bugbounty-wordlist

Real world bug bounty wordlists

Go to file

Ciaran 094789c346 Tomcat examples page and Wordpress debug log.		2022-10-22 12:23:02 +01:00
LICENSE	Create LICENSE	2022-10-06 11:33:00 +01:00
README.md	README.md	2022-06-07 02:31:29 +01:00
actions.txt	More in the wild discoveries.	2022-09-29 11:36:24 +01:00
breakpoints.txt	Chrome Dev Tools Console commands.	2022-06-22 07:42:25 +01:00
burp-plugins.txt	Update burp-plugins.txt	2022-07-28 11:46:03 +01:00
dns.txt	Intigriti and YesWeHack.	2022-08-01 20:35:49 +01:00
graphql.txt	More endpoints and a graphql scheme discover query.	2022-07-20 12:20:09 +01:00
headers.txt	HTTP headers to manipulate.	2022-06-28 07:10:27 +01:00
http.txt	Tomcat examples page and Wordpress debug log.	2022-10-22 12:23:02 +01:00
javascript.txt	Remove DOM sinks.	2022-06-26 07:39:31 +01:00
jwt.secrets.list	Add wordlist for JWT secret key cracking.	2022-06-15 21:10:26 +01:00
objects.txt	More in the wild discoveries.	2022-09-29 11:36:24 +01:00
ports.txt	Prometheus related stuff and some more service ports.	2022-07-21 18:48:43 +01:00
resolvers.txt	Public highly caching DNS resolvers to query against.	2022-06-14 17:54:52 +01:00

README.md

What

Wordlists I use for recon and content discovery on programs from hackerone and bugcrowd. These are only things I have actually encountered in production or in documentation of popular tooling. There is no point in having a huge wordlist but only ever getting 2 hits.