Split secrets/waf triggering requests into new file.
I use the http.txt file as a general first go to wordlist. I noticed over time and with some targets that it is highly likely to trigger a WAF and get the rest of your requests blocked. So I have moved most of the offending words into a secrets.txt file.
This commit is contained in:
Ciaran
parent
094789c346
commit
85d0e0a2e3
|
|
@ -36,6 +36,7 @@ service
|
|||
show
|
||||
signin
|
||||
signup
|
||||
sso-settings
|
||||
suggest
|
||||
surveys
|
||||
transaction
|
||||
|
|
|
|||
30
http.txt
30
http.txt
|
|
@ -80,13 +80,9 @@ authorization
|
|||
auth-ui
|
||||
billing
|
||||
BitKeeper
|
||||
.build
|
||||
build
|
||||
builds
|
||||
.bzr
|
||||
callback
|
||||
.chef
|
||||
.chef/credentials
|
||||
cicd
|
||||
circleci
|
||||
cms
|
||||
|
|
@ -94,18 +90,14 @@ cms/api
|
|||
common/oauth2/v2.0/
|
||||
conf
|
||||
conf/defaults.ini
|
||||
.config
|
||||
.config/
|
||||
config
|
||||
config/credentials.yml.enc
|
||||
config/slack.yml
|
||||
conf/zoo.cfg
|
||||
.core
|
||||
core
|
||||
coupons
|
||||
credentials.yml
|
||||
custom.ini
|
||||
._darcs
|
||||
dashboard
|
||||
debug
|
||||
debugger
|
||||
|
|
@ -115,13 +107,10 @@ docs
|
|||
elements
|
||||
enduserapp
|
||||
en-us/rest
|
||||
.env
|
||||
example
|
||||
examples
|
||||
fixtures3.json
|
||||
fixtures3.yml
|
||||
.git
|
||||
.gitconfig
|
||||
grafana
|
||||
grafana/api/
|
||||
grafana/grafana.ini
|
||||
|
|
@ -134,18 +123,10 @@ gw-web/api/
|
|||
habitat/plan.sh
|
||||
header
|
||||
health
|
||||
.hg
|
||||
.hta
|
||||
.htaccess
|
||||
.htpasswd
|
||||
.htpasswd-old
|
||||
.htpasswd_test
|
||||
jenkins
|
||||
js
|
||||
jwks
|
||||
jwks.json
|
||||
.kube
|
||||
.kube/config
|
||||
kube_config_cluster.yml
|
||||
kustomization.yml
|
||||
legacy
|
||||
|
|
@ -172,6 +153,7 @@ openid/register
|
|||
organizations
|
||||
password_resets
|
||||
password.txt
|
||||
permissions
|
||||
personal
|
||||
php.ini
|
||||
platform/api/
|
||||
|
|
@ -179,6 +161,7 @@ probe
|
|||
prod
|
||||
prometheus
|
||||
prometheus.yml
|
||||
proxy
|
||||
public
|
||||
rapidoc
|
||||
Readme.md
|
||||
|
|
@ -190,12 +173,13 @@ rest/api/2
|
|||
rest/api/2/
|
||||
risk
|
||||
robots.txt
|
||||
route
|
||||
routes
|
||||
saml2/idp/sso
|
||||
script
|
||||
.secret
|
||||
.secrets
|
||||
secret.yml
|
||||
server-status
|
||||
service
|
||||
sessions
|
||||
settings
|
||||
spec3.json
|
||||
|
|
@ -206,14 +190,11 @@ staged
|
|||
staging
|
||||
static
|
||||
static_configs.yml
|
||||
.svn
|
||||
swagger
|
||||
swagger.json
|
||||
swagger-ui
|
||||
swagger_ui
|
||||
telegraf.conf
|
||||
.terraform
|
||||
.tmp
|
||||
token
|
||||
tokens
|
||||
uploads
|
||||
|
|
@ -221,6 +202,7 @@ user
|
|||
user/2fa
|
||||
user-info
|
||||
username.txt
|
||||
user/permissions
|
||||
user/personal_access_tokens
|
||||
user/settings
|
||||
user-state
|
||||
|
|
|
|||
|
|
@ -0,0 +1,24 @@
|
|||
.build
|
||||
.bzr
|
||||
.chef
|
||||
.chef/credentials
|
||||
.config
|
||||
.config/
|
||||
.core
|
||||
._darcs
|
||||
.env
|
||||
.git
|
||||
.gitconfig
|
||||
.hg
|
||||
.hta
|
||||
.htaccess
|
||||
.htpasswd
|
||||
.htpasswd-old
|
||||
.htpasswd_test
|
||||
.kube
|
||||
.kube/config
|
||||
.secret
|
||||
.secrets
|
||||
.svn
|
||||
.terraform
|
||||
.tmp
|
||||
Loading…
Reference in New Issue