On Thu, 7 Jun 2001, Michal Zalewski wrote: > Hi, > > I am looking for a list of common locations, filenames and file extensions > for cgi scripts, servlets and parsed html on miscleanous servers. > > My current "brain dump" would contain the following extensions: .cgi, .pl, > .exe, .shtml, .php3, .asp, .dll, .nsf, .jsp, .exe and .class. The list of > locations would be rather short: *-bin/, scripts/... The list of names > would be pretty long, but I wonder if there are any actual statistics > available? If you are aware of any already existing lists of this kind, it > would be great. If you recall other common script filename extensions or > locations, please let me know :) > > If there's no such list, I guess might be good to create it. > > Please do not respond with single suggestions to the list, I'd try to > summarize later :) > > Thanks, Have you looked at whisker yet? http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2 I haven't looked at the development version much, but the last "stable" version (1.4) has a fairly comprehensive list of paths/filenames for known vulnerabilities. -- Ernest MacDougal Campbell III, MCP+I, MCSE <dougalat_private> http://dougal.gunters.org/ http://spam.gunters.org/ Lumber Cartel Unit #1654 (tinlc): http://come.to/the.lumber.cartel/ This message is guaranteed to be 100% eror frea!
This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 15:22:37 PDT