1.14b - Wordlist, path mapping, cflags, put detection, and doc changes

- Several new wordlist entries, courtesy of Glastopf Honeypot: http://glastopf.org/index.php - A tweak to path mapping detection logic to detect certain path mappings. - Makefile now honors external LDFLAGS, CFLAGS. - Some more documentation tweaks. - PUT detection logic.
2010-03-23 15:04:21 -04:00 · 2010-03-23 15:04:21 -04:00 · 61ba870458
parent cb51cd8988
commit 61ba870458
11 changed files with 435 additions and 20 deletions
--- a/14
+++ b/14
@ -1,3 +1,17 @@
+Version 1.14b:
+--------------
+
+  - Several new wordlist entries, courtesy of Glastopf Honeypot:
+    http://glastopf.org/index.php
+
+  - A tweak to path mapping detection logic to detect certain path mappings.
+
+  - Makefile now honors external LDFLAGS, CFLAGS.
+
+  - Some more documentation tweaks.
+
+  - PUT detection logic.
+
 Version 1.13b:
 --------------

--- a/4
+++ b/4
@ -26,10 +26,10 @@ INCFILES   = alloc-inl.h string-inl.h debug.h types.h http_client.h \
             database.h crawler.h analysis.h config.h report.h

 CFLAGS_GEN = -Wall -funsigned-char -g -ggdb -D_FORTIFY_SOURCE=0 \
-             -I/usr/local/include/ -I/opt/local/include/
+             -I/usr/local/include/ -I/opt/local/include/ $(CFLAGS)
 CFLAGS_DBG = $(CFLAGS_GEN) -DLOG_STDERR=1 -DDEBUG_ALLOCATOR=1
 CFLAGS_OPT = $(CFLAGS_GEN) -O3 -Wno-format
-LDFLAGS    = -lcrypto -lssl -lidn -lz -L/usr/local/lib/ -L/opt/local/lib
+LDFLAGS   += -lcrypto -lssl -lidn -lz -L/usr/local/lib/ -L/opt/local/lib

 all: $(PROGNAME)

--- a/1
+++ b/1
@ -99,6 +99,7 @@ A rough list of the security checks offered by the tool is outlined below.
    - Server-side XML / XPath injection (including blind vectors).
    - Format string vulnerabilities.
    - Integer overflow vulnerabilities. 
+    - Locations accepting HTTP PUT.

  * Medium risk flaws (potentially leading to data compromise):

--- a/assets/index.html
+++ b/assets/index.html
@ -286,6 +286,7 @@ var issue_desc= {
  "50104": "Format string vector",
  "50105": "Integer overflow vector",
  "50201": "SQL query or similar syntax in parameters"
+  "50301": "PUT request accepted"

 };

--- a/config.h
+++ b/config.h
@ -23,7 +23,7 @@
 #ifndef _HAVE_CONFIG_H
 #define _HAVE_CONFIG_H

-#define VERSION "1.13b"
+#define VERSION "1.14b"

 #define USE_COLOR               1       /* Use terminal colors             */

--- a/crawler.c
+++ b/crawler.c
@ -202,8 +202,10 @@ static void destroy_misc_data(struct pivot_desc* pv,
 static u8 dir_404_callback(struct http_request*, struct http_response*);
 static u8 dir_ips_callback(struct http_request*, struct http_response*);
 static void inject_init(struct pivot_desc*);
+static void inject_init2(struct pivot_desc*);
 static void crawl_dir_dict_init(struct pivot_desc*);
 static u8 dir_dict_callback(struct http_request*, struct http_response*);
+static u8 inject_put_callback(struct http_request*, struct http_response*);
 static u8 inject_check0_callback(struct http_request*, struct http_response*);
 static u8 inject_check1_callback(struct http_request*, struct http_response*);
 static u8 inject_check2_callback(struct http_request*, struct http_response*);
@ -430,12 +432,56 @@ static void secondary_ext_init(struct pivot_desc* pv, struct http_request* req,
 /* Common initialization of security injection attacks. */

 static void inject_init(struct pivot_desc* pv) {
+
+  DEBUG_HELPER(pv);
+
+  /* Do a PUT probe, but only on directories proper. */
+
+  if (pv->state == PSTATE_CHILD_INJECT) {
+    struct http_request* n;
+    n = req_copy(pv->req, pv, 1);
+    if (n->method) ck_free(n->method);
+    n->method   = ck_strdup((u8*)"PUT");
+    n->callback = inject_put_callback;
+    replace_slash(n, (u8*)("PUT-" BOGUS_FILE));
+    async_request(n);
+  } else {
+    inject_init2(pv);
+  }
+
+}
+
+
+/* CALLBACK FOR PUT CHECK: Examines if PUT succeeded. In general,
+   a 2xx code and response body different from the pivot is 
+   the best we can do. */
+
+static u8 inject_put_callback(struct http_request* req,
+                              struct http_response* res) {
+
+  DEBUG_CALLBACK(req, res);
+
+  if (FETCH_FAIL(res)) {
+    handle_error(req, res, (u8*)"during PUT checks", 0);
+  } else {
+    if (res->code >= 200 && res->code < 300 &&
+        !same_page(&RPRES(req)->sig, &res->sig)) {
+      problem(PROB_PUT_DIR, req, res, 0, req->pivot, 0);
+    }
+  }
+
+  inject_init2(req->pivot);
+  return 0;
+
+}
+
+
+/* Starts injection attacks proper. */
+
+static void inject_init2(struct pivot_desc* pv) {
  struct http_request* n;
  u32 i;

-  /* pv->state may change after async_request() calls in
-     insta-fail mode, so we should cache accordingly. */
-
  DEBUG_HELPER(pv);

  /* CHECK 0: See if the response is stable. If it fluctuates
@ -449,7 +495,6 @@ static void inject_init(struct pivot_desc* pv) {
    n->user_val = i;
    async_request(n);
  }
-
 }


@ -462,6 +507,9 @@ static u8 inject_check0_callback(struct http_request* req,
  u32 orig_state = req->pivot->state;
  u8* tmp = NULL;

+  /* pv->state may change after async_request() calls in
+     insta-fail mode, so we should cache accordingly. */
+
  DEBUG_CALLBACK(req, res);

  if (FETCH_FAIL(res)) {
@ -2649,7 +2697,7 @@ static u8 dir_dict_callback(struct http_request* req,

 u8 fetch_unknown_callback(struct http_request* req, struct http_response* res) {
  u32 i = 0 /* bad gcc */;
-  struct pivot_desc* par;
+  struct pivot_desc *par;
  struct http_request* n;

  RPRES(req) = res;
@ -2683,7 +2731,7 @@ u8 fetch_unknown_callback(struct http_request* req, struct http_response* res) {
     response, assume file. This is a workaround for some really
     quirky architectures. */

-  if (par && res->pay_len && res->code == 200 && 
+  if (par && res->pay_len && res->code >= 200 && res->code < 400 &&
      same_page(&par->unk_sig, &res->sig)) {

    req->pivot->type = PIVOT_FILE;
--- a/database.h
+++ b/database.h
@ -280,6 +280,8 @@ u8 is_c_sens(struct pivot_desc* pv);

 #define PROB_SQL_PARAM          50201           /* SQL-like parameter        */

+#define PROB_PUT_DIR            50301           /* HTTP PUT accepted         */
+
 /* - Severity macros: */

 #define PSEV(_x) ((_x) / 10000)
--- a/dictionaries/README-FIRST
+++ b/dictionaries/README-FIRST
@ -71,7 +71,7 @@ Dictionaries are used for the following tasks:
 3) For any non-404 file or directory discovered by any other means, the scanner
   also attempts all <node_filename>.<extension> combinations, to discover,
   for example, entries such as 'index.php.old'. This behavior is independent
-   of the -Y option.
+   of the -Y option, since it is much less request-intensive.

 ----------------------
 Supplied dictionaries:
@ -155,7 +155,8 @@ the technologies used by your target host to regular 'w' records.

 Whichever option you choose, be sure to make a *copy* of this dictionary, and
 load that copy, not the original, via -W. The specified file will be overwritten
-with site-specific information unless -V used.
+with site-specific information unless -V used - and you probably want to keep
+the original around.

 ----------------------------------
 Bah, these dictionaries are small!
@ -172,22 +173,23 @@ for a single directory would take 30-40 hours against a slow server; and even
 with a fast one, at least 5 hours is to be expected.

 DirBuster uses a unique approach that seems promising at first sight - to
-base their wordlists depending on how often a particular keyword appeared in
-URLs seen on the Internet. This is interesting, but comes with two gotchas:
+base their wordlists on how often a particular keyword appeared in URLs seen on
+the Internet. This is interesting, but comes with two gotchas:

  - Keywords related to popular websites and brands are heavily
    overrepresented; DirBuster wordlists have 'bbc_news_24', 'beebie_bunny',
    and 'koalabrothers' near the top of their list, but it is pretty unlikely
    these keywords would be of any use in real-world assessments of a typical
-    site, unless it happens to be BBC.
+    site, unless it happens to be BBC or Disney.

  - Some of the most interesting security-related keywords are not commonly
    indexed, and may appear, say, on no more than few dozen or few thousand
    crawled websites in Google index. But, that does not make 'AggreSpy' or
-    '.ssh/authorized_keys' any less interesting.
+    '.ssh/authorized_keys' any less interesting - in fact, you might care
+    about them a whole lot more.

-Bottom line is, poor wordlists are one of the reasons why some other web
-security scanners perform worse than expected, so please - be careful. You will
-almost always be better off narrowing down or selectively extending the
-supplied set (and possibly contributing back your changes upstream!), than
-importing a giant wordlist from elsewhere.
+Bottom line is, tread carefully; poor wordlists are one of the reasons why some
+web security scanners perform worse than expected. You will almost always be
+better off narrowing down or selectively extending the supplied set (and
+possibly contributing back your changes upstream!), than importing a giant
+wordlist scored elsewhere.
--- a/dictionaries/complete.wl
+++ b/dictionaries/complete.wl
@ -209,6 +209,8 @@ w 1 1 1 XXX
 w 1 1 1 _
 w 1 1 1 _adm
 w 1 1 1 _admin
+w 1 1 1 _common
+w 1 1 1 _conf
 w 1 1 1 _files
 w 1 1 1 _include
 w 1 1 1 _js
@ -250,12 +252,15 @@ w 1 1 1 activex
 w 1 1 1 ad
 w 1 1 1 adclick
 w 1 1 1 add
+w 1 1 1 addpost
 w 1 1 1 addressbook
 w 1 1 1 adm
 w 1 1 1 admin
 w 1 1 1 admin_
+w 1 1 1 adodb
 w 1 1 1 ads
 w 1 1 1 adv
+w 1 1 1 advanced
 w 1 1 1 advertise
 w 1 1 1 advertising
 w 1 1 1 affiliate
@ -273,7 +278,9 @@ w 1 1 1 aliases
 w 1 1 1 all
 w 1 1 1 alpha
 w 1 1 1 alumni
+w 1 1 1 amazon
 w 1 1 1 analog
+w 1 1 1 android
 w 1 1 1 announcement
 w 1 1 1 announcements
 w 1 1 1 anon
@ -312,6 +319,7 @@ w 1 1 1 attachment
 w 1 1 1 attachments
 w 1 1 1 attachs
 w 1 1 1 attic
+w 1 1 1 auction
 w 1 1 1 audio
 w 1 1 1 audit
 w 1 1 1 audits
@ -385,6 +393,7 @@ w 1 1 1 bottom
 w 1 1 1 broken
 w 1 1 1 broker
 w 1 1 1 browse
+w 1 1 1 browser
 w 1 1 1 bs
 w 1 1 1 bsd
 w 1 1 1 bugs
@ -454,6 +463,7 @@ w 1 1 1 chats
 w 1 1 1 checkout
 w 1 1 1 child
 w 1 1 1 children
+w 1 1 1 chrome
 w 1 1 1 cisco
 w 1 1 1 cisweb
 w 1 1 1 citrix
@ -501,6 +511,7 @@ w 1 1 1 complaint
 w 1 1 1 complaints
 w 1 1 1 compliance
 w 1 1 1 component
+w 1 1 1 components
 w 1 1 1 compressed
 w 1 1 1 computer
 w 1 1 1 computers
@ -514,9 +525,11 @@ w 1 1 1 contact
 w 1 1 1 contacts
 w 1 1 1 content
 w 1 1 1 contents
+w 1 1 1 contest
 w 1 1 1 contract
 w 1 1 1 contracts
 w 1 1 1 control
+w 1 1 1 controller
 w 1 1 1 controlpanel
 w 1 1 1 cookie
 w 1 1 1 cookies
@ -535,6 +548,7 @@ w 1 1 1 counts
 w 1 1 1 course
 w 1 1 1 courses
 w 1 1 1 cover
+w 1 1 1 cpadmin
 w 1 1 1 cpanel
 w 1 1 1 cr
 w 1 1 1 crack
@ -557,6 +571,7 @@ w 1 1 1 custom-log
 w 1 1 1 custom_log
 w 1 1 1 customer
 w 1 1 1 customers
+w 1 1 1 cute
 w 1 1 1 cv
 w 1 1 1 cxf
 w 1 1 1 czcmdcvt
@ -568,9 +583,13 @@ w 1 1 1 data
 w 1 1 1 database
 w 1 1 1 databases
 w 1 1 1 date
+w 1 1 1 day
+w 1 1 1 db_connect
 w 1 1 1 dba
 w 1 1 1 dbase
 w 1 1 1 dbman
+w 1 1 1 dbmodules
+w 1 1 1 dbutil
 w 1 1 1 dc
 w 1 1 1 dcforum
 w 1 1 1 de
@ -581,6 +600,8 @@ w 1 1 1 declaration
 w 1 1 1 declarations
 w 1 1 1 decode
 w 1 1 1 decrypt
+w 1 1 1 decrypted
+w 1 1 1 decryption
 w 1 1 1 def
 w 1 1 1 default
 w 1 1 1 defaults
@ -627,6 +648,7 @@ w 1 1 1 dm-config
 w 1 1 1 dms
 w 1 1 1 dms0
 w 1 1 1 dns
+w 1 1 1 docebo
 w 1 1 1 dock
 w 1 1 1 docroot
 w 1 1 1 docs
@ -635,8 +657,10 @@ w 1 1 1 documentation
 w 1 1 1 documents
 w 1 1 1 domain
 w 1 1 1 domains
+w 1 1 1 donate
 w 1 1 1 down
 w 1 1 1 download
+w 1 1 1 downloader
 w 1 1 1 downloads
 w 1 1 1 drop
 w 1 1 1 dropped
@ -654,6 +678,7 @@ w 1 1 1 edge
 w 1 1 1 edit
 w 1 1 1 editor
 w 1 1 1 edits
+w 1 1 1 edp
 w 1 1 1 edu
 w 1 1 1 education
 w 1 1 1 ee
@ -666,6 +691,8 @@ w 1 1 1 elements
 w 1 1 1 em
 w 1 1 1 email
 w 1 1 1 emails
+w 1 1 1 embed
+w 1 1 1 embedded
 w 1 1 1 emea
 w 1 1 1 employees
 w 1 1 1 employment
@ -674,8 +701,11 @@ w 1 1 1 emu
 w 1 1 1 emulator
 w 1 1 1 en
 w 1 1 1 en_US
+w 1 1 1 enc
 w 1 1 1 encode
 w 1 1 1 encrypt
+w 1 1 1 encrypted
+w 1 1 1 encyption
 w 1 1 1 eng
 w 1 1 1 engine
 w 1 1 1 english
@ -706,11 +736,13 @@ w 1 1 1 examples
 w 1 1 1 excalibur
 w 1 1 1 exchange
 w 1 1 1 exec
+w 1 1 1 explorer
 w 1 1 1 export
 w 1 1 1 ext
 w 1 1 1 ext2
 w 1 1 1 extern
 w 1 1 1 external
+w 1 1 1 extras
 w 1 1 1 ezshopper
 w 1 1 1 f
 w 1 1 1 face
@ -721,6 +753,8 @@ w 1 1 1 failure
 w 1 1 1 family
 w 1 1 1 faq
 w 1 1 1 faqs
+w 1 1 1 favorite
+w 1 1 1 favorites
 w 1 1 1 fcgi-bin
 w 1 1 1 feature
 w 1 1 1 features
@ -728,6 +762,7 @@ w 1 1 1 feed
 w 1 1 1 feedback
 w 1 1 1 feeds
 w 1 1 1 felix
+w 1 1 1 fetch
 w 1 1 1 field
 w 1 1 1 fields
 w 1 1 1 file
@ -738,7 +773,9 @@ w 1 1 1 finance
 w 1 1 1 financial
 w 1 1 1 find
 w 1 1 1 finger
+w 1 1 1 firefox
 w 1 1 1 firewall
+w 1 1 1 first
 w 1 1 1 fixed
 w 1 1 1 flags
 w 1 1 1 flash
@ -791,6 +828,8 @@ w 1 1 1 functions
 w 1 1 1 fusion
 w 1 1 1 fw
 w 1 1 1 g
+w 1 1 1 gadget
+w 1 1 1 gadgets
 w 1 1 1 galleries
 w 1 1 1 gallery
 w 1 1 1 game
@ -806,6 +845,7 @@ w 1 1 1 get
 w 1 1 1 getaccess
 w 1 1 1 getjobid
 w 1 1 1 gfx
+w 1 1 1 gid
 w 1 1 1 gitweb
 w 1 1 1 glimpse
 w 1 1 1 global
@ -862,6 +902,8 @@ w 1 1 1 hop
 w 1 1 1 horde
 w 1 1 1 hosting
 w 1 1 1 hosts
+w 1 1 1 hour
+w 1 1 1 hourly
 w 1 1 1 howto
 w 1 1 1 hp
 w 1 1 1 hr
@ -938,6 +980,7 @@ w 1 1 1 intranet
 w 1 1 1 intro
 w 1 1 1 ip
 w 1 1 1 ipc
+w 1 1 1 iphone
 w 1 1 1 ips
 w 1 1 1 irc
 w 1 1 1 is
@ -1006,6 +1049,7 @@ w 1 1 1 library
 w 1 1 1 libs
 w 1 1 1 license
 w 1 1 1 licenses
+w 1 1 1 limit
 w 1 1 1 line
 w 1 1 1 link
 w 1 1 1 links
@ -1024,6 +1068,7 @@ w 1 1 1 lock
 w 1 1 1 locked
 w 1 1 1 log4j
 w 1 1 1 logfile
+w 1 1 1 logger
 w 1 1 1 logging
 w 1 1 1 login
 w 1 1 1 logins
@ -1033,6 +1078,7 @@ w 1 1 1 logon
 w 1 1 1 logos
 w 1 1 1 logout
 w 1 1 1 logs
+w 1 1 1 lost
 w 1 1 1 lost+found
 w 1 1 1 low
 w 1 1 1 ls
@ -1045,6 +1091,7 @@ w 1 1 1 mailing
 w 1 1 1 mailman
 w 1 1 1 mails
 w 1 1 1 main
+w 1 1 1 mambo
 w 1 1 1 manage
 w 1 1 1 management
 w 1 1 1 manager
@ -1069,16 +1116,21 @@ w 1 1 1 members
 w 1 1 1 membership
 w 1 1 1 memory
 w 1 1 1 menu
+w 1 1 1 message
+w 1 1 1 messages
 w 1 1 1 messaging
 w 1 1 1 microsoft
 w 1 1 1 migrate
 w 1 1 1 migration
 w 1 1 1 mina
+w 1 1 1 mini
+w 1 1 1 minute
 w 1 1 1 mirror
 w 1 1 1 mirrors
 w 1 1 1 misc
 w 1 1 1 mission
 w 1 1 1 mix
+w 1 1 1 mlist
 w 1 1 1 mms
 w 1 1 1 mobi
 w 1 1 1 mobile
@ -1091,7 +1143,10 @@ w 1 1 1 modules
 w 1 1 1 mojo
 w 1 1 1 money
 w 1 1 1 monitoring
+w 1 1 1 month
+w 1 1 1 monthly
 w 1 1 1 more
+w 1 1 1 motd
 w 1 1 1 move
 w 1 1 1 movie
 w 1 1 1 movies
@ -1110,6 +1165,7 @@ w 1 1 1 multimedia
 w 1 1 1 music
 w 1 1 1 mx
 w 1 1 1 my
+w 1 1 1 myadmin
 w 1 1 1 myfaces
 w 1 1 1 myphpnuke
 w 1 1 1 mysql
@ -1117,8 +1173,10 @@ w 1 1 1 mysqld
 w 1 1 1 n
 w 1 1 1 nav
 w 1 1 1 navigation
+w 1 1 1 nc
 w 1 1 1 net
 w 1 1 1 netbsd
+w 1 1 1 netcat
 w 1 1 1 nethome
 w 1 1 1 nets
 w 1 1 1 network
@ -1127,6 +1185,7 @@ w 1 1 1 new
 w 1 1 1 news
 w 1 1 1 newsletter
 w 1 1 1 newsletters
+w 1 1 1 newticket
 w 1 1 1 next
 w 1 1 1 nfs
 w 1 1 1 nice
@ -1139,6 +1198,7 @@ w 1 1 1 notes
 w 1 1 1 notification
 w 1 1 1 notifications
 w 1 1 1 notified
+w 1 1 1 notifier
 w 1 1 1 notify
 w 1 1 1 ns
 w 1 1 1 nuke
@ -1162,6 +1222,7 @@ w 1 1 1 openbsd
 w 1 1 1 opendir
 w 1 1 1 openejb
 w 1 1 1 openjpa
+w 1 1 1 opera
 w 1 1 1 operations
 w 1 1 1 opinion
 w 1 1 1 oprocmgr-status
@ -1210,11 +1271,15 @@ w 1 1 1 passwords
 w 1 1 1 past
 w 1 1 1 patch
 w 1 1 1 patches
+w 1 1 1 payment
+w 1 1 1 payments
 w 1 1 1 paypal
+w 1 1 1 pbo
 w 1 1 1 pc
 w 1 1 1 pci
 w 1 1 1 pda
 w 1 1 1 pdfs
+w 1 1 1 pear
 w 1 1 1 peek
 w 1 1 1 pending
 w 1 1 1 people
@ -1242,26 +1307,34 @@ w 1 1 1 pics
 w 1 1 1 pictures
 w 1 1 1 pii
 w 1 1 1 ping
+w 1 1 1 pipe
 w 1 1 1 pipermail
 w 1 1 1 piranha
+w 1 1 1 pivot
 w 1 1 1 pix
 w 1 1 1 pixel
 w 1 1 1 pkg
 w 1 1 1 pkgs
 w 1 1 1 plain
 w 1 1 1 play
+w 1 1 1 player
+w 1 1 1 playing
+w 1 1 1 playlist
 w 1 1 1 pls
 w 1 1 1 plugin
 w 1 1 1 plugins
 w 1 1 1 pm
+w 1 1 1 poc
 w 1 1 1 poi
 w 1 1 1 policies
 w 1 1 1 policy
 w 1 1 1 politics
 w 1 1 1 poll
 w 1 1 1 polls
+w 1 1 1 pool
 w 1 1 1 pop
 w 1 1 1 pop3
+w 1 1 1 popup
 w 1 1 1 porn
 w 1 1 1 port
 w 1 1 1 portal
@ -1294,6 +1367,7 @@ w 1 1 1 printers
 w 1 1 1 priv
 w 1 1 1 privacy
 w 1 1 1 private
+w 1 1 1 pro
 w 1 1 1 problems
 w 1 1 1 proc
 w 1 1 1 procedures
@ -1315,7 +1389,10 @@ w 1 1 1 prop
 w 1 1 1 properties
 w 1 1 1 property
 w 1 1 1 props
+w 1 1 1 prot
 w 1 1 1 protect
+w 1 1 1 protected
+w 1 1 1 protection
 w 1 1 1 proto
 w 1 1 1 proxies
 w 1 1 1 proxy
@ -1337,6 +1414,7 @@ w 1 1 1 pw
 w 1 1 1 pwd
 w 1 1 1 python
 w 1 1 1 q
+w 1 1 1 qotd
 w 1 1 1 qpid
 w 1 1 1 queries
 w 1 1 1 query
@ -1355,6 +1433,8 @@ w 1 1 1 receive
 w 1 1 1 received
 w 1 1 1 recharge
 w 1 1 1 record
+w 1 1 1 recorded
+w 1 1 1 recorder
 w 1 1 1 records
 w 1 1 1 recovery
 w 1 1 1 recycle
@ -1369,6 +1449,8 @@ w 1 1 1 registration
 w 1 1 1 registrations
 w 1 1 1 release
 w 1 1 1 releases
+w 1 1 1 remind
+w 1 1 1 reminder
 w 1 1 1 remote
 w 1 1 1 remove
 w 1 1 1 removed
@ -1396,6 +1478,7 @@ w 1 1 1 requisitions
 w 1 1 1 res
 w 1 1 1 research
 w 1 1 1 resin
+w 1 1 1 resize
 w 1 1 1 resource
 w 1 1 1 resources
 w 1 1 1 rest
@ -1429,6 +1512,7 @@ w 1 1 1 sale
 w 1 1 1 sales
 w 1 1 1 sam
 w 1 1 1 samba
+w 1 1 1 saml
 w 1 1 1 sample
 w 1 1 1 samples
 w 1 1 1 sav
@ -1456,6 +1540,7 @@ w 1 1 1 sdk
 w 1 1 1 se
 w 1 1 1 search
 w 1 1 1 sec
+w 1 1 1 second
 w 1 1 1 secret
 w 1 1 1 section
 w 1 1 1 sections
@ -1463,6 +1548,7 @@ w 1 1 1 secure
 w 1 1 1 secured
 w 1 1 1 security
 w 1 1 1 seed
+w 1 1 1 select
 w 1 1 1 sell
 w 1 1 1 send
 w 1 1 1 sendmail
@ -1484,6 +1570,7 @@ w 1 1 1 sessions
 w 1 1 1 setting
 w 1 1 1 settings
 w 1 1 1 setup
+w 1 1 1 shadow
 w 1 1 1 share
 w 1 1 1 shared
 w 1 1 1 shares
@ -1507,8 +1594,13 @@ w 1 1 1 showmsg
 w 1 1 1 showpost
 w 1 1 1 showthread
 w 1 1 1 sign
+w 1 1 1 signed
+w 1 1 1 signer
+w 1 1 1 signin
+w 1 1 1 signing
 w 1 1 1 signoff
 w 1 1 1 signon
+w 1 1 1 signout
 w 1 1 1 signup
 w 1 1 1 simple
 w 1 1 1 sink
@ -1525,6 +1617,8 @@ w 1 1 1 sl
 w 1 1 1 sling
 w 1 1 1 sm
 w 1 1 1 small
+w 1 1 1 smile
+w 1 1 1 smiles
 w 1 1 1 sms
 w 1 1 1 smtp
 w 1 1 1 snoop
@ -1565,6 +1659,7 @@ w 1 1 1 ssn
 w 1 1 1 sso
 w 1 1 1 staff
 w 1 1 1 staging
+w 1 1 1 standalone
 w 1 1 1 standard
 w 1 1 1 standards
 w 1 1 1 star
@ -1594,6 +1689,7 @@ w 1 1 1 styles
 w 1 1 1 submissions
 w 1 1 1 submit
 w 1 1 1 subscribe
+w 1 1 1 subscribed
 w 1 1 1 subscriber
 w 1 1 1 subscribers
 w 1 1 1 subscription
@ -1613,6 +1709,7 @@ w 1 1 1 synapse
 w 1 1 1 sync
 w 1 1 1 synced
 w 1 1 1 sys
+w 1 1 1 sysmanager
 w 1 1 1 system
 w 1 1 1 systems
 w 1 1 1 sysuser
@ -1727,6 +1824,7 @@ w 1 1 1 unix
 w 1 1 1 unlock
 w 1 1 1 unreg
 w 1 1 1 unregister
+w 1 1 1 unsubscribe
 w 1 1 1 up
 w 1 1 1 upd
 w 1 1 1 update
@ -1734,8 +1832,10 @@ w 1 1 1 updated
 w 1 1 1 updater
 w 1 1 1 updates
 w 1 1 1 upload
+w 1 1 1 uploader
 w 1 1 1 uploads
 w 1 1 1 url
+w 1 1 1 urls
 w 1 1 1 us
 w 1 1 1 usa
 w 1 1 1 usage
@ -1776,7 +1876,11 @@ w 1 1 1 virtual
 w 1 1 1 vm
 w 1 1 1 voip
 w 1 1 1 vol
+w 1 1 1 vote
+w 1 1 1 voter
+w 1 1 1 votes
 w 1 1 1 vpn
+w 1 1 1 vuln
 w 1 1 1 w
 w 1 1 1 w3
 w 1 1 1 w3c
@ -1806,6 +1910,7 @@ w 1 1 1 webcgi
 w 1 1 1 webchat
 w 1 1 1 webdata
 w 1 1 1 webdav
+w 1 1 1 webdb
 w 1 1 1 weblog
 w 1 1 1 weblogic
 w 1 1 1 weblogs
@ -1814,9 +1919,12 @@ w 1 1 1 webplus
 w 1 1 1 webshop
 w 1 1 1 website
 w 1 1 1 websphere
+w 1 1 1 websql
 w 1 1 1 webstats
 w 1 1 1 websvn
 w 1 1 1 webwork
+w 1 1 1 week
+w 1 1 1 weekly
 w 1 1 1 welcome
 w 1 1 1 whitepapers
 w 1 1 1 whois
@ -1836,9 +1944,12 @@ w 1 1 1 working
 w 1 1 1 world
 w 1 1 1 wp
 w 1 1 1 wp-content
+w 1 1 1 wp-dbmanager
 w 1 1 1 wp-includes
 w 1 1 1 wp-login
+w 1 1 1 wp-syntax
 w 1 1 1 wrap
+w 1 1 1 ws
 w 1 1 1 ws-client
 w 1 1 1 ws_ftp
 w 1 1 1 wtai
@ -1852,6 +1963,7 @@ w 1 1 1 wwwroot
 w 1 1 1 wwwstats
 w 1 1 1 wwwthreads
 w 1 1 1 wwwuser
+w 1 1 1 wysiwyg
 w 1 1 1 x
 w 1 1 1 xalan
 w 1 1 1 xerces
@ -1863,14 +1975,18 @@ w 1 1 1 xxx
 w 1 1 1 xyzzy
 w 1 1 1 y
 w 1 1 1 yahoo
+w 1 1 1 year
+w 1 1 1 yearly
 w 1 1 1 youtube
 w 1 1 1 yt
 w 1 1 1 z
 w 1 1 1 zboard
+w 1 1 1 zencart
 w 1 1 1 zend
 w 1 1 1 zero
 w 1 1 1 zipfiles
 w 1 1 1 zips
+w 1 1 1 zoom
 w 1 1 1 zope
 w 1 1 1 zorum
 w 1 1 1 ~admin
--- a/dictionaries/default.wl
+++ b/dictionaries/default.wl
@ -181,6 +181,8 @@ w 1 1 1 XXX
 w 1 1 1 _
 w 1 1 1 _adm
 w 1 1 1 _admin
+w 1 1 1 _common
+w 1 1 1 _conf
 w 1 1 1 _files
 w 1 1 1 _include
 w 1 1 1 _js
@ -222,12 +224,15 @@ w 1 1 1 activex
 w 1 1 1 ad
 w 1 1 1 adclick
 w 1 1 1 add
+w 1 1 1 addpost
 w 1 1 1 addressbook
 w 1 1 1 adm
 w 1 1 1 admin
 w 1 1 1 admin_
+w 1 1 1 adodb
 w 1 1 1 ads
 w 1 1 1 adv
+w 1 1 1 advanced
 w 1 1 1 advertise
 w 1 1 1 advertising
 w 1 1 1 affiliate
@ -245,7 +250,9 @@ w 1 1 1 aliases
 w 1 1 1 all
 w 1 1 1 alpha
 w 1 1 1 alumni
+w 1 1 1 amazon
 w 1 1 1 analog
+w 1 1 1 android
 w 1 1 1 announcement
 w 1 1 1 announcements
 w 1 1 1 anon
@ -284,6 +291,7 @@ w 1 1 1 attachment
 w 1 1 1 attachments
 w 1 1 1 attachs
 w 1 1 1 attic
+w 1 1 1 auction
 w 1 1 1 audio
 w 1 1 1 audit
 w 1 1 1 audits
@ -358,6 +366,7 @@ w 1 1 1 bottom
 w 1 1 1 broken
 w 1 1 1 broker
 w 1 1 1 browse
+w 1 1 1 browser
 w 1 1 1 bs
 w 1 1 1 bsd
 w 1 1 1 bugs
@ -429,6 +438,7 @@ w 1 1 1 chats
 w 1 1 1 checkout
 w 1 1 1 child
 w 1 1 1 children
+w 1 1 1 chrome
 w 1 1 1 cisco
 w 1 1 1 cisweb
 w 1 1 1 citrix
@ -476,6 +486,7 @@ w 1 1 1 complaint
 w 1 1 1 complaints
 w 1 1 1 compliance
 w 1 1 1 component
+w 1 1 1 components
 w 1 1 1 compressed
 w 1 1 1 computer
 w 1 1 1 computers
@ -489,9 +500,11 @@ w 1 1 1 contact
 w 1 1 1 contacts
 w 1 1 1 content
 w 1 1 1 contents
+w 1 1 1 contest
 w 1 1 1 contract
 w 1 1 1 contracts
 w 1 1 1 control
+w 1 1 1 controller
 w 1 1 1 controlpanel
 w 1 1 1 cookie
 w 1 1 1 cookies
@ -510,6 +523,7 @@ w 1 1 1 counts
 w 1 1 1 course
 w 1 1 1 courses
 w 1 1 1 cover
+w 1 1 1 cpadmin
 w 1 1 1 cpanel
 w 1 1 1 cr
 w 1 1 1 crack
@ -533,6 +547,7 @@ w 1 1 1 custom-log
 w 1 1 1 custom_log
 w 1 1 1 customer
 w 1 1 1 customers
+w 1 1 1 cute
 w 1 1 1 cv
 w 1 1 1 cxf
 w 1 1 1 czcmdcvt
@ -544,9 +559,13 @@ w 1 1 1 data
 w 1 1 1 database
 w 1 1 1 databases
 w 1 1 1 date
+w 1 1 1 day
+w 1 1 1 db_connect
 w 1 1 1 dba
 w 1 1 1 dbase
 w 1 1 1 dbman
+w 1 1 1 dbmodules
+w 1 1 1 dbutil
 w 1 1 1 dc
 w 1 1 1 dcforum
 w 1 1 1 de
@ -557,6 +576,8 @@ w 1 1 1 declaration
 w 1 1 1 declarations
 w 1 1 1 decode
 w 1 1 1 decrypt
+w 1 1 1 decrypted
+w 1 1 1 decryption
 w 1 1 1 def
 w 1 1 1 default
 w 1 1 1 defaults
@ -605,6 +626,7 @@ w 1 1 1 dms0
 w 1 1 1 dns
 w 1 1 1 do
 w 1 1 1 doc
+w 1 1 1 docebo
 w 1 1 1 dock
 w 1 1 1 docroot
 w 1 1 1 docs
@ -613,8 +635,10 @@ w 1 1 1 documentation
 w 1 1 1 documents
 w 1 1 1 domain
 w 1 1 1 domains
+w 1 1 1 donate
 w 1 1 1 down
 w 1 1 1 download
+w 1 1 1 downloader
 w 1 1 1 downloads
 w 1 1 1 drop
 w 1 1 1 dropped
@ -633,6 +657,7 @@ w 1 1 1 edge
 w 1 1 1 edit
 w 1 1 1 editor
 w 1 1 1 edits
+w 1 1 1 edp
 w 1 1 1 edu
 w 1 1 1 education
 w 1 1 1 ee
@ -645,6 +670,8 @@ w 1 1 1 elements
 w 1 1 1 em
 w 1 1 1 email
 w 1 1 1 emails
+w 1 1 1 embed
+w 1 1 1 embedded
 w 1 1 1 emea
 w 1 1 1 employees
 w 1 1 1 employment
@ -653,8 +680,11 @@ w 1 1 1 emu
 w 1 1 1 emulator
 w 1 1 1 en
 w 1 1 1 en_US
+w 1 1 1 enc
 w 1 1 1 encode
 w 1 1 1 encrypt
+w 1 1 1 encrypted
+w 1 1 1 encyption
 w 1 1 1 eng
 w 1 1 1 engine
 w 1 1 1 english
@ -686,11 +716,13 @@ w 1 1 1 examples
 w 1 1 1 excalibur
 w 1 1 1 exchange
 w 1 1 1 exec
+w 1 1 1 explorer
 w 1 1 1 export
 w 1 1 1 ext
 w 1 1 1 ext2
 w 1 1 1 extern
 w 1 1 1 external
+w 1 1 1 extras
 w 1 1 1 ezshopper
 w 1 1 1 f
 w 1 1 1 face
@ -701,6 +733,8 @@ w 1 1 1 failure
 w 1 1 1 family
 w 1 1 1 faq
 w 1 1 1 faqs
+w 1 1 1 favorite
+w 1 1 1 favorites
 w 1 1 1 fcgi-bin
 w 1 1 1 feature
 w 1 1 1 features
@ -708,6 +742,7 @@ w 1 1 1 feed
 w 1 1 1 feedback
 w 1 1 1 feeds
 w 1 1 1 felix
+w 1 1 1 fetch
 w 1 1 1 field
 w 1 1 1 fields
 w 1 1 1 file
@ -718,7 +753,9 @@ w 1 1 1 finance
 w 1 1 1 financial
 w 1 1 1 find
 w 1 1 1 finger
+w 1 1 1 firefox
 w 1 1 1 firewall
+w 1 1 1 first
 w 1 1 1 fixed
 w 1 1 1 flags
 w 1 1 1 flash
@ -771,6 +808,8 @@ w 1 1 1 functions
 w 1 1 1 fusion
 w 1 1 1 fw
 w 1 1 1 g
+w 1 1 1 gadget
+w 1 1 1 gadgets
 w 1 1 1 galleries
 w 1 1 1 gallery
 w 1 1 1 game
@ -786,6 +825,7 @@ w 1 1 1 get
 w 1 1 1 getaccess
 w 1 1 1 getjobid
 w 1 1 1 gfx
+w 1 1 1 gid
 w 1 1 1 gif
 w 1 1 1 gitweb
 w 1 1 1 glimpse
@ -843,6 +883,8 @@ w 1 1 1 hop
 w 1 1 1 horde
 w 1 1 1 hosting
 w 1 1 1 hosts
+w 1 1 1 hour
+w 1 1 1 hourly
 w 1 1 1 howto
 w 1 1 1 hp
 w 1 1 1 hr
@ -919,6 +961,7 @@ w 1 1 1 intranet
 w 1 1 1 intro
 w 1 1 1 ip
 w 1 1 1 ipc
+w 1 1 1 iphone
 w 1 1 1 ips
 w 1 1 1 irc
 w 1 1 1 is
@ -989,6 +1032,7 @@ w 1 1 1 library
 w 1 1 1 libs
 w 1 1 1 license
 w 1 1 1 licenses
+w 1 1 1 limit
 w 1 1 1 line
 w 1 1 1 link
 w 1 1 1 links
@ -1007,6 +1051,7 @@ w 1 1 1 lock
 w 1 1 1 locked
 w 1 1 1 log4j
 w 1 1 1 logfile
+w 1 1 1 logger
 w 1 1 1 logging
 w 1 1 1 login
 w 1 1 1 logins
@ -1016,6 +1061,7 @@ w 1 1 1 logon
 w 1 1 1 logos
 w 1 1 1 logout
 w 1 1 1 logs
+w 1 1 1 lost
 w 1 1 1 lost+found
 w 1 1 1 low
 w 1 1 1 ls
@ -1029,6 +1075,7 @@ w 1 1 1 mailing
 w 1 1 1 mailman
 w 1 1 1 mails
 w 1 1 1 main
+w 1 1 1 mambo
 w 1 1 1 manage
 w 1 1 1 management
 w 1 1 1 manager
@ -1054,17 +1101,22 @@ w 1 1 1 members
 w 1 1 1 membership
 w 1 1 1 memory
 w 1 1 1 menu
+w 1 1 1 message
+w 1 1 1 messages
 w 1 1 1 messaging
 w 1 1 1 meta
 w 1 1 1 microsoft
 w 1 1 1 migrate
 w 1 1 1 migration
 w 1 1 1 mina
+w 1 1 1 mini
+w 1 1 1 minute
 w 1 1 1 mirror
 w 1 1 1 mirrors
 w 1 1 1 misc
 w 1 1 1 mission
 w 1 1 1 mix
+w 1 1 1 mlist
 w 1 1 1 mms
 w 1 1 1 mobi
 w 1 1 1 mobile
@ -1077,7 +1129,10 @@ w 1 1 1 modules
 w 1 1 1 mojo
 w 1 1 1 money
 w 1 1 1 monitoring
+w 1 1 1 month
+w 1 1 1 monthly
 w 1 1 1 more
+w 1 1 1 motd
 w 1 1 1 move
 w 1 1 1 movie
 w 1 1 1 movies
@ -1097,6 +1152,7 @@ w 1 1 1 multimedia
 w 1 1 1 music
 w 1 1 1 mx
 w 1 1 1 my
+w 1 1 1 myadmin
 w 1 1 1 myfaces
 w 1 1 1 myphpnuke
 w 1 1 1 mysql
@ -1104,8 +1160,10 @@ w 1 1 1 mysqld
 w 1 1 1 n
 w 1 1 1 nav
 w 1 1 1 navigation
+w 1 1 1 nc
 w 1 1 1 net
 w 1 1 1 netbsd
+w 1 1 1 netcat
 w 1 1 1 nethome
 w 1 1 1 nets
 w 1 1 1 network
@ -1114,6 +1172,7 @@ w 1 1 1 new
 w 1 1 1 news
 w 1 1 1 newsletter
 w 1 1 1 newsletters
+w 1 1 1 newticket
 w 1 1 1 next
 w 1 1 1 nfs
 w 1 1 1 nice
@ -1126,6 +1185,7 @@ w 1 1 1 notes
 w 1 1 1 notification
 w 1 1 1 notifications
 w 1 1 1 notified
+w 1 1 1 notifier
 w 1 1 1 notify
 w 1 1 1 ns
 w 1 1 1 nuke
@ -1150,6 +1210,7 @@ w 1 1 1 openbsd
 w 1 1 1 opendir
 w 1 1 1 openejb
 w 1 1 1 openjpa
+w 1 1 1 opera
 w 1 1 1 operations
 w 1 1 1 opinion
 w 1 1 1 oprocmgr-status
@ -1198,12 +1259,16 @@ w 1 1 1 passwords
 w 1 1 1 past
 w 1 1 1 patch
 w 1 1 1 patches
+w 1 1 1 payment
+w 1 1 1 payments
 w 1 1 1 paypal
+w 1 1 1 pbo
 w 1 1 1 pc
 w 1 1 1 pci
 w 1 1 1 pda
 w 1 1 1 pdf
 w 1 1 1 pdfs
+w 1 1 1 pear
 w 1 1 1 peek
 w 1 1 1 pending
 w 1 1 1 people
@ -1231,27 +1296,35 @@ w 1 1 1 pics
 w 1 1 1 pictures
 w 1 1 1 pii
 w 1 1 1 ping
+w 1 1 1 pipe
 w 1 1 1 pipermail
 w 1 1 1 piranha
+w 1 1 1 pivot
 w 1 1 1 pix
 w 1 1 1 pixel
 w 1 1 1 pkg
 w 1 1 1 pkgs
 w 1 1 1 plain
 w 1 1 1 play
+w 1 1 1 player
+w 1 1 1 playing
+w 1 1 1 playlist
 w 1 1 1 pls
 w 1 1 1 plugin
 w 1 1 1 plugins
 w 1 1 1 pm
 w 1 1 1 png
+w 1 1 1 poc
 w 1 1 1 poi
 w 1 1 1 policies
 w 1 1 1 policy
 w 1 1 1 politics
 w 1 1 1 poll
 w 1 1 1 polls
+w 1 1 1 pool
 w 1 1 1 pop
 w 1 1 1 pop3
+w 1 1 1 popup
 w 1 1 1 porn
 w 1 1 1 port
 w 1 1 1 portal
@ -1285,6 +1358,7 @@ w 1 1 1 printers
 w 1 1 1 priv
 w 1 1 1 privacy
 w 1 1 1 private
+w 1 1 1 pro
 w 1 1 1 problems
 w 1 1 1 proc
 w 1 1 1 procedures
@ -1306,7 +1380,10 @@ w 1 1 1 prop
 w 1 1 1 properties
 w 1 1 1 property
 w 1 1 1 props
+w 1 1 1 prot
 w 1 1 1 protect
+w 1 1 1 protected
+w 1 1 1 protection
 w 1 1 1 proto
 w 1 1 1 proxies
 w 1 1 1 proxy
@ -1328,6 +1405,7 @@ w 1 1 1 pw
 w 1 1 1 pwd
 w 1 1 1 python
 w 1 1 1 q
+w 1 1 1 qotd
 w 1 1 1 qpid
 w 1 1 1 queries
 w 1 1 1 query
@ -1347,6 +1425,8 @@ w 1 1 1 receive
 w 1 1 1 received
 w 1 1 1 recharge
 w 1 1 1 record
+w 1 1 1 recorded
+w 1 1 1 recorder
 w 1 1 1 records
 w 1 1 1 recovery
 w 1 1 1 recycle
@ -1361,6 +1441,8 @@ w 1 1 1 registration
 w 1 1 1 registrations
 w 1 1 1 release
 w 1 1 1 releases
+w 1 1 1 remind
+w 1 1 1 reminder
 w 1 1 1 remote
 w 1 1 1 remove
 w 1 1 1 removed
@ -1388,6 +1470,7 @@ w 1 1 1 requisitions
 w 1 1 1 res
 w 1 1 1 research
 w 1 1 1 resin
+w 1 1 1 resize
 w 1 1 1 resource
 w 1 1 1 resources
 w 1 1 1 rest
@ -1422,6 +1505,7 @@ w 1 1 1 sale
 w 1 1 1 sales
 w 1 1 1 sam
 w 1 1 1 samba
+w 1 1 1 saml
 w 1 1 1 sample
 w 1 1 1 samples
 w 1 1 1 sav
@ -1450,6 +1534,7 @@ w 1 1 1 sdk
 w 1 1 1 se
 w 1 1 1 search
 w 1 1 1 sec
+w 1 1 1 second
 w 1 1 1 secret
 w 1 1 1 section
 w 1 1 1 sections
@ -1457,6 +1542,7 @@ w 1 1 1 secure
 w 1 1 1 secured
 w 1 1 1 security
 w 1 1 1 seed
+w 1 1 1 select
 w 1 1 1 sell
 w 1 1 1 send
 w 1 1 1 sendmail
@ -1478,6 +1564,7 @@ w 1 1 1 sessions
 w 1 1 1 setting
 w 1 1 1 settings
 w 1 1 1 setup
+w 1 1 1 shadow
 w 1 1 1 share
 w 1 1 1 shared
 w 1 1 1 shares
@ -1501,8 +1588,13 @@ w 1 1 1 showmsg
 w 1 1 1 showpost
 w 1 1 1 showthread
 w 1 1 1 sign
+w 1 1 1 signed
+w 1 1 1 signer
+w 1 1 1 signin
+w 1 1 1 signing
 w 1 1 1 signoff
 w 1 1 1 signon
+w 1 1 1 signout
 w 1 1 1 signup
 w 1 1 1 simple
 w 1 1 1 sink
@ -1519,6 +1611,8 @@ w 1 1 1 sl
 w 1 1 1 sling
 w 1 1 1 sm
 w 1 1 1 small
+w 1 1 1 smile
+w 1 1 1 smiles
 w 1 1 1 sms
 w 1 1 1 smtp
 w 1 1 1 snoop
@ -1560,6 +1654,7 @@ w 1 1 1 ssn
 w 1 1 1 sso
 w 1 1 1 staff
 w 1 1 1 staging
+w 1 1 1 standalone
 w 1 1 1 standard
 w 1 1 1 standards
 w 1 1 1 star
@ -1589,6 +1684,7 @@ w 1 1 1 styles
 w 1 1 1 submissions
 w 1 1 1 submit
 w 1 1 1 subscribe
+w 1 1 1 subscribed
 w 1 1 1 subscriber
 w 1 1 1 subscribers
 w 1 1 1 subscription
@ -1609,6 +1705,7 @@ w 1 1 1 synapse
 w 1 1 1 sync
 w 1 1 1 synced
 w 1 1 1 sys
+w 1 1 1 sysmanager
 w 1 1 1 system
 w 1 1 1 systems
 w 1 1 1 sysuser
@ -1726,6 +1823,7 @@ w 1 1 1 unix
 w 1 1 1 unlock
 w 1 1 1 unreg
 w 1 1 1 unregister
+w 1 1 1 unsubscribe
 w 1 1 1 up
 w 1 1 1 upd
 w 1 1 1 update
@ -1733,8 +1831,10 @@ w 1 1 1 updated
 w 1 1 1 updater
 w 1 1 1 updates
 w 1 1 1 upload
+w 1 1 1 uploader
 w 1 1 1 uploads
 w 1 1 1 url
+w 1 1 1 urls
 w 1 1 1 us
 w 1 1 1 usa
 w 1 1 1 usage
@ -1775,7 +1875,11 @@ w 1 1 1 virtual
 w 1 1 1 vm
 w 1 1 1 voip
 w 1 1 1 vol
+w 1 1 1 vote
+w 1 1 1 voter
+w 1 1 1 votes
 w 1 1 1 vpn
+w 1 1 1 vuln
 w 1 1 1 w
 w 1 1 1 w3
 w 1 1 1 w3c
@ -1805,6 +1909,7 @@ w 1 1 1 webcgi
 w 1 1 1 webchat
 w 1 1 1 webdata
 w 1 1 1 webdav
+w 1 1 1 webdb
 w 1 1 1 weblog
 w 1 1 1 weblogic
 w 1 1 1 weblogs
@ -1813,9 +1918,12 @@ w 1 1 1 webplus
 w 1 1 1 webshop
 w 1 1 1 website
 w 1 1 1 websphere
+w 1 1 1 websql
 w 1 1 1 webstats
 w 1 1 1 websvn
 w 1 1 1 webwork
+w 1 1 1 week
+w 1 1 1 weekly
 w 1 1 1 welcome
 w 1 1 1 whitepapers
 w 1 1 1 whois
@ -1835,9 +1943,12 @@ w 1 1 1 working
 w 1 1 1 world
 w 1 1 1 wp
 w 1 1 1 wp-content
+w 1 1 1 wp-dbmanager
 w 1 1 1 wp-includes
 w 1 1 1 wp-login
+w 1 1 1 wp-syntax
 w 1 1 1 wrap
+w 1 1 1 ws
 w 1 1 1 ws-client
 w 1 1 1 ws_ftp
 w 1 1 1 wtai
@ -1851,6 +1962,7 @@ w 1 1 1 wwwroot
 w 1 1 1 wwwstats
 w 1 1 1 wwwthreads
 w 1 1 1 wwwuser
+w 1 1 1 wysiwyg
 w 1 1 1 x
 w 1 1 1 xalan
 w 1 1 1 xerces
@ -1862,14 +1974,18 @@ w 1 1 1 xxx
 w 1 1 1 xyzzy
 w 1 1 1 y
 w 1 1 1 yahoo
+w 1 1 1 year
+w 1 1 1 yearly
 w 1 1 1 youtube
 w 1 1 1 yt
 w 1 1 1 z
 w 1 1 1 zboard
+w 1 1 1 zencart
 w 1 1 1 zend
 w 1 1 1 zero
 w 1 1 1 zipfiles
 w 1 1 1 zips
+w 1 1 1 zoom
 w 1 1 1 zope
 w 1 1 1 zorum
 w 1 1 1 ~admin
--- a/dictionaries/minimal.wl
+++ b/dictionaries/minimal.wl
@ -145,6 +145,8 @@ w 1 1 1 XXX
 w 1 1 1 _
 w 1 1 1 _adm
 w 1 1 1 _admin
+w 1 1 1 _common
+w 1 1 1 _conf
 w 1 1 1 _files
 w 1 1 1 _include
 w 1 1 1 _js
@ -186,12 +188,15 @@ w 1 1 1 activex
 w 1 1 1 ad
 w 1 1 1 adclick
 w 1 1 1 add
+w 1 1 1 addpost
 w 1 1 1 addressbook
 w 1 1 1 adm
 w 1 1 1 admin
 w 1 1 1 admin_
+w 1 1 1 adodb
 w 1 1 1 ads
 w 1 1 1 adv
+w 1 1 1 advanced
 w 1 1 1 advertise
 w 1 1 1 advertising
 w 1 1 1 affiliate
@ -209,7 +214,9 @@ w 1 1 1 aliases
 w 1 1 1 all
 w 1 1 1 alpha
 w 1 1 1 alumni
+w 1 1 1 amazon
 w 1 1 1 analog
+w 1 1 1 android
 w 1 1 1 announcement
 w 1 1 1 announcements
 w 1 1 1 anon
@ -251,6 +258,7 @@ w 1 1 1 attachment
 w 1 1 1 attachments
 w 1 1 1 attachs
 w 1 1 1 attic
+w 1 1 1 auction
 w 1 1 1 audio
 w 1 1 1 audit
 w 1 1 1 audits
@ -326,6 +334,7 @@ w 1 1 1 bottom
 w 1 1 1 broken
 w 1 1 1 broker
 w 1 1 1 browse
+w 1 1 1 browser
 w 1 1 1 bs
 w 1 1 1 bsd
 w 1 1 1 bugs
@ -400,6 +409,7 @@ w 1 1 1 chats
 w 1 1 1 checkout
 w 1 1 1 child
 w 1 1 1 children
+w 1 1 1 chrome
 w 1 1 1 cisco
 w 1 1 1 cisweb
 w 1 1 1 citrix
@ -447,6 +457,7 @@ w 1 1 1 complaint
 w 1 1 1 complaints
 w 1 1 1 compliance
 w 1 1 1 component
+w 1 1 1 components
 w 1 1 1 compressed
 w 1 1 1 computer
 w 1 1 1 computers
@ -460,9 +471,11 @@ w 1 1 1 contact
 w 1 1 1 contacts
 w 1 1 1 content
 w 1 1 1 contents
+w 1 1 1 contest
 w 1 1 1 contract
 w 1 1 1 contracts
 w 1 1 1 control
+w 1 1 1 controller
 w 1 1 1 controlpanel
 w 1 1 1 cookie
 w 1 1 1 cookies
@ -481,6 +494,7 @@ w 1 1 1 counts
 w 1 1 1 course
 w 1 1 1 courses
 w 1 1 1 cover
+w 1 1 1 cpadmin
 w 1 1 1 cpanel
 w 1 1 1 cpp
 w 1 1 1 cr
@ -505,6 +519,7 @@ w 1 1 1 custom-log
 w 1 1 1 custom_log
 w 1 1 1 customer
 w 1 1 1 customers
+w 1 1 1 cute
 w 1 1 1 cv
 w 1 1 1 cxf
 w 1 1 1 czcmdcvt
@ -517,10 +532,14 @@ w 1 1 1 data
 w 1 1 1 database
 w 1 1 1 databases
 w 1 1 1 date
+w 1 1 1 day
 w 1 1 1 db
+w 1 1 1 db_connect
 w 1 1 1 dba
 w 1 1 1 dbase
 w 1 1 1 dbman
+w 1 1 1 dbmodules
+w 1 1 1 dbutil
 w 1 1 1 dc
 w 1 1 1 dcforum
 w 1 1 1 de
@ -531,6 +550,8 @@ w 1 1 1 declaration
 w 1 1 1 declarations
 w 1 1 1 decode
 w 1 1 1 decrypt
+w 1 1 1 decrypted
+w 1 1 1 decryption
 w 1 1 1 def
 w 1 1 1 default
 w 1 1 1 defaults
@ -580,6 +601,7 @@ w 1 1 1 dms0
 w 1 1 1 dns
 w 1 1 1 do
 w 1 1 1 doc
+w 1 1 1 docebo
 w 1 1 1 dock
 w 1 1 1 docroot
 w 1 1 1 docs
@ -588,8 +610,10 @@ w 1 1 1 documentation
 w 1 1 1 documents
 w 1 1 1 domain
 w 1 1 1 domains
+w 1 1 1 donate
 w 1 1 1 down
 w 1 1 1 download
+w 1 1 1 downloader
 w 1 1 1 downloads
 w 1 1 1 drop
 w 1 1 1 dropped
@ -608,6 +632,7 @@ w 1 1 1 edge
 w 1 1 1 edit
 w 1 1 1 editor
 w 1 1 1 edits
+w 1 1 1 edp
 w 1 1 1 edu
 w 1 1 1 education
 w 1 1 1 ee
@ -620,6 +645,8 @@ w 1 1 1 elements
 w 1 1 1 em
 w 1 1 1 email
 w 1 1 1 emails
+w 1 1 1 embed
+w 1 1 1 embedded
 w 1 1 1 emea
 w 1 1 1 employees
 w 1 1 1 employment
@ -628,8 +655,11 @@ w 1 1 1 emu
 w 1 1 1 emulator
 w 1 1 1 en
 w 1 1 1 en_US
+w 1 1 1 enc
 w 1 1 1 encode
 w 1 1 1 encrypt
+w 1 1 1 encrypted
+w 1 1 1 encyption
 w 1 1 1 eng
 w 1 1 1 engine
 w 1 1 1 english
@ -662,11 +692,13 @@ w 1 1 1 excalibur
 w 1 1 1 exchange
 w 1 1 1 exe
 w 1 1 1 exec
+w 1 1 1 explorer
 w 1 1 1 export
 w 1 1 1 ext
 w 1 1 1 ext2
 w 1 1 1 extern
 w 1 1 1 external
+w 1 1 1 extras
 w 1 1 1 ezshopper
 w 1 1 1 f
 w 1 1 1 face
@ -677,6 +709,8 @@ w 1 1 1 failure
 w 1 1 1 family
 w 1 1 1 faq
 w 1 1 1 faqs
+w 1 1 1 favorite
+w 1 1 1 favorites
 w 1 1 1 fcgi-bin
 w 1 1 1 feature
 w 1 1 1 features
@ -684,6 +718,7 @@ w 1 1 1 feed
 w 1 1 1 feedback
 w 1 1 1 feeds
 w 1 1 1 felix
+w 1 1 1 fetch
 w 1 1 1 field
 w 1 1 1 fields
 w 1 1 1 file
@ -694,7 +729,9 @@ w 1 1 1 finance
 w 1 1 1 financial
 w 1 1 1 find
 w 1 1 1 finger
+w 1 1 1 firefox
 w 1 1 1 firewall
+w 1 1 1 first
 w 1 1 1 fixed
 w 1 1 1 flags
 w 1 1 1 flash
@ -747,6 +784,8 @@ w 1 1 1 functions
 w 1 1 1 fusion
 w 1 1 1 fw
 w 1 1 1 g
+w 1 1 1 gadget
+w 1 1 1 gadgets
 w 1 1 1 galleries
 w 1 1 1 gallery
 w 1 1 1 game
@ -762,6 +801,7 @@ w 1 1 1 get
 w 1 1 1 getaccess
 w 1 1 1 getjobid
 w 1 1 1 gfx
+w 1 1 1 gid
 w 1 1 1 gif
 w 1 1 1 gitweb
 w 1 1 1 glimpse
@ -820,6 +860,8 @@ w 1 1 1 hop
 w 1 1 1 horde
 w 1 1 1 hosting
 w 1 1 1 hosts
+w 1 1 1 hour
+w 1 1 1 hourly
 w 1 1 1 howto
 w 1 1 1 hp
 w 1 1 1 hr
@ -897,6 +939,7 @@ w 1 1 1 intranet
 w 1 1 1 intro
 w 1 1 1 ip
 w 1 1 1 ipc
+w 1 1 1 iphone
 w 1 1 1 ips
 w 1 1 1 irc
 w 1 1 1 is
@ -971,6 +1014,7 @@ w 1 1 1 library
 w 1 1 1 libs
 w 1 1 1 license
 w 1 1 1 licenses
+w 1 1 1 limit
 w 1 1 1 line
 w 1 1 1 link
 w 1 1 1 links
@ -989,6 +1033,7 @@ w 1 1 1 lock
 w 1 1 1 locked
 w 1 1 1 log4j
 w 1 1 1 logfile
+w 1 1 1 logger
 w 1 1 1 logging
 w 1 1 1 login
 w 1 1 1 logins
@ -998,6 +1043,7 @@ w 1 1 1 logon
 w 1 1 1 logos
 w 1 1 1 logout
 w 1 1 1 logs
+w 1 1 1 lost
 w 1 1 1 lost+found
 w 1 1 1 low
 w 1 1 1 ls
@ -1011,6 +1057,7 @@ w 1 1 1 mailing
 w 1 1 1 mailman
 w 1 1 1 mails
 w 1 1 1 main
+w 1 1 1 mambo
 w 1 1 1 manage
 w 1 1 1 management
 w 1 1 1 manager
@ -1037,17 +1084,22 @@ w 1 1 1 members
 w 1 1 1 membership
 w 1 1 1 memory
 w 1 1 1 menu
+w 1 1 1 message
+w 1 1 1 messages
 w 1 1 1 messaging
 w 1 1 1 meta
 w 1 1 1 microsoft
 w 1 1 1 migrate
 w 1 1 1 migration
 w 1 1 1 mina
+w 1 1 1 mini
+w 1 1 1 minute
 w 1 1 1 mirror
 w 1 1 1 mirrors
 w 1 1 1 misc
 w 1 1 1 mission
 w 1 1 1 mix
+w 1 1 1 mlist
 w 1 1 1 mms
 w 1 1 1 mobi
 w 1 1 1 mobile
@ -1060,7 +1112,10 @@ w 1 1 1 modules
 w 1 1 1 mojo
 w 1 1 1 money
 w 1 1 1 monitoring
+w 1 1 1 month
+w 1 1 1 monthly
 w 1 1 1 more
+w 1 1 1 motd
 w 1 1 1 move
 w 1 1 1 movie
 w 1 1 1 movies
@ -1080,6 +1135,7 @@ w 1 1 1 multimedia
 w 1 1 1 music
 w 1 1 1 mx
 w 1 1 1 my
+w 1 1 1 myadmin
 w 1 1 1 myfaces
 w 1 1 1 myphpnuke
 w 1 1 1 mysql
@ -1087,8 +1143,10 @@ w 1 1 1 mysqld
 w 1 1 1 n
 w 1 1 1 nav
 w 1 1 1 navigation
+w 1 1 1 nc
 w 1 1 1 net
 w 1 1 1 netbsd
+w 1 1 1 netcat
 w 1 1 1 nethome
 w 1 1 1 nets
 w 1 1 1 network
@ -1097,6 +1155,7 @@ w 1 1 1 new
 w 1 1 1 news
 w 1 1 1 newsletter
 w 1 1 1 newsletters
+w 1 1 1 newticket
 w 1 1 1 next
 w 1 1 1 nfs
 w 1 1 1 nice
@ -1109,6 +1168,7 @@ w 1 1 1 notes
 w 1 1 1 notification
 w 1 1 1 notifications
 w 1 1 1 notified
+w 1 1 1 notifier
 w 1 1 1 notify
 w 1 1 1 ns
 w 1 1 1 nsf
@ -1134,6 +1194,7 @@ w 1 1 1 openbsd
 w 1 1 1 opendir
 w 1 1 1 openejb
 w 1 1 1 openjpa
+w 1 1 1 opera
 w 1 1 1 operations
 w 1 1 1 opinion
 w 1 1 1 oprocmgr-status
@ -1183,12 +1244,16 @@ w 1 1 1 passwords
 w 1 1 1 past
 w 1 1 1 patch
 w 1 1 1 patches
+w 1 1 1 payment
+w 1 1 1 payments
 w 1 1 1 paypal
+w 1 1 1 pbo
 w 1 1 1 pc
 w 1 1 1 pci
 w 1 1 1 pda
 w 1 1 1 pdf
 w 1 1 1 pdfs
+w 1 1 1 pear
 w 1 1 1 peek
 w 1 1 1 pending
 w 1 1 1 people
@ -1218,27 +1283,35 @@ w 1 1 1 pics
 w 1 1 1 pictures
 w 1 1 1 pii
 w 1 1 1 ping
+w 1 1 1 pipe
 w 1 1 1 pipermail
 w 1 1 1 piranha
+w 1 1 1 pivot
 w 1 1 1 pix
 w 1 1 1 pixel
 w 1 1 1 pkg
 w 1 1 1 pkgs
 w 1 1 1 plain
 w 1 1 1 play
+w 1 1 1 player
+w 1 1 1 playing
+w 1 1 1 playlist
 w 1 1 1 pls
 w 1 1 1 plugin
 w 1 1 1 plugins
 w 1 1 1 pm
 w 1 1 1 png
+w 1 1 1 poc
 w 1 1 1 poi
 w 1 1 1 policies
 w 1 1 1 policy
 w 1 1 1 politics
 w 1 1 1 poll
 w 1 1 1 polls
+w 1 1 1 pool
 w 1 1 1 pop
 w 1 1 1 pop3
+w 1 1 1 popup
 w 1 1 1 porn
 w 1 1 1 port
 w 1 1 1 portal
@ -1272,6 +1345,7 @@ w 1 1 1 printers
 w 1 1 1 priv
 w 1 1 1 privacy
 w 1 1 1 private
+w 1 1 1 pro
 w 1 1 1 problems
 w 1 1 1 proc
 w 1 1 1 procedures
@ -1293,7 +1367,10 @@ w 1 1 1 prop
 w 1 1 1 properties
 w 1 1 1 property
 w 1 1 1 props
+w 1 1 1 prot
 w 1 1 1 protect
+w 1 1 1 protected
+w 1 1 1 protection
 w 1 1 1 proto
 w 1 1 1 proxies
 w 1 1 1 proxy
@ -1316,6 +1393,7 @@ w 1 1 1 pwd
 w 1 1 1 py
 w 1 1 1 python
 w 1 1 1 q
+w 1 1 1 qotd
 w 1 1 1 qpid
 w 1 1 1 queries
 w 1 1 1 query
@ -1335,6 +1413,8 @@ w 1 1 1 receive
 w 1 1 1 received
 w 1 1 1 recharge
 w 1 1 1 record
+w 1 1 1 recorded
+w 1 1 1 recorder
 w 1 1 1 records
 w 1 1 1 recovery
 w 1 1 1 recycle
@ -1349,6 +1429,8 @@ w 1 1 1 registration
 w 1 1 1 registrations
 w 1 1 1 release
 w 1 1 1 releases
+w 1 1 1 remind
+w 1 1 1 reminder
 w 1 1 1 remote
 w 1 1 1 remove
 w 1 1 1 removed
@ -1376,6 +1458,7 @@ w 1 1 1 requisitions
 w 1 1 1 res
 w 1 1 1 research
 w 1 1 1 resin
+w 1 1 1 resize
 w 1 1 1 resource
 w 1 1 1 resources
 w 1 1 1 rest
@ -1411,6 +1494,7 @@ w 1 1 1 sale
 w 1 1 1 sales
 w 1 1 1 sam
 w 1 1 1 samba
+w 1 1 1 saml
 w 1 1 1 sample
 w 1 1 1 samples
 w 1 1 1 sav
@ -1439,6 +1523,7 @@ w 1 1 1 sdk
 w 1 1 1 se
 w 1 1 1 search
 w 1 1 1 sec
+w 1 1 1 second
 w 1 1 1 secret
 w 1 1 1 section
 w 1 1 1 sections
@ -1446,6 +1531,7 @@ w 1 1 1 secure
 w 1 1 1 secured
 w 1 1 1 security
 w 1 1 1 seed
+w 1 1 1 select
 w 1 1 1 sell
 w 1 1 1 send
 w 1 1 1 sendmail
@ -1468,6 +1554,7 @@ w 1 1 1 setting
 w 1 1 1 settings
 w 1 1 1 setup
 w 1 1 1 sh
+w 1 1 1 shadow
 w 1 1 1 share
 w 1 1 1 shared
 w 1 1 1 shares
@ -1492,8 +1579,13 @@ w 1 1 1 showpost
 w 1 1 1 showthread
 w 1 1 1 shtml
 w 1 1 1 sign
+w 1 1 1 signed
+w 1 1 1 signer
+w 1 1 1 signin
+w 1 1 1 signing
 w 1 1 1 signoff
 w 1 1 1 signon
+w 1 1 1 signout
 w 1 1 1 signup
 w 1 1 1 simple
 w 1 1 1 sink
@ -1510,6 +1602,8 @@ w 1 1 1 sl
 w 1 1 1 sling
 w 1 1 1 sm
 w 1 1 1 small
+w 1 1 1 smile
+w 1 1 1 smiles
 w 1 1 1 sms
 w 1 1 1 smtp
 w 1 1 1 snoop
@ -1552,6 +1646,7 @@ w 1 1 1 sso
 w 1 1 1 stackdump
 w 1 1 1 staff
 w 1 1 1 staging
+w 1 1 1 standalone
 w 1 1 1 standard
 w 1 1 1 standards
 w 1 1 1 star
@ -1581,6 +1676,7 @@ w 1 1 1 styles
 w 1 1 1 submissions
 w 1 1 1 submit
 w 1 1 1 subscribe
+w 1 1 1 subscribed
 w 1 1 1 subscriber
 w 1 1 1 subscribers
 w 1 1 1 subscription
@ -1601,6 +1697,7 @@ w 1 1 1 synapse
 w 1 1 1 sync
 w 1 1 1 synced
 w 1 1 1 sys
+w 1 1 1 sysmanager
 w 1 1 1 system
 w 1 1 1 systems
 w 1 1 1 sysuser
@ -1720,6 +1817,7 @@ w 1 1 1 unix
 w 1 1 1 unlock
 w 1 1 1 unreg
 w 1 1 1 unregister
+w 1 1 1 unsubscribe
 w 1 1 1 up
 w 1 1 1 upd
 w 1 1 1 update
@ -1727,8 +1825,10 @@ w 1 1 1 updated
 w 1 1 1 updater
 w 1 1 1 updates
 w 1 1 1 upload
+w 1 1 1 uploader
 w 1 1 1 uploads
 w 1 1 1 url
+w 1 1 1 urls
 w 1 1 1 us
 w 1 1 1 usa
 w 1 1 1 usage
@ -1771,7 +1871,11 @@ w 1 1 1 virtual
 w 1 1 1 vm
 w 1 1 1 voip
 w 1 1 1 vol
+w 1 1 1 vote
+w 1 1 1 voter
+w 1 1 1 votes
 w 1 1 1 vpn
+w 1 1 1 vuln
 w 1 1 1 w
 w 1 1 1 w3
 w 1 1 1 w3c
@ -1801,6 +1905,7 @@ w 1 1 1 webcgi
 w 1 1 1 webchat
 w 1 1 1 webdata
 w 1 1 1 webdav
+w 1 1 1 webdb
 w 1 1 1 weblog
 w 1 1 1 weblogic
 w 1 1 1 weblogs
@ -1809,9 +1914,12 @@ w 1 1 1 webplus
 w 1 1 1 webshop
 w 1 1 1 website
 w 1 1 1 websphere
+w 1 1 1 websql
 w 1 1 1 webstats
 w 1 1 1 websvn
 w 1 1 1 webwork
+w 1 1 1 week
+w 1 1 1 weekly
 w 1 1 1 welcome
 w 1 1 1 whitepapers
 w 1 1 1 whois
@ -1831,8 +1939,10 @@ w 1 1 1 working
 w 1 1 1 world
 w 1 1 1 wp
 w 1 1 1 wp-content
+w 1 1 1 wp-dbmanager
 w 1 1 1 wp-includes
 w 1 1 1 wp-login
+w 1 1 1 wp-syntax
 w 1 1 1 wrap
 w 1 1 1 ws
 w 1 1 1 ws-client
@ -1848,6 +1958,7 @@ w 1 1 1 wwwroot
 w 1 1 1 wwwstats
 w 1 1 1 wwwthreads
 w 1 1 1 wwwuser
+w 1 1 1 wysiwyg
 w 1 1 1 x
 w 1 1 1 xalan
 w 1 1 1 xerces
@ -1861,14 +1972,18 @@ w 1 1 1 xxx
 w 1 1 1 xyzzy
 w 1 1 1 y
 w 1 1 1 yahoo
+w 1 1 1 year
+w 1 1 1 yearly
 w 1 1 1 youtube
 w 1 1 1 yt
 w 1 1 1 z
 w 1 1 1 zboard
+w 1 1 1 zencart
 w 1 1 1 zend
 w 1 1 1 zero
 w 1 1 1 zipfiles
 w 1 1 1 zips
+w 1 1 1 zoom
 w 1 1 1 zope
 w 1 1 1 zorum
 w 1 1 1 ~admin