| Folder Name | Description of Contents |
|---|---|
| acme-challenge-paths | Path names within a /.well-known/acme-challenge/ folder |
| admin-paths-cwd | list of administrative filenames and directories that may be in the CWD (Current Working Directory) |
| admin-path-formats | format strings for pathnames of to administration consoles via https://pastebin.com/raw/JRBCYMcU |
| admin-path-names | pathnames of various admin console pages found on web servers |
| adobecq-path-names | paths to content on Adobe Experience Manager a.k.a. CQ |
| apache-james-paths | paths taken from the quick-start.html doc on http://james.apache.org |
| apache-path-names | path names commonly found under web root of an Apache install |
| apache-struts-filepaths | Path names under the webapp directories (i.e the web root folder) found in Apache Struts release packages |
| apache-tapestry-paths | Apache Tapestry paths created from source tree |
| bbscan-request-rules | List of path names taken from the rules folder distributed with the BBScan tool |
| biomedical-porn-datasets | Locations parsed from a proxy log that ended up containing pornographic, biological and medical style paths; extracted from https://www.secrepo.com/squid/access.log.gz |
| breacher-paths-list | paths.txt file distributed with Breacher |
| cakephp-paths-list | Paths list created from the CakePHP source tree |
| coldfusion-cfmx-cfide | pathnames to admin pages on Adobe ColdFusion app server |
| common-path-names | several of the files in this folder, sorted and uniqified |
| cpan-module-paths | paths in CPAN (Comprehensive Perl Archive Network) modules |
| dirb-vulns-paths | pathnames of all vulnerabilities scanned for by the dirb tool |
| direct-web-remoting | paths for Direct Web Remoting |
| dirsearch-paths-list | dict.txt file packaged with the dirsearch tool |
| drupal-path-names | path names typically found under the web root of a Drupal install |
| falcon-jsp-paths | FalconPathScan .php extensions changed to .jsp |
| falcon-path-scan | The paths.txt file distributed with the FalconPathScan |
| fingerprinter-db-paths | Path names extracted from JSON data files distributed with the Fingerprinter tool https://github.com/erwanlr/Fingerprinter/tree/master/db |
| font-file-names | List of names for various OpenType and TrueType font files |
| forcepoint-ink-files | file names for scanning custom extensions |
| generic-path-names | general path names that could be used on any web server |
| github-gitignore-paths | path names parsed from .gitignore files in various GitHub repositories via scripts/make-gitignore-paths |
| httpoxyscan-cgilist-paths | cgi_list.txt |
| http301-redirect-syntax | HTTP 301 redirect syntax for various programming languages that support CGI programming. |
| ibm-bea-paths | paths for both J2EE app servers IBM WebSphere and Oracle WebLogic |
| iis-path-names | path names commonly found under the web root of an IIS install |
| j2ee-paths-large | long list of custom created J2EE targeted path names |
| javascript-tooling-paths | The Front-end Tooling Book |
| jboss-path-names | path names often handled by the JBoss J2EE application server |
| jira-paths-list | Jira path names to test for |
| joomla-path-names | file names found in the directory hierarchy of Joomla sites |
| locale-paths-short | locale paths formatted in various manners, i.e. dash, underscore, slash, etc. |
| locale-paths-long | locale paths list identical to locales-paths-short, but also has upper-case language abbreviations and no seperator |
| login-path-names | pathnames that could reference login pages on a web server |
| magento-path-names | file names often found under Magento's directory hierarchy |
| nmap-rtsp-urls | taken from nmap's nselib/data/rtsp-urls.txt |
| nodejs-paths-list | list of path names likely to be served by a NodeJS web app |
| open-door-directories | directories.dat file from Open Door |
| open-door-ignored | ignored.dat file from Open Door |
| oracle-business-intelligence | paths taken from Oracle Business Intelligence docs |
| oracle-path-names | pathnames usually served by Oracle Application Server |
| oracle-robots-text | the robots.txt file containing documentation pathnames served at http://www.oracle.com/robots.txt |
| paths-below-webinf | paths most commonly found under the WEB-INF directory |
| proxy-ssrf-paths | Paths to be used in requests that test SSRF attacks on proxies |
| quick-hit-paths | pathnames that are most likely to exist |
| restricted-paths-annotated | paths to files often in web root directories needing access control (annotated by single-line comments.) |
| search-engine-settings | Search Engines |
| sharepoint-path-names | common Microsoft SharePoint path names |
| skipfish-path-names | web path names used by the skipfish web app recon tool |
| spike-proxy-words | The words file packaged with ImmunitySec SPIKE Proxy |
| top-robots-parsed | most popular entries from RobotsDisallowed repository parsed |
| top1k-robots-sitemaps | Sitemap paths from robots.txt of top 1,000 Alexa sites |
| unix-traverse-passwd | UNIX path names for directory traversing to passwd file |
| w3brute-admin-paths | administrative pathnames taken from adminPaths SQLite3 database of the w3brute tool |
| web-inf-paths | list of path names typically found under the WEB-INF directory |
| web-inf-paths | typical path names to be founder under a WEB-INF folder |
| weblogic-j2ee-paths | common paths found on the J2EE WebLogic application server |
| websphere-class-path | IBM WebSphere CLASSPATH runtime environment variable |
| websphere-path-names | pathnames usually available from IBM WebSphere listeners |
| well-known-paths | Well-Known URI path names taken from IANA assignment |
| wfuzz-vulns-list | combined list of paths from the wfuzz tool's vulns folder |
| xml-sitemap-paths | Location of XML sitemap(s) as specified by: sitemaps.org |
webapp-paths
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||