bugbounty-wordlist

Real world bug bounty wordlists

Go to file

buggysolid 2ce1c7fbe4 Add some API endpoint discovery content.		2022-07-19 23:06:52 +01:00
LICENSE	Initial commit	2022-06-07 02:04:41 +01:00
README.md	README.md	2022-06-07 02:31:29 +01:00
actions.txt	Add some API endpoint discovery content.	2022-07-19 23:06:52 +01:00
breakpoints.txt	Chrome Dev Tools Console commands.	2022-06-22 07:42:25 +01:00
burp-plugins.txt	New keywords and new file.	2022-06-16 06:33:38 +01:00
dns.txt	More authentication related words.	2022-06-17 10:22:38 +01:00
headers.txt	HTTP headers to manipulate.	2022-06-28 07:10:27 +01:00
http.txt	Add some API endpoint discovery content.	2022-07-19 23:06:52 +01:00
javascript.txt	Remove DOM sinks.	2022-06-26 07:39:31 +01:00
jwt.secrets.list	Add wordlist for JWT secret key cracking.	2022-06-15 21:10:26 +01:00
objects.txt	Add some API endpoint discovery content.	2022-07-19 23:06:52 +01:00
ports.txt	Add multiple different dns, port and http keywords	2022-06-08 22:34:57 +01:00
resolvers.txt	Public highly caching DNS resolvers to query against.	2022-06-14 17:54:52 +01:00

README.md

What

Wordlists I use for recon and content discovery on programs from hackerone and bugcrowd. These are only things I have actually encountered in production or in documentation of popular tooling. There is no point in having a huge wordlist but only ever getting 2 hits.