pentest wordlists

wordlists.sh

#!/usr/bin/env zsh
# reference
# https://wordlists.assetnote.io/
# https://github.com/danielmiessler/SecLists/
# https://github.com/fuzzdb-project/fuzzdb

BASE=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-DB-Backups.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Logins.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Passwords.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/swagger.txt'
    
    ## portugues
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/common-and-portuguese.txt'
    'https://raw.githubusercontent.com/pownx/api-br-wordlist/main/wordlist_api_br.txt'
    
    ## extras
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/fuzz-Bo0oM.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/quickhits.txt'
)

JAVA=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/ApacheTomcat.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/JavaServlets-Common.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/jboss.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/oracle.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/OracleAppServer.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Oracle9i.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Oracle%20EBS%20wordlist.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SunAppServerGlassfish.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/spring-boot.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/tomcat.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/websphere.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/weblogic.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/jrun.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/JRun.fuzz.txt'
)

PHP=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/Common-PHP-Filenames.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/PHP.fuzz.txt'
)

ASP=(
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/IIS.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/CommonBackdoors-ASP.fuzz.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SVNDigger/cat/Language/asp.txt'
    'https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SVNDigger/cat/Language/aspx.txt'
    'https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/discovery/predictable-filepaths/login-file-locations/windows-asp.txt'
    'https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/discovery/predictable-filepaths/login-file-locations/windows-aspx.txt'
)


dir=$(mktemp -d)
function download() {
    links=( $@ )
    for link in "${links[@]}"; do
        (cd "$dir" && curl -qO "$link")
    done
    sed -i 's/^\///g' "$dir"/*
}

download $BASE #$PHP

cat $dir/* | grep -Ev 'asp|php|jsp|shutdown' | sort -u > base.fuzz.txt