911 B
What
Wordlists I use for recon and content discovery on programs from hackerone and bugcrowd. These are only things I have actually encountered in production or in documentation of popular tooling. There is no point in having a huge wordlist but only ever getting 2 hits.
How I use these lists?
http.txt
I use this as my initial discovery list.
So for example if I found an endpoint that is returning 404 for the web root.
I will use http.txt to see if there is any content there.
Sometimes I may use it recursively.
objects.txt
I generally use this if I find some sort of API/RPC type endpoint like /api to discover the resources that the API can interact with.
actions.txt
I use this this after discovery API objects to try map out what actions are supported.
For example say you found /api, then you found /api/account and then you run this wordlist and you find /api/account/auth