Vulnerability Development mailing list archives
Re: script locations
From: Vitaly Osipov <vosipov () wolfegroup ie>
Date: Fri, 08 Jun 2001 09:31:20 +0100
There was the same discussion recently on pen-test list under subject "word lists, again". The most interesting link from that discussion is http://www.ukrt.f2s.com/bugs.htm - it's a list of filenames/locations checked by some cgi-scanner (actually there are quite a few of those - check http://www.ukrt.f2s.com/scan.htm , most of those tools have a list of locations they check as a plain text file, so you'll be able to extract it. regards, Vitaly Michal Zalewski wrote:
Hi, I am looking for a list of common locations, filenames and file extensions for cgi scripts, servlets and parsed html on miscleanous servers. My current "brain dump" would contain the following extensions: .cgi, .pl, .exe, .shtml, .php3, .asp, .dll, .nsf, .jsp, .exe and .class. The list of locations would be rather short: *-bin/, scripts/... The list of names would be pretty long, but I wonder if there are any actual statistics available? If you are aware of any already existing lists of this kind, it would be great. If you recall other common script filename extensions or locations, please let me know :) If there's no such list, I guess might be good to create it. Please do not respond with single suggestions to the list, I'd try to summarize later :) Thanks, -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-=
Current thread:
- script locations Michal Zalewski (Jun 07)
- RE: script locations Zane Hill (Jun 07)
- Re: script locations Dougal Campbell (Jun 07)
- Re: script locations Blue Boar (Jun 07)
- Re: script locations spi (Jun 07)
- Re: script locations Vitaly Osipov (Jun 08)
- <Possible follow-ups>
- RE: script locations Alex Andrews (Jun 07)
- RE: script locations Michal Zalewski (Jun 07)
- Re: script locations Benjamin Elijah Griffin (Jun 07)
- Re: script locations spi (Jun 07)
- Re: script locations securityforums (Jun 14)