Wordpress(Tree at Directories level)
/wp-admin/
/css/
/images/
/includes/
/js/
/maint/
/network/
/user/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| First, find directory names for the webroot. This would typically be www or public or something like that. How can we recognize these? By the files they contain. If a directory contains favicon.ico or index.html or robots.txt, it is pretty likely to be a webroot. Especially for robots.txt, because that only works if it is served on the root of the server. | |
| .gitignore or README.md | |
| Some Directories paths: | |
| public | |
| web | |
| static | |
| app | |
| assets |
ShubhamPy
/ shodanRecon
Last active
September 21, 2023 06:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| org: org_name | |
| kibana content-length:217 | |
| org:”Amazon” ssl:”target” | |
| ssl:”target” | |
| html:”Dashboard Jenkins” http.component:”jenkins” | |
| http.title:”302 Found” | |
| http.component%3A”java” | |
| https://www.shodan.io/host/ip#9200 | |
| https://www.shodan.io/host/ip | |
| X-Redirect-By: WordPress ssl:”name” |
ShubhamPy
/ cloud_metadata.txt
Created
August 14, 2019 15:54
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
ShubhamPy
/ WpDirectoryTree.md
Last active
December 29, 2022 02:19
WpDirectoryTree - You will get a bigger picture and better understanding of wordpress directories. It's nice to have a directory files list for searching patterns and finding attack vectors on wordpress sites. You will get to know juicy stuff residing in /wp-includes/ directory. So bring up your black coffee on desk and start for hunting.