Diccionarios para el descubrimiento de rutas (URL paths) en aplicaciones web

Cuando nos enfrentamos por primera vez a una aplicación web, ya sea en una máquina de laboratorio o en un entorno real, es imprescindible lanzar un escaneo o fuzzing de directorios para encontrar posibles rutas que nos descubran productos presentes y/o fallos de configuración como ficheros accesibles de respaldo, listado de directorios, paneles de administración, etc.

Para ello, tenemos varias herramientas como DirBuster, Dirb, WFuzz, dirsearch, Cansina, Gobuster... y muchas veces su uso casi depende de los gustos de cada uno. Pero sin duda, lo verdaderamente importante para el descubrimiento de rutas en una aplicación web es el uso de un buen diccionario, tanto para los nombres de directorios como para los nombres de archivo con su extensión correspondiente.

Si hacéis CTFs ya sabéis que lo normal es usar common.txt de dirb, o el big.txt de wfuzz, o si detectamos previamente el producto lanzar un diccionario más dirigido. En esta entrada recopilamos los diccionarios presentes en Kali Linux junto con el número de palabras de cada uno (find . -type f -exec wc -l {} + | sort -rn),  además de los de SecList y fuzzdb, bajo mi punto de vista imprescindibles:

root@kali:/usr/share/wordlists/wfuzz/general# find . -type f -exec wc -l {} + | sort -rn
51800 total
45463 ./megabeast.txt
3036 ./big.txt
1660 ./medium.txt
950 ./common.txt
257 ./spanish.txt
143 ./catala.txt
136 ./admin-panels.txt
49 ./mutations_common.txt
35 ./euskera.txt
32 ./http_methods.txt
28 ./extensions_common.txt
11 ./test.txt

root@kali:/usr/share/wordlists/dirb# find . -type f -exec wc -l {} + | sort -rn
133549 total
65536 ./stress/unicode.txt
20469 ./big.txt
17576 ./stress/test_ext.txt
8607 ./others/names.txt
4614 ./common.txt
3494 ./vulns/cgis.txt
2711 ./vulns/fatwire_pagenames.txt
1708 ./vulns/sharepoint.txt
1111 ./vulns/sap.txt
1075 ./vulns/oracle.txt
1049 ./others/best1050.txt
959 ./small.txt
579 ./vulns/hyperion.txt
560 ./vulns/websphere.txt
449 ./spanish.txt
361 ./vulns/weblogic.txt
291 ./vulns/domino.txt
256 ./stress/uri_hex.txt
256 ./stress/doble_uri_hex.txt
238 ./vulns/hpsmh.txt
197 ./euskera.txt
161 ./catala.txt
129 ./vulns/jersey.txt
121 ./vulns/ror.txt
110 ./others/best110.txt
101 ./vulns/fatwire.txt
...


root@kali:/usr/share/wordlists/dirbuster# find . -type f -exec wc -l {} + | sort -rn
817191 total
220560 ./directory-list-2.3-medium.txt
207643 ./directory-list-lowercase-2.3-medium.txt
141708 ./directory-list-1.0.txt
87664 ./directory-list-2.3-small.txt
81643 ./directory-list-lowercase-2.3-small.txt
58688 ./directories.jbrofuzz
10355 ./apache-user-enum-2.0.txt
8930 ./apache-user-enum-1.0.txt

root@kali:/usr/share/wordlists# gzip -d rockyou.txt.gz
root@kali:/usr/share/wordlists# wc -l rockyou.txt
14344392 rockyou.txt


root@kali:~/SecLists/Discovery/Web_Content# find . -type f -exec wc -l {} + | sort -rn

1106886 total
119600 ./raft-large-words.txt
107982 ./raft-large-words-lowercase.txt
63087 ./raft-medium-words.txt
62290 ./raft-large-directories.txt
56293 ./raft-medium-words-lowercase.txt
56180 ./raft-large-directories-lowercase.txt
43135 ./SVNDigger/all.txt
43003 ./raft-small-words.txt
41516 ./big_portuguese-dictionary.txt
38267 ./raft-small-words-lowercase.txt
37037 ./raft-large-files.txt
35323 ./raft-large-files-lowercase.txt
30009 ./raft-medium-directories.txt
26593 ./raft-medium-directories-lowercase.txt
25419 ./SVNDigger/all-extensionless.txt
20721 ./SVNDigger/cat/Language/php.txt
20475 ./big.txt
20122 ./raft-small-directories.txt
17776 ./raft-small-directories-lowercase.txt
17128 ./raft-medium-files.txt
16544 ./CMS/sitemap_magento.txt
16243 ./raft-medium-files-lowercase.txt
13366 ./CMS/wp_plugins.fuzz.txt
11424 ./raft-small-files.txt
10848 ./raft-small-files-lowercase.txt
8796 ./CMS/kentico_cms_modules_themes.txt
8531 ./Apache.fuzz.txt
5967 ./SVNDigger/all-dirs.txt
5160 ./Common_PHP_Filenames.txt
5070 ./common_and_italian.txt
4989 ./common_and_spanish.txt
4936 ./common_and_portugese.txt
4906 ./common_and_french.txt
4755 ./URLs/urls_joomla_3.0.3.txt
4593 ./common.txt
4388 ./common_and_dutch.txt
3948 ./CGI_XPlatform.fuzz.txt
3859 ./SVNDigger/cat/Language/html.txt
3646 ./CMS/wp_themes.fuzz.txt
3547 ./SVNDigger/cat/Language/js.txt
3388 ./cgis.txt
2588 ./burp-parameter-names.txt
2454 ./UserAgents.fuzz.txt
2450 ./raft-large-extensions.txt
2417 ./SVNDigger/cat/Language/cs.txt
2367 ./raft-large-extensions-lowercase.txt
2365 ./quickhits.txt
2346 ./KitchensinkDirectories.fuzz.txt
2142 ./CMS/php-nuke.fuzz.txt
1708 ./sharepoint.txt
1708 ./CMS/sharepoint.txt
1671 ./CMS/Sharepoint.fuzz.txt
1334 ./SVNDigger/cat/Database/xml.txt
1320 ./CMS/caobox_cms.txt
1289 ./raft-medium-extensions.txt
1239 ./SVNDigger/cat/Language/css.txt
1233 ./raft-medium-extensions-lowercase.txt
1096 ./sap.txt
1055 ./URLs/urls_Drupal_7.20.txt
1036 ./oracle.txt
1000 ./Top1000-RobotsDisallowed.txt
...

root@kali:~/SecLists/Discovery/Web_Content/CMS# find . -type f -exec wc -l {} + | sort -rn
51578 total
16544 ./sitemap_magento.txt
13366 ./wp_plugins.fuzz.txt
8796 ./kentico_cms_modules_themes.txt
3646 ./wp_themes.fuzz.txt
2142 ./php-nuke.fuzz.txt
1708 ./sharepoint.txt
1671 ./Sharepoint.fuzz.txt
1320 ./caobox_cms.txt
873 ./wordpress.fuzz.txt
828 ./drupal_themes.fuzz.txt
224 ./joomla_plugins.fuzz.txt
203 ./ColdFusion.fuzz2.txt
111 ./ColdFusion.fuzz.txt
74 ./backup_files.txt
30 ./joomla_themes.fuzz.txt
19 ./SiteMinder.fuzz.txt
17 ./SAP.fuzz.txt
6 ./drupal_plugins.fuzz.txt

root@kali:~/SecLists/Discovery/Web_Content/URLs# find . -type f -exec wc -l {} + | sort -rn
6887 total
4755 ./urls_joomla_3.0.3.txt
1055 ./urls_Drupal_7.20.txt
925 ./urls_wordpress_3.3.1.txt
151 ./urls_SAP.txt
1 ./README.txt

root@kali:~/fuzzdb/discovery/predictable-filepaths/cms# find . -type f -exec wc -l {} + | sort -rn

32097 total
13365 ./wp_plugins.txt
7336 ./wp_themes.txt
6319 ./drupal_plugins.txt
2142 ./php-nuke.txt
1566 ./wordpress.txt
827 ./drupal_themes.txt
225 ./wp_plugins_top225.txt
224 ./joomla_plugins.txt
46 ./wp_common_theme_files.txt
30 ./joomla_themes.txt
12 ./wp_themes.readme
5 ./README.md

root@kali:~/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce# find . -type f -exec wc -l {} + | sort -rn
799713 total
119600 ./raft-large-words.txt
107982 ./raft-large-words-lowercase.txt
63087 ./raft-medium-words.txt
62290 ./raft-large-directories.txt
56293 ./raft-medium-words-lowercase.txt
56180 ./raft-large-directories-lowercase.txt
43003 ./raft-small-words.txt
38267 ./raft-small-words-lowercase.txt
37037 ./raft-large-files.txt
35323 ./raft-large-files-lowercase.txt
30009 ./raft-medium-directories.txt
26593 ./raft-medium-directories-lowercase.txt
20122 ./raft-small-directories.txt
17776 ./raft-small-directories-lowercase.txt
17576 ./3CharExtBrute.txt
17128 ./raft-medium-files.txt
16243 ./raft-medium-files-lowercase.txt
11424 ./raft-small-files.txt
10848 ./raft-small-files-lowercase.txt
2450 ./raft-large-extensions.txt
2367 ./raft-large-extensions-lowercase.txt
1918 ./WordlistSkipfish.txt
1289 ./raft-medium-extensions.txt
1233 ./raft-medium-extensions-lowercase.txt
963 ./raft-small-extensions.txt
914 ./raft-small-extensions-lowercase.txt
863 ./Extensions.Common.txt
445 ./spanish.txt
186 ./Extensions.Compressed.txt
93 ./Extensions.Skipfish.txt
80 ./CommonWebExtensions.txt
44 ./upload_variants.txt
36 ./test_demo.txt
30 ./Extensions.Mostcommon.txt
13 ./Extensions.Backup.txt
8 ./copy_of.txt

root@kali:~/fuzzdb/discovery/predictable-filepaths/webservers-appservers# find . -type f -exec wc -l {} + | sort -rn
7234 total
1937 ./Joomla_exploitable.txt
1707 ./Sharepoint.txt
578 ./Hyperion.txt
452 ./SAP.txt
390 ./FatwireCMS.txt
366 ./Websphere.txt
239 ./HP_System_Mgmt_Homepage.txt
206 ./LotusNotes.txt
191 ./OracleAppServer.txt
187 ./IIS.txt
160 ./Weblogic.txt
121 ./Ruby_Rails.txt
111 ./ColdFusion.txt
101 ./Apache.txt
86 ./ADFS.txt
73 ./Vignette.txt
60 ./Oracle9i.txt
51 ./SunAppServerGlassfish.txt
47 ./ApacheTomcat.txt
38 ./Frontpage.txt
35 ./SuniPlanet.txt
19 ./SiteMinder.txt
18 ./Netware.txt
16 ./Apache_Axis.txt
16 ./AdobeXML.txt
13 ./JRun.txt
6 ./README.md
5 ./JBoss.txt
3 ./JavaServlets_Common.txt
2 ./HTTP_POST_Microsoft.txt

0 comentarios :

Publicar un comentario