A curated collection of high-quality special paths for web content discovery, enabling quick identification of sensitive APIs, misconfigurations, and juicy endpoints.
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
This tool is primarily used for web content discovery by pentesters, security engineers, and bug bounty hunters to quickly find valuable endpoints and potential security issues on web applications. It helps in passive scanning for sensitive API paths, infrastructure internals, and known misconfigurations to achieve fast and effective reconnaissance.
The wordlist is intentionally kept short to prioritize quality over quantity, so it is not suitable for exhaustive active scanning. Users are encouraged to complement it with larger wordlists like Assetnote or SecLists for broader coverage. Contributions are welcome to keep the list updated with relevant endpoints.