Last active
March 3, 2022 14:00
-
-
Save atucom/4bb8a86b9b671b35318ddd6cf40ac445 to your computer and use it in GitHub Desktop.
Place to store a directory enumeration wordlist, hand curated, no BS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wls-wsat/CoordinatorPortType | |
_async/AsyncResponseService | |
oaiusydf8as7df68sdfyas8dgq | |
zxcv1987lla/av9s8dvj2-we_q | |
bea_wls_internal/ | |
dana-na/../dana/html5acc/guacamole/../../../../../../etc/hosts?/dana/html5acc/guacamole/ | |
vsphere-client/ | |
Telerik.Web.Ui.WebResource.axd?type=rau | |
console/css/%252e%252e%252fconsole.portal | |
%252e%252e%252fconsole.portal | |
%2e%2e%2fconsole.portal | |
ui/ | |
mob/ | |
apiexplorer/index.html | |
folder | |
index.html | |
index.asp | |
index.php | |
index.jsp | |
index.action | |
struts3-showcase/ | |
/owa/ | |
/ews/ | |
/ecp/ | |
/oab/ | |
/autodiscover/ | |
/Microsoft-Server-ActiveSync/ | |
/rpc/ | |
/powershell/ | |
/behavior | |
/behaviors | |
/configuration | |
/service | |
/serviceBehaviors | |
/services | |
/system.serviceModel |
example dir-enum line with wfuzz:
cat TARGETS_one_per_line.txt | xargs -I{} -P5 sh -c "wfuzz -w atu-directory-enumeration.wordlist.txt --req-delay 20 --conn-delay 20 -f output1/{}.wfuzz.output https://{}/FUZZ"
added these fro ms exchange single factor auth detection:
/owa/
/ews/
/ecp/
/oab/
/autodiscover/
/Microsoft-Server-ActiveSync/
/rpc/
/powershell/
Added Windows Component Foundation services that have the following URL endpoints:
/behavior
/behaviors
/configuration
/service
/serviceBehaviors
/services
/system.serviceModel
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
oaiusydf8as7df68sdfyas8dgq
zxcv1987lla/av9s8dvj2-we_q
were added as false positive detectors