From 40671b1bdf0177f438e135e2576664699cc9fdb5 Mon Sep 17 00:00:00 2001
From: r1cksec <77610058+r1cksec@users.noreply.github.com>
Date: Mon, 9 Dec 2024 00:46:47 +0100
Subject: [PATCH] More cheatsheets
---
linux/apache2.md | 13 +
linux/impacket-smbclient.md | 5 +
linux/mysqldump.md | 14 +
linux/smbclient.md | 5 +
other/ssh-share.md | 20 +
snippet/py/flaskRedirect.py | 9 +
snippet/sh/saveMultipleStdoutToVariable.sh | 9 +
url/git-tools | 54 +-
url/osint.md | 1 +
url/services.md | 1 +
url/tagged-urls.md | 5 +
windows/{start-process.md => process.md} | 5 +
windows/procmon.md | 9 +
windows/spartacus.md | 8 +
windows/sqlcmd.md | 23 +
wordlist/web-paths | 7619 ++++++++++++++++++--
16 files changed, 7121 insertions(+), 679 deletions(-)
create mode 100644 linux/mysqldump.md
create mode 100644 other/ssh-share.md
create mode 100644 snippet/py/flaskRedirect.py
create mode 100644 snippet/sh/saveMultipleStdoutToVariable.sh
rename windows/{start-process.md => process.md} (91%)
create mode 100644 windows/procmon.md
create mode 100644 windows/spartacus.md
create mode 100644 windows/sqlcmd.md
diff --git a/linux/apache2.md b/linux/apache2.md
index 3064cbd..dd6c271 100644
--- a/linux/apache2.md
+++ b/linux/apache2.md
@@ -80,6 +80,19 @@ ServerTokens Prod
apt-get install apache2 php libapache2-mod-php
```
+### Disable CORS
+```
+a2enmod headers
+
+vim /etc/apache2/apache2.conf
+
+
+ Header set Access-Control-Allow-Origin "*"
+ Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
+ Header set Access-Control-Allow-Headers "Content-Type"
+
+```
+
### Load Balancer
```
a2ensite forward_proxy.conf
diff --git a/linux/impacket-smbclient.md b/linux/impacket-smbclient.md
index 549756c..107f2ed 100644
--- a/linux/impacket-smbclient.md
+++ b/linux/impacket-smbclient.md
@@ -11,6 +11,11 @@ impacket-smbclient /:@
impacket-smbclient -hashes : /@ -file .txt
```
+### Connect using null session
+```
+impacket-smbclient
+```
+
### Opsec considerations - Windows Security Log Event IDs
```
-Logon (4624) -> multiple
diff --git a/linux/mysqldump.md b/linux/mysqldump.md
new file mode 100644
index 0000000..e857cfb
--- /dev/null
+++ b/linux/mysqldump.md
@@ -0,0 +1,14 @@
+### Export MySQL or MariaDB database
+```
+mysqldump -u -p > .sql
+```
+
+### Import database
+```
+mysql -u -p
+
+mysql> CREATE DATABASE newDatabase;
+
+mysql -u -p newDatabase < .sql
+```
+
diff --git a/linux/smbclient.md b/linux/smbclient.md
index a548f3e..480f479 100644
--- a/linux/smbclient.md
+++ b/linux/smbclient.md
@@ -3,6 +3,11 @@
smbclient --option='client min protocol=nt1' -L "\\\\" -U --option='client lanman auth = yes' --option='client ntlmv2 auth = no' --option='ntlm auth = no'
```
+### Using null session
+```
+smbclient -N -L \\
+```
+
### Opsec considerations - Windows Security Log Event IDs
```
-Logon (4624) -> multiple
diff --git a/other/ssh-share.md b/other/ssh-share.md
new file mode 100644
index 0000000..71ebcfd
--- /dev/null
+++ b/other/ssh-share.md
@@ -0,0 +1,20 @@
+### Start ssh file transfer (linux)
+```
+sshfs @:/
+```
+
+### Unmount share
+```
+fusermount -u
+```
+
+### Start ssh file transfer (windows)
+```
+net use X: \\sshfs\@
+```
+
+### Unmount share
+```
+net del X:
+```
+
diff --git a/snippet/py/flaskRedirect.py b/snippet/py/flaskRedirect.py
new file mode 100644
index 0000000..ebeb206
--- /dev/null
+++ b/snippet/py/flaskRedirect.py
@@ -0,0 +1,9 @@
+from flask import Flask, redirect
+
+app = Flask(__name__)
+
+@app.before_request
+def redirect_all():
+ # redirect to a different website
+ return redirect("https://domain.com", code=302)
+
diff --git a/snippet/sh/saveMultipleStdoutToVariable.sh b/snippet/sh/saveMultipleStdoutToVariable.sh
new file mode 100644
index 0000000..dcfb144
--- /dev/null
+++ b/snippet/sh/saveMultipleStdoutToVariable.sh
@@ -0,0 +1,9 @@
+allNumbers=""
+
+for i in {1..5}
+do
+ allNumbers+="${i}\n"
+done
+
+echo -e "${allNumbers}"
+
diff --git a/url/git-tools b/url/git-tools
index 4b3993b..920a9a0 100644
--- a/url/git-tools
+++ b/url/git-tools
@@ -115,6 +115,9 @@ https://github.com/AdrianVollmer/PowerSploit
https://github.com/Aetsu/OffensivePipeline
OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.
+https://github.com/AirbusProtect/AD-Canaries
+The purpose of this project is to publish and maintain the deployment PowerShell script that automates deployments for Active Directory Canary objects.
+
https://github.com/Alb-310/Geogramint
An OSINT Geolocalization tool for Telegram that find nearby users and groups
@@ -154,6 +157,9 @@ Bypass UAC at any level by abusing the Program Compatibility Assistant with RPC,
https://github.com/AzeemIdrisi/PhoneSploit-Pro
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
+https://github.com/Azure/PyRIT
+The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems.
+
https://github.com/Azure/Stormspotter
Azure Red Team tool for graphing Azure and Azure Active Directory objects
@@ -526,6 +532,9 @@ CVE-2021-34527 is a critical remote code execution and local privilege escalatio
https://github.com/JohnWoodman/VBA-Macro-Reverse-Shell
Fully functioning reverse shell written entirely in VBA.
+https://github.com/JumpsecLabs/TokenSmith
+TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of the box with many popular Azure post exploitation tools.
+
https://github.com/K3YOMI/Wall-of-Flippers
Wall of Flippers is designed to find Flipper Zero devices using BLE (Bluetooth Low Energy)
@@ -535,6 +544,12 @@ https://github.com/Kevin-Robertson/Inveigh
https://github.com/Kevin-Robertson/Invoke-TheHash
PowerShell Pass The Hash Utils
+https://github.com/Krypteria/Proxll
+Tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h
+
+https://github.com/Kudaes/ADPT
+DLL proxying for lazy people
+
https://github.com/Kudaes/Eclipse
Activation Context Hijack
@@ -562,6 +577,9 @@ SuperSharpShares is a tool designed to automate enumerating domain shares, allow
https://github.com/Leo4j/Amnesiac
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
+https://github.com/Leo4j/Invoke-SMBRemoting
+Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
+
https://github.com/Leo4j/Invoke-SessionHunter
Retrieve and display information about active user sessions on remote computers. No admin privileges required.
@@ -598,6 +616,9 @@ This PoC creates multiple processes, where each process performs a specific task
https://github.com/Maldev-Academy/EntropyReducer
Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
+https://github.com/Maldev-Academy/ExecutePeFromPngViaLNK
+Extract and execute a PE embedded within a PNG file using an LNK file. The PE file is encrypted using a single-key XOR algorithm and then injected as an IDAT section to the end of a specified PNG file.
+
https://github.com/Maldev-Academy/MaldevAcademyLdr.1
Maldev Academy's October update saw several interesting modules being released to our users. One of them was our DLL loader that was successfully tested against several EDRs including MDE and Crowdstrike.
@@ -625,6 +646,9 @@ A C# utility for interacting with SCCM
https://github.com/Meckazin/ChromeKatz
Dump cookies directly from Chrome process memory
+https://github.com/MegaManSec/LDAP-Monitoring-Watchdog
+LDAP Watchdog: A real-time linux-compatible LDAP monitoring tool for detecting directory changes, providing visibility into additions, modifications, and deletions for administrators and security researchers.
+
https://github.com/MegaManSec/SSH-Snake
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
@@ -973,6 +997,9 @@ A small tool to convert Base64-encoded .kirbi tickets from Rubeus into .ccache f
https://github.com/SpecterOps/BloodHound
Six Degrees of Domain Admin
+https://github.com/SpecterOps/cred1py
+A Python POC for CRED1 over SOCKS5
+
https://github.com/SpiderLabs/Responder
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
@@ -1270,9 +1297,6 @@ netshell features all in version 2 powershell
https://github.com/bettercap/bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
-https://github.com/beurtschipper/Depix
-Recovers passwords from pixelized screenshots
-
https://github.com/biffalo/handy-posh
Get scheduled tasks in task root and prints name and action of each
@@ -1390,6 +1414,9 @@ A light-weight first-stage C2 implant written in Nim.
https://github.com/chvancooten/maldev-for-dummies
A workshop about Malware Development
+https://github.com/citronneur/pamspy
+Credentials Dumper for Linux using eBPF
+
https://github.com/cjm00n/EvilSln
A New Exploitation Technique for Visual Studio Projects
@@ -1759,6 +1786,9 @@ In this repository you can find all RegRipper plugins that I have created. We en
https://github.com/garrettfoster13/sccmhunter
SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.
+https://github.com/gatariee/gocheck
+Because AV evasion should be easy.
+
https://github.com/gchq/CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
@@ -1882,6 +1912,9 @@ A tool to dump the login password from the current linux user
https://github.com/hustvl/Matte-Anything
Matte Anything: Interactive Natural Image Matting with Segment Anything Models
+https://github.com/hvs-consulting/nfs-security-tooling
+This script prints details about an NFS server and detects some potential misconfigurations which are highlighted in red.
+
https://github.com/hyc/fcrackzip
A braindead program for cracking encrypted ZIP archives. Forked from http://oldhome.schmorp.de/marc/fcrackzip.html
@@ -1969,6 +2002,9 @@ A powerful obfuscator for JavaScript and Node.js
https://github.com/jazzpizazz/BloodHound.py-Kerberos
A Python based ingestor for BloodHound
+https://github.com/jborean93/AmsiProvider
+Test AMSI Provider implementation in C#
+
https://github.com/jborean93/PSEtw
PowerShell ETW consumer module
@@ -2395,6 +2431,9 @@ SSH User Enumeration Script in Python Using The Timing Attack
https://github.com/neodyme-labs/github-secrets
This tool analyzes a given Github repository and searches for dangling or force-pushed commits containing potential secret or interesting information.
+https://github.com/netero1010/ClipboardHistoryThief
+POC tool to extract all persistent clipboard history data from clipboard service process memory
+
https://github.com/netero1010/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
@@ -2665,6 +2704,9 @@ dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the bl
https://github.com/punk-security/pwnspoof
pwnSpoof (from Punk Security) generates realistic spoofed log files for common web servers with customisable attack scenarios.
+https://github.com/purs3lab/Argus
+This repo contains the code for our USENIX Security '23 paper "ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions". Argus is a comprehensive security analysis tool specifically designed for GitHub Actions. Built with an aim to enhance the security of CI/CD workflows, Argus utilizes taint-tracking techniques and an impact classifier to detect potential vulnerabilities in GitHub Action workflows.
+
https://github.com/pushsecurity/saas-attacks
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face.
@@ -2833,6 +2875,9 @@ Spartacus DLL Hijacking Discovery Tool
https://github.com/safebreach-labs/CloudMiner
Execute code using Azure Automation service without getting charged
+https://github.com/safedv/RustPotato
+A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations.
+
https://github.com/safedv/Rustic64Shell
64-bit, position-independent reverse tcp shell, built in Rust for Windows.
@@ -2932,6 +2977,9 @@ A reconnaissance framework for researching and investigating Telegram.
https://github.com/soufianetahiri/CitrixSecureAccessAuthCookieDump
Dump Citrix Secure Access auth cookie from the process memory
+https://github.com/spipm/Depixelization_poc
+Depix is a PoC for a technique to recover plaintext from pixelized screenshots.
+
https://github.com/sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
diff --git a/url/osint.md b/url/osint.md
index cfd267e..d9d528c 100644
--- a/url/osint.md
+++ b/url/osint.md
@@ -26,6 +26,7 @@
* https://dnslytics.com ; #osint #reverse-ip #nameserver #google-adsense #google-analytics #rootdomain
* https://epieos.com ; #osint #email #phone #user-profile
* https://facecheck.id ; #osint #image-search #facial-recognition
+* https://faceonlive.com/face-search-online ; #osint #image-search #facial-recognition
* https://fullhunt.io ; #osint #portscan #subdomain #country
* https://geospy.ai ; #osint #geolocation #image
* https://gps-coordinates.org/latitude-and-longitude.php ; #osint #geolocation #longitude #latitude
diff --git a/url/services.md b/url/services.md
index 9c78322..84f26f1 100644
--- a/url/services.md
+++ b/url/services.md
@@ -55,6 +55,7 @@
* https://lots-project.com ; #living-off-the-trusted-sites #phishing
* https://lottunnels.github.io ; #living-off-the-tunnels #pivot #socks #socket
* https://malpedia.caad.fkie.fraunhofer.de
+* https://mha.azurewebsites.net/pages/mha.html ; #email #header-analyze #phishing
* https://msportals.io
* https://myip.wtf/json
* https://nthashes.com
diff --git a/url/tagged-urls.md b/url/tagged-urls.md
index 682291a..69132ab 100644
--- a/url/tagged-urls.md
+++ b/url/tagged-urls.md
@@ -78,6 +78,7 @@
* https://blog.bushidotoken.net/2023/07/investigating-sms-phishing-text.html ; #threat-intelligence #sms #phishing
* https://blog.bushidotoken.net/2023/08/hacktivists-liars-and-morons.html ; #threat-intelligence #hacktivist #ftp
* https://blog.bushidotoken.net/2023/09/tracking-adversaries-akira-another.html ; #akira #conti #ransomware #threat-intelligence
+* https://blog.bwlryq.net/posts/icmp_exfiltration ; #icmp #data-exfiltration #pcap
* https://blog.calif.io/p/privilege-escalation-in-eks ; #cloud #aws #kuberneted #elastic #privesc #privilege-escalation
* https://blog.calif.io/p/redash-saml-authentication-bypass ; #webapp #saml #authentication-bypass #cve
* https://blog.christophetd.fr/dll-unlinking ; #windows #dll #injection #evasion #unlinking
@@ -90,6 +91,7 @@
* https://blog.cyber5w.com/introducing-windows-registry ; #windows #registry
* https://blog.cyble.com/2023/06/09/over-45-thousand-users-fell-victim-to-malicious-pypi-packages ; #threat-intelligence #python #pypi #supply-chain
* https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator ; #threat-intelligence #malware-analyse #gaming #ransomware #wannacry
+* https://blog.deeb.ch/posts/how-edr-works ; #edr #evasion #bypass #shellcode #signature #event-tracing-for-windows #etw #hooks #memory #kernel
* https://blog.delivr.to/svg-smuggling-a-picture-worth-a-thousand-words-fae8a946a300?gi=e2ee37ee9c09 ; #threat-intelligence #malware-analyse #svg-smuggling
* https://blog.deteact.com/gunicorn-http-request-smuggling ; #web #http-request-smuggling
* https://blog.didierstevens.com/2023/01/22/analyzing-malicious-onenote-documents ; #threat-intelligence #malware-analyse #onenote
@@ -295,6 +297,7 @@
* https://labs.guard.io/mrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d ; #threat-intelligence #malware #facebook #phishing #batch
* https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware ; #ms-teams #phishing #http-post #instant-messenger
* https://labs.jumpsec.com/ssh-tunnelling-to-punch-through-corporate-firewalls-updated-take-on-one-of-the-oldest-lolbins ; #windows #ssh #pivoting #proxy #firewall #port-forwarding
+* https://labs.jumpsec.com/tokensmith-bypassing-intune-compliant-device-conditional-access ; #entra #cap #conditional-access-policies #client-id
* https://labs.jumpsec.com/weaponize-your-word-malicious-template-injection ; #windows #word #template-injection #docx #settings-xml-rels #docm
* https://labs.lares.com/adcs-exploits-investigations-pt1 ; #active-directory #certificate-service #adcs #detection #event-id
* https://labs.lares.com/adcs-exploits-investigations-pt2 ; #active-directory #certificate-service #adcs #detection #esc1 #esc3 #esc4 esc6
@@ -419,6 +422,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
* https://posts.specterops.io/from-da-to-ea-with-esc5-f9f045aa105c ; #active-directory #certificate-service #adcs #esc5 #ldap
* https://posts.specterops.io/get-your-socks-on-with-gtunnel-4a70a9b82b24 ; #pivoting #socks #gtunnel #proxy
* https://posts.specterops.io/introducing-bloodhound-4-2-the-azure-refactor-1cff734938bd ; #cloud #azure #entra #azure #entrahound
+* https://posts.specterops.io/intune-attack-paths-part-1-4ad1882c1811 ; #azure #entra #intunes #on-prem #active-directory
* https://posts.specterops.io/lateral-movement-abuse-the-power-of-dcom-excel-application-3c016d0d9922 ; #active-directory #windows #dcom #excel #lateral-movement #clsid
* https://posts.specterops.io/lateral-movement-without-lateral-movement-brought-to-you-by-configmgr-9b79b04634c7 ; #sccm #system-centre-configuration-manager #windows #lateral-movement #active-directory
* https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5?gi=bf1d6922691f ; #phishing #smartscreen #clickonce
@@ -620,6 +624,7 @@ https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tok
* https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process ; #shellcode #process-injection #cheatsheets
* https://www.elastic.co/security-labs/dismantling-smart-app-control ; #windows #initial-access #lnk-stomping #smart-screen-bypass
* https://www.elastic.co/security-labs/grimresource ; #initial-access #msc #javascript #windows #mmc #dotNetToJScript
+* https://www.enyei.com/ie-dcom-to-lfi ; #windows #dcom #lateral-movement #edge #local-file-read
* https://www.errno.fr/TTYPushback.html ; #linux #privesc #privilege-escalation #tty-pushback
* https://www.example-code.com/vbscript/http.asp ; #vbscript #cheatsheets
* https://www.fo-sec.com/articles/10-defender-bypass-methods ; #windows-defender #av #anti-virus #evasion #bypass #etw #amsi #obfuscation
diff --git a/windows/start-process.md b/windows/process.md
similarity index 91%
rename from windows/start-process.md
rename to windows/process.md
index 00ab4b3..ceca2b1 100644
--- a/windows/start-process.md
+++ b/windows/process.md
@@ -13,3 +13,8 @@ $scp = ConvertTo-SecureString '' -AsPlainText -Force; $cred = New-Obje
Start-Process -wi 1 -FilePath "powershell" -ArgumentList " -c ssh -o 'StrictHostKeyChecking=no' -i $HOME\.ssh\ -N -R 9050 @"
```
+### Stop process by name
+```
+Stop-Process -Name ""
+```
+
diff --git a/windows/procmon.md b/windows/procmon.md
new file mode 100644
index 0000000..ed4b99a
--- /dev/null
+++ b/windows/procmon.md
@@ -0,0 +1,9 @@
+### Source
+* https://live.sysinternals.com/Procmon.exe
+* https://live.sysinternals.com/Procmon64.exe
+
+### Track file and registry changes
+```
+.\procmon.exe
+```
+
diff --git a/windows/spartacus.md b/windows/spartacus.md
new file mode 100644
index 0000000..7218812
--- /dev/null
+++ b/windows/spartacus.md
@@ -0,0 +1,8 @@
+### Source
+https://github.com/sadreck/Spartacus
+
+### Discover COM hijackable DLLs
+```
+.\Spartacus.exe --mode com --procmon --pml --csv --verbose
+```
+
diff --git a/windows/sqlcmd.md b/windows/sqlcmd.md
new file mode 100644
index 0000000..c47d34c
--- /dev/null
+++ b/windows/sqlcmd.md
@@ -0,0 +1,23 @@
+### Install
+* https://www.microsoft.com/en-us/download/details.aspx?id=53339
+* https://www.microsoft.com/en-us/download/details.aspx?id=53591
+
+### Import database
+```
+sqlcmd -S (localdb)\Local -i \.bak -x -e
+```
+
+### Connect and list databases, tables and content
+```
+sqlcmd -S (localdb)\Local
+
+select DB_NAME()
+go
+
+select TABLE_NAME FROM INFORMATION_SCHEMA.TABLES
+go
+
+select * FROM
+go
+```
+
diff --git a/wordlist/web-paths b/wordlist/web-paths
index ac18f08..808fe7b 100644
--- a/wordlist/web-paths
+++ b/wordlist/web-paths
@@ -1,676 +1,6943 @@
-/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development
-/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/var/www/html/index.html
-/..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
-/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd
-/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd
-/..%5c..%5c..%5c..%5c..%5cetc/passwd
-/..%5c..%5c..%5c..%5cetc/passwd
-/..%5c..%5c..%5cetc/passwd
-/..%5c..%5cetc/passwd
-/..%5cetc/passwd
-/a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd
-/abs/
-/access/config
-/actions/seomatic/meta
-/actuator
-/actuator/auditevents
-/actuator/auditLog
-/actuator/beans
-/actuator/caches
-/actuator/conditions
-/actuator/configprops
-/actuator/configurationMetadata
-/actuator/dump
-/actuator/env
-/actuator/events
-/actuator/exportRegisteredServices
-/actuator/features
-/actuator/flyway
-/actuator/healthcheck
-/actuator/heapdump
-/actuator/httptrace
-/actuator/hystrix.stream
-/actuator/integrationgraph
-/actuator/jolokia
-/actuator/liquibase
-/actuator/logfile
-/actuator/loggers
-/actuator/loggingConfig
-/actuator/management
-/actuator/mappings
-/actuator/metrics
-/actuator/refresh
-/actuator/registeredServices
-/actuator/releaseAttributes
-/actuator/resolveAttributes
-/actuators/
-/actuator/scheduledtasks
-/actuators/dump
-/actuators/env
-/actuator/sessions
-/actuators/health
-/actuator/shutdown
-/actuators/logfile
-/actuators/mappings
-/actuator/springWebflow
-/actuators/shutdown
-/actuator/sso
-/actuator/ssoSessions
-/actuator/statistics
-/actuator/status
-/actuators/trace
-/actuator/threaddump
-/actuator/trace
-/adfs/services/trust/2005/windowstransport
-/adjuncts/3a890183/
-//admin/
-/admin
-/admin/
-/admin;/
-/Admin/
-/Admin;/
-/admin../admin
-/admin/../admin
-/admin/adminer.php
-/adminadminer.php
-/admin/data/autosuggest
-/adminer/
-/adminer/adminer.php
-/adminer/index.php
-/adminer.php
-/admin/error.log
-/admin/errors.log
-/admin/heapdump
-/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b2t382r1b342p37373b2s
-/admin/index.php
-/admin/log/error.log
-/admin/login
-/admin/login.html
-/admin/login/?next=/admin/
-/admin/logs/error.log
-/admin/logs/errors.log
-/admin//phpmyadmin/
-/admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68
-/admin/views/ajax/autocomplete/user/a
-/ADSearch.cc?methodToCall=search
-/aims/ps/
-/airflow.cfg
-/AirWatch/Login
-/alps/profile
-/altair
-/analytics/saw.dll?bieehome&startPage=1#grabautologincookies
-/analytics/saw.dll?getPreviewImage&previewFilePath=/etc/passwd
-/anchor/errors.log
-/ansible.cfg
-//anything/admin/
-/apache
-/apc/apc.php
-/apc.php
-/api
-/api/
-/api/api
-/api/api-docs
-/api/apidocs
-/api/apidocs/swagger.json
-/api/application.wadl
-/api/batch
-/api/cask/graphql
-/api/config
-/api-docs
-/api/docs
-/api/docs/
-/api/index.html
-/api/jolokia/read?mimeType=text/html
-/api/jsonws
-/api/jsonws/invoke
-/api/profile
-/api/proxy
-/apis
-/api/snapshots
-/api/spec/swagger.json
-/api/__swagger__/
-/api/_swagger_/
-/api/swagger
-/api/swagger/index.html
-/api/swagger.json
-/api/swagger/static/index.html
-/api/swagger/swagger
-/api/swagger/ui/index
-/api/swagger.yaml
-/api/swagger.yml
-/api/timelion/run
-/api/v1/
-/api/v1/swagger.json
-/api/v1/swagger.yaml
-/api/v2/swagger.json
-/api/v2/swagger.yaml
-/api/vendor/phpunit/phpunit/phpunit
-/api/whoami
-/app/etc/local.xml
-/app/kibana/
-/application.wadl
-/application.wadl?detail=true
-/apps/vendor/phpunit/phpunit/phpunit
-/asdf.php
-/assets/file
-/assets../.git/config
-/asynchPeople/
-/auditevents
-/aura
-/auth.html
-/authorization.do
-/autoconfig
-/autodiscover/
-/autoupdate/
-/backup
-/backup.sql
-/backup/vendor/phpunit/phpunit/phpunit
-/base/static/c
-/beans
-/blog/?alg_wc_ev_verify_email=eyJpZCI6MSwiY29kZSI6MH0=
-/blog/phpmyadmin/
-/brightmail/servlet/com.ve.kavachart.servlet.ChartStream?sn=../../WEB
-/bugs/verify.php?confirm_hash=&id=1
-/bundles/kibana.style.css
-/bundles/login.bundle.js
-/cacti/
-/_cat/health
-/_cat/indices
-/certenroll/
-/certprov/
-/certsrv/
-/cgi
-/CgiStart?page=Single
-/ckeditor/samples/
-/cloudfoundryapplication
-/cluster/cluster
-/_cluster/health
-/.composer/composer.json
-/composer.json
-/composer.lock
-/conf/
-/config/databases.yml
-/config/database.yml
-/config/postProcessing/testNaming?pattern=%3Csvg/onload=alert(document.domain)%3E
-/configprops
-/console
-/console/login/LoginForm.jsp
-/contact.php?theme=tes%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E
-/content../.git/config
-/context.json
-/controller/config
-/controller/registry
-/control/login
-/control/stream?contentId=