There was the same discussion recently on pen-test list under subject "word lists, again". The most interesting link from that discussion is http://www.ukrt.f2s.com/bugs.htm - it's a list of filenames/locations checked by some cgi-scanner (actually there are quite a few of those - check http://www.ukrt.f2s.com/scan.htm , most of those tools have a list of locations they check as a plain text file, so you'll be able to extract it. regards, Vitaly Michal Zalewski wrote: > > Hi, > > I am looking for a list of common locations, filenames and file extensions > for cgi scripts, servlets and parsed html on miscleanous servers. > > My current "brain dump" would contain the following extensions: .cgi, .pl, > .exe, .shtml, .php3, .asp, .dll, .nsf, .jsp, .exe and .class. The list of > locations would be rather short: *-bin/, scripts/... The list of names > would be pretty long, but I wonder if there are any actual statistics > available? If you are aware of any already existing lists of this kind, it > would be great. If you recall other common script filename extensions or > locations, please let me know :) > > If there's no such list, I guess might be good to create it. > > Please do not respond with single suggestions to the list, I'd try to > summarize later :) > > Thanks, > -- > _____________________________________________________ > Michal Zalewski [lcamtufat_private] [security] > [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: > =-=> Did you know that clones never use mirrors? <=-=
This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 10:13:55 PDT