Add humans.txt and security.txt files to Web-Content discovery file lists

danielmiessler / SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project

MIT License

58.55k stars 23.92k forks source link

Add humans.txt and security.txt files to Web-Content discovery file lists #893

Closed phillipdade closed 11 months ago

phillipdade commented 1 year ago

The following files should be added to the raft-*-files.txt list:

humans.txt security.txt

These files would likely reside within the .well-known directory so maybe should be added in there too, but not sure if these file lists are suitable location

.well-known/humans.txt .well-known/security.txt

karliszigurs commented 1 year ago

why?

g0tmi1k commented 1 year ago

Why the raft-* lists?

ItsIgnacioPortal commented 1 year ago

Please keep in mind that the source for the raft-* wordlists is the Google RAFT project. Perhaps SecLists/Discovery/Web-Content/common.txt would be better suited for these contributions.

common.txt already has .well-known/security.txt, so all that would be left to add is .well-known/humans.txt. For context, see: https://humanstxt.org/

g0tmi1k commented 11 months ago

@phillipdade Woudl you like to add this to a MR?

g0tmi1k commented 11 months ago

Done (Thanks @molangning )