Folder Name | Description of Contents |
---|---|
acme-challenge-paths | Path names within a /.well-known/acme-challenge/ folder |
admin-paths-cwd | list of administrative filenames and directories that may be in the CWD (Current Working Directory) |
admin-path-formats | format strings for pathnames of to administration consoles via https://pastebin.com/raw/JRBCYMcU |
admin-path-names | pathnames of various admin console pages found on web servers |
adobecq-path-names | paths to content on Adobe Experience Manager a.k.a. CQ |
apache-james-paths | paths taken from the quick-start.html doc on http://james.apache.org |
apache-path-names | path names commonly found under web root of an Apache install |
apache-struts-filepaths | Path names under the webapp directories (i.e the web root folder) found in Apache Struts release packages |
apache-tapestry-paths | Apache Tapestry paths created from source tree |
bbscan-request-rules | List of path names taken from the rules folder distributed with the BBScan tool |
biomedical-porn-datasets | Locations parsed from a proxy log that ended up containing pornographic, biological and medical style paths; extracted from https://www.secrepo.com/squid/access.log.gz |
breacher-paths-list | paths.txt file distributed with Breacher |
cakephp-paths-list | Paths list created from the CakePHP source tree |
coldfusion-cfmx-cfide | pathnames to admin pages on Adobe ColdFusion app server |
common-path-names | several of the files in this folder, sorted and uniqified |
cpan-module-paths | paths in CPAN (Comprehensive Perl Archive Network) modules |
dirb-vulns-paths | pathnames of all vulnerabilities scanned for by the dirb tool |
direct-web-remoting | paths for Direct Web Remoting |
dirsearch-paths-list | dict.txt file packaged with the dirsearch tool |
drupal-path-names | path names typically found under the web root of a Drupal install |
falcon-jsp-paths | FalconPathScan .php extensions changed to .jsp |
falcon-path-scan | The paths.txt file distributed with the FalconPathScan |
fingerprinter-db-paths | Path names extracted from JSON data files distributed with the Fingerprinter tool https://github.com/erwanlr/Fingerprinter/tree/master/db |
font-file-names | List of names for various OpenType and TrueType font files |
forcepoint-ink-files | file names for scanning custom extensions |
generic-path-names | general path names that could be used on any web server |
github-gitignore-paths | path names parsed from .gitignore files in various GitHub repositories via scripts/make-gitignore-paths |
httpoxyscan-cgilist-paths | cgi_list.txt |
http301-redirect-syntax | HTTP 301 redirect syntax for various programming languages that support CGI programming. |
ibm-bea-paths | paths for both J2EE app servers IBM WebSphere and Oracle WebLogic |
iis-path-names | path names commonly found under the web root of an IIS install |
j2ee-paths-large | long list of custom created J2EE targeted path names |
javascript-tooling-paths | The Front-end Tooling Book |
jboss-path-names | path names often handled by the JBoss J2EE application server |
jira-paths-list | Jira path names to test for |
joomla-path-names | file names found in the directory hierarchy of Joomla sites |
locale-paths-short | locale paths formatted in various manners, i.e. dash, underscore, slash, etc. |
locale-paths-long | locale paths list identical to locales-paths-short , but also has upper-case language abbreviations and no seperator |
login-path-names | pathnames that could reference login pages on a web server |
magento-path-names | file names often found under Magento's directory hierarchy |
nmap-rtsp-urls | taken from nmap's nselib/data/rtsp-urls.txt |
nodejs-paths-list | list of path names likely to be served by a NodeJS web app |
open-door-directories | directories.dat file from Open Door |
open-door-ignored | ignored.dat file from Open Door |
oracle-business-intelligence | paths taken from Oracle Business Intelligence docs |
oracle-path-names | pathnames usually served by Oracle Application Server |
oracle-robots-text | the robots.txt file containing documentation pathnames served at http://www.oracle.com/robots.txt |
paths-below-webinf | paths most commonly found under the WEB-INF directory |
proxy-ssrf-paths | Paths to be used in requests that test SSRF attacks on proxies |
quick-hit-paths | pathnames that are most likely to exist |
restricted-paths-annotated | paths to files often in web root directories needing access control (annotated by single-line comments.) |
search-engine-settings | Search Engines |
sharepoint-path-names | common Microsoft SharePoint path names |
skipfish-path-names | web path names used by the skipfish web app recon tool |
spike-proxy-words | The words file packaged with ImmunitySec SPIKE Proxy |
top-robots-parsed | most popular entries from RobotsDisallowed repository parsed |
top1k-robots-sitemaps | Sitemap paths from robots.txt of top 1,000 Alexa sites |
unix-traverse-passwd | UNIX path names for directory traversing to passwd file |
w3brute-admin-paths | administrative pathnames taken from adminPaths SQLite3 database of the w3brute tool |
web-inf-paths | list of path names typically found under the WEB-INF directory |
web-inf-paths | typical path names to be founder under a WEB-INF folder |
weblogic-j2ee-paths | common paths found on the J2EE WebLogic application server |
websphere-class-path | IBM WebSphere CLASSPATH runtime environment variable |
websphere-path-names | pathnames usually available from IBM WebSphere listeners |
well-known-paths | Well-Known URI path names taken from IANA assignment |
wfuzz-vulns-list | combined list of paths from the wfuzz tool's vulns folder |
xml-sitemap-paths | Location of XML sitemap(s) as specified by: sitemaps.org |
webapp-paths
Folders and files
Name | Name | Last commit date | ||
---|---|---|---|---|
parent directory.. | ||||