discovery/generic/interesting-files-apache.txt

@@ -1,11 +1,8 @@
-# If logs are visible and there is a potential RFI, try to poison a logfile and include it.
+/.htaccess
-# poison req example:
+/.htaccess.bak
-# http://victim/someurl/<?php%20phpinfo();?>/somepath/poisonreq.txt
+/.htpasswd
-.htaccess
+/.meta
-.htaccess.bak
+/.web
-.htpasswd
-.meta
-.web
 /apache/logs/access.log 
 /apache/logs/access_log
 /apache/logs/error.log 
@@ -18,29 +15,29 @@
 /logs/access.log 
 /logs/error.log 
 /logs/error_log
-access_log
+/access_log
-cgi
+/cgi
-cgi-bin
+/cgi-bin
-cgi-pub
+/cgi-pub
-cgi-script
+/cgi-script
-dummy
+/dummy
-error
+/error
-error_log
+/error_log
-htdocs
+/htdocs
-httpd
+/httpd
-httpd.pid
+/httpd.pid
-icons
+/icons
-index.html
+/index.html
-logs
+/logs
-manual
+/manual
-phf
+/phf
-printenv
+/printenv
-server-info
+/server-info
-server-status
+/server-status
-status
+/status
-test-cgi
+/test-cgi
-tmp
+/tmp
-~bin
+/~bin
-~ftp
+/~ftp
-~nobody
+/~nobody
-~root
+/~root

discovery/generic/interesting-files-logins.txt

@@ -1,47 +1,46 @@
-# possible login scripts
+/admin.asp
-admin.asp
+/admin.aspx
-admin.aspx
+/admin.cfm
-admin.cfm
+/admin.jsp
-admin.jsp
+/admin.php
-admin.php
+/admin.php4
-admin.php4
+/admin.pl
-admin.pl
+/admin.py
-admin.py
+/admin.rb
-admin.rb
+/administrator
-administrator
+/administrator.asp
-administrator.asp
+/administrator.aspx
-administrator.aspx
+/administrator.cfm
-administrator.cfm
+/administrator.jsp
-administrator.jsp
+/administrator.php
-administrator.php
+/administrator.php4
-administrator.php4
+/administrator.pl
-administrator.pl
+/administrator.py
-administrator.py
+/administrator.rb
-administrator.rb
+/admnistrator.php3
-admnistrator.php3
+/cgi-bin/sqwebmail?noframes=1
-cgi-bin/sqwebmail?noframes=1
+/default.asp
-default.asp
+/exchange/logon.asp
-exchange/logon.asp
+/gs/admin
-gs/admin
+/index.php?u=
-index.php?u=
+/login.asp
-login.asp
+/login.aspx
-login.aspx
+/login.cfm
-login.cfm
+/login.php
-login.php
+/login.php3
-login.php3
+/login.php4
-login.php4
+/login.pl
-login.pl
+/login.py
-login.py
+/login.rb
-login.rb
+/logon.asp
-logon.asp
+/logon.aspx
-logon.aspx
+/logon.jsp
-logon.jsp
+/logon.php
-logon.php
+/logon.php3
-logon.php3
+/logon.php4
-logon.php4
+/logon.pl
-logon.pl
+/logon.py
-logon.py
+/logon.rb
-logon.rb
+/typo3/in
-typo3/in
+/utilities/TreeView.asp
-utilities/TreeView.asp
+/webeditor.php
-webeditor.php

discovery/generic/interesting-files-passwords.txt

@@ -1,48 +1,47 @@
-# files possibly containign passwords that sometimes end up in web accessible dirs - fuzz for in most or all web accessible paths
+/secring.skr
-secring.skr
+/secring.pgp
-secring.pgp
+/secring.bak
-secring.bak
+/passwd
-passwd
+/passwd.bak
-passwd.bak
+/master.passwd
-master.passwd
+/pwd.db
-pwd.db
+/htpasswd
-htpasswd
+/htpasswd.bak
-htpasswd.bak
+/htgroup
-htgroup
+/spwd.db
-spwd.db
+/htpasswd/htpasswd.bak
-htpasswd/htpasswd.bak
+/config.php
-config.php
+/phpinfo.php
-phpinfo.php
+/passlist
-passlist
+/passlist.txt
-passlist.txt
+/auth_user_file
-auth_user_file
+/administrators.pwd
-administrators.pwd
+/admin.mdb
-admin.mdb
+/connect.inc
-connect.inc
+/globals.inc
-globals.inc
+/vtund.conf
-vtund.conf
+/password.log
-password.log
+/slapd.conf
-slapd.conf
+/wvdial.conf
-wvdial.conf
+/.netrc
-.netrc
+/wand.dat
-wand.dat
+/mrtg.cfg
-mrtg.cfg
+/zebra.conf
-zebra.conf
+/ospfd.conf
-ospfd.conf
+/ccbill.log
-ccbill.log
+/users.mdb
-users.mdb
+/lilo.conf
-lilo.conf
+/wwwboard/passwd.txt
-wwwboard/passwd.txt
+/db/main.mdb
-db/main.mdb
+/sites.ini
-sites.ini
+/wcx_ftp.ini
-wcx_ftp.ini
+/ws_ftp.ini
-ws_ftp.ini
+/flashFXP.ini
-flashFXP.ini
+/serv-u.ini
-serv-u.ini
+/eudora.ini
-eudora.ini
+/unattend.txt
-unattend.txt
+/passwd.txt
-passwd.txt
+/server.cfg
-server.cfg
+/pass.dat
-pass.dat
+/phpinfo.php
-phpinfo.php
+/admin.dat
-admin.dat

discovery/generic/interesting-files-random.txt

@@ -1,24 +1,24 @@
-accounts.txt
+/accounts.txt
-culeadora.txt
+/culeadora.txt
-data.txt
+/data.txt
-database.txt
+/database.txt
-grabbed.html
+/grabbed.html
-info.txt
+/info.txt
-l0gs.txt
+/l0gs.txt
-log.txt
+/log.txt
-logins.txt
+/logins.txt
-logs.txt
+/logs.txt
-members.txt
+/members.txt
-pass.txt
+/pass.txt
-passes.txt
+/passes.txt
-password.html
+/password.html
-password.txt
+/password.txt
-passwords.html
+/passwords.html
-passwords.txt
+/passwords.txt
-pazz.txt
+/pazz.txt
-pazzezs.txt
+/pazzezs.txt
-pw.txt
+/pw.txt
-pws.txt
+/pws.txt
-technico.txt
+/technico.txt
-usernames.txt
+/usernames.txt
-users.txt
+/users.txt