
username.txt
|
username.txt
|
||||||
|
user/permissions
|
||||||
user/personal_access_tokens
|
user/personal_access_tokens
|
||||||
user/settings
|
user/settings
|
||||||
user-state
|
user-state
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,24 @@
|
||||||
|
.build
|
||||||
|
.bzr
|
||||||
|
.chef
|
||||||
|
.chef/credentials
|
||||||
|
.config
|
||||||
|
.config/
|
||||||
|
.core
|
||||||
|
._darcs
|
||||||
|
.env
|
||||||
|
.git
|
||||||
|
.gitconfig
|
||||||
|
.hg
|
||||||
|
.hta
|
||||||
|
.htaccess
|
||||||
|
.htpasswd
|
||||||
|
.htpasswd-old
|
||||||
|
.htpasswd_test
|
||||||
|
.kube
|
||||||
|
.kube/config
|
||||||
|
.secret
|
||||||
|
.secrets
|
||||||
|
.svn
|
||||||
|
.terraform
|
||||||
|
.tmp
|
||||||
Loading…
Reference in New Issue