z0rs
/
bugbounty-wordlist
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
59 Commits 1 Branch 0 Tags 177 KiB
Commit Graph

59 Commits

Author SHA1 Message Date
Ciaran 3ad56c8452 Update Burp Suite Settings. 
Updated enabled plugins.
Tuned connection timeout values.
Changed proxy history view settings to hide .js files.
 2023-02-17 11:44:20 +00:00
Ciaran 0430dec54f Update Documentation. 2023-02-11 13:12:44 +00:00
Ciaran 1529ec1095 Tune Burp Suite JVM options. 2023-02-09 18:48:51 +00:00
Ciaran 87b588b237 Add more initial discovery paths and update burp suite settings. 2023-02-06 14:31:52 +00:00
Ciaran 23489f7c69 Update regex. 2023-02-04 22:51:58 +00:00
Ciaran 89699e9e15 Logger++ is currently very graphically glitchy for me. 
Revert back to using the normal logger built into Burp.

Note that Logger++ is very nice.
 2023-02-04 21:57:32 +00:00
Ciaran b0c39eba88 Add some JVM optimisations. 
I am using OpenJDK via https://adoptium.net
 2023-02-04 16:14:48 +00:00
Ciaran 75c969a356 Add my burp suite project settings. 2023-02-04 12:54:01 +00:00
Ciaran bcb7d763d0 Emulator command to use with MOBSF. 2023-02-03 21:41:44 +00:00
Ciaran e58fc4ebc8 RE patterns to use with burp suite traffic. 2023-02-02 21:52:24 +00:00
Ciaran 32ccbcc48c Add basic XSS sink and payload 2022-12-31 19:21:41 +00:00
Ciaran 29081eef9b Update burp plugins. 
This is the current full list of plugins I use. I don't have them all
enabaled at the same time.

If you run into weird issues with Burp Suite, turn your
plugins/extensions off.
 2022-12-31 19:20:21 +00:00
Ciaran 85448dd951 Add GCP region name patterns. 2022-12-09 06:36:35 +00:00
Ciaran 4122d2d336 More from Shopify. 2022-11-18 17:04:26 +00:00
Ciaran 572b29c5bc Use introspection query used by GraphQL Voyager. 
https://ivangoncharov.github.io/graphql-voyager/
 2022-11-15 17:43:37 +00:00
Ciaran 1f9f97d2b1 More SHOP. 2022-11-15 16:03:13 +00:00
Ciaran b431e57996 Shopify OAuth proxy. 2022-11-15 13:06:58 +00:00
Ciarán 313a07941f
Update README.md 2022-11-12 11:04:49 +00:00
Ciaran 85d0e0a2e3 Split secrets/waf triggering requests into new file. 
I use the http.txt file as a general first go to wordlist.

I noticed over time and with some targets that it is highly likely to
trigger a WAF and get the rest of your requests blocked.

So I have moved most of the offending words into a secrets.txt file.
 2022-11-06 14:32:44 +00:00
Ciaran 094789c346 Tomcat examples page and Wordpress debug log. 2022-10-22 12:23:02 +01:00
Ciaran dbc9fd67b4
Create LICENSE 
Change license.
 2022-10-06 11:33:00 +01:00
Ciaran 02232d67c5 More in the wild discoveries. 2022-09-29 11:36:24 +01:00
buggysolid 05f8baedb8 Collected from data analysis of internet traffic. 2022-08-02 09:44:39 +01:00
buggysolid 22f466b76f Intigriti and YesWeHack. 2022-08-01 20:35:49 +01:00
Ciaran ae2b1a84e5
Add some common airport code/data center locations 2022-08-01 11:40:00 +01:00
Ciaran b7210ef0e8
Update burp-plugins.txt 
Swap the name of the plugins to the repos where they are found so they can be manually built for use with Burp Community Edition.
 2022-07-28 11:46:03 +01:00
buggysolid 08c4afe5e7 Bugbounty Hackerone. 2022-07-25 17:15:18 +01:00
buggysolid 84f285df58 Prometheus related stuff and some more service ports. 2022-07-21 18:48:43 +01:00
buggysolid 4a66c0fff9 More endpoints and a graphql scheme discover query. 2022-07-20 12:20:09 +01:00
buggysolid e4a97a1e34 More endpoints from doing URL analysis from urlscan.io 2022-07-20 11:36:46 +01:00
buggysolid 6a306bbe9c Pinterest 2022-07-19 23:16:48 +01:00
buggysolid 2ce1c7fbe4 Add some API endpoint discovery content. 2022-07-19 23:06:52 +01:00
buggysolid 73c4eb07d1 API endpoints from private program. 2022-07-19 19:33:31 +01:00
buggysolid 2e49eedf91 API endpoints from keybase. 2022-07-15 19:24:07 +01:00
buggysolid 82d1ead182 Magento2 2022-07-01 06:35:40 +01:00
buggysolid bd8995ace9 HTTP headers to manipulate. 2022-06-28 07:10:27 +01:00
Ciaran 927b48f85b Remove DOM sinks. 2022-06-26 07:39:31 +01:00
buggysolid 32676f15bf Some words from PortSwigger access control labs. 2022-06-24 08:10:33 +01:00
buggysolid 03d966cfba Remove incorrectly spelt graphql word. 2022-06-24 07:54:34 +01:00
buggysolid dbb82054a1 Chrome Dev Tools Console commands. 2022-06-22 07:42:25 +01:00
Your Name 75fa6dd9be Debuggger breakpoints to add via dev tools console. 2022-06-20 20:37:49 +01:00
Your Name 38f719fdc8 Add some DOM related sinks. 2022-06-20 19:07:16 +01:00
Your Name 5342f3d11e Setup/Config related words. 2022-06-19 09:05:28 +01:00
Your Name 52d7ce5b8e More authentication related words. 2022-06-17 10:22:38 +01:00
Your Name 1f57944179 More authnz related keywords. 2022-06-16 10:10:12 +01:00
Your Name 9ad4e27eeb OAuth and JWT related keywords. 
https://portswigger.net/web-security/oauth
https://portswigger.net/web-security/jwt
 2022-06-16 07:30:20 +01:00
Your Name 6807a52d5b New keywords and new file. 
I am using the free version of Burp Suite for now so sometimes it unloads/forgets
which extentions you are using. I am commiting the ones I have found useful so I can
reinstall them each time I start burp.
 2022-06-16 06:33:38 +01:00
Your Name 41d51d709f Add wordlist for JWT secret key cracking. 2022-06-15 21:10:26 +01:00
Your Name 3699372c77 Public highly caching DNS resolvers to query against. 2022-06-14 17:54:52 +01:00
Your Name 84164eb70b Add new wordlist for searching javascript files. 
There is usually a lot of juicy information in javascript files and it is
where a large portion of the applications functionality resides these days.

Knowing what to search for is helpful considering some websites javascript files
can be 10's of thousands of lines long.
 2022-06-14 09:27:33 +01:00