Add Swagger / OpenAPI / Redoc paths to dir_wordlist (#1378)

[ChrisJr404]

Summary

Closes #1378.

Nettacker currently only detects Swagger / OpenAPI passively through technology fingerprinting in `web_technologies.yaml` (matching `swagger-ui-bundle.js` in response bodies). That leaves the active recon path blind to the dozens of well-known endpoints applications expose by default — exactly what the issue describes.

This MR appends 28 new paths to `nettacker/lib/payloads/wordlists/dir_wordlist.txt` so the `dir_scan` / `config_scan` modules can actively probe for exposed API documentation.

Paths added

Family	Examples
Swagger UI variants	`swagger`, `swagger/`, `swagger-ui`, `swagger-ui/`, `swagger-ui.html`, `swagger-ui/index.html`
Swagger spec files	`swagger.json`, `swagger.yaml`, `swagger.yml`, `swagger/v1/swagger.json`, `swagger/v2/swagger.json`
api-docs family	`api-docs`, `api-docs/`, `api/swagger`, `api/swagger.json`, `api/swagger-ui.html`, `v2/api-docs`, `v3/api-docs` (springdoc / springfox)
OpenAPI 3 specs	`openapi`, `openapi.json`, `openapi.yaml`, `openapi.yml`, `api/openapi.json`, `api/openapi.yaml` (FastAPI, Connexion, Smithy)
Redoc + dev routes	`redoc`, `docs/swagger`, `docs/api`, `docs/openapi.json`

These endpoints frequently expose full API schemas and unauthenticated routes, so adding them to the active wordlist materially improves Nettacker's API recon coverage with no false-positive risk (404 responses are still 404s).

Diff

nettacker/lib/payloads/wordlists/dir_wordlist.txt  | 30 ++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)

29 net new lines (one was already a deduplicated entry on the existing trailing-line write).

Test plan

• Wordlist file format preserved (newline-delimited, no trailing newline added).
• No duplicate entries: appended 28 of 28 candidates after deduping against the existing 1965 entries.
• No syntax change required for the consumer modules (`dir_scan` / `config_scan` already iterate the wordlist line-by-line).

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f1393b1b-520e-4e41-80f8-d35018aa12ee

📥 Commits

Reviewing files that changed from the base of the PR and between a2157ee and b92c7b0.

📒 Files selected for processing (1)

• nettacker/lib/payloads/wordlists/dir_wordlist.txt

---

Summary by CodeRabbit

• New Features
  • Expanded detection wordlist with additional directory and file candidates for API documentation endpoints, including Swagger/OpenAPI-related tokens, paths, and documentation route variants.

Walkthrough

The PR extends the directory wordlist with Swagger/OpenAPI endpoint variants commonly exposed during API reconnaissance. It adds 29 entries covering /swagger, /swagger-ui, swagger.json/yaml, versioned API documentation paths, and docs/* subdirectories after the existing ~www entry.

Changes

Swagger/OpenAPI Wordlist Expansion

Layer / File(s)	Summary
Wordlist Content nettacker/lib/payloads/wordlists/dir_wordlist.txt	29 new Swagger/OpenAPI endpoint candidates added (lines 1966–1994): /swagger, /swagger-ui, /swagger-ui.html, /swagger.json, /swagger.yaml, /swagger.yml, /v1/swagger, /v2/swagger, /v3/api-docs, /api-docs, /openapi, /openapi.json, and docs/* variants.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

The linked issue must be assigned to the PR author.