-
-
Save jaimeiniesta/30113255dc706bbb60b5f9b644d19c59 to your computer and use it in GitHub Desktop.
List of URLs typically used in exploit scans
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/cawpf.php | |
/nowp.php | |
/nowpf.php | |
/cyborg_tmp.php | |
/_.php | |
/images/common/class_api.php | |
/css/sgd.php | |
/wp-content/about.php | |
/9837wes.php7 | |
/enfile.php | |
/gh.php | |
/pinuseren.php | |
/version.php | |
/head.php | |
/heada.php | |
/wp-site.php | |
/jiema.php | |
/cangma.php | |
/ioxi-aneh.php | |
/mfi.php | |
/sad.php | |
/new.php | |
/alfanew.php | |
/upgrade.php | |
/crack_self_restore.php | |
/checkbex.php | |
/down.php | |
/.well-known/fierzashell.php | |
/.well-known/pki-validation/x.php | |
/b0.php | |
/filter.php | |
/wp-content/plugins/WordPressCore/include.php | |
/wp-includes/images/include.php | |
/wp-content/themes/signify/firkon.php | |
/wp-content/themes/mero-megazines/ws.php | |
/wp-admin/css/colors/coffee/index.php | |
/wp-the1me.php | |
/wp-scr1pts.php | |
/site/wp-includes/empty.php | |
/xt/index.php | |
/gf.php | |
/moded.php | |
/lufixn.php | |
/xt.php | |
/options.php | |
/link-manager.php | |
/ms-options.php | |
/options-reading.php | |
/system_log.php | |
/wp-pano.php | |
/api/goods.php | |
/wp-cc.php | |
/options-media.php | |
/widgets.php | |
/custom-header.php | |
/ms-delete-site.php | |
/options-permalink.php | |
/term.php | |
/link-add.php | |
/ms-edit.php | |
/menu.php | |
/options-general.php | |
/profile.php | |
/user-new.php | |
/moderation.php | |
/options-head.php | |
/revision.php | |
/custom-background.php | |
/ms-admin.php | |
/export.php | |
/media-upload.php | |
/network.php | |
/press-this.php | |
/async-upload.php | |
/menu-header.php | |
/options-discussion.php | |
/privacy.php | |
/user-edit.php | |
/admin-header.php | |
/edit-tag-form.php | |
/media-new.php | |
/my-sites.php | |
/post-new.php | |
/edit-tags.php | |
/media.php | |
/nav-menus.php | |
/post.php | |
/admin-post.php | |
/ms-themes.php | |
/plugin-editor.php | |
/admin-footer.php | |
/edit-link-form.php | |
/load-scripts.php | |
/ms-upgrade-network.php | |
/admin-functions.php | |
/edit.php | |
/load-styles.php | |
/ms-users.php | |
/wp-signup.php | |
/xmlrpc.php | |
/edit-form-advanced.php | |
/link-parse-opml.php | |
/ms-sites.php | |
/options-writing.php | |
/admin-ajax.php | |
/edit-form-comment.php | |
/link.php | |
/wp-config-sample.php | |
/wp-links-opml.php | |
/wp-settings.php | |
/wp-trackback.php | |
/wp-activate.php | |
/wp-comments-post.php | |
/wp-cron.php | |
/wp-load.php | |
/wp-mail.php | |
/qinfofuns.php | |
/schallfuns.php | |
/tempfuns.php | |
/userfuns.php | |
/siteheads.php | |
/termps.php | |
/txets.php | |
/thoms.php | |
/postnews.php | |
/epinyins.php | |
/filefuns.php | |
/gdftps.php | |
/hinfofuns.php | |
/hplfuns.php | |
/memberfuns.php | |
/moddofuns.php | |
/onclickfuns.php | |
/phpzipincs.php | |
/qfunctions.php | |
/cjfuns.php | |
/classsmtps.php | |
/classfuns.php | |
/comfunctions.php | |
/comdofuns.php | |
/connects.php | |
/copypaths.php | |
/delpaths.php | |
/doiconvs.php | |
/wp-editor.php | |
/mah.php | |
/jp.php | |
/ext.php | |
/a.php | |
/wp-zett.php | |
/LV.php | |
/inputs.php | |
/adminfuns.php | |
/chtmlfuns.php | |
/tuny.php | |
/gettest.php | |
/wp-ok.php | |
/geju.php | |
/plugin-install.php | |
/fun.php | |
/trust.php | |
/godsend.php | |
/wp-theme.php | |
/wp-scripts.php | |
/ayk.php | |
/cd.php | |
/reune.php | |
/wp-admin.php | |
/TNT.php | |
/bak.php | |
/wp-login.php | |
/87.php | |
/wboom.php | |
/install.php | |
/wp-add.php | |
/LA.php | |
/wp-good.php | |
/wp-ldd.php | |
/upfile.php | |
/xmrlpc.php | |
/cong.php | |
/zany.php | |
/wp-content/11.php | |
/woh.php | |
/sgd.php | |
/file.php | |
/Simple.php | |
/wp-blog-header.php | |
/style2.php | |
/wp-conflg.php | |
/class.api.php | |
/wp-admin/js/widgets/iR7SzrsOUEP.php | |
/wp-admin/network/iR7SzrsOUEP.php | |
/wp-admin/images/iR7SzrsOUEP.php | |
/.well-known/pki-validation/iR7SzrsOUEP.php | |
/xleet-shell.php | |
/admin-heade.php | |
/cgi-bin/iR7SzrsOUEP.php | |
/wp-content/xl2023.php | |
/wp-content/uploads/xl2023.php | |
/wp-admin/includes/themes.php | |
/xxl.php | |
/xl.php | |
/wp-admin/xl2023.php | |
/wp-includes/xl2023.php | |
/wp-admin/includes/iR7SzrsOUEP.php | |
/wp-admin/maint/iR7SzrsOUEP.php | |
/wp-content/upgrade/iR7SzrsOUEP.php | |
/images/iR7SzrsOUEP.php | |
/wp-admin/user/iR7SzrsOUEP.php | |
/wp-content/plugins/core/include.php | |
/wp-head.php | |
/wp-content/themes/twenty/twenty.php | |
/wp-admin/maint/about.php | |
/wp-content/plugins/press/wp-class.php | |
/fm1.php | |
/wp-includes/random_compat/about.php | |
/M1.php | |
/xl2023x.php | |
/upl.php | |
/aver.php | |
/wp-content/plugins/content-management/content.php | |
/nice.php | |
/wp-content/plugins/core-plugin/include.php | |
/wp-includes/js/tinymce/plugins/compat3x/css/index.php | |
/wp-includes/themes.php | |
/wp-admin/css/index.php | |
/wp-includes/Requests/Text/admin.php | |
/wp-includes/Requests/Text/index.php | |
/wikindex.php | |
/wp-admin/xleet.php | |
/media-admin.php | |
/wp-l0gin.php | |
/ovatools.php | |
/sidwso.php | |
/worksec.php | |
/todo.php | |
/fox.php | |
/wp-content/plugins/linkpreview/wp-blog.php | |
/xx.php | |
/sites/default/files/HolaDR7_70778.php | |
/uploads/xleet.php | |
/google.php | |
/wp-admin/setup-config.php | |
/wp-2020.php | |
/c.php | |
/wp-includes/wp-class.php | |
/wp-content/plugins/ccx/index.php | |
/wp-content/themes/twentytwenty/404.php | |
/modules/mod_simplefileuploadv1.3/elements/udd.php | |
/admin/controller/extension/extension/Not_Found.php | |
/makhdmax.php | |
/wp-includes/js/tinymce/skins/lightgray/fonts/index.php | |
/default.php | |
/wp-admin/wso112233.php | |
/text.php | |
/style.php | |
/ws.php | |
/wp-includes/blocks/table/int/tmpl/index.php | |
/wp-admin/dropdown.php | |
/cp.php | |
/marijuana.php | |
/clen.php | |
/mad.php | |
/wp-content/plugins/Cache/Cache.php | |
/wp-admin/shell20211028.php | |
/wp-content/plugins/dzs-zoomsounds/1877.php | |
/wp-info.php | |
/sett.php | |
/customize.php | |
/wp-admin/alfa.php | |
/wp-content/up.php | |
/css.php | |
/wp-content/plugins/instabuilder2/cache/plugins/moon.php | |
/uploads/wp-blog.php | |
/wp-content/plugins/Cache/dropdown.php | |
/wp-includes/sodium_compat/src/Core/Curve25519/Ge/wp_blog.php | |
/wp-content/shell20211028.php | |
/wp-admin/includes/users.php | |
/wso112233.php | |
/ee.php | |
/wp_info.php | |
/fw.php | |
/wp-content/upload.php | |
/xleet.php | |
/wp-content/plugins/masterx/wpx.php | |
/xml.php | |
/wp-admin/includes/about.php | |
/403.php | |
/by.php | |
/admin/controller/extension/wpm.php | |
/autoload_classmap.php | |
/payout.php | |
/lock360.php | |
/pi.php | |
/wp-2019.php | |
/01.php | |
/x.php | |
/fm.php | |
/wp-admin/users.php | |
/repeater.php | |
/wso.php | |
/shell20211028.php | |
/wp-blog.php | |
/wp-content/plugins/apikey/mar.php | |
/wp-admin/images/module.php | |
/wp-includes/radio.php | |
/log.php | |
/upload.php | |
/lufix.php | |
/plugins.php | |
/small.php | |
/init.php | |
/users.php | |
/doc.php | |
/shell.php | |
/1.php | |
/classwithtostring.php | |
/admin.php | |
/gecko.php | |
/mini.php | |
/user.php | |
/0z.php | |
/wp-content/plugins/index.php | |
/xl2023.php | |
/themes.php | |
/about.php | |
/wp-admin/css/colors/blue/CasperExV1.php | |
/wp-content/index.php | |
/byp.php | |
/edit-comments.php | |
/smm.php | |
/cloud.php | |
/wp.php |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment