[Feature request]: API Documentation Wordlist for Pentesters

[z5jt]

Describe the feature request:
I would like to propose the inclusion of my API Documentation Wordlist, which assists penetration testers in locating API Swagger files or other related documentation. This wordlist is designed to help identify attack surfaces within API endpoints, facilitating the discovery of more potential vulnerabilities.

Additional context:
https://github.com/z5jt/API-documentation-Wordlist/blob/main/API-Documentation-Wordlist/api-documentation-endpoint1.txt
API-documentation-Wordlist

I’ve created two versions: one that includes a forward slash (/) at the beginning of the endpoint and one without. This distinction helps pentesters easily select the most appropriate wordlist based on the tools they are using.

Next steps:
I tried to open a pull request, but i got an error [Pull request creation failed. Validation failed: must be a collaborator]

• I intend to open a pull request later

[ItsIgnacioPortal]

We already have a swagger wordlist at Discovery\Web-Content\Service-Specific\Swagger.txt, but yours seems to have a lot more content. Could it be possible to merge the contents of both lists into one?

Comparing both files, the current one in SecLists has these lines which are not present in your file:

• .well-known/openapi.json
• .well-known/openapi.yaml
• api/swagger-ui.html
• api/v1/swagger-ui.html
• api/v2/swagger-ui.html
• api/v3/api-docs/swagger-config
• openapi.yml
• swagger-resources/configuration/ui
• swagger-ui.html
• swagger-ui/index.html
• swagger.yaml
• swagger.yml
• swagger/static/index.html

For many of those lines, the lines are present, but without the .html suffix. Even if current versions of Swagger don't use the .html prefix, maybe older versions do. Could it be worth it to duplicate all endpoints that don't have a file extension, and add the .html prefix to them?

---

I tried to open a pull request, but i got an error [Pull request creation failed. Validation failed: must be a collaborator]

That's very strange. Perhaps it was a temporary problem with github servers? We haven't changed any project settings, so anyone should be able to make a pull request 🤔