morkin1792 · September 21, 2024 08:56
diff --git a/wordlists.sh b/wordlists.sh
 #!/usr/bin/env zsh
 # reference
 # https://wordlists.assetnote.io/
 # https://github.com/danielmiessler/SecLists/
 # https://github.com/fuzzdb-project/fuzzdb

 BASE=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-DB-Backups.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Logins.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Passwords.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/swagger.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/api/api-endpoints.txt'
    
    ## portuguese
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common-and-portuguese.txt'
    'https://raw.githubusercontent.com/0xrodt/api-br-wordlist/main/wordlist_api_br.txt'
    
    ## extras
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/fuzz-Bo0oM.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/quickhits.txt'
    'https://gist.githubusercontent.com/morkin1792/6f7d25599d1d1779e41cdf035938a28e/raw/zextra.txt'
    # api
    # 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_apiroutes_2024_05_28.txt'
    # files
    # 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_directories_1m_2024_05_28.txt'
 )

 JAVA=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/ApacheTomcat.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/JavaServlets-Common.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/jboss.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/oracle.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/OracleAppServer.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Oracle9i.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Oracle%20EBS%20wordlist.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SunAppServerGlassfish.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/spring-boot.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/tomcat.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/websphere.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/weblogic.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/jrun.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/JRun.fuzz.txt'
    'https://wordlists-cdn.assetnote.io/data/automated/httparchive_jsp_jspa_do_action_2024_05_28.txt'
 )

 PHP=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-PHP-Filenames.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/PHP.fuzz.txt'
    'https://wordlists-cdn.assetnote.io/data/automated/httparchive_cgi_pl_2024_05_28.txt'
    # big
    'https://wordlists-cdn.assetnote.io/data/automated/httparchive_php_2024_05_28.txt'
 )

 ASP=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/IIS.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CommonBackdoors-ASP.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SVNDigger/cat/Language/asp.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SVNDigger/cat/Language/aspx.txt'
    'https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/discovery/predictable-filepaths/login-file-locations/windows-asp.txt'
    'https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/discovery/predictable-filepaths/login-file-locations/windows-aspx.txt'
    # big
    'https://wordlists-cdn.assetnote.io/data/automated/httparchive_aspx_asp_cfm_svc_ashx_asmx_2024_05_28.txt'
 )

 RUBY=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/ror.txt'
 )

 PYTHON=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CMS/Django.txt'
 )


 dir=$(mktemp -d)
 function download() {
    links=( $@ )
    for link in "${links[@]}"; do
        (cd "$dir" && curl -qO "$link")
    done
    sed -i 's/^\///g' $dir/*
    # sed -i 's/\/$//g' $dir/*
 }

 function addDirsearch() {
    download 'https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt'
    dirDirsearch=$(mktemp -d)
    mv $dir/dicc.txt $dirDirsearch
    exts=( $@ )
    for ext in "${exts[@]}"; do
        sed "s/%EXT%/$ext/g" $dirDirsearch/dicc.txt > $dir/dicc_$ext.txt
    done
    rm ${dirDirsearch:?}/dicc.txt
    rmdir ${dirDirsearch:?}
 }

 cat <<EOF
 ## example for generic tech

 download \$BASE #\$PHP \$JAVA \$ASP \$RUBY \$PYTHON
 addDirsearch 'html' 'zip' 'rar' #'php' 'asp' 'jsp'
 cat \$dir/* | grep -Ev 'asp|php|jsp|shutdown|Contribed|ISAPI' | sort -u > base.fuzz.txt
 rm \${dir:?}/*

 EOF
diff --git a/zextra.txt b/zextra.txt
 cms/admin
 global-protect/getsoftwarepage.esp
	#!/usr/bin/env zsh
	# reference
	# https://wordlists.assetnote.io/
	# https://github.com/danielmiessler/SecLists/
	# https://github.com/fuzzdb-project/fuzzdb

	BASE=(
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-DB-Backups.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Logins.fuzz.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Passwords.fuzz.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/swagger.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/api/api-endpoints.txt'

	## portuguese
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common-and-portuguese.txt'
	'https://raw.githubusercontent.com/0xrodt/api-br-wordlist/main/wordlist_api_br.txt'

	## extras
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/fuzz-Bo0oM.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/quickhits.txt'
	'https://gist.githubusercontent.com/morkin1792/6f7d25599d1d1779e41cdf035938a28e/raw/zextra.txt'
	# api
	# 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_apiroutes_2024_05_28.txt'
	# files
	# 'https://wordlists-cdn.assetnote.io/data/automated/httparchive_directories_1m_2024_05_28.txt'
	)

	JAVA=(
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/ApacheTomcat.fuzz.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/JavaServlets-Common.fuzz.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/jboss.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/oracle.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/OracleAppServer.fuzz.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Oracle9i.fuzz.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Oracle%20EBS%20wordlist.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SunAppServerGlassfish.fuzz.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/spring-boot.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/tomcat.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/websphere.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/weblogic.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/jrun.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/JRun.fuzz.txt'
	'https://wordlists-cdn.assetnote.io/data/automated/httparchive_jsp_jspa_do_action_2024_05_28.txt'
	)

	PHP=(
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-PHP-Filenames.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/PHP.fuzz.txt'
	'https://wordlists-cdn.assetnote.io/data/automated/httparchive_cgi_pl_2024_05_28.txt'
	# big
	'https://wordlists-cdn.assetnote.io/data/automated/httparchive_php_2024_05_28.txt'
	)

	ASP=(
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/IIS.fuzz.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CommonBackdoors-ASP.fuzz.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SVNDigger/cat/Language/asp.txt'
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SVNDigger/cat/Language/aspx.txt'
	'https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/discovery/predictable-filepaths/login-file-locations/windows-asp.txt'
	'https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/discovery/predictable-filepaths/login-file-locations/windows-aspx.txt'
	# big
	'https://wordlists-cdn.assetnote.io/data/automated/httparchive_aspx_asp_cfm_svc_ashx_asmx_2024_05_28.txt'
	)

	RUBY=(
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/ror.txt'
	)

	PYTHON=(
	'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CMS/Django.txt'
	)


	dir=$(mktemp -d)
	function download() {
	links=( $@ )
	for link in "${links[@]}"; do
	(cd "$dir" && curl -qO "$link")
	done
	sed -i 's/^\///g' $dir/*
	# sed -i 's/\/$//g' $dir/*
	}

	function addDirsearch() {
	download 'https://raw.githubusercontent.com/maurosoria/dirsearch/master/db/dicc.txt'
	dirDirsearch=$(mktemp -d)
	mv $dir/dicc.txt $dirDirsearch
	exts=( $@ )
	for ext in "${exts[@]}"; do
	sed "s/%EXT%/$ext/g" $dirDirsearch/dicc.txt > $dir/dicc_$ext.txt
	done
	rm ${dirDirsearch:?}/dicc.txt
	rmdir ${dirDirsearch:?}
	}

	cat <<EOF
	## example for generic tech

	download \$BASE #\$PHP \$JAVA \$ASP \$RUBY \$PYTHON
	addDirsearch 'html' 'zip' 'rar' #'php' 'asp' 'jsp'
	cat \$dir/* \| grep -Ev 'asp\|php\|jsp\|shutdown\|Contribed\|ISAPI' \| sort -u > base.fuzz.txt
	rm \${dir:?}/*

	EOF