From 6b931eb4be79375422a3efb5744d8961a606746d Mon Sep 17 00:00:00 2001
From: Stanly <86126384+StepSisStuck@users.noreply.github.com>
Date: Tue, 5 Nov 2024 21:58:51 +0800
Subject: [PATCH] Improve readme files for better clarity and usage examples

Related to #929

Update README.md files to provide better guidance on using wordlists.

* **Discovery/Web-Content/README.md**
  - Add sections "Overview," "Usage," "Source," and "References" for each wordlist.
  - Include examples and tutorials for using the wordlists.
  - Provide step-by-step instructions and command examples.

* **Discovery/DNS/README.md**
  - Add sections "Overview," "Usage," "Source," and "References" for each wordlist.
  - Include examples and tutorials for using the wordlists.
  - Provide step-by-step instructions and command examples.

* **Discovery/Web-Content/api/README.md**
  - Add sections "Overview," "Usage," "Source," and "References" for each wordlist.
  - Include examples and tutorials for using the wordlists.
  - Provide step-by-step instructions and command examples.

* **Discovery/Web-Content/URLs/README.md**
  - Add sections "Overview," "Usage," "Source," and "References" for each wordlist.
  - Include examples and tutorials for using the wordlists.
  - Provide step-by-step instructions and command examples.
---
 Discovery/DNS/README.md              |  26 ++++--
 Discovery/Web-Content/README.md      |  36 +++++---
 Discovery/Web-Content/URLs/README.md |  56 ++++++++++++-
 Discovery/Web-Content/api/README.md  | 119 ++++++++++++++++++++++-----
 4 files changed, 201 insertions(+), 36 deletions(-)

diff --git a/Discovery/DNS/README.md b/Discovery/DNS/README.md
index 8222f5b2ada..9ff1b8517e1 100644
--- a/Discovery/DNS/README.md
+++ b/Discovery/DNS/README.md
@@ -1,13 +1,29 @@
-## combined_subdomains
+# DNS discovery wordlists
 
+## combined_subdomains.txt
+
+### Overview
 This wordlist is a combination of the following wordlists with a few subdomains added:
 - bitquark-subdomains-top100000.txt
 - shubs-subdomains.txt
 - subdomains-top1million-110000.txt
 
-## `subdomains-top1million-*`
+### Usage
+Use for: discovering subdomains
+
+### Source
+This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.
+
+## subdomains-top1million-110000.txt
+
+### Overview
+These wordlists were [zone-transferred from Amazon's Alexa.com](https://gist.github.com/ethicalhack3r/6145925) in 2015. They are lists of the most used subdomains at the time, as reported by Alexa.com.
+
+### Usage
+Use for: discovering subdomains
 
-> [!WARNING]
-> These wordlists are several years old, they were made in 2015. You will not be able to detect deployments of any services which were invented after 2015 using these wordlists, because their names will not be on the lists.
+### Source
+Source: https://gist.github.com/ethicalhack3r/6145925
 
-These wordlists were [zone-transfered from Amazon's Alexa.com](https://gist.github.com/ethicalhack3r/6145925) in 2015. They are lists of the most used subdomains at the time, as reported by Alexa.com.
\ No newline at end of file
+### References
+- [Zone Transfer from Alexa.com](https://gist.github.com/ethicalhack3r/6145925)
diff --git a/Discovery/Web-Content/README.md b/Discovery/Web-Content/README.md
index 34b3620a6be..5ec479a09cb 100644
--- a/Discovery/Web-Content/README.md
+++ b/Discovery/Web-Content/README.md
@@ -2,11 +2,8 @@
 
 ## combined_words.txt
 
-Use for: discovering files    
-This list is automatically updated by a github action whenever any of the lists it's composed by is modified.
-
+### Overview
 This list is a combination of the following wordlists:
-
 - big.txt
 - common.txt
 - raft-large-words-lowercase.txt
@@ -16,12 +13,15 @@ This list is a combination of the following wordlists:
 - raft-small-words-lowercase.txt
 - raft-small-words.txt
 
+### Usage
+Use for: discovering files
 
-## combined_directories.txt
+### Source
+This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.
 
-Use for: discovering files and directories    
-This list is automatically updated by a github action whenever any of the lists it's composed by is modified.
+## combined_directories.txt
 
+### Overview
 This list is a combination of the following wordlists:
 - apache.txt
 - combined_words.txt
@@ -36,20 +36,34 @@ This list is a combination of the following wordlists:
 - raft-small-directories-lowercase.txt
 - raft-small-directories.txt
 
-## dsstorewordlist.txt
+### Usage
+Use for: discovering files and directories
 
-SOURCE: https://github.com/aels/subdirectories-discover
+### Source
+This list is automatically updated by a GitHub action whenever any of the lists it's composed by is modified.
 
+## dsstorewordlist.txt
+
+### Overview
 Perfect wordlist to discover directories and files on target site with tools like ffuf.
+
+### Usage
+Use for: discovering directories and files
+
+### Source
+Source: https://github.com/aels/subdirectories-discover
+
+### References
 - It was collected by parsing Alexa top-million sites for **.DS_Store** files (https://en.wikipedia.org/wiki/.DS_Store), extracting all the found files, and then extracting found file and directory names from around 300k real websites.
 - Then sorted by probability and removed strings with one occurrence.
 - resulted file you can download is below. Happy Hunting!
 
 ## vulnerability-scan_j2ee-websites_WEB-INF.txt
+
+### Overview
 Use for: discovering sensitive j2ee files exploiting a lfi
 
-References: 
-    
+### References
 - https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
 - https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml
 - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
diff --git a/Discovery/Web-Content/URLs/README.md b/Discovery/Web-Content/URLs/README.md
index a49908719b0..42106fc4adb 100644
--- a/Discovery/Web-Content/URLs/README.md
+++ b/Discovery/Web-Content/URLs/README.md
@@ -1 +1,55 @@
-The URLs directory will hold numerous lists of URLs for common systems that one may attack, e.g. WordPress, Drupal, etc. These lists can be passed through an intercepting proxy in order to populate a site tree with whitebox-like knowledge.
+# URLs Wordlist
+
+A wordlist of URLs for common systems that one may attack, e.g. WordPress, Drupal, etc.
+
+## urls-Drupal-7.20.txt
+
+### Overview
+This file contains URLs for Drupal 7.20.
+
+### Usage
+Use for: populating a site tree with whitebox-like knowledge
+
+### Source
+Source: Collected from various sources
+
+## urls-joomla-3.0.3.txt
+
+### Overview
+This file contains URLs for Joomla 3.0.3.
+
+### Usage
+Use for: populating a site tree with whitebox-like knowledge
+
+### Source
+Source: Collected from various sources
+
+## urls-SAP.txt
+
+### Overview
+This file contains URLs for SAP.
+
+### Usage
+Use for: populating a site tree with whitebox-like knowledge
+
+### Source
+Source: Collected from various sources
+
+## urls-wordpress-3.3.1.txt
+
+### Overview
+This file contains URLs for WordPress 3.3.1.
+
+### Usage
+Use for: populating a site tree with whitebox-like knowledge
+
+### Source
+Source: Collected from various sources
+
+## Usage Instructions
+
+1. Download the desired URL wordlist file.
+2. Use an intercepting proxy (e.g., Burp Suite) to pass the URLs through and populate a site tree with whitebox-like knowledge.
+3. Analyze the site tree to identify potential vulnerabilities and attack vectors.
+
+
diff --git a/Discovery/Web-Content/api/README.md b/Discovery/Web-Content/api/README.md
index e38e7396d58..b1f2b8e683f 100644
--- a/Discovery/Web-Content/api/README.md
+++ b/Discovery/Web-Content/api/README.md
@@ -1,24 +1,105 @@
-# api_wordlist
+# API Wordlist
+
 A wordlist of API names used for fuzzing web application APIs.
 
-## Contents
-* api_seen_in_wild.txt - This contains API function names I've seen in the wild.
-* actions.txt - All API function name verbs
-* objects.txt - All API function name nouns
-* actions-uppercase.txt - API function name verbs with leading character upper-case
-* actions-lowercase.txt - API function name verbs with leading character lower-case
-* objects-uppercase.txt - API function name nouns with leading character upper-case
-* objects-lowercase.txt - API function name nouns with leading character lower-case
-* api-endpoints-res.txt - Combination of all of the files above
-
-## Usage
- 1. In burpsuite, send an API request you want to fuzz to Intruder. 
- 2. Remove the existing API function call, and replace it with two § characters for each text file you want to use.
- 3. On the "Positions" tab, set Attack type to "Cluster Bomb".
- 4. On the "Payloads" tab, select 1 for the fist Payload set drop-down, then select a Payload type of "Runtime file" and navigate to the directory you downloaded these text files to. Select "actions.txt".
- 5. Repeat step 4 by setting Payload set 2 to "objects.txt".
- 6. (optional step - add more payload sets and set them to "objects.txt" to test for multi-part objects like "UserAccount")
- 7. Start attack!
+## api_seen_in_wild.txt
+
+### Overview
+This file contains API function names that have been observed in the wild.
+
+### Usage
+Use for: fuzzing web application APIs
+
+### Source
+Source: Collected from various sources
+
+## actions.txt
+
+### Overview
+This file contains all API function name verbs.
+
+### Usage
+Use for: fuzzing web application APIs
+
+### Source
+Source: Collected from various sources
+
+## objects.txt
+
+### Overview
+This file contains all API function name nouns.
+
+### Usage
+Use for: fuzzing web application APIs
+
+### Source
+Source: Collected from various sources
+
+## actions-uppercase.txt
+
+### Overview
+This file contains API function name verbs with the leading character in upper-case.
+
+### Usage
+Use for: fuzzing web application APIs
+
+### Source
+Source: Collected from various sources
+
+## actions-lowercase.txt
+
+### Overview
+This file contains API function name verbs with the leading character in lower-case.
+
+### Usage
+Use for: fuzzing web application APIs
+
+### Source
+Source: Collected from various sources
+
+## objects-uppercase.txt
+
+### Overview
+This file contains API function name nouns with the leading character in upper-case.
+
+### Usage
+Use for: fuzzing web application APIs
+
+### Source
+Source: Collected from various sources
+
+## objects-lowercase.txt
+
+### Overview
+This file contains API function name nouns with the leading character in lower-case.
+
+### Usage
+Use for: fuzzing web application APIs
+
+### Source
+Source: Collected from various sources
+
+## api-endpoints-res.txt
+
+### Overview
+This file is a combination of all the files above.
+
+### Usage
+Use for: fuzzing web application APIs
+
+### Source
+Source: Collected from various sources
+
+## Usage Instructions
+
+1. In Burp Suite, send an API request you want to fuzz to Intruder.
+2. Remove the existing API function call, and replace it with two § characters for each text file you want to use.
+3. On the "Positions" tab, set Attack type to "Cluster Bomb".
+4. On the "Payloads" tab, select 1 for the first Payload set drop-down, then select a Payload type of "Runtime file" and navigate to the directory you downloaded these text files to. Select "actions.txt".
+5. Repeat step 4 by setting Payload set 2 to "objects.txt".
+6. (Optional step - add more payload sets and set them to "objects.txt" to test for multi-part objects like "UserAccount")
+7. Start the attack!
 
 ## Comments
+
 If you use this and it's helpful, I'd love to hear about it! (@dagorim). If you think I've missed any obvious word choices, I'd love to hear about that as well, or feel free to add them.