A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
A collection of special paths linked to major web CVEs, known juicy APIs, misconfigurations.. etc. These could be used for web-content discovery as a way to find quick wins.
Update: I have removed all the other sub-list files and kept everything consolidated on "all-files". This would be much better to remove confusion and keep it all-in-one.
I started this repository to make it open for everyone to contribute, with the simple goal of making high-quality wordlists for the community. It could be very helpful whether Pentesters use it for their assessments, security engineers as a part of their DAST solution, or bug bounty hunters to scan a massive number of subdomains/hosts looking for quick wins using high-quality wordlists; this should be your go-to for quick hits on any targets. It includes:
A curated list of PATHs linked to previous CVEs; you can use it to scan passively for endpoints related to CVEs.
PATHs associated with known misconfigurations, endpoints that leak sensitive data, grant access to some special parts of the app .. etc.
Special paths that usually expose API endpoints or server information. Perfectly suitable for discovering more "hidden" APIs, interesting and verbose endpoints.
Feel free to open a new Pull-request if you have a new CVE endpoint to add or simply any special paths that usually return juicy information.
Please note that the wordlist is intentionally short to focus only on high-quality endpoints, so it is not vast enough to rely entirely on it for active scanning.