discovery/generic/interesting-files-apache.txt

@@ -1,11 +1,8 @@
-# If logs are visible and there is a potential RFI, try to poison a logfile and include it.
-# poison req example:
-# http://victim/someurl/<?php%20phpinfo();?>/somepath/poisonreq.txt
-.htaccess
-.htaccess.bak
-.htpasswd
-.meta
-.web
+/.htaccess
+/.htaccess.bak
+/.htpasswd
+/.meta
+/.web
 /apache/logs/access.log 
 /apache/logs/access_log
 /apache/logs/error.log 
@@ -18,29 +15,29 @@
 /logs/access.log 
 /logs/error.log 
 /logs/error_log
-access_log
-cgi
-cgi-bin
-cgi-pub
-cgi-script
-dummy
-error
-error_log
-htdocs
-httpd
-httpd.pid
-icons
-index.html
-logs
-manual
-phf
-printenv
-server-info
-server-status
-status
-test-cgi
-tmp
-~bin
-~ftp
-~nobody
-~root
+/access_log
+/cgi
+/cgi-bin
+/cgi-pub
+/cgi-script
+/dummy
+/error
+/error_log
+/htdocs
+/httpd
+/httpd.pid
+/icons
+/index.html
+/logs
+/manual
+/phf
+/printenv
+/server-info
+/server-status
+/status
+/test-cgi
+/tmp
+/~bin
+/~ftp
+/~nobody
+/~root

discovery/generic/interesting-files-logins.txt

@@ -1,47 +1,46 @@
-# possible login scripts
-admin.asp
-admin.aspx
-admin.cfm
-admin.jsp
-admin.php
-admin.php4
-admin.pl
-admin.py
-admin.rb
-administrator
-administrator.asp
-administrator.aspx
-administrator.cfm
-administrator.jsp
-administrator.php
-administrator.php4
-administrator.pl
-administrator.py
-administrator.rb
-admnistrator.php3
-cgi-bin/sqwebmail?noframes=1
-default.asp
-exchange/logon.asp
-gs/admin
-index.php?u=
-login.asp
-login.aspx
-login.cfm
-login.php
-login.php3
-login.php4
-login.pl
-login.py
-login.rb
-logon.asp
-logon.aspx
-logon.jsp
-logon.php
-logon.php3
-logon.php4
-logon.pl
-logon.py
-logon.rb
-typo3/in
-utilities/TreeView.asp
-webeditor.php
+/admin.asp
+/admin.aspx
+/admin.cfm
+/admin.jsp
+/admin.php
+/admin.php4
+/admin.pl
+/admin.py
+/admin.rb
+/administrator
+/administrator.asp
+/administrator.aspx
+/administrator.cfm
+/administrator.jsp
+/administrator.php
+/administrator.php4
+/administrator.pl
+/administrator.py
+/administrator.rb
+/admnistrator.php3
+/cgi-bin/sqwebmail?noframes=1
+/default.asp
+/exchange/logon.asp
+/gs/admin
+/index.php?u=
+/login.asp
+/login.aspx
+/login.cfm
+/login.php
+/login.php3
+/login.php4
+/login.pl
+/login.py
+/login.rb
+/logon.asp
+/logon.aspx
+/logon.jsp
+/logon.php
+/logon.php3
+/logon.php4
+/logon.pl
+/logon.py
+/logon.rb
+/typo3/in
+/utilities/TreeView.asp
+/webeditor.php

discovery/generic/interesting-files-passwords.txt

@@ -1,48 +1,47 @@
-# files possibly containign passwords that sometimes end up in web accessible dirs - fuzz for in most or all web accessible paths
-secring.skr
-secring.pgp
-secring.bak
-passwd
-passwd.bak
-master.passwd
-pwd.db
-htpasswd
-htpasswd.bak
-htgroup
-spwd.db
-htpasswd/htpasswd.bak
-config.php
-phpinfo.php
-passlist
-passlist.txt
-auth_user_file
-administrators.pwd
-admin.mdb
-connect.inc
-globals.inc
-vtund.conf
-password.log
-slapd.conf
-wvdial.conf
-.netrc
-wand.dat
-mrtg.cfg
-zebra.conf
-ospfd.conf
-ccbill.log
-users.mdb
-lilo.conf
-wwwboard/passwd.txt
-db/main.mdb
-sites.ini
-wcx_ftp.ini
-ws_ftp.ini
-flashFXP.ini
-serv-u.ini
-eudora.ini
-unattend.txt
-passwd.txt
-server.cfg
-pass.dat
-phpinfo.php
-admin.dat
+/secring.skr
+/secring.pgp
+/secring.bak
+/passwd
+/passwd.bak
+/master.passwd
+/pwd.db
+/htpasswd
+/htpasswd.bak
+/htgroup
+/spwd.db
+/htpasswd/htpasswd.bak
+/config.php
+/phpinfo.php
+/passlist
+/passlist.txt
+/auth_user_file
+/administrators.pwd
+/admin.mdb
+/connect.inc
+/globals.inc
+/vtund.conf
+/password.log
+/slapd.conf
+/wvdial.conf
+/.netrc
+/wand.dat
+/mrtg.cfg
+/zebra.conf
+/ospfd.conf
+/ccbill.log
+/users.mdb
+/lilo.conf
+/wwwboard/passwd.txt
+/db/main.mdb
+/sites.ini
+/wcx_ftp.ini
+/ws_ftp.ini
+/flashFXP.ini
+/serv-u.ini
+/eudora.ini
+/unattend.txt
+/passwd.txt
+/server.cfg
+/pass.dat
+/phpinfo.php
+/admin.dat

discovery/generic/interesting-files-random.txt

@@ -1,24 +1,24 @@
-accounts.txt
-culeadora.txt
-data.txt
-database.txt
-grabbed.html
-info.txt
-l0gs.txt
-log.txt
-logins.txt
-logs.txt
-members.txt
-pass.txt
-passes.txt
-password.html
-password.txt
-passwords.html
-passwords.txt
-pazz.txt
-pazzezs.txt
-pw.txt
-pws.txt
-technico.txt
-usernames.txt
-users.txt
+/accounts.txt
+/culeadora.txt
+/data.txt
+/database.txt
+/grabbed.html
+/info.txt
+/l0gs.txt
+/log.txt
+/logins.txt
+/logs.txt
+/members.txt
+/pass.txt
+/passes.txt
+/password.html
+/password.txt
+/passwords.html
+/passwords.txt
+/pazz.txt
+/pazzezs.txt
+/pw.txt
+/pws.txt
+/technico.txt
+/usernames.txt
+/users.txt