Lucene search
Copyright (C) 2005 Digital Defense Inc.OPENVAS:136141256231011032HistoryNov 03, 2005 - 12:00 a.m.
Directory Scanner
2005-11-0300:00:00
Copyright (C) 2005 Digital Defense Inc.
plugins.openvas.org
1490
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
This plugin attempts to determine the presence of various
common dirs on the remote web server.
# SPDX-FileCopyrightText: 2005 Digital Defense Inc.
# SPDX-FileCopyrightText: Improved code and additional directories since 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.11032");
script_version("2024-04-26T05:05:36+0000");
script_tag(name:"last_modification", value:"2024-04-26 05:05:36 +0000 (Fri, 26 Apr 2024)");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
script_tag(name:"cvss_base", value:"0.0");
script_xref(name:"OWASP", value:"OWASP-CM-006");
script_name("Directory Scanner");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2005 Digital Defense Inc.");
script_family("Service detection");
script_dependencies("find_service.nasl", "httpver.nasl", "no404.nasl",
"global_settings.nasl", "gb_ssl_sni_supported.nasl"); # SNI support should be determined first
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_timeout(900);
script_tag(name:"summary", value:"This plugin attempts to determine the presence of various
common dirs on the remote web server.");
script_tag(name:"qod_type", value:"remote_banner");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
include("404.inc");
include("misc_func.inc");
debug = 0;
# this arrays contains the results
discoveredDirList = make_list();
authDirList = make_list();
cgi_dirs_exclude_pattern = get_kb_item( "global_settings/cgi_dirs_exclude_pattern" );
use_cgi_dirs_exclude_pattern = get_kb_item( "global_settings/use_cgi_dirs_exclude_pattern" );
cgi_dirs_exclude_servermanual = get_kb_item( "global_settings/cgi_dirs_exclude_servermanual" );
function check_cgi_dir( dir, port ) {
local_var req, res, dir, port;
req = http_get( item:dir + "/non-existent" + rand(), port:port );
res = http_keepalive_send_recv( data:req, port:port, bodyonly:FALSE );
currReqs++;
if( ! res )
failedReqs++;
if( res =~ "^HTTP/1\.[01] 404" ) {
return TRUE;
} else {
return FALSE;
}
}
function add_discovered_list( dir, port, host ) {
local_var dir, port, host, dir_key;
if( ! in_array( search:dir, array:discoveredDirList ) ) {
discoveredDirList = make_list( discoveredDirList, dir );
if( use_cgi_dirs_exclude_pattern ) {
if( egrep( pattern:cgi_dirs_exclude_pattern, string:dir ) ) {
set_kb_item( name:"www/" + host + "/" + port + "/content/excluded_directories", value:dir );
return;
}
}
#TBD: Do a check_cgi_dir( dir:dir, port:port ); before?
dir_key = "www/" + host + "/" + port + "/content/directories";
if( debug ) display( "Setting KB key: ", dir_key, " to '", dir );
set_kb_item( name:dir_key, value:dir );
}
}
function add_auth_dir_list( dir, port, host, basic, realm ) {
local_var dir, port, host, dir_key, basic, realm;
if( ! in_array( search:dir, array:authDirList ) ) {
authDirList = make_list( authDirList, dir );
if( use_cgi_dirs_exclude_pattern ) {
if( egrep( pattern:cgi_dirs_exclude_pattern, string:dir ) ) {
set_kb_item( name:"www/" + host + "/" + port + "/content/excluded_directories", value:dir );
return;
}
}
set_kb_item( name:"www/content/auth_required", value:TRUE );
dir_key = "www/" + host + "/" + port + "/content/auth_required";
if( debug ) display( "Setting KB key: ", dir_key, " to '", dir );
set_kb_item( name:dir_key, value:dir );
# Used in 2018/gb_http_cleartext_creds_submit.nasl
if( basic ) {
set_kb_item( name:"www/basic_auth/detected", value:TRUE );
set_kb_item( name:"www/pw_input_field_or_basic_auth/detected", value:TRUE );
# Used in 2018/gb_http_cleartext_creds_submit.nasl
set_kb_item( name:"www/" + host + "/" + port + "/content/basic_auth/" + dir, value:http_report_vuln_url( port:port, url:dir, url_only:TRUE ) + ":" + realm );
}
}
}
# nb:
# - Some entries might be duplicated, this is acceptable because the list will be made "unique" later
# - Don't add more dirs here and add them in the second testDirList2 below instead (see relevant note for the background)
testDirList = make_list(
".cobalt",
".tools",
".tools/phpMyAdmin",
".tools/phpMyAdmin/current",
# https://ma.ttias.be/well-known-directory-webservers-aka-rfc-5785/
# https://tools.ietf.org/html/rfc5785
# http://sabre.io/dav/service-discovery/
# https://github.com/owncloud/core/blob/29570212c983f0293738dbb0132a5b562dcac9fa/.htaccess#L66-L69
".well-known",
".well-known/acme-challenge",
".well-known/caldav",
".well-known/carddav",
".well-known/host-meta",
".well-known/pki-validation",
".well-known/webfinger",
# git
".git",
".git/logs",
".git/info",
# Bazaar
".bzr",
# SVN
".svn",
# Mercurial
".hg",
# SSH homefolder
".ssh",
#
"1",
"10",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"3rdparty",
"3rdparty/phpMyAdmin",
"3rdparty/phpmyadmin",
"AdminWeb",
"Admin_files",
"Administration",
"AdvWebAdmin",
"Agent",
"Agents",
"Album",
"AlbumArt_",
"BizTalkTracking",
"BizTalkServerDocs",
"BizTalkServerRepository",
"Boutiques",
"Corporate",
"CS",
"CVS",
"DB4Web",
"DMR",
"DocuColor",
"DVWA",
"GXApp",
"HB",
"HBTemplates",
"IBMWebAS",
"Install",
"JBookIt",
"Log",
"Mail",
"MessagingManager",
"Msword",
"NSearch",
"NetDynamic",
"NetDynamics",
"News",
"PDG_Cart",
"PulseCMS",
"QConvergeConsole",
"RCS",
"README",
"ROADS",
"Readme",
"Remote",
"SilverStream",
"Stats",
"StoreDB",
"Templates",
"ToDo",
"WebBank",
"WebCalendar",
"WebDB",
"WebShop",
"WebTrend",
"Web_store",
"WSsamples",
"XSL",
"_ScriptLibrary",
"_backup",
"_derived",
"_errors",
"_fpclass",
"_notes",
"_objects",
"_old",
"_pages",
"_passwords",
"_private",
"_scripts",
"_sharedtemplates",
"_tests",
"_themes",
"a",
"about",
"acceso",
"access",
"accesswatch",
"acciones",
"account",
"accounting",
"activex",
"adm",
"admcgi",
"admentor",
"admin",
"admin_",
"admin.back",
"admin-bak",
"administration",
"administrator",
"admin-old",
"adminuser",
"adminweb",
"admisapi",
"agentes",
"analog",
"analytics",
"anthill",
"apache",
"api",
"app",
"applets",
"application",
"applications",
"apps",
"ar",
"archive",
"archives",
"asp",
"aspx",
"atc",
"auth",
"auth-cgi-bin",
"auth-cgi-bin/cgiwrap",
"authadmin",
"aw",
"ayuda",
"b",
"b2-include",
"back",
"backend",
"backup",
"backups",
"bak",
"banca",
"banco",
"bank",
"banner",
"banner01",
"banners",
"batch",
"bb-dnbd",
"bbv",
"bdata",
"bdatos",
"beta",
"billpay",
"bin",
"blog",
"boadmin",
"board",
"boot",
"btauxdir",
"bug",
"bugs",
"bugzilla",
"business",
"buy",
"buynow",
"c",
"cache-stats",
"cacti",
"caja",
"card",
"cards",
"cart",
"cash",
"caspsamp",
"catalog",
"cbi-bin",
"ccard",
"ccards",
"cd",
"cd-cgi",
"cdrom",
"ce_html",
"cert",
"certificado",
"certificate",
"cfappman",
"cfdocs",
"cfide",
"cgi",
"cgi-auth",
"cgi-bin",
"cgi-bin/cgiwrap",
"cgibin",
"cgi-bin2",
"cgi-csc",
"cgi-lib",
"cgilib",
"cgi-local",
"cgis",
"cgi-scripts",
"cgiscripts",
"cgi-shl",
"cgi-shop",
"cgi-sys",
"cgi-weddico",
"cgi-win",
"cgiwin",
"chat",
"class",
"classes",
"client",
"cliente",
"clientes",
"cm",
"cms",
"cmsample",
"cobalt-images",
"code",
"comments",
"common",
"communicator",
"community",
"company",
"compra",
"compras",
"compressed",
"conecta",
"conf",
"config",
"connect",
"console",
"content",
"controlpanel",
"core",
"corp",
"correo",
"counter",
"credit",
"cron",
"crons",
"crypto",
"csr",
"css",
"cuenta",
"cuentas",
"currency",
"customers",
"cvsweb",
"cybercash",
"d",
"darkportal",
"dashboard",
"dat",
"data",
"database",
"databases",
"datafiles",
"dato",
"datos",
"dav",
"db",
"dbase",
"dcforum",
"ddreport",
"ddrint",
"demo",
"demoauct",
"demomall",
"demos",
"design",
"dev",
"devel",
"development",
"dialup",
"dialup_admin",
"dir",
"directory",
"directorymanager",
"dl",
"dll",
"dm",
"dms",
"dms0",
"dmsdump",
"doc",
"doc1",
"doc-html",
"docs",
"docs1",
"document",
"documents",
"dokeos",
"down",
"download",
"downloads",
"drupal",
"drupal6",
"drupal7",
"dspam",
"dump",
"durep",
"e",
"easylog",
"eforum",
"egroupware",
"ejemplo",
"ejemplos",
"email",
"emailclass",
"eManager",
"employees",
"empoyees",
"empris",
"envia",
"enviamail",
"error",
"errors",
"es",
"estmt",
"etc",
"example",
"examples",
"exc",
"excel",
"exchange",
"exe",
"exec",
"export",
"external",
"f",
"fbsd",
"fcgi-bin",
"file",
"filemanager",
"files",
"flexcube@",
"flexcubeat",
"foldoc",
"form",
"formalms",
"forms",
"formsmgr",
"form-totaller",
"forum",
"forums",
"foto",
"fotos",
"fpadmin",
"fpdb",
"fpsample",
"frameset",
"framesets",
"ftp",
"ftproot",
"g",
"ganglia",
"gfx",
"global",
"gosa",
"grocery",
"guest",
"guestbook",
"guests",
"h",
"help",
"helpdesk",
"hidden",
"hide",
"hitmatic",
"hit_tracker",
"hlstats",
"home",
"horde",
"hostingcontroller",
"howto",
"hr",
"hrm",
"ht",
"htbin",
"htdocs",
"html",
"hyperstat",
"i",
"ibank",
"ibill",
"icons",
"idea",
"ideas",
"ikiwiki",
"image",
"imagenes",
"imagery",
"images",
"img",
"imp",
"import",
"impreso",
"inc",
"include",
"includes",
"incoming",
"info",
"information",
"ingresa",
"ingreso",
"install",
"internal",
"intranet",
"inventory",
"invitado",
"isapi",
"j",
"japidoc",
"java",
"javascript",
"javasdk",
"javatest",
"jave",
"jdbc",
"job",
"jrun",
"js",
"jserv",
"jslib",
"jsp",
"junk",
"k",
"keyserver",
"kibana",
"kiva",
"l",
"labs",
"lam",
"lcgi",
"ldap",
"ldapadmin",
"ldapadmin/htdocs",
"leap",
"legal",
"lib",
"libraries",
"library",
"libro",
"links",
"linux",
"loader",
"log",
"logfile",
"logfiles",
"logg",
"logger",
"logging",
"login",
"logon",
"logs",
"lost+found",
"m",
"mail",
"mail_log_files",
"mailroot",
"makefile",
"mall_log_files",
"manage",
"manual",
"marketing",
"matomo",
"member",
"members",
"mercuryboard",
"message",
"messaging",
"metacart",
"misc",
"mkstats",
"movimientos",
"mp3",
"mp3s",
"mqseries",
"msi",
"msql",
"myaccount",
"mysql",
"mysql_admin",
"n",
"ncadmin",
"nchelp",
"ncsample",
"nds",
"netbasic",
"netcat",
"netmagstats",
"netscape",
"netshare",
"nettracker",
"new",
"nextgeneration",
"nl",
"noticias",
"obj",
"objects",
"odbc",
"offers",
"ojs",
"old",
"old_files",
"oldfiles",
"oprocmgr-service",
"oprocmgr-status",
"oracle",
"oradata",
"order",
"orders",
"otrs",
"otrs-web",
"outgoing",
"owncloud",
"owners",
"p",
"pages",
"panel",
"passport",
"password",
"passwords",
"payment",
"payments",
"pccsmysqladm",
"perl",
"perl5",
"perl-status",
"personal",
"personal_pages",
"pforum",
"phorum",
"php",
"phpBB",
"php_classes",
"phpclassifieds",
"phpimageview",
"phpip",
"phpldapadmin",
"phpldapadmin/htdocs",
"phpmyadmin",
"phpMyAdmin",
"phpMyAdminOLD",
"PHPMyAdmin",
"phpnuke",
"phpPhotoAlbum",
"phpprojekt",
"phpSecurePages",
"phpunit",
"piranha",
"piwik",
"pls",
"pma",
"poll",
"polls",
"portal",
"postgres",
"ppwb",
"printers",
"priv",
"privado",
"private",
"prod",
"protected",
"prueba",
"pruebas",
"prv",
"pub",
"public",
"publica",
"publicar",
"publico",
"publish",
"pulsecms",
"purchase",
"purchases",
"pw",
"q",
"r",
"random_banner",
"rdp",
"redmine",
"register",
"registered",
"rem",
"report",
"reports",
"reseller",
"restricted",
"retail",
"reviews",
"root",
"roundcube",
"roundcubemail",
"rsrc",
"s",
"sales",
"sample",
"samples",
"save",
"script",
"scripts",
"search",
"search97",
"search-ui",
"secret",
"secure",
"secured",
"sell",
"serve",
"server-info",
"servers",
"server_stats",
"serverstats",
"server-status",
"service",
"services",
"servicio",
"servicios",
"servlet",
"servlets",
"session",
"setup",
"share",
"shared",
"shell-cgi",
"shipping",
"shop",
"shopper",
"shopping",
"site",
"siteadmin",
"sitebuildercontent",
"sitebuilderfiles",
"sitebuilderpictures",
"sitemgr",
"siteminder",
"siteminderagent",
"sites",
"siteserver",
"sitestats",
"siteupdate",
"slide",
"smreports",
"smreportsviewer",
"soap",
"soapdocs",
"software",
"solaris",
"solutions",
"source",
"sql",
"squid",
"squirrelmail",
"src",
"srchadm",
"ssi",
"ssl",
"sslkeys",
"staff",
"stag",
"stage",
"staging",
"stat",
"statistic",
"statistics",
"statistik",
"statistiken",
"stats",
"stats-bin-p",
"stats_old",
"status",
"storage",
"store",
"storemgr",
"story",
"stronghold-info",
"stronghold-status",
"stuff",
"style",
"styles",
"stylesheet",
"stylesheets",
"subir",
"sun",
"super_stats",
"support",
"supporter",
"sys",
"sysadmin",
"sysbackup",
"system",
"t",
"tar",
"tarantella",
"tarjetas",
"tdbin",
"tech",
"technote",
"te_html",
"temp",
"template",
"templates",
"temporal",
"test",
"test-cgi",
"testing",
"tests",
"testweb",
"ticket",
"tickets",
"tiki",
"tikiwiki",
"tmp",
"tools",
"tpv",
"trabajo",
"trac",
"track",
"tracking",
"transito",
"transpolar",
"tree",
"trees",
"twiki",
"u",
"uapi-cgi",
"uapi-cgi/admin",
"ucs-overview",
"univention-management-console",
"updates",
"upload",
"uploads",
"us",
"usage",
"user",
"userdb",
"users",
"usr",
"ustats",
"usuario",
"usuarios",
"util",
"utils",
"v",
"v4",
"vendor",
"vfs",
"w",
"w3perl",
"w-agora",
"way-board",
"web",
"web800fo",
"webaccess", # e.g. Zarafa
"webadmin",
"webalizer",
"webapp", # e.g. Zarafa
"webapps",
"webboard",
"webcart",
"webcart-lite",
"webdata",
"webdav",
"webdb",
"webimages",
"webimages2",
"weblog",
"weblogs",
"webmail",
"webmaster",
"webmaster_logs",
"webMathematica",
"webpub",
"webpub-ui",
"webreports",
"webreps",
"webshare",
"website",
"webstat",
"webstats",
"webtrace",
"webtrends",
"web_usage",
"wiki",
"windows",
"word",
"work",
"workspace",
"wsdocs",
"wstats",
"wusage",
"www",
"wwwjoin",
"wwwlog",
"www-sql",
"wwwstat",
"wwwstats",
"x",
"xampp",
"xGB",
"xml",
"xtemp",
"y",
"z",
"zabbix",
"zb41",
"zipfiles",
"~1",
"~admin",
"~log",
"~root",
"~stats",
"~webstats",
"~wsdocs",
# Phishing
"cgi-bim",
# Lite-serve
"cgi-isapi",
# HyperWave
"wavemaster.internal",
# Urchin
"urchin",
"urchin3",
"urchin5",
# CVE-2000-0237
"publisher",
# Locale / language related
# nb:
# - the alpha-2 / two-letter country codes have been taken from here:
# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
# - Some entries might be duplicated like e.g. "gb" for "guest book", this is acceptable because
# the list will be made "unique" later
# - "en" is a special case and not listed on the page above
"en",
"en-US",
"intl",
"ad",
"ae",
"af",
"ag",
"ai",
"al",
"am",
"ao",
"aq",
"ar",
"as",
"at",
"au",
"aw",
"ax",
"az",
"ba",
"bb",
"bd",
"be",
"bf",
"bg",
"bh",
"bi",
"bj",
"bl",
"bm",
"bn",
"bo",
"bq",
"br",
"bs",
"bt",
"bv",
"bw",
"by",
"bz",
"ca",
"cc",
"cd",
"cf",
"cg",
"ch",
"ci",
"ck",
"cl",
"cm",
"cn",
"co",
"cr",
"cu",
"cv",
"cw",
"cx",
"cy",
"cz",
"de",
"dj",
"dk",
"dm",
"do",
"dz",
"ec",
"ee",
"eg",
"eh",
"er",
"es",
"et",
"fi",
"fj",
"fk",
"fm",
"fo",
"fr",
"ga",
"gb",
"gd",
"ge",
"gf",
"gg",
"gh",
"gi",
"gl",
"gm",
"gn",
"gp",
"gq",
"gr",
"gs",
"gt",
"gu",
"gw",
"gy",
"hk",
"hm",
"hn",
"hr",
"ht",
"hu",
"id",
"ie",
"il",
"im",
"in",
"io",
"iq",
"ir",
"is",
"it",
"je",
"jm",
"jo",
"jp",
"ke",
"kg",
"kh",
"ki",
"km",
"kn",
"kp",
"kr",
"kw",
"ky",
"kz",
"la",
"lb",
"lc",
"li",
"lk",
"lr",
"ls",
"lt",
"lu",
"lv",
"ly",
"ma",
"mc",
"md",
"me",
"mf",
"mg",
"mh",
"mk",
"ml",
"mm",
"mn",
"mo",
"mp",
"mq",
"mr",
"ms",
"mt",
"mu",
"mv",
"mw",
"mx",
"my",
"mz",
"na",
"nc",
"ne",
"nf",
"ng",
"ni",
"nl",
"no",
"np",
"nr",
"nu",
"nz",
"om",
"pa",
"pe",
"pf",
"pg",
"ph",
"pk",
"pl",
"pm",
"pn",
"pr",
"ps",
"pt",
"pw",
"py",
"qa",
"re",
"ro",
"rs",
"ru",
"rw",
"sa",
"sb",
"sc",
"sd",
"se",
"sg",
"sh",
"si",
"sj",
"sk",
"sl",
"sm",
"sn",
"so",
"sr",
"ss",
"st",
"sv",
"sx",
"sy",
"sz",
"tc",
"td",
"tf",
"tg",
"th",
"tj",
"tk",
"tl",
"tm",
"tn",
"to",
"tr",
"tt",
"tv",
"tw",
"tz",
"ua",
"ug",
"um",
"us",
"uy",
"uz",
"va",
"vc",
"ve",
"vg",
"vi",
"vn",
"vu",
"wf",
"ws",
"ye",
"yt",
"za",
"zm",
"zw",
# Sympa
"wws",
"wwsympa",
"sympa",
# Opentaps and Apache OFBiz
"accounting/control/main",
"ap/control/main",
"ar/control/main",
"assetmaint/control/main",
"bi/control/main",
"birt/control/main",
"catalog/control/main",
"cmssite/control/main",
"content/control/main",
"control/main",
"crmsfa/control/main",
"ebay/control/main",
"ebaystore/control/main",
"ecommerce/control/main",
"ecomseo", # nb: special case
"example/control/main",
"exampleext/control/main",
"facility/control/main",
"financials/control/main",
"googlebase/control/main",
"hhfacility/control/main",
"humanres/control/main",
"ldap/control/main",
"lucence/control/main",
"manufacturing/control/main",
"marketing/control/main",
"msggateway/control/main",
"multiflex/control/main",
"myportal/control/main",
"ofbizsetup/control/main",
"ordermgr/control/main",
"passport/control/main",
"partymgr/control/main",
"pricat/control/main",
"projectmgr/control/main",
"purchasing/control/main",
"scrum/control/main",
"sfa/control/main",
"sofami/control/main",
"solr/control/main",
"warehouse/control/main",
"webpos/control/main",
"webtools/control/main",
"workeffort/control/main",
# Icinga Web 2
"authentication",
"lib",
"lib/icinga",
"lib/icinga/icinga-php-thirdparty",
"static",
"icingaweb2",
"icingaweb2/authentication",
"icingaweb2/lib",
"icingaweb2/lib/icinga",
"icingaweb2/lib/icinga-php-thirdparty",
"icingaweb2/static",
"icinga",
"icinga/authentication",
"icinga/lib",
"icinga/lib/icinga",
"icinga/lib/icinga-php-thirdparty",
"icinga/static",
"icinga2",
"icinga2/authentication",
"icinga2/lib",
"icinga2/lib/icinga",
"icinga2/lib/icinga-php-thirdparty",
"icinga2/static",
"icinga-web",
"icinga-web/authentication",
"icinga-web/lib",
"icinga-web/lib/icinga",
"icinga-web/lib/icinga-php-thirdparty",
"icinga-web/static",
# GVM / GSA related URLs
"assets",
"css",
"help",
"img",
"js",
"login",
"gmp",
"locales",
"omp",
"static",
"static/img",
"static/js",
"static/css",
"system_report",
# Fortinet FortiOS SSL VPN Web Portal
"remote",
# Collabora / LibreOffice Online
"browser",
"browser/dist",
"browser/dist/admin",
"cool",
"cool/adminws",
"dist",
"dist/admin",
"hosting",
"hosting/discovery",
"hosting/capabilities",
"loleaflet",
"loleaflet/dist",
"loleaflet/dist/admin",
"lool",
"lool/adminws",
# e.g. Metasploitable2 VM
"dvwa",
"mutillidae",
# ownCloud
"updater",
"ocs-provider",
"ocm-provider", #nb: OpenCloudMesh Endpoint
# Kibana
"app/kibana", #nb: "/app" is already included above
"spaces",
"spaces/enter",
# Samsung Q60 series smart TV but might exist for other products / applications as well
"ws",
"ws/auth",
"ws/pairing",
"ws/debug",
# nb: Only api/v2 existed for the samsung device but those seems to be quite common endpoints
# like seen in some other VTs in the feed.
"api/v1",
"api/v1.0",
"api/v2",
"api/v2.0",
"api/v3",
"api/v3.0",
"api/v4",
"api/v4.0",
"api/v5",
"api/v5.0",
# Cisco UCS Director
"app/ui", #nb: "app" is already included above
# Same/similar product, different vendors / product lines
#
# - Juniper Pulse Connect SSL-VPN
# - Pulse Secure Pulse Connect Secure
# - Ivanti Connect Secure
# - Ivanti Policy Secure
#
# nb: The device had also "/api/v1" but this is already included above
#
"dana-admin",
"dana-admin/misc",
"dana-na",
"dana-na/auth",
"dana-na/auth/url_admin",
"dana-na/auth/url_default",
"dana-na/download",
"dana-na/meeting",
"dana-na/nc",
"dana",
"dana/fb",
"dana/fb/smb",
"dana/html5acc",
"dana/html5acc/guacamole",
"dana-cached",
"dana-cached/hc",
"dana-cached/sc",
"dana-cached/setup",
# Citrix ADC / Gateway
"eap",
"gwtest",
"logon",
"logon/vpn",
"saml",
"vpn",
"vpn/js",
"vpns",
"vpns/cfg",
"vpns/portal",
"vpns/portal/scripts",
# WordPress Core dirs
"wp-admin",
"wp-content",
"wp-content/gallery",
"wp-content/languages",
"wp-content/plugins",
"wp-content/themes",
"wp-content/upgrade",
"wp-content/uploads",
"wp-includes",
"wp-json", # Pretty links
"index.php/wp-json", # Non-Pretty links
"wordpress/wp-admin",
"wordpress/wp-content",
"wordpress/wp-content/gallery",
"wordpress/wp-content/languages",
"wordpress/wp-content/plugins",
"wordpress/wp-content/themes",
"wordpress/wp-content/upgrade",
"wordpress/wp-content/uploads",
"wordpress/wp-includes",
"wordpress/wp-json",
"wordpress/index.php/wp-json",
"wp/wp-admin",
"wp/wp-content",
"wp/wp-content/gallery",
"wp/wp-content/languages",
"wp/wp-content/plugins",
"wp/wp-content/themes",
"wp/wp-content/upgrade",
"wp/wp-content/uploads",
"wp/wp-includes",
"wp/wp-json",
"wp/index.php/wp-json",
"blog/wp-admin",
"blog/wp-content",
"blog/wp-content/gallery",
"blog/wp-content/languages",
"blog/wp-content/plugins",
"blog/wp-content/themes",
"blog/wp-content/upgrade",
"blog/wp-content/uploads",
"blog/wp-includes",
"blog/wp-json",
"blog/index.php/wp-json",
# WordPress plugins dirs
"wp-content/backup-db",
"wp-content/backups-dup-pro",
"wp-content/backups-dup-lite",
"wp-content/updraft",
"wp-content/w3tc-config",
"wordpress/wp-content/backup-db",
"wordpress/wp-content/backups-dup-pro",
"wordpress/wp-content/backups-dup-lite",
"wordpress/wp-content/updraft",
"wordpress/wp-content/w3tc-config",
"wp/wp-content/backup-db",
"wp/wp-content/backups-dup-pro",
"wp/wp-content/backups-dup-lite",
"wp/wp-content/updraft",
"wp/wp-content/w3tc-config",
"blog/wp-content/backup-db",
"blog/wp-content/backups-dup-pro",
"blog/wp-content/backups-dup-lite",
"blog/wp-content/updraft",
"blog/wp-content/w3tc-config",
# Cloudflare, see e.g. https://seclists.org/nmap-dev/2019/q1/42
"cdn-cgi",
"cdn-cgi/apps",
"cdn-cgi/apps/head",
"cdn-cgi/scripts",
"cdn-cgi/pe",
# Trend Micro Apex One (see info of the structure in e.g. CVE-2023-0587)
"officescan",
"officescan/console",
"officescan/console/html",
"officescan/console/html/cgi",
# Sophos XG Firewall
"userportal",
"userportal/webpages",
"userportal/webpages/myaccount",
"webconsole",
"webconsole/webpages",
# Outlook Web App
"owa",
"owa/auth",
# Laravel / Laravel Telescope
"laravel",
"laravel/public",
"laravel/telescope",
"project",
"public",
"telescope",
"vendor",
"vendor/laravel",
# Apache Solr
"solr",
"apachesolr",
# e.g. SpinetiX Fusion
"fusion",
"content",
"content/files",
"content/files/backups",
# Oracle BI Publisher
"xmlpserver",
# RUCKUS IoT Controller
"refUI",
# Config dir of various apps / frameworks like Symfony
"app/config",
# Citrix Endpoint Management or XenMobile Server
"zdm",
# Cisco Security Manager, possible other products as well
"CSCOnm",
"CSCOnm/servlet",
"CSCOnm/servlet/login",
"cwhp",
"cwhp/CSMSDesktop",
"athena",
"athena/xdmProxy",
"athena/itf",
# Cisco Webex Meetings Server
"orion",
"webappng",
"webappng/sites",
"webappng/sites/meetings",
"webappng/sites/meetings/dashboard",
# Tomcat
"tomcat-docs", #nb: Will be ignored by default
"manager",
"manager/html",
"manager/status",
"host-manager",
"host-manager/html",
"tomcat",
"tomcat/manager",
"tomcat/manager/html",
"admin-console",
"web-console",
"web-console/Invoker",
"jmx-console",
"jmx-console/HtmlAdaptor",
"invoker",
"invoker/JMXInvokerServlet",
"cognos_express",
"cognos_express/manager",
"cognos_express/manager/html",
# D-Link DSR devices
"scgi-bin",
# Micro Focus (Novell) Filr
"filr",
"ssf",
"ssf/a",
"rest",
# AWStats
"awstats",
"awstats/cgi-bin",
"awstats-cgi",
# WD My Cloud
"nas",
"nas/v1",
"xml",
"web",
"web/images",
"web/function",
"web/restSDK",
"web/restAPI",
"web/ota",
"api",
"api/2.1",
"api/2.1/rest",
# Various application servers like Apache Tomcat or Mortbay Jetty. Normally these should prevent the
# direct access to the directory but we're checking it anyway if there are any misconfigurations in place.
"WEB-INF",
"WEB-INF/classes",
"WEB-INF/lib",
"META-INF",
# WildFly H2 Console
"h2console",
"h2console/console",
# Liferay Portal
"api",
"api/jsonws",
# VMware Identity Manager / vRealize Automation / VMware Workspace ONE Access
"cfg",
"hc",
"hc/error",
"hc/static",
"SAAS",
"SAAS/apps",
"SAAS/auth",
"SAAS/auth/login",
"SAAS/auth/login/embeddedauthbroker",
"SAAS/horizon",
"SAAS/horizon/js",
"SAAS/horizon/js-lib",
"SAAS/jersey",
"SAAS/jersey/manager",
"SAAS/jersey/manager/api",
"SAAS/t", # nb: Seen in CVE-2022-31656
"SAAS/WEB-INF",
"SAAS/META-INF",
"vcac",
# Novell Web Manager
"WebAdmin",
# Unknown product related to Apache Cocoon
"v2",
"v2/api",
"v2/api/product",
"v2/api/product/manger",
"v2/api/product/manager", # nb: The above endpoint might be a typo so both are used.
# Seen on multiple Apache Cocoon relevant systems
"repository",
"repository/xmlui",
"samples",
"xmlui",
# VMware vSphere Client of vCenter Server
"ui",
"ui/resources",
"ui/resources/libs",
"ui/resources/js",
"ui/resources/css",
"ui/resources/ng-next-app",
"ui/resources/ng-next-app/styles",
"ui/resources/ui",
"ui/resources/ui/views",
"ui/resources/ui/views/mainlayout",
"ui/modules-join-files",
"ui/modules-join-files/js",
"ui/modules-join-files/css",
"ui/modules-proxy-lib",
"ui/modules-proxy-lib/resources",
"ui/modules-proxy-lib/resources/js",
"ui/psc-ui",
"ui/psc-ui/resources",
"ui/psc-ui/resources/js",
"ui/dashboard-lite-ui",
"ui/dashboard-lite-ui/resources",
"ui/dashboard-lite-ui/resources/js",
"ui/certificate-ui",
"ui/certificate-ui/resources",
"ui/certificate-ui/resources/js",
"ui/advperfcharts-ui",
"ui/advperfcharts-ui/resources",
"ui/advperfcharts-ui/resources/js",
"ui/h5-vsan",
"ui/h5-vsan/rest",
"ui/h5-vsan/rest/proxy",
"ui/h5-vsan/rest/proxy/service",
"ui/h5-vsan/rest/proxy/service/CLASS",
"sdk",
"cache",
"vsphere-client",
"history",
"assets",
"websso",
"websso/SAML2",
"websso/SAML2/SSO",
"websso/resources",
"websso/resources/js",
"websso/resources/js/assets",
"websso/resources/img",
"websso/resources/css",
"ui/vropspluginui",
"ui/vropspluginui/rest",
"ui/vropspluginui/rest/services",
"ui/vropspluginui/rest/services/getstatus", # nb: This and the previous is an API endpoint which was unprotected before the patch from VMSA-2021-0002
"statsreport",
"analytics",
"analytics/telemetry",
"analytics/telemetry/ph",
"analytics/telemetry/ph/api",
"ui/vcav-bootstrap",
"ui/vcav-bootstrap/rest",
"ui/vcav-bootstrap/rest/vcav-providers",
"eam",
# VMware vRealize Operations Manager
"admin",
"ui",
# API path taken from https://github.com/bakingclouds/vRealize-Operations-Tenant-App/blob/main/swagger.json
"suite-api",
"suite-api/api",
"suite-api/api/auth",
"suite-api/api/auth/token",
"suite-api/api/deployment",
"suite-api/api/deployment/config",
"suite-api/api/deployment/config/globalsettings",
"suite-api/api/reports",
"suite-api/api/resources",
"suite-api/api/resources/stats",
"suite-api/api/versions",
"suite-api/internal",
"suite-api/doc",
"casa",
"casa/nodes",
# VMware vRealize Operations Tenant App API
"tenant-app-api",
"tenant-app-api/access",
"tenant-app-api/access/pricesetting",
"tenant-app-api/bills",
"tenant-app-api/pricingpolicy",
"tenant-app-api/users",
# RedHat Stronghold
"stronghold-info",
"stronghold-status",
# Enterasys Dragon Enterprise Reporting
"dragon",
# HP Systems Insight Manager
"simsearch",
"simsearch/messagebroker",
"mxportal",
"mxportal/taskandjob",
# HP/HPE System Management Homepage (SMH)
"proxy",
"proxy/smhui",
# Inspur ClusterEngine
"module",
"module/login",
# AfterLogic Aurora/WebMail
"afterlogic",
"aurora",
"webmail",
"webmailpro",
# NetApp Cloud Manager
"occmui",
"occm",
"occm/api",
"occm/api/occm",
"occm/api/occm/system",
# Adobe ColdFusion
"CFIDE",
"CFIDE/administrator",
"CFIDE/administrator/settings",
"CFIDE/administrator/help",
"CFIDE/adminapi",
"CFIDE/services",
"cf_scripts",
"cf_scripts/scripts",
"cf_scripts/scripts/ajax",
"cf_scripts/scripts/ajax/package",
"cf-scripts",
"cf-scripts/scripts",
"cf-scripts/scripts/ajax",
"cf-scripts/scripts/ajax/package",
"CFIDE/scripts",
"CFIDE/scripts/ajax",
"CFIDE/scripts/ajax/package",
"cfide",
"cfide/scripts",
"cfide/scripts/ajax",
"cfide/scripts/ajax/package",
"CF_SFSD",
"CF_SFSD/scripts",
"CF_SFSD/scripts/ajax",
"CF_SFSD/scripts/ajax/package",
"cfide-scripts",
"cfide-scripts/ajax",
"cfide-scripts/ajax/package",
"cfmx",
"cfmx/CFIDE",
"cfmx/CFIDE/scripts",
"cfmx/CFIDE/scripts/ajax",
"cfmx/CFIDE/scripts/ajax/package",
"restplay",
"CFIDE/restplay",
"CFIDE/main",
"CFIDE/componentutils",
"CFIDE/wizards",
"CFIDE/servermanager",
"CFIDE/AIR",
"CFIDE/appdeployment",
"CFIDE/cftags",
"CFIDE/debug",
"CFIDE/lockdown",
"CFIDE/orm",
"CFIDE/scheduler",
"CFIDE/services",
"CFIDE/websocket",
# Proxmox Virtual Environment (VE, PVE)
"pve2",
"pve2/images",
"pve2/ext6",
"pve2/ext6/locale",
"pve2/ext6/theme-crisp",
"pve2/ext6/theme-crisp/resources",
"pve2/ext6/crisp",
"pve2/ext6/crisp/resources",
"pve2/fa",
"pve2/fa/css",
"pve2/css",
"pve2/js",
"pve-docs",
"pwt/css",
# SAP NetWeaver Portal
"com.sap.portal.design.urdesigndata",
"com.sap.portal.design.urdesigndata/themes",
"com.sap.portal.design.urdesigndata/themes/portal",
"com.sap.portal.design.urdesigndata/themes/portal/sap_tradeshow_plus",
"com.sap.portal.design.urdesigndata/themes/portal/sap_tradeshow_plus/common",
"com.sap.portal.theming.webdav.themeswebdavlistener",
"com.sap.portal.theming.webdav.themeswebdavlistener/Portal",
"com.sap.portal.theming.webdav.themeswebdavlistener/Portal/prtl_std",
"com.sap.portal.theming.webdav.themeswebdavlistener/Portal/prtl_std/sap_tradeshow_plus",
"irj",
"irj/portal",
"irj/portalapps",
"irj/portalapps/com.sap.portal.design.portaldesigndata",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_standard",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_standard/glbl",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_standard/prtl_std",
"irj/portalapps/com.sap.portal.design.urdesigndata",
"irj/portalapps/com.sap.portal.design.urdesigndata/themes",
"irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal",
"irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/sap_standard",
"irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/sap_standard/ur",
"irj/portalapps/com.sap.portal.epcf.loader",
"irj/portalapps/com.sap.portal.epcf.loader/script",
"irj/portalapps/com.sap.portal.epcf.loader/script/optimize",
"irj/portalapps/com.sap.portal.runtime.logon",
"irj/portalapps/com.sap.portal.runtime.logon/css",
"irj/portalapps/com.sap.portal.runtime.logon/js",
"irj/portalapps/com.sap.portal.runtime.logon/layout",
"irj/servlet",
"irj/servlet/prt",
"irj/servlet/prt/portal",
"irj/servlet/prt/portal/prtroot",
"portal/irj",
"portal/irj/portal",
"portal/irj/servlet",
"portal/irj/servlet/prt",
"portal/irj/servlet/prt/portal",
"portal/irj/servlet/prt/portal/prtroot",
# SAP Solution Manager
"EemAdminService", # Seen in CVE-2020-6207
# Those have been also seen on such SAP Solution Manager installs:
"sap",
"sap/bc",
"sap/bc/bsp",
"sap/bc/bsp/sap",
"sap/bc/bsp/sap/crm_ui_start",
"sap/bc/webdynpro",
"sap/bc/webdynpro/sap",
# SAP NetWeaver Development Infrastructure
"tc.CBS.Appl", # Seen in CVE-2021-33690
# Apache Struts
# nb: The "config-browser" ones are from the Config Browser Plugin (https://struts.apache.org/plugins/config-browser/)
"struts",
"struts/config-browser",
"struts2-showcase",
"struts2-showcase/config-browser",
"struts2-showcase/integration",
"struts2-showcase/skill",
"struts2-showcase/validation",
"struts2-blank",
"struts2-blank/config-browser",
"struts2-blank/example",
"struts2-basic",
"struts2-basic/config-browser",
"struts2-mailreader",
"struts2-mailreader/config-browser",
"struts2-portlet",
"struts2-portlet/config-browser",
"struts2-rest-showcase",
"struts2-rest-showcase/config-browser",
"struts2-rest-showcase/orders",
"struts-cookbook",
"struts-cookbook/config-browser",
"struts-examples",
"struts-examples/config-browser",
"config-browser",
"starter",
"starter/config-browser",
# Ivanti Avalanche
"AvalancheWeb",
# VMware Workspace ONE UEM
"AirWatch",
# Used by an unknown scanner checking for Laravel ".env" files
"app",
"apps",
"assets",
"config",
"core",
"core/app",
"core/Database",
"cron",
"cronlab",
"database",
"lab",
"lib",
"vendor",
# Oracle E-Business Suite
"OA_HTML",
"OA_HTML/cabo",
"OA_HTML/cabo/jsLibs",
"OA_HTML/cabo/jsps",
"OA_HTML/media",
"OA_MEDIA",
# Sun/Oracle Web Server
"admingui",
"admingui/version",
# Various SAP products
"sap",
"sap/public",
# SICF service on SAP AS ABAP
"sap/public/bc",
"sap/public/bc/abap",
# SAP Internet Communication Framework (ICF)
"sap/public/bc/icf",
"sap/public/bc/icf/systemloginjs",
# SAP Internet Communication Manager (ICM)
"sap/admin",
"sap/admin/icp",
"sap/admin/public",
"sap/admin/public/resources",
"sap/admin/publicicp",
# SAP Web Dispatcher
"sap/wdisp",
"sap/wdisp/admin",
"sap/wdisp/admin/icp",
"sap/wdisp/admin/public",
"sap/wdisp/admin/public/resources",
"sap/wdisp/admin/publicicp",
# Additional unknown SAP URLs
"SAP",
"SAP/BC",
"SAP/BC/UI5_UI5",
"SAP/BC/UI5_UI5/SYM",
"SAP/BC/UI5_UI5/SYM/SU_SUPPLIER",
# nb: sap/bc is already included in some other places
"sap/bc/gui",
"sap/bc/gui/sap",
"sap/bc/gui/sap/its",
"sap/bc/nwbc",
"sap/bc/nwbc/srm",
# Those have been seen on NetWeaver systems
"sap/public/bc/icons",
"sap/public/bc/ur",
"sap/public/bc/ur/Login",
"sap/public/bc/ur/Login/assets",
"sap/public/bc/ur/Login/assets/corbu",
"sap/public/bc/ur/nw5",
"sap/public/bc/ur/nw5/themes",
"sap/public/bc/ur/nw7",
"sap/public/bc/ur/nw7/js",
"sap/public/bc/ur/nw7/js/classes",
"sap/public/bc/ur/nw7/js/texts",
# SAP XML Data Archiving Service on SAP AS Java
"DataArchivingService",
"DataArchivingService/webcontent",
"DataArchivingService/webcontent/cas",
"DataArchivingService/webcontent/aas",
# Pega Infinity
"prweb",
"prweb/app",
"prweb/app/default",
"prweb/PRAuth",
"prweb/PRAuth/app",
"prweb/PRAuth/app/default",
"prweb/PRAuth/SSO",
# FLIR AX8
"FLIR",
"FLIR/usr",
"FLIR/usr/www",
"FLIR/usr/www/application",
"FLIR/usr/www/application/controller",
"camera",
"home",
"login",
"public",
"settings",
"storage",
# Cisco HyperFlex Connect
"hx",
"hx/api",
"upload",
# Self Service Password [LDAP Tool Box (LTB)]
"ssp",
"ssp/rest",
"ssp/rest/v1",
"ssp/rest/v2",
"rest",
"rest/v1",
"rest/v2",
# SolarWinds Orion Platform (e.g. NPM)
"Orion",
# HP / H3C iMC
"imc",
"imc/javax.faces.resource",
# Zend Framework config file location
"application",
"application/configs",
"configs",
# Apache Airflow
"admin",
"admin/airflow",
"admin/airflow/login",
"admin/configurationview",
"admin/login",
"aws_mwaa",
"aws_mwaa/login",
"airflow",
# ConcatServlet of Eclipse Jetty
"concat?",
# Unknown servlet of Eclipse Jetty
"static?",
# Mentioned as a directory in https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
"context",
# Maipu Network devices
"php",
"php/common",
"webui",
# Akkadian Provisioning Manager
"pme",
"pme/database",
"pme/database/pme",
"pme/media",
"pme/backups",
# Lucee
"lucee",
"lucee/admin",
"lucee/doc",
"lucee/res",
"lucee/res/js",
"lucee/templates",
"lucee/templates/error",
# FanRuan FineReport
"FineReport",
"FineReport/decision",
"WebReport",
"WebReport/decision",
"webroot",
"webroot/decision",
# VICIdial
"agc",
"agc3",
"vicidial",
"vicidial/agent_reports",
# Acronis Cyber Protect
"idp",
"idp/authorize",
"am",
"am/api",
"am/api/1",
"am/api/2",
"api",
"api/1",
"api/2",
"backup-console",
# FCKeditor / CKEditor
"fckeditor",
"editor",
"admin/fckeditor",
"sites/all/modules/fckeditor",
"resources/fckeditor",
"clientscript/fckeditor",
"wp-content/plugins/fckeditor-for-wordpress/fckeditor",
"FCKeditor",
"inc/fckeditor",
"includes/fckeditor",
"include/fckeditor",
"modules/fckeditor",
"plugins/fckeditor",
"HTMLEditor",
"admin/htmleditor",
"sites/all/modules/fckeditor/fckeditor",
"ckeditor",
"admin/ckeditor",
"sites/all/modules/ckeditor",
"resources/ckeditor",
"clientscript/ckeditor",
"wp-content/plugins/ckeditor-for-wordpress/ckeditor",
"vendor/plugins/fckeditor/public/javascripts",
"extensions/FCKeditor",
"extensions/FCKeditor/fckeditor",
# Huawei Home Gateway
"api",
"api/system",
"lib",
"html",
"lang",
# Cisco ASA / ASDM
"+CSCOT+",
"+CSCOE+",
"+CSCOE+/files",
"+CSCOE+/saml",
"+CSCOE+/saml/sp",
"+CSCOE+/sdesktop",
"+CSCOU+",
"+webvpn+",
"admin",
"admin/public",
"CACHE",
"CACHE/sdesktop",
"CACHE/sdesktop/install",
"CACHE/sdesktop/install/binaries",
"CSCOSSLC",
# W-Agora
"w-agora",
"cms",
# Online Grades
"grades",
"onlinegrades",
# Adobe Experience Manager (AEM)
"bin",
"bin/wcm",
"libs",
"libs/granite",
"libs/granite/core",
"libs/granite/core/content",
"system",
"system/console",
"system/sling",
"system/sling/cqform",
"crx",
"crx/de",
"crx/packmgr",
"etc",
"etc/clientlibs",
"etc/clientlibs/granite",
"etc/designs",
"content",
"content/dam",
"etc.clientlibs",
"etc.clientlibs/clientlibs",
"etc.clientlibs/clientlibs/granite",
"mnt", # All "mnt" ones have been seen in CVE-2019-16469
"mnt/overlay",
"mnt/overlay/dam",
"mnt/overlay/dam/gui",
"mnt/overlay/dam/gui/content",
"mnt/overlay/dam/gui/content/assets",
# Prometheus
"alerts",
"graph",
"status",
"flags",
"config",
"rules",
"targets",
"tsdb-status",
"service-discovery",
"api",
"api/v1",
"api/v1/status",
# Some known JavaServer Faces (JSF2) apps / endpoints
"costModule",
"costModule/faces",
"faces",
"secureader",
"myaccount",
"SupportPortlet",
"SupportPortlet/faces",
"javax.faces.resource",
# Veeam Backup Enterprise Manager
"scripts",
"scripts/build",
"scripts/build/production",
"scripts/build/production/MainApp",
# OpenAM, MITREid Connect and other OAuth related products
"openam",
"OpenAM",
"opensso",
"sso",
"openam/.well-known",
"OpenAM/.well-known",
"opensso/.well-known",
"sso/.well-known",
"openam/.well-known/webfinger",
"OpenAM/.well-known/webfinger",
"opensso/.well-known/webfinger",
"sso/.well-known/webfinger",
"connect",
"connect/register",
"oauth",
"oauth/token",
"oauth/confirm_acces",
"openid-connect-server-webapp",
"openid-connect-server-webapp/register",
"openid-connect-server-webapp/api",
"openid-connect-server-webapp/api/clients",
"authorize",
# Circontrol CirCarLife / OCPP
"html",
"html/MainFrame",
"html/app",
"html/app/controllers",
"html/app/directives",
"html/app/partials",
"html/app/services",
"html/app/views",
"html/device-id",
"html/libs",
"html/log",
"html/repository",
"html/resources",
"html5",
"services",
"services/cmd",
"services/config",
"services/logs",
"services/logs/system_logs",
"services/system",
"services/user",
# WD My Book Live
"UI",
# LISTSERV Maestro
"lui",
"hub",
# Appnitro MachForm
"machform",
# IBM Maximo
"maximo",
"maximo/webclient",
"maximo/weblcient/login",
"meaweb",
"meaweb/os",
# IceWarp Mail Server
"webdav",
"webdav/ticket",
"webmail",
"webmail/basic",
"webmail/calendar",
"webmail/calendar/minimizer",
"webmail/client",
"webmail/client/skins",
"webmail/client/skins/default",
"webmail/client/skins/default/css",
"webmail/inc",
"webmail/pda",
"webmail/pda/controller",
# Kaseya VSA
"vsapres",
"vsapres/web20",
"vsapres/web20/core",
"vsapres/js",
"vsapres/js/thirdparty",
"vsapres/js/thirdparty/material",
"vsapres/assets",
"vsapres/assets/css",
"vsapres/js",
"vsapres/js/kaseya",
"vsapres/js/kaseya/web",
"vsapres/js/kaseya/web/Helpers",
"vsapres/images",
"vsapres/images/common",
"themes",
"themes/default",
"themes/default/images",
# Dell Wyse Management Suite
"ccm-web",
"ccm-web/admin",
"ccm-web/image",
# Seagate BlackArmor NAS
"backupmgt",
"admin",
# osCommerce
"osc",
"oscommerce",
"store",
"catalog",
"shop",
# MagicFlow
"msa",
# KevinLAB products (4st Solar, EMS, BEMS, HEMS) but also possible others
"http",
"dashboard",
"pages",
"modules",
"login",
"res",
# <- Start entries from 2021/gb_generic_http_web_dirs_dir_trav.nasl
# MERCUSYS Mercury X18G
"loginLess",
# Gate One
"downloads",
# st module for Node.js
"public",
# Node.js and Spring MVC
"static",
# Spring MVC
"spring-mvc-showcase",
"spring-mvc-showcase/resources",
# ZEIT Next.js
"_next",
# LG SuperSign CMS
"signEzUI",
"signEzUI/playlist",
"signEzUI/playlist/edit",
"signEzUI/playlist/edit/upload",
"node_modules", # node-srv node module
# Node RED Dashboard
"ui_base",
"ui_base/js",
# Elasticsearch
"_plugin",
"_plugin/head",
# Oracle GlassFish Server
"resource",
"resource/file",
"theme",
"theme/META-INF",
# Rubedo
"theme/default",
"theme/default/img",
# Pallets Werkzeug
"base_import",
"base_import/static",
"web",
"web/static",
"base",
"base/static",
# Deltek Maconomy
"cgi-bin/Maconomy",
"cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS",
# D-Link Routers
"uir",
# Galera WebTemplate
"GallerySite",
"GallerySite/filesrc",
# Ruby on Rails
"assets",
# RaidenMAILD Mail Server
"webeditor",
# -> End entries from 2021/gb_generic_http_web_dirs_dir_trav.nasl
# Sage X3
"auth",
"auth/sage-id",
"auth/login",
"auth/login/page",
"auth/forgetMe",
"syracuse-auth",
"syracuse-auth/html",
# IBM Web Content Manager
"wps",
"wps/wcm",
"wps/wcm/webinterface",
"wps/wcm/webinterface/login",
# Orbis CMS
"orbis",
"orbis/admin",
"Orbis",
"Orbis/admin",
# DynPage CMS
"dynpage",
# BaconMap
"baconmap",
"baconmap/admin",
"map",
"map/admin",
# Node RED Dashboard
"ui_base",
"ui_base/js",
# qdPM
"core",
"core/config",
# SAP Manufacturing Integration and Intelligence (xMII) component
"XMII",
# Chamilo LMS
"chamilo",
# SOGo Groupware Webmail
"SOGo",
"SOGo/so",
"SOGo.woa",
"SOGo.woa/WebServerResources",
# EFI Fiery
"WT2Home",
"wt3",
"wt4",
"wt4/configure",
# XEROX printers
"Config",
"home",
"home/msg",
"isgw",
"properties",
"setting",
"ssm",
"ssm/Management",
"ssm/Management/Anonymous",
"stat",
"stat/php",
"sws",
"sws/util",
"toolkits",
"toolkits/mobileWebToolkit",
"toolkits/mobileWebToolkit/js",
"vdesk",
"wt4",
"web_lang",
"webglue/isw",
"XUX-gfocal",
"XUX-gfocal/xux-js",
"XUX-gfocal/xux-l10n",
# Fujifilm printers
"common/api",
"ews",
"ews/setting",
"globalnav",
"globalnav/js",
"globalnav/msg",
"globalnav/template",
"home/api",
"home/js",
"home/template",
"permissions/api",
"system/api",
"wuilib",
"wuilib/js",
"wuilib/msg",
# e.g. Microsoft Open Management Infrastructure (OMI)
"wsman",
# Microsoft Sharepoint
"_api",
"_api/web",
# Microsoft FronPage / IIS / Exchange related
"_mem_bin",
"_vti_bin",
"_vti_bot",
"_vti_cnf",
"_vti_log",
"_vti_pvt",
"_vti_shm",
"_vti_txt",
"exchange",
"msadc",
"msadc/Samples",
"msadc/Samples/SELECTOR",
"iisadmin",
"iisadmpwd",
"iisprotect",
"iissamples",
"iissamples/sdk",
"iissamples/sdk/asp",
"iissamples/sdk/asp/docs",
"pbserver",
"rpc",
"scripts/iisadmin",
"Sites",
"Sites/Knowledge",
"Sites/Knowledge/Membership",
"Sites/Knowledge/Membership/Inspired",
"Sites/Knowledge/Membership/Inspiredtutorial",
"Sites/Samples",
"Sites/Samples/Knowledge",
"Sites/Samples/Knowledge/Membership",
"Sites/Samples/Knowledge/Membership/Inspired",
"Sites/Samples/Knowledge/Membership/Inspiredtutorial",
"Sites/Samples/Knowledge/Push",
"Sites/Samples/Knowledge/Search",
"SiteServer",
"SiteServer/Publishing",
# ManageEngine OpManager and / or Desktop Central.
# nb: a few might already exist in the list but where added here for easier maintenance
"api",
"api/json",
"api/json/nfausers",
"apiclient",
"apiclient/ember",
"cachestart",
"jsp",
"jsp/admin",
"jspf",
"servlet",
"servlets",
"unauthenticatedservlets",
# Ciso Prime Infrastructure (PIS)
"xmp_data_handler_service",
# Red Hat JBoss Operations Network (JON)
"jboss-remoting-servlet-invoker",
"jboss-remoting-servlet-invoker/ServerInvokerServlet",
# Kentico CMS
"CMSPages",
"App_Themes",
# PHP MicroCMS
"microcms",
# VMware vRealize Orchestrator
"vco",
"vco/client",
"vco/files",
"vco/files/home",
"vco/resources",
"vco/vco-client-install",
"vco-controlcenter",
"vco-controlcenter/client",
# FatPipe MPVPN, IPVPN, WARP
"fpui",
"fpui/jsp",
"fpui/pages",
"fpui/pages/jsp",
# Tuleap
"account",
"api",
"api/explorer",
"soap",
"soap/index.php", # nb: This is expected, the URL looks like /soap/index.php/
# Apache Druid
"druid",
"druid/indexer",
"druid/indexer/v1",
"druid/coordinator",
"druid/coordinator/v1",
"druid/coordinator/v1/lookups",
"public",
# ZenCart
"zen-cart",
# CM Scout
"cmscout",
"cmscout/tiny_mce",
"cmscout/tiny_mce/plugins",
"cmscout/tiny_mce/plugins/ibrowser",
# Gallo
"gallo",
"gallo/core",
"gallo/core/includes",
# GDL
"gdl",
"gdl42",
# eoCMS
"eocms",
# Symfony Security Configuration
"app",
"app/config",
"config",
"config/packages",
# Site2Nite Boat
"boat-webdesign",
"products/boat-webdesign/www",
# Pentaho Business Analytics
"api",
"api/ldap",
"api/ldap/config",
"api/ldap/config/ldapTreeNodeChildren",
"api/repos",
"api/repos/dashboards",
"api/userrolelist",
"pentaho",
"pentaho/api",
"pentaho/api/ldap",
"pentaho/api/ldap/config",
"pentaho/api/ldap/config/ldapTreeNodeChildren",
"pentaho/api/repos",
"pentaho/api/repos/dashboards",
"pentaho/api/userrolelist",
"pentaho-solutions",
"pentaho-solutions/api",
"pentaho-solutions/api/ldap",
"pentaho-solutions/api/ldap/config",
"pentaho-solutions/api/ldap/config/ldapTreeNodeChildren",
"pentaho-solutions/api/repos",
"pentaho-solutions/api/repos/dashboards",
"pentaho-solutions/api/userrolelist",
# Sitecore CMS/XP
"login",
"identity",
"identity/login",
"identity/login/shell",
"shell",
"shell/ClientBin",
"shell/ClientBin/Reporting",
"sitecore",
"sitecore/login",
"sitecore/identity",
"sitecore/identity/login",
"sitecore/identity/login/shell",
"sitecore/shell",
"sitecore/shell/ClientBin",
"sitecore/shell/ClientBin/Reporting",
# PithCMS
"PithCMS",
# Metabase
"auth",
"metabase",
"metabase/auth",
# Wiki Web Help
"wwh",
"wikihelp",
# Amcrest Technologies IP Camera
"custom_lang",
# Q-See IP Camera
"web_caps",
# AlstraSoft AskMe
"ask",
# SIMM Management System
"sms",
"SMS",
# phpBazar
"phpBazar",
"phpBazar/admin",
"PHPBazar",
"PHPBazar/admin",
# Papoo CMS
"papoo",
"pp",
# Pecio CMS
"pecio",
"pecio_cms",
"pecio-cms",
# Grafana and various default plugins (see 2021/grafana/gb_grafana_dir_trav_vuln_dec21_active.nasl)
# nb: The default plugin list is only checked on the "/" root dir on purpose to keep the list little bit smaller.
"grafana",
"grafana/public",
"grafana/public/plugins",
"public",
"public/plugins",
"public/plugins/alertGroups",
"public/plugins/alertlist",
"public/plugins/alertmanager",
"public/plugins/annolist",
"public/plugins/barchart",
"public/plugins/bargauge",
"public/plugins/candlestick",
"public/plugins/canvas",
"public/plugins/cloudwatch",
"public/plugins/dashboard",
"public/plugins/dashlist",
"public/plugins/debug",
"public/plugins/elasticsearch",
"public/plugins/gauge",
"public/plugins/geomap",
"public/plugins/gettingstarted",
"public/plugins/grafana",
"public/plugins/grafana-azure-monitor-datasource",
"public/plugins/grafana-clock-panel",
"public/plugins/grafana-simple-json-datasource",
"public/plugins/graph",
"public/plugins/graphite",
"public/plugins/heatmap",
"public/plugins/histogram",
"public/plugins/influxdb",
"public/plugins/jaeger",
"public/plugins/live",
"public/plugins/logs",
"public/plugins/loki",
"public/plugins/mixed",
"public/plugins/mssql",
"public/plugins/mysql",
"public/plugins/news",
"public/plugins/nodeGraph",
"public/plugins/opentsdb",
"public/plugins/piechart",
"public/plugins/pluginlist",
"public/plugins/postgres",
"public/plugins/prometheus",
"public/plugins/stackdriver",
"public/plugins/stat",
"public/plugins/state-timeline",
"public/plugins/status-history",
"public/plugins/table",
"public/plugins/table-old",
"public/plugins/tempo",
"public/plugins/testdata",
"public/plugins/text",
"public/plugins/timeseries",
"public/plugins/welcome",
"public/plugins/xychart",
"public/plugins/zipkin",
# Apache JSPWiki
"JSPWiki",
"JSPWiki/scripts",
"JSPWiki/templates",
# MobileIron Core / Sentry / Endpoint Manager Mobile (EPMM)
"mics",
"mifs",
"mifs/c",
"mifs/c/windows",
"mifs/c/windows/api",
"mifs/c/windows/api/v2",
"mifs/c/windows/api/v2/device",
"mifs/scripts",
"mifs/user",
# PhreeBooks
"phreeBooks",
"phreeBooks/soap",
"phreebooks",
"phreebooks/soap",
"pb",
"pb/soap",
# dl_stats
"dl_stats",
# Snort Report
"snort",
"snortreport",
"snortreport-1.3.1",
# Auerswald COMmander / COMpact
"statics",
"statics/html",
"statics/script",
# Ubiquiti UniFi Network
"manage",
"manage/account",
"manage/angular",
"setup",
"setup/static",
"setup/static/js",
# LittlePhpGallery
"gallery",
"images",
# SQLiteManager
"sqlitemanager",
"SQLiteManager",
"sqlite",
# Apache James Web Admin (https://james.apache.org/server/manage-webadmin.html)
# nb: While those are some kind of API / entpoints and not directories we're still keeping it
# for consistency reasons and because some of these might exist as dirs on other systems.
"address",
"address/aliases",
"address/forwards",
"address/groups",
"cassandra",
"cassandra/mailbox",
"cassandra/version",
"deletedMessages",
"deletedMessages/users",
"dlp",
"dlp/rules",
"domainMappings",
"domains",
"events",
"events/deadLetter",
"events/deadLetter/groups",
"healthcheck",
"healthcheck/checks",
"jmap",
"mailboxes",
"mailQueues",
"mailRepositories",
"mappings",
"mappings/address",
"mappings/user",
"messasges",
"quota",
"quota/domains",
"quota/users",
"sieve",
"sieve/quota",
"sieve/quota/users",
"tasks",
"users",
"users/givenUser",
# Lexmark printers
"cgi-bin",
"cgi-bin/dynamic",
"cgi-bin/dynamic/printer",
"cgi-bin/dynamic/printer/config",
"cgi-bin/dynamic/printer/config/reports",
"cgi-bin/dynamic/printer/config/secure",
"Settings",
"Settings/Device",
"webglue",
# VMware Horizon
"appblast",
"appblast/webclient",
"broker",
"portal",
"portal/webclient",
# AjaXplorer
"ajaxplorer",
"ajaxplorer/plugins",
"filemanager",
"filemanager/plugins",
"xplorer",
"xplorer/plugins",
# Abtp Portal Project
"abtpportal",
"abtpportal/includes",
"abtpportal/includes/esqueletos",
"portal",
"portal/includes",
"portal/includes/esqueletos",
# SolarWinds Web Help Desk
"helpdesk",
"helpdesk/assetReport",
"helpdesk/WebObjects",
"helpdesk/WebObjects/Helpdesk.woa",
"helpdesk/WebObjects/Helpdesk.woa/ajax",
"helpdesk/WebObjects/Helpdesk.woa/wa",
"helpdesk/WebObjects/Helpdesk.woa/wo",
# ClearSite
"clearsite",
"clearsite/include",
# Xoops Celepar
"xoopsclepar",
# Evaria ECMS
"ecms",
"ecms/admin",
"cms",
"cms/admin",
# 68kb
"68k",
"68k/themes",
"68k/themes/admin",
"68k/themes/admin/default",
"68k/themes/admin/default/modules",
"themes",
"themes/admin",
"themes/admin/default",
"themes/admin/default/modules",
# JpGraph
"jpgraph",
"jpgraph/docportal",
"jpgraph/docs",
# Moxa MXview
"assets",
"certs",
"resources",
"resources/tmp",
# XWiki
"xwiki",
"xwiki/bin",
"xwiki/bin/login",
"xwiki/bin/login/XWiki",
"xwiki/bin/loginsubmit/XWiki",
"xwiki/bin/view",
"xwiki/bin/view/Main",
"xwiki/bin/view/XWiki",
"xwiki/resources",
# MyBackup
"backup",
"mybackup",
# Jamf Pro
"api",
"api/v1",
"assets",
"uapi",
"uapi/v1",
"ui",
# SureMDM
"suremdm",
"suremdm/console",
"suremdm/console/browserservice.aspx",
"suremdm/console/ConsolePage",
"console",
"console/browserservice.aspx",
"console/ConsolePage",
# Siestta
"siesta",
"Siestta",
# TCExam
"tcexam",
"tcexam/public",
"tcecam/public/code",
"TCExam",
"TCExam/public",
"TCExam/public/code",
# justVisual
"jv",
"jv/www",
"www",
# openstock / opentel
"openstock",
"openstock/scr",
"openmairie_stock",
"openmairie_stock/scr",
"openmairie_Tel",
"openmairie_Tel/scr",
"opentel",
"opentel/scr",
# phpThumb
"demo",
"demo/demo",
"phpThumb",
"phpThumb/demo",
# Event Horizon
"eventhorizon",
"eventh",
# FlatPress
"flatpress",
"blog",
# Cobbler
"cobbler_web",
"cobbler_webui_content",
# BMC Track-It!
"trackit",
"trackit/Account",
"TrackIt",
"TrackIt/Account",
"TrackIT",
"TrackIT/Account",
"TrackItWeb",
"TrackItWeb/Account",
"tiweb",
"tiweb/Account",
# Zabbix
"zabbix",
"monitoring",
# nuBuilder
"nubuilder",
"nubuilder/productionnu2",
"productionnu2",
# Whizzy CMS
"whizzy",
# AWCM
"awcm",
"awcm/includes",
"cms",
"cms/includes",
"includes",
# JAF CMS
"jaf",
"jaf/module",
"jaf/module/forum",
"cms",
"cms/module",
"cms/module/forum",
"module",
"module/forum",
# PHP Traverser
"phptraverser",
"phptraverser/assets",
"phptraverser/assets/plugins",
"phptraverser/assets/plugins/mp3_id",
"assets",
"assets/plugins",
"assets/plugins/mp3_id",
# JAG (Just Another Guestbook)
"jag",
"JAG",
# Direct News
"dn",
"dn/library",
# ccTiddly
"cctiddly",
"cctiddly/includes",
"includes",
# DNET Live-Status
"dnet",
# VoIPmonitor
"php",
"php/model",
"voipmonitor",
"voipmonitor/php",
"voipmonitor/php/model",
# Dolphin
"dolph",
"dolph/administration",
"dolph/xml",
"dolph/xmlrpc",
"dolph/modules",
"dolph/modules/boonex",
"dolph/modules/boonex/custom_rss",
"dolphin",
"dolphin/administration",
"dolphin/xml",
"dolphin/xmlrpc",
"dolphin/modules",
"dolphin/modules/boonex",
"dolphin/modules/boonex/custom_rss",
"administration",
"xml",
"xmprpc",
"modules",
"modules/boonex",
"modules/boonex/custom_rss",
# Jasig / Apereo Central Authentication Service (CAS)
# REST API Endpoint URLs got taken from https://fawnoos.com/2019/06/12/cas61x-rest-api/
"actuator",
"login",
"logout",
"p3",
"p3/proxyValidate",
"p3/serviceValidate",
"proxy",
"proxyValidate",
"serviceValidate",
"static",
"v1",
"v1/services",
"v1/tickets",
"validate",
"webjars",
"cas",
"cas/actuator",
"cas/login",
"cas/logout",
"cas/p3",
"cas/p3/proxyValidate",
"cas/p3/serviceValidate",
"cas/proxy",
"cas/proxyValidate",
"cas/serviceValidate",
"cas/static",
"cas/v1",
"cas/v1/services",
"cas/v1/tickets",
"cas/validate",
"cas/webjars",
"cas-server-webapp",
"cas-server-webapp/actuator",
"cas-server-webapp/login",
"cas-server-webapp/logout",
"cas-server-webapp/p3",
"cas-server-webapp/p3/proxyValidate",
"cas-server-webapp/p3/serviceValidate",
"cas-server-webapp/proxy",
"cas-server-webapp/proxyValidate",
"cas-server-webapp/serviceValidate",
"cas-server-webapp/static",
"cas-server-webapp/v1",
"cas-server-webapp/v1/services",
"cas-server-webapp/v1/tickets",
"cas-server-webapp/validate",
"cas-server-webapp/webjars",
# Yealink Device Management Platform
"premise",
"premise/front",
"sm",
"sm/api",
"sm/api/v1",
"sm/api/v1/firewall",
"sm/api/v1/firewall/zone",
# Cisco Unified Communications Manager
"ccmadmin",
"cucm-uds",
# Cisco Unified Communications Self Care Portal
"ucmuser",
"ucmuser/open",
# Cisco Prime License Manager
"elm-admin",
"elm-admin/faces",
# VMware Spring Cloud Gateway
"actuator",
"actuator/gateway",
"actuator/gateway/routes",
# Mollify
"mollify",
"mollify/backend",
"mollify/backend/plugin",
"mollify/backend/plugin/Registration",
"backend",
"backend/plugin",
"backend/plugin/Registration",
# Nakid CMS
"nakid",
"nakid/modules",
"nakid/modules/catalog",
"nakid/assets",
"nakid/assets/addons",
"nakid/assets/addons/kcfinder",
"Nakid",
"Nakid/modules",
"Nakid/modules/catalog",
"Nakid/assets",
"Nakid/assets/addons",
"Nakid/assets/addons/kcfinder",
"modules",
"modules/catalog",
"assets",
"assets/addons",
"assets/addons/kcfinder",
# Fretsweb
"fretsweb",
# Casdoor
"api",
"static",
"swagger",
# MantisBT
"bugs",
"bugtracker",
"mantis",
"mantisbt",
# Atlassian Jira Service Management
"jira",
"jira/servicedesk",
"jira/servicedesk/customer",
"jira/servicedesk/customer/user",
"servicedesk",
"servicedesk/customer",
"servicedesk/customer/user",
"servicedesk/servicedesk",
"servicedesk/servicedesk/customer",
"servicedesk/servicedesk/customer/user",
"sd",
"sd/servicedesk",
"sd/servicedesk/customer",
"sd/servicedesk/customer/user",
# Atlassian Fisheye Crucible
"crucible",
"crucible/rest-service-fecru",
"fisheye",
"fisheye/rest-service-fecru",
"rest-service-fecru",
# HP/HPE/Micro Focus Universal CMDB
"status",
"jmx-console",
"ucmdb-api",
"ucmdb-browser",
"ucmdb-client",
"ucmdb-ui",
"ucmdb-ui/cms",
"ucmdb-ui/static",
"ucmdb-ui/static/act",
"ucmdb-ui/static/CMS",
# Code42 Server
"login",
"c42api",
"c42api/v1",
"c42api/v2",
"c42api/v3",
# RuubikCMS
"cms",
"cms/extra",
"ruubikcms",
"ruubikcms/extra",
"extra",
# CompactCMS
"compactcms",
"ccms",
"cms",
# WHMCS
"cart",
"shop",
"whmcs",
"bill",
"support",
"management",
# Kyocera printers
"basic",
"dvcinfo",
"dvcinfo/dvcconfig",
"eng",
"eng/basic",
"eng/security",
"eng/start",
"eng/status",
"js",
"js/jssrc",
"js/jssrc/model",
"js/jssrc/model/dvcinfo",
"js/jssrc/model/dvcinfo/dvcconfig",
"js/jssrc/model/startwlm",
"start",
"startwlm",
"wlmeng",
"wlmdeu",
"ws",
"ws/km-wsdl",
"ws/km-wsdl/setting",
# Hastymail2
"Hastymail2",
"hastymail2",
"hastymail",
"hm2",
# Mitel Audio and Web Conferencing (AWC)
"awcuser",
"awcuser/cgi-bin",
# Qianbo Enterprise Web Site Management System
"en",
# SAP Knowledge Warehouse, some from https://help.sap.com/docs/SAP_NETWEAVER_AS_ABAP_FOR_SOH_740/816f1f952d244bbf9dd5063e2a0e66b0/4dd97e99125c3606e10000000a15822b.html?version=7.40.15
"logon_ui_resources",
"SAPIKS",
"SAPIKS/KW",
"SAPIKS2",
"SAPIKS2/jsp",
"SAPIrExtHelp",
"SAPIrExtHelp/random", # nb: As seen in CVE-2021-42063
# Atlassian Crowd
"crowd",
"crowd/admin",
"crowd/services",
# nb:
# - No "crowd" in front of these are expected
# - The "plugins/servlet" seems to be also valid for at least Jira
"plugins",
"plugins/servlet",
"plugins/servlet/oauth",
"plugins/servlet/oauth/users",
# Siemens SICAM A8000 and possible other devices
"3P",
"lib",
"sicweb-ajax",
"sicweb-md",
# BeyondTrust Remote Support
"api",
"content",
"files",
# BeyondTrust Secure Remote Access
"appliance",
"appliance/content",
# webEdition CMS
"webedition",
"webEdition",
# Gitea
"gitea",
# AlquistManager
"asd",
# Clustering
"img",
# F5 BIG-IP
# nb: There might be more, this only adds the known ones from a few existing VTs.
"mgmt",
"mgmt/shared",
"mgmt/shared/authn",
"mgmt/shared/authz",
"mgmt/tm",
"mgmt/tm/auth",
"mgmt/tm/auth/user",
"mgmt/tm/util",
"tmui",
"tmui/locallb",
"tmui/locallb/workspace",
# WSO2 Carbon Products
"admin",
"accountrecoveryendpoint",
"authenticationendpoint",
"carbon",
"carbon/product",
"devportal",
"fileupload",
"publisher",
# osTicket
"osticket",
"osticket/upload",
"osTicket",
"osTicket/upload",
"upload",
# Web File Browser
"webFileBrowser",
"webfilebrowser",
# Zyxel USG and ATP
"ztp",
"ztp/cgi-bin",
# QNAP NAS and additionl software for it
"cgi-bin/html",
"cgi-bin/loginTheme",
"cgi-bin/surveillance",
"gallery",
"musicstation",
"photo",
"photo/gallery",
"video",
"video/api",
# SonicWall SMA/SRA
"__api__",
"__extraweb__",
"__extraweb__/assets",
"Console",
"Console/UI",
"spog",
"workplace",
"workplace/access",
# SonicWall Firewalls
"atp",
"resources",
"Security_Services",
"sonicui",
"sonicui/7",
"sonicui/7/login",
"stats",
# osCSS
"catalog",
"osCSS",
# MyNews
"mynews",
"mynews/includes",
"mynews/includes/tiny_mce",
"mynews/includes/tiny_mce/plugins",
"mynews/includes/tiny_mce/plugins/filemanager",
"mynews/includes/tiny_mce/plugins/filemanager/classes",
"mynews/includes/tiny_mce/plugins/filemanager/classes/FileManager",
"mynews/includes/tiny_mce/plugins/filemanager/classes/FileManager/FileSystems",
"news",
"news/includes",
"news/includes/tiny_mce",
"news/includes/tiny_mce/plugins",
"news/includes/tiny_mce/plugins/filemanager",
"news/includes/tiny_mce/plugins/filemanager/classes",
"news/includes/tiny_mce/plugins/filemanager/classes/FileManager",
"news/includes/tiny_mce/plugins/filemanager/classes/FileManager/FileSystems",
"includes",
"includes/tiny_mce",
"includes/tiny_mce/plugins",
"includes/tiny_mce/plugins/filemanager",
"includes/tiny_mce/plugins/filemanager/classes",
"includes/tiny_mce/plugins/filemanager/classes/FileManager",
"includes/tiny_mce/plugins/filemanager/classes/FileManager/FileSystems",
# LoveCMS
"cms",
"cms/system",
"cms/system/admin",
"lovecms",
"lovecms/system",
"lovecms/system/admin",
"system",
"system/admin",
# ezCourses
"eafb",
"eafb/admin",
"ezCourses",
"ezCourses/admin",
"ezcourses",
"ezcourses/admin",
"courses",
"courses/admin",
# phpWebSite
"phpwebsite",
# Oracle Access Manager (OAM)
"oam",
"oam/pages",
"oam/pages/js",
"oam/server",
"oam/server/opensso",
# CultBooking
"cb",
"cultbooking",
"CultBooking",
# ActivDesk
"adesk",
"hdesk",
"support",
# Xenon
"xenon",
# Xiaomi Routers
"api-third-party",
"api-third-party/download",
"api-third-party/download/extdisks",
"api-third-party/download/private",
"api-third-party/download/public",
"backup",
"backup/log",
# Support Incident Tracker
"tracker",
"support",
"sit",
# awiki
"awiki",
"wiki",
# i-Gallery
"igallery",
"gallery",
# BLOG:CMS
"blog",
"blog/photo",
"blog/photo/templates",
"blog/photo/templates/admin_default",
"cms",
"cms/photo",
"cms/photo/templates",
"cms/photo/templates/admin_default",
"photo",
"photo/templates",
"photo/templates/admin_default",
# Citrix ADM
"admin_ui",
"admin_ui/mas",
"admin_ui/mas/ent",
"nitro",
"nitro/v1",
"nitro/v1/config",
# HP 3Com Switch
"web",
"web/device",
# OpenEMR
"interface",
"interface/login",
"contrib",
"contrib/util",
"contrib/util/ubuntu_package_scripts",
"contrib/util/ubuntu_package_scripts/production",
"openemr/interface",
"openemr/interface/login",
"openemr/contrib",
"openemr/contrib/util",
"openemr/contrib/util/ubuntu_package_scripts",
"openemr/contrib/util/ubuntu_package_scripts/production",
# Xerox DocuShare
"dsweb",
"dsweb/ResultBackgroundJobMultiple",
"dsweb/webex",
"docushare/dsweb",
"docushare/dsweb/ResultBackgroundJobMultiple",
"docushare/dsweb/webex",
"share/dsweb",
"share/dsweb/ResultBackgroundJobMultiple",
"share/dsweb/webex",
# elFinder
"elfinder",
"elfinder/files",
"elfinder/php",
"elFinder",
"elFinder/files",
"elFinder/php",
# VMware Site Recovery Manager
"configure",
"configure/app",
"configure/app/landing",
"dr",
"dr/authentication",
"dr/authentication/oauth2",
# Intramaps
"applicationengine",
"ApplicationEngine",
"IntraMaps/applicationengine",
"IntraMaps/ApplicationEngine",
"intramaps75/applicationengine",
"intramaps75/ApplicationEngine",
"IntraMaps70/applicationengine",
"IntraMaps70/ApplicationEngine",
# Free Hosting Manager
"fhm",
"fhm/admin",
"freehostingmanager",
"freehostingmanager/admin",
# PhotoPost
"photopost",
"photos",
"gallery",
"photo",
# Cisco Nexus Dashboard
"api",
"api/config",
"api/config/class",
"external_dependencies",
"static",
"uiplugins",
"uiplugins/header",
"uiservices",
# CAREL pCOWeb based devices
"http",
"http/hc",
"http/index",
"http/rdz",
"usr-cgi",
# FileWave Management Suite
"filewave",
"filewave/api",
"filewave/api/config",
"filewave/api/config/v1",
"filewave/api/auth",
"ios",
"api",
"api/vppv2",
# Ignition
"ignition",
# Escortservice
"escortservice",
# DLGuard
"dlguard",
"dlguard/cart",
"dlg",
"dlg/cart",
"store",
"store/dlg",
"store/dlg/cart",
"cbdm",
"cbdm/cart",
# GoAnywhere MFT
"goanywhere",
"goanywhere/admin",
"goanywhere/auth",
"goanywhere/images",
"goanywhere/images/logos",
"goanywhere/javax.faces.resource",
"goanywhere/lic",
"goanywhere/license",
"goanywhere/scripts",
"goanywhere/styles",
"goanywhere/styles/themes",
"webclient",
#Veritas OpsCenter
"opscenter",
"opscenter/features",
"opscenter/features/common",
"opscenter/features/common/include",
"opscenter/features/common/login",
"opscenter/webcommon",
"opscenter/webcommon/common",
"opscenter/webcommon/common/include",
"opscenter/webcommon/framework",
"opscenter/webcommon/widgets",
# Various from 2014/gb_bash_shellshock_rce_vuln_http_active.nasl
"aktivate",
"aktivate/cgi-bin",
"apps",
"apps/web",
"axis-cgi",
"axis-cgi/buffer",
"b2-include",
"bandwidth",
"ccbill",
"cgi-bin/a1stats",
"cgi-bin/admin",
"cgi-bin/auction",
"cgi-bin/blog",
"cgi-bin/boozt",
"cgi-bin/boozt/admin",
"cgi-bin/bulk",
"cgi-bin/calendar",
"cgi-bin/cbmc",
"cgi-bin/classifieds",
"cgi-bin/.cobalt",
"cgi-bin/.cobalt/alert",
"cgi-bin/.cobalt/message",
"cgi-bin/.cobalt/siteUserMod",
"cgi-bin/common",
"cgi-bin/CSMailto",
"cgi-bin/csPassword",
"cgi-bin/dbman",
"cgi-bin/emu",
"cgi-bin/emu/html",
"cgi-bin/emumail",
"cgi-bin/ezshopper",
"cgi-bin/ezshopper2",
"cgi-bin/ezshopper3",
"cgi-bin/fom",
"cgi-bin/gbook",
"cgi-bin/handler",
"cgi-bin/handler/netsonar",
"cgi-bin/if",
"cgi-bin/if/admin",
"cgi-bin/ikonboard",
"cgi-bin/ImageFolio",
"cgi-bin/ImageFolio/admin",
"cgi-bin/mail",
"cgi-bin/mojo",
"cgi-bin/mt",
"cgi-bin/mt-static",
"cgi-bin/photo",
"cgi-bin/photo/protected",
"cgi-bin/pollit",
"cgi-bin/powerup",
"cgi-bin/publisher",
"cgi-bin/replicator",
"cgi-bin/sbcgi",
"cgi-bin-sdb",
"cgi-bin/search",
"cgi-bin/smartsearch",
"cgi-bin/store",
"cgi-bin/technote",
"cgi-bin/test",
"cgi-bin/way-board",
"cgi-bin/webcart",
"cgi-bin/webmail",
"cgi-bin/webmail/html",
"cgi-bin/Web_Store",
"cgi-bin/whois",
"cgi-bin/YaBB",
"cgis",
"cgis/wwwboard",
"cgi-sys",
"cp",
"cp/rac",
"dasdec",
"dcforum",
"edittag",
"ez2000",
"fcgi-bin",
"hitmatic",
"hp_docs",
"hp_docs/cgi-bin",
"html",
"html/cgi-bin",
"megabook",
"ministats",
"mods",
"mods/apage",
"_mt",
"oem_webstage",
"oem_webstage/cgi-bin",
"photo",
"photodata",
"phppath",
"pub",
"quikmail",
"reviews",
"ROADS",
"ROADS/cgi-bin",
"servers",
"shop",
"technote",
"ucsm",
"users",
"users/scripts",
"vood",
"vood/cgi-bin",
"Web_Store",
"webtools",
"webtools/bonsai",
"wwwboard",
# Veritas NetBackup Appliance
"appliance",
"appliance/common",
"appliance/common/css",
"appliance/modules",
"appliance/modules/common",
"appliance/modules/common/css",
"appliance/modules/common/images",
"appliance/modules/common/includes",
"appliance/modules/common/includes/ext-js",
"appliance/modules/common/includes/ext-js/resources",
"appliance/modules/common/includes/ext-js/resources/css",
"appliance/modules/common/includes/widgets",
"appliance/modules/common/js",
"appliance/modules/login",
"appliance/modules/login/css",
"appliance/modules/login/js",
"appliance/modules/logout",
"appliance/modules/logout/js",
# OpenNMS
"opennms",
"opennms/assets",
"opennms/images",
# 1024 CMS
"cms",
"cms/complete-modules",
"cms/complete-modules/modules",
"cms/complete-modules/modules/forcedownload",
"complete-modules",
"complete-modules/modules",
"complete-modules/modules/forcedownload",
# allocPSA
"login",
# Course MS
"coursems",
# Progress WS_FTP Server
"AHT",
"AHT/AHT_UI",
"AHT/AHT_UI/public",
"AHT/AHT_UI/public/js",
"thinclient",
"ThinClient",
"ThinClient/WTM",
"ThinClient/WTM/public",
"ThinClient/WTM/public/js",
# PHPAuctions
"phpauctions",
"phpauction",
"auction",
# Lasernet CMS
"cms",
"lasernet",
# ea-gBook
"ea-gBook",
"gbuch",
"gb",
"guestbook",
"Gaestebuch",
# Zimbra
"zimbraAdmin",
"zimbraAdmin/js",
"zimbraAdmin/js/zimbraMail",
"zimbraAdmin/js/zimbraMail/share",
"zimbraAdmin/js/zimbraMail/share/model",
"js",
"js/zimbraMail",
"js/zimbraMail/share",
"js/zimbraMail/share/model",
"res",
# Hikvision IP Cameras
"doc",
"doc/page",
"doc/script",
"doc/script/config",
"doc/script/config/system",
"doc/script/lib",
"doc/script/lib/seajs",
"doc/script/lib/seajs/seajs", # nb: Duplicated folder name is expected
"doc/script/lib/seajs/config",
"doc/ui",
"ISAPI",
"ISAPI/Security",
"ISAPI/Security/sessionLogin",
"SDK",
# VMware HCX
"hybridity",
"hybridity/ui",
"hybridity/ui/hcx-client",
"hybridity/api",
# IBSng
"IBSng",
"IBSng/util",
# SysAid Help Desk
"sysaid",
"servicePortal",
"servicePortal/static",
"api",
"api/v1",
# Digital College
"dc",
"dc/includes",
"dc/includes/tiny_mce",
"dc/includes/tiny_mce/plugins",
"dc/includes/tiny_mce/plugins/imagemanager",
"college",
"college/includes",
"college/includes/tiny_mce",
"college/includes/tiny_mce/plugins",
"college/includes/tiny_mce/plugins/imagemanager",
"includes",
"includes/tiny_mce",
"includes/tiny_mce/plugins",
"includes/tiny_mce/plugins/imagemanager",
# LotusCMS
"lcms",
"cms",
# Tosiba printers
"Device",
"TopAccess",
"TopAccess/Administrator",
"TopAccess/Administrator/Setup",
"TopAccess/Administrator/Setup/ScanToFile",
"TopAccess/Device",
"cgi-bin",
"cgi-bin/dynamic",
"cgi-bin/dynamic/printer",
"cgi-bin/dynamic/printer/config",
"cgi-bin/dynamic/printer/config/reports",
# Tableau server
"auth",
"javascripts",
"javascripts/api",
"vizportal",
"vizportal/api",
"vizportal/api/web",
"vizportal/api/web/v1",
# Apache APISIX and Apache APISIX Dashboard
"apisix",
"apisix/admin",
"apisix/admin/routes",
"apisix/admin/tool",
# F-Secure Policy Manager (Server and Proxy)
"fsms",
# dotProject
"dotproject",
"dotProject",
"Dotproject",
# Accruent Analytics
"bi",
"bi/v1",
"bi/lib",
"bi/js",
# Alertus Console
"AlertusWeb",
# PHP Coupon Script
"phpcoupon",
"coupon",
# phpGraphy
"phpgraphy",
"phpgraphy/themes",
"phpgraphy/themes/default",
"themes",
"themes/default",
# Avaya Contact Center Select
"CCMALogin",
"CCMALogin/Home",
"common",
"common/asps",
# RStudio Connect
"connect",
# Axis Commerce
"axis",
"axis/admin",
"axis/search",
"shop",
"shop/admin",
"shop/search",
# RhinOS CMS
"rhinos",
"rhinos/admin",
"rhinos/admin/lib",
"rhinos/admin/lib/gradient",
"rhinos-es-3.0",
"rhinos-es-3.0/admin",
"rhinos-es-3.0/admin/lib",
"rhinos-es-3.0/admin/lib/gradient",
"admin",
"admin/lib",
"admin/lib/gradient",
# Dell EMC RecoveryPoint
"WDM",
"deployer",
"deployer/rest",
# Cynet 360
"SitePages",
"WebApp",
"WebApp/SettingsExclusion",
"WebApp/DeceptionUser",
# ExtremeCloud IQ
"acct-webapp",
"acct-webapp/oauth",
"acct-webapp/security",
# IBM Cognos Analytics
"bi",
"ibmanalytics",
"ibmanalytics/bi",
"cognos",
"cognos/bi",
"ibmcognos",
"ibmcognos/bi",
"analytics",
"analytics/bi",
"cognosanalytics",
"cognosanalytics/bi",
"datacenter",
"datacenter/bi",
# Fortinet Fortiportal
"fpc",
# Community Server
"utility",
# web@all
"webatall",
"weball",
# CMS Lokomedia
"lokomedia",
# Podcast Generator
"podcast",
# DmxReady Secure Document Library
"SecureDocumentLibrary",
"SecureDocumentLibrary/admin",
"SecureDocumentLibrary/admin/SecureDocumentLibrary",
"SecureDocumentLibrary/admin/SecureDocumentLibrary/DocumentLibraryManager",
"admin/SecureDocumentLibrary",
"admin/SecureDocumentLibrary/DocumentLibraryManager",
# SyndeoCMS
"starnet",
# Betsy
"betsy",
# JetBrains Hub
"hub",
"hub/auth",
"hub/api",
"hub/api/rest",
"hub/api/rest/oauth2",
"hub/api/rest/oauth2/interactive",
# SAP BusinessObjects Business Intelligence Platform
"BOE",
"BOE/CMC",
"BOE/portal",
# HESK
"hesk",
"help",
"helpdesk",
"ticket",
# todoyu
"todoyu",
# phpBugTracker
"phpbt",
"bugtracker",
"bugs",
# Progress DataDirect Hybrid Data Pipeline
"hdpui",
# netjukebox
"netjukebox",
# Ajax File and Image Manager / PHP File Manager
"fm",
"fm/ajaxfilemanager",
"file",
"file/ajaxfilemanager",
"filemanager",
"filemanager/ajaxfilemanager",
"ajaxfilemanager",
# Silex
"silex",
# Ruckus (Virtual) SmartZone
"cas",
"wsg", # nb: Also seen on Ruckus SmartCell Gateway
# VMware Workspace ONE Assist
"wbc",
"AdminWebPortal",
# Ax Developer CMS
"axdcms",
"axdcms/modules",
"axdcms/modules/profile",
"cms",
"cms/modules",
"cms/modules/prifile",
"modules",
"modules/profile",
# Room Juice
"roomjuice",
# TimeLive
"timelive",
"TimeLive",
"timetracking",
"TimeTracking",
# BigBlueButton (BBB)
"b", # nb: On the Docker image
"bigbluebutton",
"bigbluebutton/api",
"demo",
# POSH,
"posh",
"posh/portal",
# Wowza Streaming Engine
"enginemanager",
# Batavi
"batavi",
"batavi/admin",
"shop",
"shop/admin",
# PHPShop
"shop",
"phpshop",
# Portix-CMS
"portix",
# WebCalendar
"WebCalendar",
"webcalendar",
"calendar",
# Synology DSM/SRM
"synoSDSjslib",
"synohdpack",
"webapi",
"webdefault",
"webdefault/css",
"webdefault/js",
"webfm",
"webman",
"webman/3rdparty",
"webman/modules",
"webman/resources",
# phpWebThings
"phpwebthings",
"phpwebthings/core",
"webthings",
"webhtings/core",
"phpwt",
"phpwt/core",
"things",
"things/core",
# gCards
"gcards",
# Open-Xchange (OX) App Suite
"appsuite",
"appsuite/api",
"appsuite/apps",
"appsuite/apps/io.ox",
# LISTSERV
"listserv",
# Barracuda CloudGen Firewall
"portal",
"portal/plugins",
"sslvpn_api",
"sslvpn_api/authentication",
"totp_api",
"totp_api/authentication",
# Cisco Wireless LAN Controller (WLC)
"EmWeb",
"data",
"data/rfdashboard",
"dojo",
"helpfiles",
"helpfiles/oweb",
"nls",
"screens",
"screens/aaa",
"screens/apf",
"screens/base",
"screens/dashContent",
"screens/port",
"screens/qos",
"screens/snmp",
"screens/spam",
"screens/stats",
"screens/trapmgr",
"screens/webui",
"udm-resources",
# Cisco SD-WAN vManage
"dataservice",
# Fork CMS
"frontend",
# BackupPC
"backuppc",
# Zenphoto
"zenphoto",
"zenphoto/zp-core",
"zp-core",
# Trombinoscope
"trombi",
# XODA
"xoda",
# Micro Focus ZENworks
"zenworks",
"zenworks/jsp",
"zenworks/jsp/fw",
"zenworks/jsp/fw/internal",
# GeoServer
"geoserver",
"geoserver/web",
"geoserver/web/wicket",
"geoserver/web/wicket/bookmarkable",
# Narcissus
"narcissus",
"narcissus-master",
# appRain CMF
"appRain",
"appRain/profile",
"apprain",
"apprain/profile",
# Sophos Cyberoam UTM/NGFW
"corporate",
"corporate/webpages",
# Sophos Cyberoam Central Console (CCC)
"CCC",
# Pandora FMS
"fms",
"pandora_console",
"pandora_console/mobile",
"pandora_console/enterprise",
"pandora_console/enterprise/meta",
"pandora_console/enterprise/meta/general",
# PHP Booking Calendar
"booking_calendar",
"cal",
# Harmonic NSG 9000 Devices
"PY",
# SilerStripe CMS
"dev",
"dev/build",
"Security",
"cms",
"cms/dev",
"cms/dev/build",
"cms/Security",
"silverstripe",
"silverstripe/dev",
"silverstripe/dev/build",
"silverstripe/Security",
"Silverstripe",
"Silverstripe/dev",
"Silverstripe/dev/build",
"Silverstripe/Security",
"silverstripe-cms",
"silverstripe-cms/dev",
"silverstripe-cms/dev/build",
"silverstripe-cms/Security",
"Silverstripe-cms",
"Silverstripe-cms/dev",
"Silverstripe-cms/dev/build",
"Silverstripe-cms/Security",
# Cisco Collaboration Server
"webline",
"webline/html",
"webline/html/admin",
"webline/html/admin/wcs",
# ManageEngine Key Manager Plus
"apiclient",
# Annuaire PHP
"annuaire",
"annuaire/admin",
"Annuaire",
"Annuaire/admin",
# WAGO I/O System 758 series
"cgi-bin/ssi.cgi",
# WAGO Ethernet Web-based Management / PLC
"wbm",
"wbm/css",
"wbm/images",
"wbm/js",
"wbm/php",
"wbm/php/parameter",
"wbm/php/plugins",
"wbm/plugins",
"wbm/plugins/wbm-aide",
"wbm/plugins/wbm-bacnet",
"wbm/plugins/wbm-certificate-uploads",
"wbm/plugins/wbm-clock",
"wbm/plugins/wbm-cloud-connectivity",
"wbm/plugins/wbm-create-image",
"wbm/plugins/wbm-diagnostic",
"wbm/plugins/wbm-firewall",
"wbm/plugins/wbm-information",
"wbm/plugins/wbm-ipk-uploads",
"wbm/plugins/wbm-legal-information",
"wbm/plugins/wbm-legal-information/platform",
"wbm/plugins/wbm-legal-information/platform/pfcXXX",
"wbm/plugins/wbm-massstorage",
"wbm/plugins/wbm-modbus",
"wbm/plugins/wbm-networking",
"wbm/plugins/wbm-opcua",
"wbm/plugins/wbm-openvpn-ipsec",
"wbm/plugins/wbm-package-server",
"wbm/plugins/wbm-ports",
"wbm/plugins/wbm-runtime-configuration",
"wbm/plugins/wbm-runtime-information",
"wbm/plugins/wbm-runtime-services",
"wbm/plugins/wbm-security",
"wbm/plugins/wbm-serial-interface",
"wbm/plugins/wbm-service-interface",
"wbm/plugins/wbm-snmp",
"wbm/plugins/wbm-statusdate",
"wbm/plugins/wbm-statusled",
"wbm/plugins/wbm-statusled/platform",
"wbm/plugins/wbm-statusled/platform/pfcXXX",
"wbm/plugins/wbm-statusled/platform/pfcXXX/parameter",
"wbm/plugins/wbm-statusled/platform/pfcXXX/parameter/transforms",
"wbm/plugins/wbm-statusplcswitch",
"wbm/plugins/wbm-user",
"webserv",
"webserv/cplcfg",
# Sourcefabric Newscoop
"newscoop",
"newscoop/admin",
# Cartweaver
"cartweaver",
"cartweaver/admin",
"cartweaver/admin/helpfiles",
"cartScripts",
"cartScripts/admin",
"cartScripts/admin/helpfiles",
"cw",
"cw/admin",
"cw/admin/helpfiles",
"admin/helpfiles",
# SnipSnap Wiki
"space",
"snipsnap",
"snipsnap/space",
# Alpha Networks Router (e.g. ASL-26555)
"APIS",
# Micro Focus / NetIQ / Novell iManager
"nps",
"nps/servlet",
"nps/UninstallerData",
# Micro Focus / Novell GroupWise
"gwadmin-console",
"gw",
"gw/webaccess",
"servlet",
# SAP XI / PI but maybe also other products as well
"rep",
"rep/start",
"webdynpro",
"webdynpro/dispatcher",
"webdynpro/dispatcher/sap.com",
"webdynpro/dispatcher/sap.com/com.sap.xi.adminweb",
"webdynpro/dispatcher/sap.com/pb",
"webdynpro/dispatcher/sap.com/tc~lm~itsam~ui~mainframe~wd",
"webdynpro/dispatcher/sap.com/tc~mdm~srmcat~uiutil", # Utilities Page of the SRM-MDM Catalog
"webdynpro/dispatcher/sap.com/tc~sec~ume~wd~enduser",
"webdynpro/dispatcher/sap.com/tc~wd~eptests",
"webdynpro/dispatcher/sap.com/tc~wd~tools",
# Mattermost Server
"api",
"api/v4",
"api/v4/teams",
"api/v4/users",
"api/v4/users/me",
"api/v4/users/me/teams",
"plugins",
"plugins/focalboard",
"plugins/focalboard/api",
"plugins/focalboard/api/v2",
"plugins/playbooks",
"plugins/playbooks/api",
"plugins/playbooks/api/v0",
"plugins/playbooks/api/v0/playbooks",
"plugins/playbooks/api/v0/runs",
# HPE OfficeConnect Switches
"htdocs/lang",
"htdocs/lang/en_us",
"htdocs/login",
"htdocs/lua",
"htdocs/lua/ajax",
"htdocs/lua/deviceviewer",
"htdocs/lua/menu",
"htdocs/pages",
"htdocs/pages/base",
"htdocs/pages/main",
"htdocs/pages/switching",
"htdocs/static",
# TerraMaster NAS devices
"tos",
"v2",
"module",
# Axis devices
"aca",
"axis-cgi",
"axis-cgi/buffer",
"axis-cgi/prod_brand_info",
"axis-media",
"axis-release",
"camera",
"intercom",
"intercom/img",
"operator",
"view",
# Fortinet FortiADC
"ui",
"api/platform",
# Fortinet FortiNAC
"gui",
"api",
# Bluadmin
"bluadmin",
# SonicWall ViewPoint, GMS
"sgms",
"sgms/reports",
"sgms/reports/scheduledreports",
"sgms/reports/scheduledreports/configure",
"ws",
"ws/msw",
"ws/msw/tenant",
# OSClass
"osclass",
"osclass/oc-admin",
"oc-admin",
# Ektron CMS
"cms",
"cms/WorkArea",
"cms/WorkArea/ContentDesigner",
"cms400min",
"cms400min/WorkArea",
"cms400min/WorkArea/ContentDesigner",
"cms400.net",
"cms400.net/WorkArea",
"cms400.net/WorkArea/ContentDesigner",
"cms400",
"cms400/WorkArea",
"cms400/WorkArea/ContentDesigner",
"WorkArea",
"WorkArea/ContentDesigner",
# Amcrest / Dahua IP cameras
"current_config",
# Apache NiFi
"nifi",
"nifi-api",
"nifi-api/flow",
"nifi-api/access",
# Alcatel-Lucent OmniSwitch
"web",
"web/content",
"lang",
# Riello NetMan 204
"assets",
"javascripts",
"json",
"partials",
"stylesheets",
"vendor",
# TeamPass
"sources",
"sources/upload",
"teampass/sources",
"teampass/sources/upload",
"TeamPass/sources",
"TeamPass/sources/upload",
# Trend Micro Smart Protection Server
"tmcss",
# Various apps using ZK Framework
"zkau",
"zkau/web",
"zkc",
"zkc/zkau",
"zkc/zkau/web",
# Apache OpenMeetings
"openmeetings",
"openmeetings/services",
"openmeetings/services/info",
"openmeetings/docs",
"apache/openmeetings",
"apache/openmeetings/services",
"apache/openmeetings/services/info",
"apache/openmeetings/docs",
"services",
"services/info",
# Enterprise Resource Planning
"erp",
"erp/Portal",
"erp/Portal/WUC",
"Portal",
"Portal/WUC",
# Zend Framework
"production",
"production/application",
"production/application/configs",
"application",
"application/configs",
# Liferay Portal / DXP
"api",
"api/jsonws",
"web",
"web/guest",
"Liferay",
"Liferay/api",
"Liferay/api/jsonws",
"Liferay/web",
"Liferay/web/guest",
# From CVE-2021-33990 of Liferay Portal
"html",
"html/js",
"html/js/editor",
"html/js/editor/ckeditor",
"html/js/editor/ckeditor/editor",
"html/js/editor/ckeditor/editor/filemanager",
"html/js/editor/ckeditor/editor/filemanager/browser",
"html/js/editor/ckeditor/editor/filemanager/browser/liferay",
"Liferay/html",
"Liferay/html/js",
"Liferay/html/js/editor",
"Liferay/html/js/editor/ckeditor",
"Liferay/html/js/editor/ckeditor/editor",
"Liferay/html/js/editor/ckeditor/editor/filemanager",
"Liferay/html/js/editor/ckeditor/editor/filemanager/browser",
"Liferay/html/js/editor/ckeditor/editor/filemanager/browser/liferay",
# Sybase EAServer
"WebConsole",
"console",
# SolarWinds Database Performance Analyzer (DPA)
"iwc",
"iwc/javascript",
"iwc/javascript/common",
"iwc/javascript/jquery",
"iwc/pages",
"iwc/pages/css",
# e.g. Checkmk (core and appliance)
"check_mk",
"monitor",
"monitor/check_mk",
"cmk",
"cmk/check_mk",
"webconf",
# Apache Superset
"login",
"superset",
"superset/welcome",
"superset/profile",
"static",
"static/assets",
# Kerio WinRoute Firewall
"nonauth",
# netOffice Dwins
"netoffice",
"netoffice/general",
"netoffice/expenses",
"Dwins",
"Dwins/general",
"Dwins/expenses",
"general",
"expenses",
# Unknown Huawei devices
"umweb",
# op5 / OP5 Monitor
"monitor",
"monitor/application",
"monitor/application/views",
"monitor/modules",
"monitor/op5",
"monitor/op5/pnp",
"ninja",
"ninja/application",
"op5config",
"portal",
# MailEnable
"mewebmail",
"mewebmail/Mondo",
"mewebmail/Mondo/lang",
"mewebmail/Mondo/lang/sys",
"mail",
"mail/Mondo",
"mail/Mondo/lang",
"mail/Mondo/lang/sys",
"webmail",
"webmail/Mondo",
"webmail/Mondo/lang",
"webmail/Mondo/lang/sys",
"Mondo",
"Mondo/lang",
"Mondo/lang/sys",
# Oracle OPERA
"OperaHelp",
"OperaLogin",
"Operajserv",
"Operajserv/webarchive",
"operabin",
# Dolibarr
"dolibarr",
"dolibarr/htdocs",
"htdocs",
# cPanel
"cpanelwebcall",
# Moxa MiiNePort
"moxa",
# TVersity
"geturl",
# Andromeda Streaming Server
"streams",
"music",
"andromeda",
"mp3",
# Semantic Enterprise Wiki
"mediawiki",
"smw",
# ProWiki
"prowoki",
# ArticleSetup
"ArticleSetup",
"ArticleSetup/upload",
# Mitel MiCollab / MiVoice Business Express
"awc",
"awcuser",
"awcuser/cgi-bin",
"icw",
"portal",
"portal/login",
"portal/loginPage",
"server-common",
"server-common/cgi-bin",
"server-manager",
"ucs",
"ucs/json",
"ucs/micollab",
"ucs/micollab/libs",
"ucs/micollab/platform",
"ucs/micollab/resources",
"ucs/v1",
"vcs",
# phpVideoPro
"phpvideopro",
"video",
# w-CMS
"w-cms",
"w_cms",
# SAPID CMS
"sapid",
"sapid/usr",
"sapid/usr/extensions",
"usr",
"usr/extensions",
# Possible location of AWS credentials / profile files
".aws",
# Open Business Management (OBM)
"obm",
# PRADO PHP
"prado",
"prado/tests",
"prado/tests/test_tools",
"tests",
"tests/test_tools",
# JamWiki
"jamwiki",
"jamwiki/en",
"JamWiki",
"JamWiki/en",
"wiki",
"wiki/en",
# EditWrxLite CMS
"editwrx",
# Omni-Secure
"oss5",
"oss5/lib",
"oss6",
"oss6/lib",
"oss7",
"oss7/lib",
# pfile
"pfile",
# Palo Alto PAN-OS / GlobalProtect
"api",
"ca",
"CA",
"esp",
"global-protect",
"global-protect/msi",
"global-protect/portal",
"login",
"php",
"php/utils",
"sslmgr",
# Schneider Electric Wonderware / AVEVA InTouch Access Anywhere (Secure Gateway)
"AccessAnywhere",
"AccessAnywhere/lib",
"AccessAnywhere/resources",
"AccessAnywhere/resources/lang",
"AccessAnywhere/src",
"AccessNow",
"Admin",
"SG",
"SG/Scripts",
# AVEVA Plant SCADA Access Anywhere
"AccessNow",
"PlantSCADAAccessAnywhere",
"PlantSCADAAccessAnywhere/lib",
"PlantSCADAAccessAnywhere/resources",
"PlantSCADAAccessAnywhere/resources/lang",
"PlantSCADAAccessAnywhere/src",
# Odoo
"base_import",
"base_import/static",
# Caucho Resin
"caucho-status",
"cmp",
"faq",
"ref",
"resin-admin",
"resin-doc",
# Progress MOVEit Transfer
"api",
"api/v1",
"api/v1/folders",
"api/v1/users",
"moveitisapi", # nb: Seen on https://github.com/Neo23x0/signature-base/blob/ec3edef498b01b6da71d7fb1c6dc271cc0d16993/yara/vuln_moveit_0day_jun23.yar#L2
# Home Assistant OS and Home Assistant Supervised installations (Docker images don't have these)
"api",
"api/hassio",
"api/hassio/app",
"api/hassio_ingress",
# Inductive Automation Ignition
"main",
"main/res",
"main/res/sys",
"main/system",
"main/web",
"main/web/config",
"main/web/home",
"main/web/status",
"main/web/wicket",
"main/web/wicket/resource",
# Allaire/Macromedia/Adobe JRun Sample Files, see e.g. pre2008/DDI_JRun_Sample_Files.nasl
"cfanywhere",
"docs",
"docs/servlets",
"jsp",
"webl",
# VMware vRealize Network Insight / Aria Operations for Networks
"saas",
"vneraapp",
"vneraapp/assets",
# EZsite Forum
"Database",
"forum/Database",
# Basilic
"basilic",
"basilic/Config",
# asaanCart
"asaancart",
"asaancart/libs",
"asaancart/libs/smarty_ajax",
"shop",
"shop/libs",
"shop/libs/smarty_ajax",
"libs/smarty_ajax",
# AMSI
"amsi",
"AMSI",
# Arcserve Unified Data Protection (UDP)
"authenticationendpoint",
"commonauth",
"contents",
"contents/service",
"gateway",
"gateway/services",
"management",
"samlsso",
"UDPUpdates",
"UDPUpdates/Config",
"WebServiceImpl",
"WebServiceImpl/services",
# Clearswift MIMEsweeper
"MSWSMTP",
"MSWSMTP/Common",
"MSWSMTP/Common/Authentication",
# Adminer
"adminer",
# Adobe RoboHelp Server, from e.g.:
# https://blog.adobe.com/en/publish/2012/11/05/publishing-your-first-project-on-robohelp-server-9
"robohelp",
"robohelp/admin",
"robohelp/robo",
"robohelp/robo/server",
"robohelp/server",
# Apache Axis / Axis2
"axis",
"axis/services",
"axis/servlet",
"axis2",
"axis2/axis2-admin",
"axis2/axis2-web",
"axis2/services",
"axis2/services/Version",
"axis2/services/version",
## SAP Business Objects 12 and/or 3com IMC (See CVE-2010-2103)
"imcws",
"imcws/axis2-admin",
"imcws/axis2-web",
"imcws/services",
"imcws/services/Version",
"imcws/services/version",
"imcws/servlet",
## Computer Associates ARCserve D2D r15 Web Service (See CVE-2010-0219 / https://www.exploit-db.com/exploits/15869)
"WebServiceImpl",
"WebServiceImpl/axis2-admin",
"WebServiceImpl/axis2-web",
"WebServiceImpl/services",
"WebServiceImpl/services/Version",
"WebServiceImpl/services/version",
"WebServiceImpl/servlet",
## SAP BusinessObjects Enterprise XI 3.2 (See CVE-2010-0219)
"dswsbobje",
"dswsbobje/axis2-admin",
"dswsbobje/axis2-web",
"dswsbobje/services",
"dswsbobje/services/Version",
"dswsbobje/services/version",
"dswsbobje/servlet",
## SAP BusinessObjects
"BusinessProcessBI",
"BusinessProcessBI/axis2-admin",
"BusinessProcessBI/axis2-web",
"BusinessProcessBI/services",
"BusinessProcessBI/services/Version",
"BusinessProcessBI/services/version",
"BusinessProcessBI/servlet",
## VMware Smarts NCM
"Api",
"Api/axis2-admin",
"Api/axis2-web",
"Api/services",
"Api/services/Version",
"Api/services/version",
"Api/servlet",
## Oracle Communications Billing and Revenue Management Web Services Manager
"infranetwebsvc",
"infranetwebsvc/axis2-admin",
"infranetwebsvc/axis2-web",
"infranetwebsvc/services",
"infranetwebsvc/services/Version",
"infranetwebsvc/services/version",
"infranetwebsvc/servlet",
"BrmWebServices",
"BrmWebServices/axis2-admin",
"BrmWebServices/axis2-web",
"BrmWebServices/services",
"BrmWebServices/services/Version",
"BrmWebServices/services/version",
"BrmWebServices/servlet",
## Unknown
"ws",
"ws/axis2-admin",
"ws/axis2-web",
"ws/services",
"ws/services/Version",
"ws/services/version",
"ws/servlet",
"services",
## Microstrategy Web 10.4 (See CVE-2020-11450)
"MicroStrategyWS",
"MicroStrategyWS/axis2-admin",
"MicroStrategyWS/axis2-web",
"MicroStrategyWS/services",
"MicroStrategyWS/services/Version",
"MicroStrategyWS/services/version",
"MicroStrategyWS/servlet",
## JBoss.net Axis integration
"jboss-net",
"jboss-net/axis2-admin",
"jboss-net/axis2-web",
"jboss-net/services",
"jboss-net/services/Version",
"jboss-net/services/version",
"jboss-net/servlet",
## Tomcat, seen "in the wild"
"tomcat",
"tomcat/axis2-admin",
"tomcat/axis2-web",
"tomcat/services",
"tomcat/services/Version",
"tomcat/services/version",
"tomcat/servlet",
"tomcat/axis",
"tomcat/axis/axis2-admin",
"tomcat/axis/axis2-web",
"tomcat/axis/services",
"tomcat/axis/services/Version",
"tomcat/axis/services/version",
"tomcat/axis/servlet",
## Both for JBuilder Apache Axis
"wssgs",
"wssgs/axis2-admin",
"wssgs/axis2-web",
"wssgs/services",
"wssgs/services/Version",
"wssgs/services/version",
"wssgs/servlet",
"tresearch",
"tresearch/axis2-admin",
"tresearch/axis2-web",
"tresearch/services",
"tresearch/services/Version",
"tresearch/services/version",
"tresearch/servlet",
# Apache Hadoop
"cluster",
# Cisco Application Policy Infrastructure Controller (APIC)
"insieme",
"insieme/stromboli",
"insieme/stromboli/meta",
# Cisco Network Analysis Module (NAM)
"authenticate",
# Cisco Prime Collaboration Provisioning Web Interface
"cupm",
"dfcweb",
"dfcweb/lib",
"dfcweb/lib/cupm",
"dfcweb/lib/cupm/nls",
# Cisco Prime Infrastructure (PIS) Web Interface
"webacs",
"webacs/js",
"webacs/js/xmp",
"webacs/js/xmp/nls",
"webacs/pages",
"webacs/pages/common",
# Docker HTTP REST API (API versions might need to be re-checked in the future...)
"container",
"containers", # nb: Both not seen so far but might be related...
"images",
"v1.12.0",
"v1.12.0/containers",
"v1.12.0/images",
"v1.19",
"v1.19/containers",
"v1.19/images",
"v1.21",
"v1.21/containers",
"v1.21/images",
"v1.24",
"v1.24/containers",
"v1.24/images",
"v1.26",
"v1.26/containers",
"v1.26/images",
"v1.29",
"v1.29/containers",
"v1.29/images",
"v1.37",
"v1.37/containers",
"v1.37/images",
"v1.39",
"v1.39/containers",
"v1.39/images",
"v1.40",
"v1.40/containers",
"v1.40/images",
"v1.41",
"v1.41/containers",
"v1.41/images",
"v1.43",
"v1.43/containers",
"v1.43/images",
# ExpressionEngine CMS
"cms/system",
"system",
# Eyes Of Network (EON)
"eonapi",
# Froxlor Server Management Panel
"froxlor",
# Junos Space Web-UI
"mainui",
# ZOHO / ManageEngine products
"manageengine",
# Pacific Timesheet
"timesheet",
# phpPgAdmin
"phpPgAdmin",
"pgadmin",
"phppgadmin",
# Sensiolabs Symfony
"_profiler",
"symfony",
"symfony/src",
"symfony/src/Symfony",
"symfony/src/Symfony/Component",
"symfony/src/Symfony/Component/Console",
"symfony/web",
"symfony/web/app_dev.php",
"symfony/web/app_dev.php/_configurator",
"symfony/web/app_dev.php/_configurator/step",
"src",
"src/Symfony",
"src/Symfony/Component",
"src/Symfony/Component/Console",
"web",
"web/app_dev.php",
"web/app_dev.php/_configurator",
"web/app_dev.php/_configurator/step",
# vtiger CRM
"crm",
"vtigercrm",
# Zenoss Server
"zport",
"zport/acl_users",
"zport/acl_users/cookieAuthHelper",
# Mailman
"mailman",
# Apache Tiles
"apidocs",
"apidocs/org",
"apidocs/org/apache",
"apidocs/org/apache/tiles",
"apidocs/org/apache/tiles/definition",
"apidocs/org/apache/tiles/definition/digester",
"tiles/apidocs",
"tiles/apidocs/org",
"tiles/apidocs/org/apache",
"tiles/apidocs/org/apache/tiles",
"tiles/apidocs/org/apache/tiles/definition",
"tiles/apidocs/org/apache/tiles/definition/digester",
# Mahara
"mahara",
"mahara/admin",
# RainLoop Webmail
"mail",
"rainloop",
"webmail",
# nb:
# - Windows Server Update Services (WSUS)
# - IIS/Windows is usually case insensitive
"WsusAdmin",
"WsusAdmin/Common",
"WsusAdmin/Errors",
# 3CX Phone System Management Console
"#",
"api",
"connect",
"public",
"signin",
"webclient",
"webclient/#",
"webclient/api",
"webclient/api/Login",
"webclient/SignIn",
# Those are from CVE-2022-48482/CVE-2022-48483 of the same product
"Electron",
"Electron/download",
"Electron/download/windows",
# Skype for Business Server
"dialin",
"lwa",
"lwa/Webpages",
"PassiveAuth",
# IPP / CUPS systems
"ipp",
"printer", # nb: From RFC3510
"printers",
# Konica Minolta printers
"wcd",
# Brother HL printers
"general",
# SATO printers
"WebConfig",
# HP / Hewlett Packard printers
"DevMgmt",
"cdm",
"cdm/system",
"cdm/system/v1",
"hp",
"hp/device",
"hp/device/InternalPages",
"hp/device/SignIn",
"hp/device/webAccess",
"hp/jetdirect",
# Epson printers
"PRESENTATION",
"PRESENTATION/ADVANCED",
"PRESENTATION/ADVANCED/FORCE_PASSWORD",
"PRESENTATION/ADVANCED/INFO_PRTINFO",
"PRESENTATION/HTML",
"PRESENTATION/HTML/TOP",
# RICOH printers
"web",
"web/guest",
"web/guest/en",
"web/guest/en/websys",
"web/guest/en/websys/status",
# PHPMoAdmin
"phpmoadmin",
"modamin",
"wu-modadmin",
# AMI MegaRAC SP
"help",
"impl",
"Java",
"lib",
"page",
"res",
"str",
"style",
# Trend Micro Control Manager (TMCM) / Apex Central
"ControlManager",
"ControlManager/download",
"ControlManager/help",
"WebApp",
"WebApp/Administration",
"WebApp/common",
"WebApp/common/yui",
"WebApp/CommonDataBackend",
"WebApp/CommonDataBackend/CommonDataResource",
"WebApp/ExeDashboardBackend",
"WebApp/ExeDashboardBackend/ExeDashboardResource",
"WebApp/html",
"WebApp/js",
"WebApp/page",
"WebApp/Reports",
"WebApp/UserManager",
"WebApp/v1es",
"WebApp/widget",
# Redfish API
# nb: Those are the default ones defined in / by:
# https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.18.0.html#redfish-defined-uris-and-relative-reference-rules
"redfish",
"redfish/v1",
"redfish/v1/Schemas",
# From the RackHD API Reference Guide
"redfish/v1/systems",
# From the SuperMicro API Reference Guide
"redfish/v1/Registries",
"redfish/v1/UpdateService",
# A few seen in the scope of CVE-2021-29203
"redfish/v1/AccountService",
"redfish/v1/AccountService/Accounts",
"redfish/v1/SessionService",
"redfish/v1/SessionService/Sessions",
# Atlassian Bitbucket
"bitbucket",
"stash",
# Kubernetes API Server
"apis",
"apis/admissionregistration.k8s.io",
"apis/apiextensions.k8s.io",
"apis/apiregistration.k8s.io",
"apis/apps",
"apis/authentication.k8s.io",
"apis/authorization.k8s.io",
"apis/autoscaling",
"apis/batch",
"apis/certificates.k8s.io",
"apis/coordination.k8s.io",
"apis/custom.metrics.k8s.io",
"apis/discovery.k8s.io",
"apis/events.k8s.io",
"apis/extensions",
"apis/metrics.k8s.io",
"apis/networking.k8s.io",
"apis/node.k8s.io",
"apis/policy",
"apis/rbac.authorization.k8s.io",
"apis/scheduling.k8s.io",
"apis/storage.k8s.io",
"healthz",
"livez",
"openapi",
"readyz",
"version",
# Adiscon Loganalyzer
"loganalyzer",
# Adobe BlazeDS
"flex2gateway",
"flex2gateway/http",
"flex2gateway/httpsecure",
"flex2gateway/cfamfpolling",
"flex2gateway/amf",
"flex2gateway/amfpolling",
"messagebroker",
"messagebroker/http",
"messagebroker/httpsecure",
"blazed",
"blazeds/messagebroker",
"blazeds/messagebroker/http",
"blazeds/messagebroker/httpsecure",
"samples",
"samples/messagebroker",
"samples/messagebroker/http",
"samples/messagebroker/httpsecure",
"lcds",
"lcds/messagebroker",
"lcds/messagebroker/http",
"lcds/messagebroker/httpsecure",
"lcds-samples",
"lcds-samples/messagebroker",
"lcds-samples/messagebroker/http",
"lcds-samples/messagebroker/httpsecure",
# Dell Foundation Services
"Dell%20Foundation%20Services",
"Dell%20Foundation%20Services/eDell",
"Dell%20Foundation%20Services/eDell/IeDellCapabilitiesApi",
"Dell%20Foundation%20Services/eDell/IeDellCapabilitiesApi/REST",
# eTouch SamePage
"samepage",
"samepage/cm",
"samepage/cm/blogrss",
"samepage/cm/newui",
"samepage/cm/newui/wiki",
"cm",
"cm/blogrss",
"cm/newui",
"cm/newui/wiki",
# FIT2CLOUD JumpServer
"api",
"api/v1",
"api/v1/authentication",
"api/v1/authentication/connection-token",
"api/v1/terminal",
"api/v1/terminal/sessions",
"api/v1/users",
"api/v1/users/connection-token",
"auth",
"auth/login",
"core",
"core/auth",
"core/auth/login",
"core/auth/password",
"guacamole",
"koko",
"login",
"luna",
"media",
"static",
"static/js",
"static/js/plugins",
"ui",
"users",
"users/login",
"ws",
# Buffalo NAS
"lightbox",
"lightbox/css",
"lightbox/images",
"lightbox/js",
"adapter",
"adapter/ext",
"normalcss",
"webaccess",
"st",
"st/js",
"bower_components",
"help",
"help/ja",
"js",
"js/application",
"js/backup",
"js/backup/backup",
"js/backup/directcopy",
"js/backup/failover",
"js/backup/replication",
"js/backup/rsync",
"js/backup/timemachine",
"js/common",
"js/disk",
"js/disk/disk",
"js/disk/iscsi",
"js/disk/lvm",
"js/disk/raid",
"js/disk/usbdisk",
"js/dojo",
"js/ext",
"js/ext/resources",
"js/ext/resources/css",
"js/manage",
"js/network",
"js/service",
"js/service/web",
"js/share",
"js/staticData",
"js/ux",
"js/webservice",
# PHPRecipeBook
"phprecipebook",
"recipebook",
"recipe",
# ISPWorker
"ispworker",
"ispworker/module",
"ispworker/module/biz",
"ispworker/module/ticket",
"module",
"module/biz",
"module/ticket",
# WPEngine
"_wpeprivate",
# Sangfor Next Generation Application Firewall (NGAF)
"html",
"svpn_html",
# Honeywell Printers
"assets",
"assets/css",
"assets/images",
"assets/js",
"configure",
"contact",
"inprint",
"service",
"statistics",
"main",
"manage",
# nForum
"nforum",
"forum",
"board",
# ComicShout
"comic",
# BlindBlog
"cbblog",
"blindblog",
# Comparison Engine Power
"comparisonengine",
"compare",
# A4Desk Event Calendar
"calendar",
"calendar/admin",
# Citrix / NetScaler Gateway / ADC
"epa",
"epa/scripts",
"epa/scripts/linux",
"epa/scripts/mac",
"logon",
"logon/fonts",
"logon/LogonPoint",
"logon/LogonPoint/Authentication",
"logon/LogonPoint/clients",
"logon/LogonPoint/clients/HTML5Client",
"logon/LogonPoint/clients/HTML5Client/src",
"logon/LogonPoint/receiver",
"logon/LogonPoint/receiver/images",
"logon/LogonPoint/receiver/images/common",
"logon/LogonPoint/receiver/js",
"logon/LogonPoint/receiver/js/external",
"logon/themes",
"logon/themes/Default",
"logon/themes/Default/css",
"oauth",
"oauth/idp",
"oauth/idp/.well-known",
"vpn",
"vpn/images",
"vpn/js",
"vpn/js/rdx",
"vpn/js/rdx/core",
"vpn/js/rdx/core/css",
"vpn/themes",
# Kopano Konnect, various examples taken from:
# https://kopano.com/blog/short-introduction-kopano-konnect/
".well-known",
".well-known/openid-configuration",
"konnect",
"konnect/v1",
"signin",
# EZ-Blog
"blog",
"blog/public",
"ezblog",
"ezblog/public",
# Seen on Viessmann Vitogate CVE-2023-5702
"cgi-bin/config",
"cgi-bin/de",
# SalesCart
"online",
"online/customer",
# phpCommunity2
"phpcom",
# FacilCMS
"facil-cms",
# RevSense
"revsense",
# Nagios / Nagios XI
"nagios",
"nagiosxi",
"nagiosxi/about",
"nagiosxi/includes",
"nagiosxi/includes/js",
"nagiosxi/includes/js/jquery",
# PHP Petition Signing Script
"petition",
"petition/signing_system-admin",
"signing_system-admin",
# Qlik Sense
"internal_forms_authentication",
"hub",
"resources",
"resources/qmc",
"resources/qmc/fonts",
# OneOrZero Helpdesk
"oozv1657",
"oozv1657/common",
"helpdesk",
"helpdesk/common",
# 2532|Gigs
"2532Gigs",
"Gigs",
"bands",
# Ray Framework from https://huntr.com/bounties/83dd8619-6dc3-4c98-8f1b-e620fedcd1f6/
"static",
"static/js",
# TUTOS
"php",
"php/admin",
"tutos",
"tutos/php",
"tutos/php/admin",
# RitsBlog
"blog",
"blog/blogAdmin",
"ritsblog",
"ritsblog/blogAdmin",
"RitsBlog/blogAdmin",
# GScripts.net DNS Tools
"whois",
"dns_tools",
# Golabi CMS
"golabi",
"golabi/Templates",
"golabi/Templates/default",
"cms/Templates",
"cms/Templates/default",
"Templates",
"Templates/default",
# ClearBudget
"ClearBudget",
"ClearBudget/db",
"cb",
"cb/db",
# JobHunt
"jobs",
# EZ Hotscripts
"ez",
# Beerwin's PhpLinkAdmin
"phplinkadmin",
# Microsoft Graph PHP SDK
"vendor",
"vendor/microsoft",
"vendor/microsoft/microsoft-graph",
"vendor/microsoft/microsoft-graph/tests",
"vendor/microsoft/microsoft-graph-core",
"vendor/microsoft/microsoft-graph-core/tests",
# Fortinet FortiSIEM
"phoenix",
"phoenix/html",
"phoenix/html/template",
"phoenix/html/vendor",
"phoenix/html/views",
"phoenix/javax.faces.resource",
"phoenix/js",
"phoenix/rest",
"phoenix/rest/h5",
"phoenix/resources",
"phoenix/resources/header",
# Forcepoint Email Security
"pem",
"pem/login",
"pem/login/pages",
# Websense Triton
"triton",
"triton/login",
"triton/login/pages",
# Wedge Networks wedgeOS Management Console
"ssgmanager",
# Qwerty CMS
"qwerty",
# Dell Printers
"ews",
"ews/status",
"port_255",
"general",
"status",
"Information",
"printer",
"cgi-bin/dynamic",
"cgi-bin/dynamic/printer",
"cgi-bin/dynamic/printer/config",
"cgi-bin/dynamic/printer/config/reports",
# TurnkeyForms Local Classifieds
"classifieds",
"classifieds/Site_Admin",
"localclassifieds",
"localclassifieds/classifieds",
"localclassifieds/classifieds/Site_Admin",
# CS Whois Lookup
"whois",
"cs-whois",
"cs-dns",
# LogRover
"LogRover",
# Yap Blog
"yap",
# GhostScripter Amazon Shop
"amazon",
# AnswerBook2
"ab2",
"ab2/Help_C",
# Ecava IntegraXor
"DEM0",
"project",
"ecava",
"integraxor",
# Cybozu products
"cbgrn",
"garoon",
"grn",
"cbag",
"office",
"cgi-bin/cbag",
"cbdb",
"dezie",
"cbmw",
"mailwise",
# PHP Rocket Add-in
"phprocketaddin",
# Various from 2018/phpunit/gb_phpunit_rce.nasl
"wp-content",
"wp-content/plugins",
"wp-content/plugins/mm-plugin",
"wp-content/plugins/mm-plugin/inc",
"wp-content/plugins/mm-plugin/inc/vendors",
"wp-content/plugins/mm-plugin/inc/vendors/vendor",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/contabileads",
"wp-content/plugins/contabileads/integracoes",
"wp-content/plugins/contabileads/integracoes/mautic",
"wp-content/plugins/contabileads/integracoes/mautic/api-library",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit/src",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/realia",
"wp-content/plugins/realia/libraries",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit/src",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/wp-rocket",
"wp-content/plugins/wp-rocket/vendor",
"wp-content/plugins/wp-rocket/vendor/phpunit",
"wp-content/plugins/wp-rocket/vendor/phpunit/phpunit",
"wp-content/plugins/wp-rocket/vendor/phpunit/phpunit/src",
"wp-content/plugins/wp-rocket/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/wp-rocket/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/jekyll-exporter",
"wp-content/plugins/jekyll-exporter/vendor",
"wp-content/plugins/jekyll-exporter/vendor/phpunit",
"wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit",
"wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src",
"wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/dzs-videogallery",
"wp-content/plugins/dzs-videogallery/class_parts",
"wp-content/plugins/dzs-videogallery/class_parts/vendor",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/cloudflare",
"wp-content/plugins/cloudflare/vendor",
"wp-content/plugins/cloudflare/vendor/phpunit",
"wp-content/plugins/cloudflare/vendor/phpunit/phpunit",
"wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src",
"wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP",
"sites",
"sites/all",
"sites/all/libraries",
"sites/all/libraries/mailchimp",
"sites/all/libraries/mailchimp/vendor",
"sites/all/libraries/mailchimp/vendor/phpunit",
"sites/all/libraries/mailchimp/vendor/phpunit/phpunit",
"sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src",
"sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util",
"sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP",
"sites/default",
"sites/default/libraries",
"sites/default/libraries/mailchimp",
"sites/default/libraries/mailchimp/vendor",
"sites/default/libraries/mailchimp/vendor/phpunit",
"sites/default/libraries/mailchimp/vendor/phpunit/phpunit",
"sites/default/libraries/mailchimp/vendor/phpunit/phpunit/src",
"sites/default/libraries/mailchimp/vendor/phpunit/phpunit/src/Util",
"sites/default/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP",
"vendor",
"vendor/phpunit",
"vendor/phpunit/phpunit",
"vendor/phpunit/phpunit/src",
"vendor/phpunit/phpunit/src/Util",
"vendor/phpunit/phpunit/src/Util/PHP",
"modules",
"modules/autoupgrade",
"modules/autoupgrade/vendor",
"modules/autoupgrade/vendor/phpunit",
"modules/autoupgrade/vendor/phpunit/phpunit",
"modules/autoupgrade/vendor/phpunit/phpunit/src",
"modules/autoupgrade/vendor/phpunit/phpunit/src/Util",
"modules/autoupgrade/vendor/phpunit/phpunit/src/Util/PHP",
"modules/pscartabandonmentpro",
"modules/pscartabandonmentpro/vendor",
"modules/pscartabandonmentpro/vendor/phpunit",
"modules/pscartabandonmentpro/vendor/phpunit/phpunit",
"modules/pscartabandonmentpro/vendor/phpunit/phpunit/src",
"modules/pscartabandonmentpro/vendor/phpunit/phpunit/src/Util",
"modules/pscartabandonmentpro/vendor/phpunit/phpunit/src/Util/PHP",
"modules/ps_facetedsearch",
"modules/ps_facetedsearch/vendor",
"modules/ps_facetedsearch/vendor/phpunit",
"modules/ps_facetedsearch/vendor/phpunit/phpunit",
"modules/ps_facetedsearch/vendor/phpunit/phpunit/src",
"modules/ps_facetedsearch/vendor/phpunit/phpunit/src/Util",
"modules/ps_facetedsearch/vendor/phpunit/phpunit/src/Util/PHP",
"modules/gamification",
"modules/gamification/vendor",
"modules/gamification/vendor/phpunit",
"modules/gamification/vendor/phpunit/phpunit",
"modules/gamification/vendor/phpunit/phpunit/src",
"modules/gamification/vendor/phpunit/phpunit/src/Util",
"modules/gamification/vendor/phpunit/phpunit/src/Util/PHP",
"modules/ps_checkout",
"modules/ps_checkout/vendor",
"modules/ps_checkout/vendor/phpunit",
"modules/ps_checkout/vendor/phpunit/phpunit",
"modules/ps_checkout/vendor/phpunit/phpunit/src",
"modules/ps_checkout/vendor/phpunit/phpunit/src/Util",
"modules/ps_checkout/vendor/phpunit/phpunit/src/Util/PHP",
"apps-external",
"apps-external/polls",
"apps-external/polls/vendor",
"apps-external/polls/vendor/phpunit",
"apps-external/polls/vendor/phpunit/phpunit",
"apps-external/polls/vendor/phpunit/phpunit/src",
"apps-external/polls/vendor/phpunit/phpunit/src/Util",
"apps-external/polls/vendor/phpunit/phpunit/src/Util/PHP",
"apps",
"apps/polls",
"apps/polls/vendor",
"apps/polls/vendor/phpunit",
"apps/polls/vendor/phpunit/phpunit",
"apps/polls/vendor/phpunit/phpunit/src",
"apps/polls/vendor/phpunit/phpunit/src/Util",
"apps/polls/vendor/phpunit/phpunit/src/Util/PHP",
"vendor",
"vendor/phpunit",
"vendor/phpunit/phpunit",
"vendor/phpunit/phpunit/Util",
"vendor/phpunit/phpunit/Util/PHP",
"vendor/phpunit/src",
"vendor/phpunit/src/Util",
"vendor/phpunit/src/Util/PHP",
"vendor/phpunit/Util",
"vendor/phpunit/Util/PHP",
"phpunit",
"phpunit/phpunit",
"phpunit/phpunit/src",
"phpunit/phpunit/src/Util",
"phpunit/phpunit/src/Util/PHP",
"phpunit/phpunit/Util",
"phpunit/phpunit/Util/PHP",
"phpunit/src",
"phpunit/src/Util",
"phpunit/src/Util/PHP",
"phpunit/Util",
"phpunit/Util/PHP",
"lib",
"lib/phpunit",
"lib/phpunit/phpunit",
"lib/phpunit/phpunit/src",
"lib/phpunit/phpunit/src/Util",
"lib/phpunit/phpunit/src/Util/PHP",
"lib/phpunit/phpunit/Util",
"lib/phpunit/phpunit/Util/PHP",
"lib/phpunit/src",
"lib/phpunit/src/Util",
"lib/phpunit/src/Util/PHP",
"lib/phpunit/Util",
"lib/phpunit/Util/PHP",
"ckeditor",
"ckeditor/plugins",
"ckeditor/plugins/ajaxplorer",
"ckeditor/plugins/ajaxplorer/phpunit",
"ckeditor/plugins/ajaxplorer/phpunit/src",
"ckeditor/plugins/ajaxplorer/phpunit/src/Util",
"ckeditor/plugins/ajaxplorer/phpunit/src/Util/PHP",
"plugins",
"plugins/ajaxplorer",
"plugins/ajaxplorer/phpunit",
"plugins/ajaxplorer/phpunit/src",
"plugins/ajaxplorer/phpunit/src/Util",
"plugins/ajaxplorer/phpunit/src/Util/PHP",
"laravel_web",
"laravel_web/vendor",
"laravel_web/vendor/phpunit",
"laravel_web/vendor/phpunit/phpunit",
"laravel_web/vendor/phpunit/phpunit/src",
"laravel_web/vendor/phpunit/phpunit/src/Util",
"laravel_web/vendor/phpunit/phpunit/src/Util/PHP",
"mailgun-php",
"mailgun-php/vendor",
"mailgun-php/vendor/phpunit",
"mailgun-php/vendor/phpunit/phpunit",
"mailgun-php/vendor/phpunit/phpunit/src",
"mailgun-php/vendor/phpunit/phpunit/src/Util",
"mailgun-php/vendor/phpunit/phpunit/src/Util/PHP",
"modules",
"modules/gamification",
"modules/gamification/vendor",
"modules/gamification/vendor/phpunit",
"modules/gamification/vendor/phpunit/phpunit",
"modules/gamification/vendor/phpunit/phpunit/src",
"modules/gamification/vendor/phpunit/phpunit/src/Util",
"modules/gamification/vendor/phpunit/phpunit/src/Util/PHP",
"core",
"core/vendor",
"core/vendor/phpunit",
"core/vendor/phpunit/phpunit",
"core/vendor/phpunit/phpunit/src",
"core/vendor/phpunit/phpunit/src/Util",
"core/vendor/phpunit/phpunit/src/Util/PHP",
"app",
"app/vendor",
"app/vendor/phpunit",
"app/vendor/phpunit/phpunit",
"app/vendor/phpunit/phpunit/src",
"app/vendor/phpunit/phpunit/src/Util",
"app/vendor/phpunit/phpunit/src/Util/PHP",
"laravel",
"laravel/vendor",
"laravel/vendor/phpunit",
"laravel/vendor/phpunit/phpunit",
"laravel/vendor/phpunit/phpunit/src",
"laravel/vendor/phpunit/phpunit/src/Util",
"laravel/vendor/phpunit/phpunit/src/Util/PHP",
"workspace",
"workspace/drupal",
"workspace/drupal/vendor",
"workspace/drupal/vendor/phpunit",
"workspace/drupal/vendor/phpunit/phpunit",
"workspace/drupal/vendor/phpunit/phpunit/src",
"workspace/drupal/vendor/phpunit/phpunit/src/Util",
"workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP",
"panel",
"panel/vendor",
"panel/vendor/phpunit",
"panel/vendor/phpunit/phpunit",
"panel/vendor/phpunit/phpunit/src",
"panel/vendor/phpunit/phpunit/src/Util",
"panel/vendor/phpunit/phpunit/src/Util/PHP",
"admin",
"admin/ckeditor",
"admin/ckeditor/plugins",
"admin/ckeditor/plugins/ajaxplorer",
"admin/ckeditor/plugins/ajaxplorer/phpunit",
"admin/ckeditor/plugins/ajaxplorer/phpunit/src",
"admin/ckeditor/plugins/ajaxplorer/phpunit/src/Util",
"admin/ckeditor/plugins/ajaxplorer/phpunit/src/Util/PHP",
"dev",
"dev/vendor",
"dev/vendor/phpunit",
"dev/vendor/phpunit/phpunit",
"dev/vendor/phpunit/phpunit/src",
"dev/vendor/phpunit/phpunit/src/Util",
"dev/vendor/phpunit/phpunit/src/Util/PHP",
"lib",
"lib/phpunit",
"lib/phpunit/phpunit",
"lib/phpunit/phpunit/Util",
"lib/phpunit/phpunit/Util/PHP",
"demo",
"demo/vendor",
"demo/vendor/phpunit",
"demo/vendor/phpunit/phpunit",
"demo/vendor/phpunit/phpunit/src",
"demo/vendor/phpunit/phpunit/src/Util",
"demo/vendor/phpunit/phpunit/src/Util/PHP",
"cms",
"cms/vendor",
"cms/vendor/phpunit",
"cms/vendor/phpunit/phpunit",
"cms/vendor/phpunit/phpunit/src",
"cms/vendor/phpunit/phpunit/src/Util",
"cms/vendor/phpunit/phpunit/src/Util/PHP",
"crm",
"crm/vendor",
"crm/vendor/phpunit",
"crm/vendor/phpunit/phpunit",
"crm/vendor/phpunit/phpunit/src",
"crm/vendor/phpunit/phpunit/src/Util",
"crm/vendor/phpunit/phpunit/src/Util/PHP",
"lib",
"lib/phpunit",
"lib/phpunit/src",
"lib/phpunit/src/Util",
"lib/phpunit/src/Util/PHP",
"lib/phpunit/Util",
"lib/phpunit/Util/PHP",
"backup",
"backup/vendor",
"backup/vendor/phpunit",
"backup/vendor/phpunit/phpunit",
"backup/vendor/phpunit/phpunit/src",
"backup/vendor/phpunit/phpunit/src/Util",
"backup/vendor/phpunit/phpunit/src/Util/PHP",
"blog",
"blog/vendor",
"blog/vendor/phpunit",
"blog/vendor/phpunit/phpunit",
"blog/vendor/phpunit/phpunit/src",
"blog/vendor/phpunit/phpunit/src/Util",
"blog/vendor/phpunit/phpunit/src/Util/PHP",
"api",
"api/vendor",
"api/vendor/phpunit",
"api/vendor/phpunit/phpunit",
"api/vendor/phpunit/phpunit/src",
"api/vendor/phpunit/phpunit/src/Util",
"api/vendor/phpunit/phpunit/src/Util/PHP",
"admin",
"admin/vendor",
"admin/vendor/phpunit",
"admin/vendor/phpunit/phpunit",
"admin/vendor/phpunit/phpunit/src",
"admin/vendor/phpunit/phpunit/src/Util",
"admin/vendor/phpunit/phpunit/src/Util/PHP",
"yii",
"yii/vendor",
"yii/vendor/phpunit",
"yii/vendor/phpunit/phpunit",
"yii/vendor/phpunit/phpunit/src",
"yii/vendor/phpunit/phpunit/src/Util",
"yii/vendor/phpunit/phpunit/src/Util/PHP",
"lib",
"lib/vendor",
"lib/vendor/phpunit",
"lib/vendor/phpunit/phpunit",
"lib/vendor/phpunit/phpunit/src",
"lib/vendor/phpunit/phpunit/src/Util",
"lib/vendor/phpunit/phpunit/src/Util/PHP",
"zend",
"zend/vendor",
"zend/vendor/phpunit",
"zend/vendor/phpunit/phpunit",
"zend/vendor/phpunit/phpunit/src",
"zend/vendor/phpunit/phpunit/src/Util",
"zend/vendor/phpunit/phpunit/src/Util/PHP",
# Magento
"admin",
"downloader",
"magento",
"magento/admin",
"magento/downloader",
"shop",
"shop/admin",
"shop/downloader",
# Amasty Product Feed for Magento
"amfeed",
"amfeed/main",
"magento/amfeed",
"magento/amfeed/main",
"shop/amfeed",
"shop/amfeed/main",
# Magmi (Magento Mass Importer)
"magmi",
"magmi/web",
"magmi-importer",
"magmi-importer/web",
# Woltlab Burning Board
"wcf",
"wcf/acp",
"forum/wcf",
"forum/wcf/acp",
"board/wcf",
"board/wcf/acp",
# Tecomat Foxtrot
"syswww",
# Trackplus Allegra
"allegra",
"track",
# PHPFootball
"phpfootball",
# Digital Scribe
"DigitalScribe",
"digitalscribe",
# e-Vision CMS
"evision",
"evision/modules",
"evision/modules/plain",
"evision/modules/plain/adminpart",
"cms/modules",
"cms/modules/plain",
"cms/modules/plain/adminpart",
"modules",
"modules/plain",
"modules/plain/adminpart",
# PassWiki
"passwiki",
# Butterfly Organizer
"organizer",
# Taifajobs
"tjobs",
"jobs",
# TinX
"tinxcms",
"tinxcms/system",
"cms/system",
# Advantech iView
"iView3",
# MCshoutbox
"MCshoutBox",
"shoutbox",
"box"); # nb: Don't add more dirs here and add them in the second testDirList2 below instead (see relevant note for the background)
# nb: Making it "unique" for the first time to avoid an overlong initial list
testDirList = make_list_unique( testDirList );
# nb: Unfortunately the list above has reached some kind of internal memory limit and at least
# openvas-nasl-lint on 21.04 is "crashing" with a:
# > memory exhausted
# so we're creating a second list here and making both "unique" before continuing later.
#
testDirList2 = make_list(
# Apache Subversion 'mod_dav_svn'
"projects",
"repo",
"repo/trunk",
"repo/projects",
"repository",
"svn",
"svn/repos",
"svn/trunk",
"trunk",
# Atlassian Confluence
"bootstrap",
"confluence",
"dashboard",
"display",
"download",
"download/attachments",
"opensearch",
"pages",
"plugins",
"s",
"setup",
"spacedirectory",
"spaces",
"template",
"template/aui", # nb: From CVE-2023-22527
"users",
"wiki",
# DM FileManager
"dm-filemanager",
"dm-filemanager/dm-albums",
"dm-filemanager/dm-albums/templates",
"dm-filemanager/albums",
"dm-filemanager/albums/templates",
"dmf",
"dmf/dm-albums",
"dmf/dm-albums/templates",
"dmf/albums",
"dmf/albums/templates",
"dm-albums",
"dm-albums/templates",
"albums",
"albums/templates",
# Dagger
"dagger",
"dagger/skins",
"cms/skins",
"skins",
# Simply Classified
"classified",
# Rspamd
"js",
"js/lib",
"rspamd",
"rspamd/js",
"rspamd/js/lib",
# IBM Aspera Faspex / Aspera Console
"aspera",
"aspera/console",
# IBM Operational Decision Manager
"DecisionRunner",
"DecisionService",
"decisioncenter",
"decisioncenter/js",
"decisioncenter/js/dist",
"decisioncenter/themes",
"decisioncenter/webjars",
"decisioncenter-api",
"decisioncenter-api/v1",
"res", # nb: "Rule Execution Server"
"teamserver",
"teamserver/faces",
# Kemp LoadMaster
"access",
"accessv2",
"directory",
"progs",
"progs/admin",
"progs/doconfig",
"progs/fwaccess",
"progs/geoctrl",
"progs/networks",
"progs/useradmin",
# Artica Proxy
"tailon",
"tailon/ws",
# Aruba ClearPass Policy Manager
"tips",
"insight",
# Devolutions Server
"rdms",
"rdms/api",
"dvls",
"dvls/api",
# Fortinet FortiWLM
"wlm",
"ems",
"ems/cgi-bin",
# LDAP Account Manager (LAM)
"ldap",
"ldap/templates",
"ldap/templates/config",
"ldap/templates/lib",
"ldap-account-manager",
"ldap-account-manager/templates",
"ldap-account-manager/templates/config",
"ldap-account-manager/templates/lib",
"lam",
"lam/templates",
"lam/templates/config",
"lam/templates/lib",
"templates",
"templates/config",
"templates/lib",
# Ivanti Neurons for ITSM
"HEAT",
# Claris FileMaker (Pro or Server)
"admin-console",
"fmi",
"fmi/iwp",
"fmi/iwp/res",
"fmi/iwp/res/swe",
# Jenkins
"asynchPeople",
"asynchPeople/api",
"whoAmI",
"jenkins",
"jenkins/asynchPeople",
"jenkins/asynchPeople/api",
"jenkins/whoAmI",
# Progress Telerik Report Server
"Account",
"Startup",
# Progress Telerik Reporting
"reports",
"reports/api",
"reporting",
"reporting/api",
"Reporting",
"Reporting/api",
# Progress Flowmon
"homepage",
"homepage/auth",
# ForgeRock Access Management
"openam",
"openam/XUI",
"am",
"am/XUI",
"auth",
"auth/XUI",
"authn",
"authn/XUI",
"sso",
"sso/XUI",
"XUI",
# Fortra FileCatalyst Workflow
"workflow",
"workflow/jsp",
"workflow/jsp/includes",
"workflow/jsp/templatesParentDir",
"workflow/servlet",
# pgAdmin
"pgadmin",
"pgadmin/browser",
"pgadmin-web",
"pgadmin-web/browser",
"pgAdmin",
"pgAdmin/browser",
"browser",
# HP Poly IP Phones
"form-submit",
# CrushFTP
"WebInterface",
"WebInterface/CrushReports",
"WebInterface/Jobs",
"WebInterface/ManageShares",
"WebInterface/PGP",
"WebInterface/Preferences",
"WebInterface/Reports",
"WebInterface/Resources",
"WebInterface/TempAccounts",
"WebInterface/UserManager",
"WebInterface/admin",
"WebInterface/dashboard",
"WebInterface/function",
"WebInterface/jQuery",
"WebInterface/new-ui",
"WebInterface/new-ui/assets",
"WebInterface/new-ui/assets/js",
"WebInterface/new-ui/assets/js/app",
"WebInterface/new-ui/assets/js/utils",
"WebInterface/new-ui/assets/js/utils/api",
"WebInterface/new-ui/assets/styles",
"WebInterface/new-ui/assets/styles/components",
"WebInterface/new-ui/modules",
"WebInterface/new-ui/modules/loader",
"WebInterface/new-ui/modules/web-components",
"WebInterface/new-ui/modules/web-components/language",
"WebInterface/new-ui/modules/web-components/multitheme",
"WebInterface/sync",
"WebInterface/w3c"
);
# nb: Before adding some host name parts making it "unique" again
testDirList = make_list_unique( testDirList, testDirList2 );
# Add domain name parts, create_hostname_parts_list() always returns a list, even an empty one
hnlist = create_hostname_parts_list();
testDirList = make_list( testDirList, hnlist );
if( debug ) display( "::[ DDI Directory Scanner running in debug mode ]::" );
fake404 = string("");
Check200 = TRUE;
Check401 = TRUE;
Check403 = TRUE;
CheckRedirect = TRUE;
port = http_get_port( default:80 );
host = http_host_name( dont_add_port:TRUE );
if( debug ) display( ":: Checking directories on Hostname/IP:port " + host + ":" + port + "..." );
if( http_get_is_marked_broken( port:port, host:host ) )
exit( 0 );
# counter for current failed requests
failedReqs = 0;
# counter for the current amount of done requests
currReqs = 0;
# counter for max failed requests
# The VT will exit if this is reached
# TBD: Make this configurable?
maxFailedReqs = 3;
# pull the robots.txt file
if( debug ) display( ":: Checking for robots.txt..." );
res = http_get_cache( item:"/robots.txt", port:port );
currReqs++;
if( ! res )
failedReqs++;
if( res =~ "^HTTP/1\.[01] 200" && res =~ "Content-Type\s*:\s*text/plain" ) {
body = http_extract_body_from_response( data:res );
body = chomp( body );
if( body ) {
strings = split( body );
foreach string( strings ) {
if( egrep( pattern:"^\s*(dis)?allow\s*:.*/", string:string, icase:TRUE ) &&
! egrep( pattern:"^\s*(dis)?allow\s*:.*\.", string:string, icase:TRUE ) ) {
# yes, i suck at regex's in nasl. I want my \s+!
robot_dir = ereg_replace( pattern:"(dis)?allow\s*:\W*/(.*)$", string:string, replace:"\2", icase:TRUE );
robot_dir = ereg_replace( pattern:"\W*$", string:robot_dir, replace:"", icase:TRUE );
robot_dir = ereg_replace( pattern:"/$|\?$", string:robot_dir, replace:"", icase:TRUE );
if( robot_dir != '' ) {
testDirList = make_list( testDirList, robot_dir );
if( debug ) display(":: Directory '", robot_dir, "' added to test list");
}
}
}
}
}
# pull the CVS/Entries file
if( debug ) display( ":: Checking for /CVS/Entries..." );
res = http_get_cache( item:"/CVS/Entries", port:port );
currReqs++;
if( ! res )
failedReqs++;
if( res =~ "^HTTP/1\.[01] 200" ) {
body = http_extract_body_from_response( data:res );
body = chomp( body );
if( body ) {
strings = split( body, string( "\n" ) );
foreach string( strings ) {
if( egrep( pattern:"^D/(.+)/.*/.*/.*/.*", string:string, icase:FALSE ) ) {
cvs_dir = ereg_replace( pattern:"^D/(.+)/.*/.*/.*/.*", string:string, replace:"\1", icase:FALSE );
if( cvs_dir != '' ) {
testDirList = make_list( testDirList, cvs_dir );
if( debug ) display( ":: Directory '", cvs_dir, "' added to test list" );
}
}
}
}
}
# test for servers which return 200/403/401 for everything
req = http_get( item:"/non-existent" + rand() + "/", port:port );
res = http_keepalive_send_recv( port:port, data:req );
currReqs++;
if( ! res )
failedReqs++;
if( res =~ "^HTTP/1\.[01] 200" ) {
fake404 = 0;
if( debug ) display( ":: This server returns 200 for non-existent directories" );
foreach errmsg( errmessages_404 ) {
if( egrep( pattern:errmsg, string:res, icase:TRUE ) && ! fake404 ) {
fake404 = errmsg;
if( debug ) display( ":: Using '", fake404, "' as an indication of a 404 error" );
break;
}
}
if( ! fake404 ) {
if( debug ) display( ":: Could not find an error string to match against for the fake 404 response" );
if( debug ) display( ":: Checks which rely on 200 responses are being disabled" );
Check200 = FALSE;
}
} else {
fake404 = string( "BadString0987654321*DDI*" );
}
if( res =~ "^HTTP/1\.[01] 401" ) {
if( debug ) display( ":: This server requires authentication for non-existent directories, disabling 401 checks" );
Check401 = FALSE;
}
if( res =~ "^HTTP/1\.[01] 403" ) {
if( debug ) display( ":: This server returns a 403 for non-existent directories, disabling 403 checks" );
Check403 = FALSE;
}
if( res =~ "^HTTP/1\.[01] 30[0-8]" ) {
if( debug ) display( ":: This server returns a redirect for non-existent directories, disabling redirect checks" );
CheckRedirect = FALSE;
}
# start the actual directory scan
ScanRootDir = "/";
start = unixtime();
if( debug ) display( ":: Starting the directory scan..." );
# We make the list unique at the end to avoid having doubled
# entries from e.g. the robots.txt and for easier maintenance
# of the initial list which could contain multiple entries.
testDirList = make_list_unique( testDirList );
foreach cdir( testDirList ) {
url = ScanRootDir + cdir;
res = http_get_cache( item:url + "/", port:port );
currReqs++;
if( ! res ) {
failedReqs++;
if( failedReqs >= maxFailedReqs ) {
if( debug ) display( ":: Max number of failed requests (" + maxFailedReqs + ") reached (Amount of requests done: " + currReqs + ") + exiting..." );
exit( 0 );
}
continue;
}
if( cgi_dirs_exclude_servermanual ) {
# Ignore Apache2 manual if it exists. This is just huge static content
# and slows down the scanning without any real benefit.
if( url =~ "^/manual" ) {
man_res = http_get_cache( item:"/manual/en/index.html", port:port );
currReqs++;
if( man_res && "Documentation - Apache HTTP Server" >< man_res ) {
set_kb_item( name:"www/" + host + "/" + port + "/content/servermanual_directories", value:http_report_vuln_url( port:port, url:url, url_only:TRUE ) + ", Content: Apache HTTP Server Manual" );
continue;
}
}
# Similar to the above for Tomcat
if( url =~ "^/tomcat-docs" ) {
man_res = http_get_cache( item:"/tomcat-docs/", port:port );
currReqs++;
if( man_res && "Apache Tomcat" >< man_res && "Documentation Index" >< man_res ) {
set_kb_item( name:"www/" + host + "/" + port + "/content/servermanual_directories", value:http_report_vuln_url( port:port, url:url, url_only:TRUE ) + ", Content: Apache Tomcat Documentation" );
continue;
}
}
# And the same for Caucho Resin
if( url =~ "^/resin-doc" ) {
man_res = http_get_cache( item:"/resin-doc/", port:port );
currReqs++;
if( man_res && ">Resin Documentation<" >< man_res ) {
set_kb_item( name:"www/" + host + "/" + port + "/content/servermanual_directories", value:http_report_vuln_url( port:port, url:url, url_only:TRUE ) + ", Content: Caucho Resin Documentation" );
continue;
}
}
}
http_code = int( substr( res, 9, 11 ) );
if( ! res )
res = "BogusBogusBogus";
if( Check200 && http_code == 200 && ! ( egrep( pattern:fake404, string:res, icase:TRUE ) ) ) {
if( debug ) display( ":: Discovered: " , ScanRootDir, cdir );
add_discovered_list( dir:ScanRootDir + cdir, port:port, host:host );
}
# Pass any redirects we're getting to webmirror.nasl for further processing
if( CheckRedirect && http_code =~ "^30[0-8]$" ) {
if( debug )
display( ":: Got a '", http_code, "' redirect for ", ScanRootDir, cdir, ", trying to extract the location..." );
redirect = http_extract_location_from_redirect( port:port, data:res, debug:debug, current_dir:cdir );
if( redirect ) {
if( debug ) display( ":: Passing extracted redirect ", redirect ," to webmirror.nasl..." );
set_kb_item( name:"DDI_Directory_Scanner/" + port + "/received_redirects", value:redirect );
set_kb_item( name:"DDI_Directory_Scanner/" + host + "/" + port + "/received_redirects", value:redirect );
}
}
if( Check403 && http_code == 403 ) {
if( debug ) display( ":: Got a 403 for ", ScanRootDir, cdir, ", checking for file in the directory..." );
req = http_get( item:ScanRootDir + cdir + "/NonExistent.html", port:port );
res = http_keepalive_send_recv( data:req, port:port, bodyonly:FALSE );
currReqs++;
if( ! res )
failedReqs++;
if( res =~ "^HTTP/1\.[01] 403" ) {
# the whole directory appears to be protected
if( debug ) display( ":: 403 applies to the entire directory" );
} else {
if( debug ) display( ":: 403 applies to just directory indexes" );
# the directory just has indexes turned off
if( debug ) display( ":: Discovered: " , ScanRootDir, cdir );
add_discovered_list( dir:ScanRootDir + cdir, port:port, host:host );
}
}
if( Check401 && http_code == 401 ) {
if( header = egrep( pattern:"^WWW-Authenticate\s*:", string:res, icase:TRUE ) ) {
if( debug ) display( ":: Got a 401 for ", ScanRootDir + cdir, " containing a WWW-Authenticate header, adding to the dirs requiring auth..." );
basic_auth = http_extract_basic_auth( data:res );
add_auth_dir_list( dir:ScanRootDir + cdir, port:port, host:host, basic:basic_auth["basic_auth"], realm:basic_auth["realm"] );
} else {
if( debug ) display( ":: Got a 401 for ", ScanRootDir + cdir, " WITHOUT a WWW-Authenticate header, NOT adding to the dirs requiring auth..." );
}
}
}
if( debug ) display( ":: Finished scan (Done requests: ", currReqs, "), exiting..." );
exit( 0 );
References
Related
openvas
openvas
Apache Axis Detection (HTTP)
2016-04-06 00:00:00
Apache Axis2 Detection (HTTP)
2010-09-20 00:00:00
Apache Axis2 < 1.5.2 'engagingglobally' XSS Vulnerability
2015-03-17 00:00:00
nuclei
nuclei
SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting
2022-03-23 10:43:38
VMware - Local File Inclusion
2022-08-10 12:24:02
Adobe Experience Manager - Expression Language Injection
2024-01-27 14:32:56
prion
prion
Design/Logic Flaw
2021-12-14 16:15:00
Directory traversal
2023-05-02 05:15:00
Design/Logic Flaw
2023-04-16 04:15:00
nessus
nessus
Web Server Directory Enumeration
2002-06-26 00:00:00
HPE Edgeline Infrastructure Manager Authentication Bypass (HPESBGN04124)
2021-06-04 00:00:00
Atlassian Confluence < 8.5.4 RCE (CONFSERVER-93833)
2024-01-16 00:00:00
cve
cve
packetstorm
packetstorm
SAP Knowledge Warehouse 7.50 / 7.40 / 7.31 / 7.30 Cross Site Scripting
2022-03-21 00:00:00
Liferay Portal 6.2.5 Insecure Permissions
2023-04-05 00:00:00
Axis2 Upload Exec (via REST)
2010-12-01 00:00:00
zdt
zdt
Liferay Portal 6.2.5 - Insecure Permissions Exploit
2023-04-05 00:00:00
Atlassian Confluence < 8.5.3 - Remote Code Execution Exploit
2024-03-18 00:00:00
Atlassian Confluence SSTI Injection Exploit
2024-01-29 00:00:00
symantec
symantec
Adobe Experience Manager CVE-2019-16469 Information Disclosure Vulnerability
2020-01-14 00:00:00
checkpoint_advisories
checkpoint_advisories
VMWare Workspace One Access Authentication Bypass (CVE-2022-31656)
2022-08-30 00:00:00
HPE Edgeline Infrastructure Manager Authentication Bypass (CVE-2021-29203)
2021-05-31 00:00:00
debiancve
debiancve
CVE-2010-2103
2010-05-27 22:30:00
github
github
Improper Neutralization of Input During Web Page Generation in Apache Axis2
2022-05-14 02:44:30
ubuntucve
ubuntucve
CVE-2010-2103
2010-05-27 00:00:00
osv
osv
Improper Neutralization of Input During Web Page Generation in Apache Axis2
2022-05-14 02:44:30
githubexploit
githubexploit
Exploit for Injection in Atlassian Confluence Data Center
2024-01-24 21:29:59
Exploit for Injection in Atlassian Confluence Data Center
2024-01-25 10:52:39
Exploit for Injection in Atlassian Confluence Data Center
2024-03-04 19:09:57
cisa_kev
cisa_kev
metasploit
metasploit
Atlassian Confluence SSTI Injection
2024-01-22 22:06:29
SAP Solution Manager remote unauthorized OS commands execution
2021-03-21 13:51:21
SAP Solution Manager remote unauthorized OS commands execution
2021-03-21 13:51:21
saint
saint
HP Universal CMDB Server Axis2 default password
2011-02-22 00:00:00
HP Universal CMDB Server Axis2 default password
2011-02-22 00:00:00
CA ARCserve D2D Axis2 default password
2011-01-26 00:00:00
cert
cert
SAP BusinessObjects Axis2 Default Admin Password
2010-10-13 00:00:00
hivepro
hivepro
Attacks, Vulnerabilities and Actors 22 January to 28 January 2024
2024-01-29 14:47:47
Critical RCE Flaw in Atlassian Confluence Sparks Active Exploitation
2024-01-24 13:24:06
exploitdb
exploitdb
Atlassian Confluence < 8.5.3 - Remote Code Execution
2024-03-18 00:00:00
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
2024-03-14 00:00:00
trendmicroblog
trendmicroblog
securityvulns
securityvulns
SAP BusinessObjects default password
2010-10-24 00:00:00
R7-0037: SAP BusinessObjects Axis2 Default Admin Password
2010-10-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-03-25 08:40:43
thn
thn
~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation
2024-01-23 09:34:00
CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability
2024-02-16 15:42:00
attackerkb
attackerkb
CVE-2023-22527
2024-01-16 00:00:00
CVE-2020-6207
2020-03-10 00:00:00
rapid7blog
rapid7blog
RCE to Sliver: IR Tales from the Field
2024-02-15 19:38:59
Metasploit Wrap-Up
2021-04-02 19:49:02
Metasploit Wrap-Up
2021-04-09 19:17:46
impervablog
impervablog
What we know about VMWare CVE-2022–31656 and CVE-2022–31659
2022-08-10 16:55:48
New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
2024-03-20 16:56:29
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
2024-02-21 09:28:01
cisa
cisa
VMware Releases Security Updates
2022-08-03 00:00:00
threatpost
threatpost
Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool
2021-05-03 18:22:23
SAP Patches Nine Critical & High-Severity Bugs
2021-08-11 15:27:02
SAP Bugs Under Active Cyberattack
2021-04-06 18:47:57
atlassian
atlassian
RCE (Remote Code Execution) in Confluence Data Center and Server
2024-01-15 07:48:36
adobe
adobe
APSB20-01 Security update available for Adobe Experience Manager
2020-01-14 00:00:00
wallarmlab
wallarmlab
malwarebytes
malwarebytes
Update now! VMWare patches critical vulnerabilities in several products
2022-08-03 13:27:47
Update now! VMWare patches critical vulnerabilities in several products
2022-08-03 13:00:00
vmware
vmware
avleonov
avleonov
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Related for OPENVAS:136141256231011032