z0rs
/
bugbounty-wordlist
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
60 Commits 1 Branch 0 Tags 177 KiB
Commit Graph

60 Commits

Author SHA1 Message Date
Ciaran 5abb65d901 Kong paths and ports. 
https://docs.konghq.com/gateway/3.2.x/get-started/services-and-routes/
 2023-03-13 13:20:22 +00:00
Ciaran 3ad56c8452 Update Burp Suite Settings. 
Updated enabled plugins.
Tuned connection timeout values.
Changed proxy history view settings to hide .js files.
 2023-02-17 11:44:20 +00:00
Ciaran 0430dec54f Update Documentation. 2023-02-11 13:12:44 +00:00
Ciaran 1529ec1095 Tune Burp Suite JVM options. 2023-02-09 18:48:51 +00:00
Ciaran 87b588b237 Add more initial discovery paths and update burp suite settings. 2023-02-06 14:31:52 +00:00
Ciaran 23489f7c69 Update regex. 2023-02-04 22:51:58 +00:00
Ciaran 89699e9e15 Logger++ is currently very graphically glitchy for me. 
Revert back to using the normal logger built into Burp.

Note that Logger++ is very nice.
 2023-02-04 21:57:32 +00:00
Ciaran b0c39eba88 Add some JVM optimisations. 
I am using OpenJDK via https://adoptium.net
 2023-02-04 16:14:48 +00:00
Ciaran 75c969a356 Add my burp suite project settings. 2023-02-04 12:54:01 +00:00
Ciaran bcb7d763d0 Emulator command to use with MOBSF. 2023-02-03 21:41:44 +00:00
Ciaran e58fc4ebc8 RE patterns to use with burp suite traffic. 2023-02-02 21:52:24 +00:00
Ciaran 32ccbcc48c Add basic XSS sink and payload 2022-12-31 19:21:41 +00:00
Ciaran 29081eef9b Update burp plugins. 
This is the current full list of plugins I use. I don't have them all
enabaled at the same time.

If you run into weird issues with Burp Suite, turn your
plugins/extensions off.
 2022-12-31 19:20:21 +00:00
Ciaran 85448dd951 Add GCP region name patterns. 2022-12-09 06:36:35 +00:00
Ciaran 4122d2d336 More from Shopify. 2022-11-18 17:04:26 +00:00
Ciaran 572b29c5bc Use introspection query used by GraphQL Voyager. 
https://ivangoncharov.github.io/graphql-voyager/
 2022-11-15 17:43:37 +00:00
Ciaran 1f9f97d2b1 More SHOP. 2022-11-15 16:03:13 +00:00
Ciaran b431e57996 Shopify OAuth proxy. 2022-11-15 13:06:58 +00:00
Ciarán 313a07941f
Update README.md 2022-11-12 11:04:49 +00:00
Ciaran 85d0e0a2e3 Split secrets/waf triggering requests into new file. 
I use the http.txt file as a general first go to wordlist.

I noticed over time and with some targets that it is highly likely to
trigger a WAF and get the rest of your requests blocked.

So I have moved most of the offending words into a secrets.txt file.
 2022-11-06 14:32:44 +00:00
Ciaran 094789c346 Tomcat examples page and Wordpress debug log. 2022-10-22 12:23:02 +01:00
Ciaran dbc9fd67b4
Create LICENSE 
Change license.
 2022-10-06 11:33:00 +01:00
Ciaran 02232d67c5 More in the wild discoveries. 2022-09-29 11:36:24 +01:00
buggysolid 05f8baedb8 Collected from data analysis of internet traffic. 2022-08-02 09:44:39 +01:00
buggysolid 22f466b76f Intigriti and YesWeHack. 2022-08-01 20:35:49 +01:00
Ciaran ae2b1a84e5
Add some common airport code/data center locations 2022-08-01 11:40:00 +01:00
Ciaran b7210ef0e8
Update burp-plugins.txt 
Swap the name of the plugins to the repos where they are found so they can be manually built for use with Burp Community Edition.
 2022-07-28 11:46:03 +01:00
buggysolid 08c4afe5e7 Bugbounty Hackerone. 2022-07-25 17:15:18 +01:00
buggysolid 84f285df58 Prometheus related stuff and some more service ports. 2022-07-21 18:48:43 +01:00
buggysolid 4a66c0fff9 More endpoints and a graphql scheme discover query. 2022-07-20 12:20:09 +01:00
buggysolid e4a97a1e34 More endpoints from doing URL analysis from urlscan.io 2022-07-20 11:36:46 +01:00
buggysolid 6a306bbe9c Pinterest 2022-07-19 23:16:48 +01:00
buggysolid 2ce1c7fbe4 Add some API endpoint discovery content. 2022-07-19 23:06:52 +01:00
buggysolid 73c4eb07d1 API endpoints from private program. 2022-07-19 19:33:31 +01:00
buggysolid 2e49eedf91 API endpoints from keybase. 2022-07-15 19:24:07 +01:00
buggysolid 82d1ead182 Magento2 2022-07-01 06:35:40 +01:00
buggysolid bd8995ace9 HTTP headers to manipulate. 2022-06-28 07:10:27 +01:00
Ciaran 927b48f85b Remove DOM sinks. 2022-06-26 07:39:31 +01:00
buggysolid 32676f15bf Some words from PortSwigger access control labs. 2022-06-24 08:10:33 +01:00
buggysolid 03d966cfba Remove incorrectly spelt graphql word. 2022-06-24 07:54:34 +01:00
buggysolid dbb82054a1 Chrome Dev Tools Console commands. 2022-06-22 07:42:25 +01:00
Your Name 75fa6dd9be Debuggger breakpoints to add via dev tools console. 2022-06-20 20:37:49 +01:00
Your Name 38f719fdc8 Add some DOM related sinks. 2022-06-20 19:07:16 +01:00
Your Name 5342f3d11e Setup/Config related words. 2022-06-19 09:05:28 +01:00
Your Name 52d7ce5b8e More authentication related words. 2022-06-17 10:22:38 +01:00
Your Name 1f57944179 More authnz related keywords. 2022-06-16 10:10:12 +01:00
Your Name 9ad4e27eeb OAuth and JWT related keywords. 
https://portswigger.net/web-security/oauth
https://portswigger.net/web-security/jwt
 2022-06-16 07:30:20 +01:00
Your Name 6807a52d5b New keywords and new file. 
I am using the free version of Burp Suite for now so sometimes it unloads/forgets
which extentions you are using. I am commiting the ones I have found useful so I can
reinstall them each time I start burp.
 2022-06-16 06:33:38 +01:00
Your Name 41d51d709f Add wordlist for JWT secret key cracking. 2022-06-15 21:10:26 +01:00
Your Name 3699372c77 Public highly caching DNS resolvers to query against. 2022-06-14 17:54:52 +01:00