GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ayoubfathi → leaky-paths

ayoubfathi / leaky-paths

Licence: other
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

Labels

securityfuzzingreconnucleibugbountypentestdirsearchsecurity-toolsdirbusterffuf

Projects that are alternatives of or similar to leaky-paths

Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+92.11%)
Mutual labels:  fuzzing, recon, bugbounty, pentest
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-71.99%)
Mutual labels:  recon, bugbounty, pentest
Dictionary Of Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (-2.96%)
Mutual labels:  fuzzing, bugbounty, pentest
Lazyrecon
An automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (-44.38%)
Mutual labels:  recon, bugbounty, pentest
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+1329.19%)
Mutual labels:  fuzzing, bugbounty, dirsearch
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (-42.01%)
Mutual labels:  fuzzing, recon, bugbounty
flydns
Related subdomains finder
Stars: ✭ 29 (-94.28%)
Mutual labels:  recon, bugbounty, pentest
CommandGenInterface
Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.
Stars: ✭ 17 (-96.65%)
Mutual labels:  bugbounty, dirsearch
cent
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
Stars: ✭ 315 (-37.87%)
Mutual labels:  nuclei, bugbounty
reconness-agents
Reconness Agents Script
Stars: ✭ 25 (-95.07%)
Mutual labels:  recon, bugbounty
spellbook
Framework for rapid development and reusable of security tools
Stars: ✭ 67 (-86.79%)
Mutual labels:  bugbounty, pentest
Virtual-Host
Modified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-92.5%)
Mutual labels:  nuclei, bugbounty
nerdbug
Full Nuclei automation script with logic explanation.
Stars: ✭ 153 (-69.82%)
Mutual labels:  nuclei, bugbounty
continuous-nuclei
Running nuclei Continuously
Stars: ✭ 45 (-91.12%)
Mutual labels:  nuclei, bugbounty
Sub-Drill
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-86.19%)
Mutual labels:  recon, bugbounty
nozaki
HTTP fuzzer engine security oriented
Stars: ✭ 37 (-92.7%)
Mutual labels:  fuzzing, bugbounty
goverview
goverview - Get an overview of the list of URLs
Stars: ✭ 93 (-81.66%)
Mutual labels:  recon, bugbounty
Pinaak
A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: ✭ 69 (-86.39%)
Mutual labels:  nuclei, bugbounty
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-67.06%)
Mutual labels:  recon, bugbounty
CVE-2021-44228-PoC-log4j-bypass-words
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Stars: ✭ 760 (+49.9%)
Mutual labels:  bugbounty, pentest
View All Similar Projects ➔

About

A collection of special paths linked to major web CVEs, known juicy APIs, misconfigurations.. etc. These could be used for web-content discovery as a way to find quick wins.

Update: I have removed all the other sub-list files and kept everything consolidated on "all-files". This would be much better to remove confusion and keep it all-in-one.

Goal

I started this repository to make it open for everyone to contribute, with the simple goal of making high-quality wordlists for the community. It could be very helpful whether Pentesters use it for their assessments, security engineers as a part of their DAST solution, or bug bounty hunters to scan a massive number of subdomains/hosts looking for quick wins using high-quality wordlists; this should be your go-to for quick hits on any targets. It includes:

  • A curated list of PATHs linked to previous CVEs; you can use it to scan passively for endpoints related to CVEs.

  • PATHs associated with known misconfigurations, endpoints that leak sensitive data, grant access to some special parts of the app .. etc.

  • Special paths that usually expose API endpoints or server information. Perfectly suitable for discovering more "hidden" APIs, interesting and verbose endpoints.

Contribution

Feel free to open a new Pull-request if you have a new CVE endpoint to add or simply any special paths that usually return juicy information.

Please note that the wordlist is intentionally short to focus only on high-quality endpoints, so it is not vast enough to rely entirely on it for active scanning.

For extended and large wordlists, please refer to Assetnote and SecLists

Credits

  • A special thanks to project-discovery, a large part of the CVE endpoints were extracted from their projects.

  • Many endpoints were also curated from this tweet by NahamSec

  • Others were shared by various individuals, from tweets, Hackerone reports, personal wordlists.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].