Directory Scanner

# SPDX-FileCopyrightText: 2005 Digital Defense Inc.
# SPDX-FileCopyrightText: Improved code and additional directories since 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.11032");
  script_version("2024-06-26T05:05:39+0000");
  script_tag(name:"last_modification", value:"2024-06-26 05:05:39 +0000 (Wed, 26 Jun 2024)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
  script_tag(name:"cvss_base", value:"0.0");
  script_xref(name:"OWASP", value:"OWASP-CM-006");
  script_name("Directory Scanner");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2005 Digital Defense Inc.");
  script_family("Service detection");
  script_dependencies("find_service.nasl", "httpver.nasl", "no404.nasl",
                      "global_settings.nasl", "gb_ssl_sni_supported.nasl"); # SNI support should be determined first
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_timeout(900);

  script_tag(name:"summary", value:"This plugin attempts to determine the presence of various
  common dirs on the remote web server.");

  script_tag(name:"qod_type", value:"remote_banner");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
include("404.inc");
include("misc_func.inc");

debug = 0;

# this arrays contains the results
discoveredDirList = make_list();
authDirList = make_list();

cgi_dirs_exclude_pattern = get_kb_item( "global_settings/cgi_dirs_exclude_pattern" );
use_cgi_dirs_exclude_pattern = get_kb_item( "global_settings/use_cgi_dirs_exclude_pattern" );
cgi_dirs_exclude_servermanual = get_kb_item( "global_settings/cgi_dirs_exclude_servermanual" );

function check_cgi_dir( dir, port ) {

  local_var req, res, dir, port;

  req = http_get( item:dir + "/non-existent"  + rand(), port:port );
  res = http_keepalive_send_recv( data:req, port:port, bodyonly:FALSE );
  currReqs++;
  if( ! res )
    failedReqs++;

  if( res =~ "^HTTP/1\.[01] 404" ) {
    return TRUE;
  } else {
    return FALSE;
  }
}

function add_discovered_list( dir, port, host ) {

  local_var dir, port, host, dir_key;

  if( ! in_array( search:dir, array:discoveredDirList ) ) {
    discoveredDirList = make_list( discoveredDirList, dir );

    if( use_cgi_dirs_exclude_pattern ) {
      if( egrep( pattern:cgi_dirs_exclude_pattern, string:dir ) ) {
        set_kb_item( name:"www/" + host + "/" + port + "/content/excluded_directories", value:dir );
        return;
      }
    }

    #TBD: Do a check_cgi_dir( dir:dir, port:port ); before?
    dir_key = "www/" + host + "/" + port + "/content/directories";
    if( debug ) display( "Setting KB key: ", dir_key, " to '", dir );
    set_kb_item( name:dir_key, value:dir );
  }
}

function add_auth_dir_list( dir, port, host, basic, realm ) {

  local_var dir, port, host, dir_key, basic, realm;

  if( ! in_array( search:dir, array:authDirList ) ) {

    authDirList = make_list( authDirList, dir );

    if( use_cgi_dirs_exclude_pattern ) {
      if( egrep( pattern:cgi_dirs_exclude_pattern, string:dir ) ) {
        set_kb_item( name:"www/" + host + "/" + port + "/content/excluded_directories", value:dir );
        return;
      }
    }

    set_kb_item( name:"www/content/auth_required", value:TRUE );
    dir_key = "www/" + host + "/" + port + "/content/auth_required";
    if( debug ) display( "Setting KB key: ", dir_key, " to '", dir );
    set_kb_item( name:dir_key, value:dir );

    # Used in 2018/gb_http_cleartext_creds_submit.nasl
    if( basic ) {
      set_kb_item( name:"www/basic_auth/detected", value:TRUE );
      set_kb_item( name:"www/pw_input_field_or_basic_auth/detected", value:TRUE );
      # Used in 2018/gb_http_cleartext_creds_submit.nasl
      set_kb_item( name:"www/" + host + "/" + port + "/content/basic_auth/" + dir, value:http_report_vuln_url( port:port, url:dir, url_only:TRUE ) + ":" + realm );
    }
  }
}

# nb:
# - Some entries might be duplicated, this is acceptable because the list will be made "unique" later
# - Don't add more dirs here and add them in the second testDirList2 below instead (see relevant note for the background)
testDirList = make_list(
".cobalt",
".tools",
".tools/phpMyAdmin",
".tools/phpMyAdmin/current",
# https://ma.ttias.be/well-known-directory-webservers-aka-rfc-5785/
# https://tools.ietf.org/html/rfc5785
# http://sabre.io/dav/service-discovery/
# https://github.com/owncloud/core/blob/29570212c983f0293738dbb0132a5b562dcac9fa/.htaccess#L66-L69
".well-known",
".well-known/acme-challenge",
".well-known/caldav",
".well-known/carddav",
".well-known/host-meta",
".well-known/pki-validation",
".well-known/webfinger",
# git
".git",
".git/logs",
".git/info",
# Bazaar
".bzr",
# SVN
".svn",
# Mercurial
".hg",
# SSH homefolder
".ssh",
#
"1",
"10",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"3rdparty",
"3rdparty/phpMyAdmin",
"3rdparty/phpmyadmin",
"AdminWeb",
"Admin_files",
"Administration",
"AdvWebAdmin",
"Agent",
"Agents",
"Album",
"AlbumArt_",
"BizTalkTracking",
"BizTalkServerDocs",
"BizTalkServerRepository",
"Boutiques",
"Corporate",
"CS",
"CVS",
"DB4Web",
"DMR",
"DocuColor",
"DVWA",
"GXApp",
"HB",
"HBTemplates",
"IBMWebAS",
"Install",
"JBookIt",
"Log",
"Mail",
"MessagingManager",
"Msword",
"NSearch",
"NetDynamic",
"NetDynamics",
"News",
"PDG_Cart",
"PulseCMS",
"QConvergeConsole",
"RCS",
"README",
"ROADS",
"Readme",
"Remote",
"SilverStream",
"Stats",
"StoreDB",
"Templates",
"ToDo",
"WebBank",
"WebCalendar",
"WebDB",
"WebShop",
"WebTrend",
"Web_store",
"WSsamples",
"XSL",
"_ScriptLibrary",
"_backup",
"_derived",
"_errors",
"_fpclass",
"_notes",
"_objects",
"_old",
"_pages",
"_passwords",
"_private",
"_scripts",
"_sharedtemplates",
"_tests",
"_themes",
"a",
"about",
"acceso",
"access",
"accesswatch",
"acciones",
"account",
"accounting",
"activex",
"adm",
"admcgi",
"admentor",
"admin",
"admin_",
"admin.back",
"admin-bak",
"administration",
"administrator",
"admin-old",
"adminuser",
"adminweb",
"admisapi",
"agentes",
"analog",
"analytics",
"anthill",
"apache",
"api",
"app",
"applets",
"application",
"applications",
"apps",
"ar",
"archive",
"archives",
"asp",
"aspx",
"atc",
"auth",
"auth-cgi-bin",
"auth-cgi-bin/cgiwrap",
"authadmin",
"aw",
"ayuda",
"b",
"b2-include",
"back",
"backend",
"backup",
"backups",
"bak",
"banca",
"banco",
"bank",
"banner",
"banner01",
"banners",
"batch",
"bb-dnbd",
"bbv",
"bdata",
"bdatos",
"beta",
"billpay",
"bin",
"blog",
"boadmin",
"board",
"boot",
"btauxdir",
"bug",
"bugs",
"bugzilla",
"business",
"buy",
"buynow",
"c",
"cache-stats",
"cacti",
"caja",
"card",
"cards",
"cart",
"cash",
"caspsamp",
"catalog",
"cbi-bin",
"ccard",
"ccards",
"cd",
"cd-cgi",
"cdrom",
"ce_html",
"cert",
"certificado",
"certificate",
"cfappman",
"cfdocs",
"cfide",
"cgi",
"cgi-auth",
"cgi-bin",
"cgi-bin/cgiwrap",
"cgibin",
"cgi-bin2",
"cgi-csc",
"cgi-lib",
"cgilib",
"cgi-local",
"cgis",
"cgi-scripts",
"cgiscripts",
"cgi-shl",
"cgi-shop",
"cgi-sys",
"cgi-weddico",
"cgi-win",
"cgiwin",
"chat",
"class",
"classes",
"client",
"cliente",
"clientes",
"cm",
"cms",
"cmsample",
"cobalt-images",
"code",
"comments",
"common",
"communicator",
"community",
"company",
"compra",
"compras",
"compressed",
"conecta",
"conf",
"config",
"connect",
"console",
"content",
"controlpanel",
"core",
"corp",
"correo",
"counter",
"credit",
"cron",
"crons",
"crypto",
"csr",
"css",
"cuenta",
"cuentas",
"currency",
"customers",
"cvsweb",
"cybercash",
"d",
"darkportal",
"dashboard",
"dat",
"data",
"database",
"databases",
"datafiles",
"dato",
"datos",
"dav",
"db",
"dbase",
"dcforum",
"ddreport",
"ddrint",
"demo",
"demoauct",
"demomall",
"demos",
"design",
"dev",
"devel",
"development",
"dialup",
"dialup_admin",
"dir",
"directory",
"directorymanager",
"dl",
"dll",
"dm",
"dms",
"dms0",
"dmsdump",
"doc",
"doc1",
"doc-html",
"docs",
"docs1",
"document",
"documents",
"dokeos",
"down",
"download",
"downloads",
"drupal",
"drupal6",
"drupal7",
"dspam",
"dump",
"durep",
"e",
"easylog",
"eforum",
"egroupware",
"ejemplo",
"ejemplos",
"email",
"emailclass",
"eManager",
"employees",
"empoyees",
"empris",
"envia",
"enviamail",
"error",
"errors",
"es",
"estmt",
"etc",
"example",
"examples",
"exc",
"excel",
"exchange",
"exe",
"exec",
"export",
"external",
"f",
"fbsd",
"fcgi-bin",
"file",
"filemanager",
"files",
"flexcube@",
"flexcubeat",
"foldoc",
"form",
"formalms",
"forms",
"formsmgr",
"form-totaller",
"forum",
"forums",
"foto",
"fotos",
"fpadmin",
"fpdb",
"fpsample",
"frameset",
"framesets",
"ftp",
"ftproot",
"g",
"ganglia",
"gfx",
"global",
"gosa",
"grocery",
"guest",
"guestbook",
"guests",
"h",
"help",
"helpdesk",
"hidden",
"hide",
"hitmatic",
"hit_tracker",
"hlstats",
"home",
"horde",
"hostingcontroller",
"howto",
"ht",
"htbin",
"htdocs",
"html",
"hyperstat",
"i",
"ibank",
"ibill",
"icons",
"idea",
"ideas",
"ikiwiki",
"image",
"imagenes",
"imagery",
"images",
"img",
"imp",
"import",
"impreso",
"inc",
"include",
"includes",
"incoming",
"info",
"information",
"ingresa",
"ingreso",
"install",
"internal",
"intranet",
"inventory",
"invitado",
"isapi",
"j",
"japidoc",
"java",
"javascript",
"javasdk",
"javatest",
"jave",
"jdbc",
"job",
"jrun",
"js",
"jserv",
"jslib",
"jsp",
"junk",
"k",
"keyserver",
"kibana",
"kiva",
"l",
"labs",
"lam",
"lcgi",
"ldap",
"ldapadmin",
"ldapadmin/htdocs",
"leap",
"legal",
"lib",
"libraries",
"library",
"libro",
"links",
"linux",
"loader",
"log",
"logfile",
"logfiles",
"logg",
"logger",
"logging",
"login",
"logon",
"logs",
"lost+found",
"m",
"mail",
"mail_log_files",
"mailroot",
"makefile",
"mall_log_files",
"manage",
"manual",
"marketing",
"matomo",
"member",
"members",
"mercuryboard",
"message",
"messaging",
"metacart",
"misc",
"mkstats",
"movimientos",
"mp3",
"mp3s",
"mqseries",
"msi",
"msql",
"myaccount",
"mysql",
"mysql_admin",
"n",
"ncadmin",
"nchelp",
"ncsample",
"nds",
"netbasic",
"netcat",
"netmagstats",
"netscape",
"netshare",
"nettracker",
"new",
"nextgeneration",
"nl",
"noticias",
"obj",
"objects",
"odbc",
"offers",
"ojs",
"old",
"old_files",
"oldfiles",
"oprocmgr-service",
"oprocmgr-status",
"oracle",
"oradata",
"order",
"orders",
"otrs",
"otrs-web",
"outgoing",
"owncloud",
"owners",
"p",
"pages",
"panel",
"passport",
"password",
"passwords",
"payment",
"payments",
"pccsmysqladm",
"perl",
"perl5",
"perl-status",
"personal",
"personal_pages",
"pforum",
"phorum",
"php",
"phpBB",
"php_classes",
"phpclassifieds",
"phpimageview",
"phpip",
"phpldapadmin",
"phpldapadmin/htdocs",
"phpmyadmin",
"phpMyAdmin",
"phpMyAdminOLD",
"PHPMyAdmin",
"phpnuke",
"phpPhotoAlbum",
"phpprojekt",
"phpSecurePages",
"phpunit",
"php-cgi",
"piranha",
"piwik",
"pls",
"pma",
"poll",
"polls",
"portal",
"postgres",
"ppwb",
"printers",
"priv",
"privado",
"private",
"prod",
"protected",
"prueba",
"pruebas",
"prv",
"pub",
"public",
"publica",
"publicar",
"publico",
"publish",
"pulsecms",
"purchase",
"purchases",
"pw",
"q",
"r",
"random_banner",
"rdp",
"redmine",
"register",
"registered",
"rem",
"report",
"reports",
"reseller",
"restricted",
"retail",
"reviews",
"root",
"roundcube",
"roundcubemail",
"rsrc",
"s",
"sales",
"sample",
"samples",
"save",
"script",
"scripts",
"search",
"search97",
"search-ui",
"secret",
"secure",
"secured",
"sell",
"serve",
"server-info",
"servers",
"server_stats",
"serverstats",
"server-status",
"service",
"services",
"servicio",
"servicios",
"servlet",
"servlets",
"session",
"setup",
"share",
"shared",
"shell-cgi",
"shipping",
"shop",
"shopper",
"shopping",
"site",
"siteadmin",
"sitebuildercontent",
"sitebuilderfiles",
"sitebuilderpictures",
"sitemgr",
"siteminder",
"siteminderagent",
"sites",
"siteserver",
"sitestats",
"siteupdate",
"slide",
"smreports",
"smreportsviewer",
"soap",
"soapdocs",
"software",
"solaris",
"solutions",
"source",
"sql",
"squid",
"squirrelmail",
"src",
"srchadm",
"ssi",
"ssl",
"sslkeys",
"staff",
"stag",
"stage",
"staging",
"stat",
"statistic",
"statistics",
"statistik",
"statistiken",
"stats",
"stats-bin-p",
"stats_old",
"status",
"storage",
"store",
"storemgr",
"story",
"stronghold-info",
"stronghold-status",
"stuff",
"style",
"styles",
"stylesheet",
"stylesheets",
"subir",
"sun",
"super_stats",
"support",
"supporter",
"sys",
"sysadmin",
"sysbackup",
"system",
"t",
"tar",
"tarantella",
"tarjetas",
"tdbin",
"tech",
"technote",
"te_html",
"temp",
"template",
"templates",
"temporal",
"test",
"test-cgi",
"testing",
"tests",
"testweb",
"ticket",
"tickets",
"tiki",
"tikiwiki",
"tmp",
"tools",
"tpv",
"trabajo",
"trac",
"track",
"tracking",
"transito",
"transpolar",
"tree",
"trees",
"twiki",
"u",
"uapi-cgi",
"uapi-cgi/admin",
"ucs-overview",
"univention-management-console",
"updates",
"upload",
"uploads",
"us",
"usage",
"user",
"userdb",
"users",
"usr",
"ustats",
"usuario",
"usuarios",
"util",
"utils",
"v",
"v4",
"vendor",
"vfs",
"w",
"w3perl",
"w-agora",
"way-board",
"web",
"web800fo",
"webaccess", # e.g. Zarafa
"webadmin",
"webalizer",
"webapp", # e.g. Zarafa
"webapps",
"webboard",
"webcart",
"webcart-lite",
"webdata",
"webdav",
"webdb",
"webimages",
"webimages2",
"weblog",
"weblogs",
"webmail",
"webmaster",
"webmaster_logs",
"webMathematica",
"webpub",
"webpub-ui",
"webreports",
"webreps",
"webshare",
"website",
"webstat",
"webstats",
"webtrace",
"webtrends",
"web_usage",
"wiki",
"windows",
"word",
"work",
"workspace",
"wsdocs",
"wstats",
"wusage",
"www",
"wwwjoin",
"wwwlog",
"www-sql",
"wwwstat",
"wwwstats",
"x",
"xampp",
"xGB",
"xml",
"xtemp",
"y",
"z",
"zabbix",
"zb41",
"zipfiles",
"~1",
"~admin",
"~log",
"~root",
"~stats",
"~webstats",
"~wsdocs",
# Phishing
"cgi-bim",
# Lite-serve
"cgi-isapi",
# HyperWave
"wavemaster.internal",
# Urchin
"urchin",
"urchin3",
"urchin5",
# CVE-2000-0237
"publisher",
# Locale / language related
# nb:
# - the alpha-2 / two-letter country codes have been taken from here:
#   https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
# - Some entries might be duplicated like e.g. "gb" for "guest book", this is acceptable because
#   the list will be made "unique" later
# - "en" is a special case and not listed on the page above
"en",
"en-US",
"intl",
"ad",
"ae",
"af",
"ag",
"ai",
"al",
"am",
"ao",
"aq",
"ar",
"as",
"at",
"au",
"aw",
"ax",
"az",
"ba",
"bb",
"bd",
"be",
"bf",
"bg",
"bh",
"bi",
"bj",
"bl",
"bm",
"bn",
"bo",
"bq",
"br",
"bs",
"bt",
"bv",
"bw",
"by",
"bz",
"ca",
"cc",
"cd",
"cf",
"cg",
"ch",
"ci",
"ck",
"cl",
"cm",
"cn",
"co",
"cr",
"cu",
"cv",
"cw",
"cx",
"cy",
"cz",
"de",
"dj",
"dk",
"dm",
"do",
"dz",
"ec",
"ee",
"eg",
"eh",
"er",
"es",
"et",
"fi",
"fj",
"fk",
"fm",
"fo",
"fr",
"ga",
"gb",
"gd",
"ge",
"gf",
"gg",
"gh",
"gi",
"gl",
"gm",
"gn",
"gp",
"gq",
"gr",
"gs",
"gt",
"gu",
"gw",
"gy",
"hk",
"hm",
"hn",
"hr",
"ht",
"hu",
"id",
"ie",
"il",
"im",
"in",
"io",
"iq",
"ir",
"is",
"it",
"je",
"jm",
"jo",
"jp",
"ke",
"kg",
"kh",
"ki",
"km",
"kn",
"kp",
"kr",
"kw",
"ky",
"kz",
"la",
"lb",
"lc",
"li",
"lk",
"lr",
"ls",
"lt",
"lu",
"lv",
"ly",
"ma",
"mc",
"md",
"me",
"mf",
"mg",
"mh",
"mk",
"ml",
"mm",
"mn",
"mo",
"mp",
"mq",
"mr",
"ms",
"mt",
"mu",
"mv",
"mw",
"mx",
"my",
"mz",
"na",
"nc",
"ne",
"nf",
"ng",
"ni",
"nl",
"no",
"np",
"nr",
"nu",
"nz",
"om",
"pa",
"pe",
"pf",
"pg",
"ph",
"pk",
"pl",
"pm",
"pn",
"pr",
"ps",
"pt",
"pw",
"py",
"qa",
"re",
"ro",
"rs",
"ru",
"rw",
"sa",
"sb",
"sc",
"sd",
"se",
"sg",
"sh",
"si",
"sj",
"sk",
"sl",
"sm",
"sn",
"so",
"sr",
"ss",
"st",
"sv",
"sx",
"sy",
"sz",
"tc",
"td",
"tf",
"tg",
"th",
"tj",
"tk",
"tl",
"tm",
"tn",
"to",
"tr",
"tt",
"tv",
"tw",
"tz",
"ua",
"ug",
"um",
"us",
"uy",
"uz",
"va",
"vc",
"ve",
"vg",
"vi",
"vn",
"vu",
"wf",
"ws",
"ye",
"yt",
"za",
"zm",
"zw",
# Sympa
"wws",
"wwsympa",
"sympa",
# Opentaps and Apache OFBiz
"accounting/control/main",
"ap/control/main",
"ar/control/main",
"assetmaint/control/main",
"bi/control/main",
"birt/control/main",
"catalog/control/main",
"cmssite/control/main",
"content/control/main",
"control/main",
"crmsfa/control/main",
"ebay/control/main",
"ebaystore/control/main",
"ecommerce/control/main",
"ecomseo", # nb: special case
"example/control/main",
"exampleext/control/main",
"facility/control/main",
"financials/control/main",
"googlebase/control/main",
"hhfacility/control/main",
"humanres/control/main",
"ldap/control/main",
"lucence/control/main",
"manufacturing/control/main",
"marketing/control/main",
"msggateway/control/main",
"multiflex/control/main",
"myportal/control/main",
"ofbizsetup/control/main",
"ordermgr/control/main",
"passport/control/main",
"partymgr/control/main",
"pricat/control/main",
"projectmgr/control/main",
"purchasing/control/main",
"scrum/control/main",
"sfa/control/main",
"sofami/control/main",
"solr/control/main",
"warehouse/control/main",
"webpos/control/main",
"webtools/control/main",
"workeffort/control/main",
# Icinga Web 2
"authentication",
"lib",
"lib/icinga",
"lib/icinga/icinga-php-thirdparty",
"static",
"icingaweb2",
"icingaweb2/authentication",
"icingaweb2/lib",
"icingaweb2/lib/icinga",
"icingaweb2/lib/icinga-php-thirdparty",
"icingaweb2/static",
"icinga",
"icinga/authentication",
"icinga/lib",
"icinga/lib/icinga",
"icinga/lib/icinga-php-thirdparty",
"icinga/static",
"icinga2",
"icinga2/authentication",
"icinga2/lib",
"icinga2/lib/icinga",
"icinga2/lib/icinga-php-thirdparty",
"icinga2/static",
"icinga-web",
"icinga-web/authentication",
"icinga-web/lib",
"icinga-web/lib/icinga",
"icinga-web/lib/icinga-php-thirdparty",
"icinga-web/static",
# GVM / GSA related URLs
"assets",
"css",
"help",
"img",
"js",
"login",
"gmp",
"locales",
"omp",
"static",
"static/img",
"static/js",
"static/css",
"system_report",
# Fortinet FortiOS SSL VPN Web Portal
"remote",
# Collabora / LibreOffice Online
"browser",
"browser/dist",
"browser/dist/admin",
"cool",
"cool/adminws",
"dist",
"dist/admin",
"hosting",
"hosting/discovery",
"hosting/capabilities",
"loleaflet",
"loleaflet/dist",
"loleaflet/dist/admin",
"lool",
"lool/adminws",
# e.g. Metasploitable2 VM
"dvwa",
"mutillidae",
# ownCloud
"updater",
"ocs-provider",
"ocm-provider", #nb: OpenCloudMesh Endpoint
# Kibana
"app/kibana", #nb: "/app" is already included above
"spaces",
"spaces/enter",
# Samsung Q60 series smart TV but might exist for other products / applications as well
"ws",
"ws/auth",
"ws/pairing",
"ws/debug",
# nb: Only api/v2 existed for the samsung device but those seems to be quite common endpoints
# like seen in some other VTs in the feed.
"api/v1",
"api/v1.0",
"api/v2",
"api/v2.0",
"api/v3",
"api/v3.0",
"api/v4",
"api/v4.0",
"api/v5",
"api/v5.0",
# Cisco UCS Director
"app/ui", #nb: "app" is already included above
# Same/similar product, different vendors / product lines
#
# - Juniper Pulse Connect SSL-VPN
# - Pulse Secure Pulse Connect Secure
# - Ivanti Connect Secure
# - Ivanti Policy Secure
#
# nb: The device had also "/api/v1" but this is already included above
#
"dana-admin",
"dana-admin/misc",
"dana-na",
"dana-na/auth",
"dana-na/auth/url_admin",
"dana-na/auth/url_default",
"dana-na/download",
"dana-na/meeting",
"dana-na/nc",
"dana",
"dana/fb",
"dana/fb/smb",
"dana/html5acc",
"dana/html5acc/guacamole",
"dana-cached",
"dana-cached/hc",
"dana-cached/sc",
"dana-cached/setup",
# Citrix ADC / Gateway
"eap",
"gwtest",
"logon",
"logon/vpn",
"nf",
"nf/auth",
"nf/auth/webview",
"saml",
"vpn",
"vpn/js",
"vpns",
"vpns/cfg",
"vpns/portal",
"vpns/portal/scripts",
# WordPress Core dirs
"wp-admin",
"wp-content",
"wp-content/gallery",
"wp-content/languages",
"wp-content/plugins",
"wp-content/themes",
"wp-content/upgrade",
"wp-content/uploads",
"wp-includes",
"wp-json", # Pretty links
"index.php/wp-json", # Non-Pretty links
"wordpress/wp-admin",
"wordpress/wp-content",
"wordpress/wp-content/gallery",
"wordpress/wp-content/languages",
"wordpress/wp-content/plugins",
"wordpress/wp-content/themes",
"wordpress/wp-content/upgrade",
"wordpress/wp-content/uploads",
"wordpress/wp-includes",
"wordpress/wp-json",
"wordpress/index.php/wp-json",
"wp/wp-admin",
"wp/wp-content",
"wp/wp-content/gallery",
"wp/wp-content/languages",
"wp/wp-content/plugins",
"wp/wp-content/themes",
"wp/wp-content/upgrade",
"wp/wp-content/uploads",
"wp/wp-includes",
"wp/wp-json",
"wp/index.php/wp-json",
"blog/wp-admin",
"blog/wp-content",
"blog/wp-content/gallery",
"blog/wp-content/languages",
"blog/wp-content/plugins",
"blog/wp-content/themes",
"blog/wp-content/upgrade",
"blog/wp-content/uploads",
"blog/wp-includes",
"blog/wp-json",
"blog/index.php/wp-json",
# WordPress plugins / themes dirs
"wp-content/backup-db",
"wp-content/backups-dup-pro",
"wp-content/backups-dup-lite",
"wp-content/updraft",
"wp-content/uploads/fusion-forms",
"wp-content/w3tc-config",
"wordpress/wp-content/backup-db",
"wordpress/wp-content/backups-dup-pro",
"wordpress/wp-content/backups-dup-lite",
"wordpress/wp-content/updraft",
"wordpress/wp-content/uploads/fusion-forms",
"wordpress/wp-content/w3tc-config",
"wp/wp-content/backup-db",
"wp/wp-content/backups-dup-pro",
"wp/wp-content/backups-dup-lite",
"wp/wp-content/updraft",
"wp/wp-content/uploads/fusion-forms",
"wp/wp-content/w3tc-config",
"blog/wp-content/backup-db",
"blog/wp-content/backups-dup-pro",
"blog/wp-content/backups-dup-lite",
"blog/wp-content/updraft",
"blog/wp-content/uploads/fusion-forms",
"blog/wp-content/w3tc-config",
# Cloudflare, see e.g. https://seclists.org/nmap-dev/2019/q1/42
"cdn-cgi",
"cdn-cgi/apps",
"cdn-cgi/apps/head",
"cdn-cgi/scripts",
"cdn-cgi/pe",
# Trend Micro Apex One (see info of the structure in e.g. CVE-2023-0587)
"officescan",
"officescan/console",
"officescan/console/html",
"officescan/console/html/cgi",
# Sophos XG Firewall
"userportal",
"userportal/webpages",
"userportal/webpages/myaccount",
"webconsole",
"webconsole/webpages",
# Microsoft Exchange Outlook Web App (OWA)
"EWS",
"owa",
"owa/auth",
# Laravel / Laravel Telescope
"laravel",
"laravel/public",
"laravel/telescope",
"project",
"public",
"telescope",
"vendor",
"vendor/laravel",
# Apache Solr
"solr",
"apachesolr",
# e.g. SpinetiX Fusion
"fusion",
"content",
"content/files",
"content/files/backups",
# Oracle BI Publisher
"xmlpserver",
# RUCKUS IoT Controller
"refUI",
# Config dir of various apps / frameworks like Symfony
"app/config",
# Citrix Endpoint Management or XenMobile Server
"zdm",
# Cisco Security Manager, possible other products as well
"CSCOnm",
"CSCOnm/servlet",
"CSCOnm/servlet/login",
"cwhp",
"cwhp/CSMSDesktop",
"athena",
"athena/xdmProxy",
"athena/itf",
# Cisco Webex Meetings Server
"orion",
"webappng",
"webappng/sites",
"webappng/sites/meetings",
"webappng/sites/meetings/dashboard",
# Tomcat
"tomcat-docs", #nb: Will be ignored by default
"manager",
"manager/html",
"manager/status",
"host-manager",
"host-manager/html",
"tomcat",
"tomcat/manager",
"tomcat/manager/html",
"admin-console",
"web-console",
"web-console/Invoker",
"jmx-console",
"jmx-console/HtmlAdaptor",
"invoker",
"invoker/JMXInvokerServlet",
"cognos_express",
"cognos_express/manager",
"cognos_express/manager/html",
# D-Link DSR devices
"scgi-bin",
# Micro Focus (Novell) Filr
"filr",
"ssf",
"ssf/a",
"rest",
# AWStats
"awstats",
"awstats/cgi-bin",
"awstats-cgi",
# WD My Cloud
"nas",
"nas/v1",
"xml",
"web",
"web/images",
"web/function",
"web/restSDK",
"web/restAPI",
"web/ota",
"api",
"api/2.1",
"api/2.1/rest",
# Various application servers like Apache Tomcat or Mort Bay/Eclipse Jetty. Normally these should
# prevent the direct access to the directory but we're checking it anyway if there are any
# misconfigurations in place.
"WEB-INF",
"WEB-INF/classes",
"WEB-INF/lib",
"META-INF",
# WildFly H2 Console
"h2console",
"h2console/console",
# Liferay Portal
"api",
"api/jsonws",
# VMware Identity Manager / vRealize Automation / VMware Workspace ONE Access
"cfg",
"hc",
"hc/error",
"hc/static",
"SAAS",
"SAAS/apps",
"SAAS/auth",
"SAAS/auth/login",
"SAAS/auth/login/embeddedauthbroker",
"SAAS/horizon",
"SAAS/horizon/js",
"SAAS/horizon/js-lib",
"SAAS/jersey",
"SAAS/jersey/manager",
"SAAS/jersey/manager/api",
"SAAS/t", # nb: Seen in CVE-2022-31656
"SAAS/WEB-INF",
"SAAS/META-INF",
"vcac",
# Novell Web Manager
"WebAdmin",
# Unknown product related to Apache Cocoon
"v2",
"v2/api",
"v2/api/product",
"v2/api/product/manger",
"v2/api/product/manager", # nb: The above endpoint might be a typo so both are used.
# Seen on multiple Apache Cocoon relevant systems
"repository",
"repository/xmlui",
"samples",
"xmlui",
# VMware vSphere Client of vCenter Server
"ui",
"ui/resources",
"ui/resources/libs",
"ui/resources/js",
"ui/resources/css",
"ui/resources/ng-next-app",
"ui/resources/ng-next-app/styles",
"ui/resources/ui",
"ui/resources/ui/views",
"ui/resources/ui/views/mainlayout",
"ui/modules-join-files",
"ui/modules-join-files/js",
"ui/modules-join-files/css",
"ui/modules-proxy-lib",
"ui/modules-proxy-lib/resources",
"ui/modules-proxy-lib/resources/js",
"ui/psc-ui",
"ui/psc-ui/resources",
"ui/psc-ui/resources/js",
"ui/dashboard-lite-ui",
"ui/dashboard-lite-ui/resources",
"ui/dashboard-lite-ui/resources/js",
"ui/certificate-ui",
"ui/certificate-ui/resources",
"ui/certificate-ui/resources/js",
"ui/advperfcharts-ui",
"ui/advperfcharts-ui/resources",
"ui/advperfcharts-ui/resources/js",
"ui/h5-vsan",
"ui/h5-vsan/rest",
"ui/h5-vsan/rest/proxy",
"ui/h5-vsan/rest/proxy/service",
"ui/h5-vsan/rest/proxy/service/CLASS",
"sdk",
"cache",
"vsphere-client",
"history",
"assets",
"websso",
"websso/SAML2",
"websso/SAML2/SSO",
"websso/resources",
"websso/resources/js",
"websso/resources/js/assets",
"websso/resources/img",
"websso/resources/css",
"ui/vropspluginui",
"ui/vropspluginui/rest",
"ui/vropspluginui/rest/services",
"ui/vropspluginui/rest/services/getstatus", # nb: This and the previous is an API endpoint which was unprotected before the patch from VMSA-2021-0002
"statsreport",
"analytics",
"analytics/telemetry",
"analytics/telemetry/ph",
"analytics/telemetry/ph/api",
"ui/vcav-bootstrap",
"ui/vcav-bootstrap/rest",
"ui/vcav-bootstrap/rest/vcav-providers",
"eam",
# VMware vRealize Operations Manager
"admin",
"ui",
# API path taken from https://github.com/bakingclouds/vRealize-Operations-Tenant-App/blob/main/swagger.json
"suite-api",
"suite-api/api",
"suite-api/api/auth",
"suite-api/api/auth/token",
"suite-api/api/deployment",
"suite-api/api/deployment/config",
"suite-api/api/deployment/config/globalsettings",
"suite-api/api/reports",
"suite-api/api/resources",
"suite-api/api/resources/stats",
"suite-api/api/versions",
"suite-api/internal",
"suite-api/doc",
"casa",
"casa/nodes",
# VMware vRealize Operations Tenant App API
"tenant-app-api",
"tenant-app-api/access",
"tenant-app-api/access/pricesetting",
"tenant-app-api/bills",
"tenant-app-api/pricingpolicy",
"tenant-app-api/users",
# RedHat Stronghold
"stronghold-info",
"stronghold-status",
# Enterasys Dragon Enterprise Reporting
"dragon",
# HP Systems Insight Manager
"simsearch",
"simsearch/messagebroker",
"mxportal",
"mxportal/taskandjob",
# HP/HPE System Management Homepage (SMH)
"proxy",
"proxy/smhui",
# Inspur ClusterEngine
"module",
"module/login",
# AfterLogic Aurora/WebMail
"afterlogic",
"aurora",
"webmail",
"webmailpro",
# NetApp Cloud Manager
"occmui",
"occm",
"occm/api",
"occm/api/occm",
"occm/api/occm/system",
# Adobe ColdFusion
"CFIDE",
"CFIDE/administrator",
"CFIDE/administrator/settings",
"CFIDE/administrator/help",
"CFIDE/adminapi",
"CFIDE/services",
"cf_scripts",
"cf_scripts/scripts",
"cf_scripts/scripts/ajax",
"cf_scripts/scripts/ajax/package",
"cf-scripts",
"cf-scripts/scripts",
"cf-scripts/scripts/ajax",
"cf-scripts/scripts/ajax/package",
"CFIDE/scripts",
"CFIDE/scripts/ajax",
"CFIDE/scripts/ajax/package",
"cfide",
"cfide/scripts",
"cfide/scripts/ajax",
"cfide/scripts/ajax/package",
"CF_SFSD",
"CF_SFSD/scripts",
"CF_SFSD/scripts/ajax",
"CF_SFSD/scripts/ajax/package",
"cfide-scripts",
"cfide-scripts/ajax",
"cfide-scripts/ajax/package",
"cfmx",
"cfmx/CFIDE",
"cfmx/CFIDE/scripts",
"cfmx/CFIDE/scripts/ajax",
"cfmx/CFIDE/scripts/ajax/package",
"restplay",
"CFIDE/restplay",
"CFIDE/main",
"CFIDE/componentutils",
"CFIDE/wizards",
"CFIDE/servermanager",
"CFIDE/AIR",
"CFIDE/appdeployment",
"CFIDE/cftags",
"CFIDE/debug",
"CFIDE/lockdown",
"CFIDE/orm",
"CFIDE/scheduler",
"CFIDE/services",
"CFIDE/websocket",
# Proxmox Virtual Environment (VE, PVE)
"pve2",
"pve2/images",
"pve2/ext6",
"pve2/ext6/locale",
"pve2/ext6/theme-crisp",
"pve2/ext6/theme-crisp/resources",
"pve2/ext6/crisp",
"pve2/ext6/crisp/resources",
"pve2/fa",
"pve2/fa/css",
"pve2/css",
"pve2/js",
"pve-docs",
"pwt/css",
# SAP NetWeaver Portal
"com.sap.portal.design.urdesigndata",
"com.sap.portal.design.urdesigndata/themes",
"com.sap.portal.design.urdesigndata/themes/portal",
"com.sap.portal.design.urdesigndata/themes/portal/sap_tradeshow_plus",
"com.sap.portal.design.urdesigndata/themes/portal/sap_tradeshow_plus/common",
"com.sap.portal.theming.webdav.themeswebdavlistener",
"com.sap.portal.theming.webdav.themeswebdavlistener/Portal",
"com.sap.portal.theming.webdav.themeswebdavlistener/Portal/prtl_std",
"com.sap.portal.theming.webdav.themeswebdavlistener/Portal/prtl_std/sap_tradeshow_plus",
"irj",
"irj/portal",
"irj/portalapps",
"irj/portalapps/com.sap.portal.design.portaldesigndata",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_standard",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_standard/glbl",
"irj/portalapps/com.sap.portal.design.portaldesigndata/themes/portal/sap_standard/prtl_std",
"irj/portalapps/com.sap.portal.design.urdesigndata",
"irj/portalapps/com.sap.portal.design.urdesigndata/themes",
"irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal",
"irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/sap_standard",
"irj/portalapps/com.sap.portal.design.urdesigndata/themes/portal/sap_standard/ur",
"irj/portalapps/com.sap.portal.epcf.loader",
"irj/portalapps/com.sap.portal.epcf.loader/script",
"irj/portalapps/com.sap.portal.epcf.loader/script/optimize",
"irj/portalapps/com.sap.portal.runtime.logon",
"irj/portalapps/com.sap.portal.runtime.logon/css",
"irj/portalapps/com.sap.portal.runtime.logon/js",
"irj/portalapps/com.sap.portal.runtime.logon/layout",
"irj/servlet",
"irj/servlet/prt",
"irj/servlet/prt/portal",
"irj/servlet/prt/portal/prtroot",
"portal/irj",
"portal/irj/portal",
"portal/irj/servlet",
"portal/irj/servlet/prt",
"portal/irj/servlet/prt/portal",
"portal/irj/servlet/prt/portal/prtroot",
# SAP Solution Manager
"EemAdminService", # Seen in CVE-2020-6207
# Those have been also seen on such SAP Solution Manager installs:
"sap",
"sap/bc",
"sap/bc/bsp",
"sap/bc/bsp/sap",
"sap/bc/bsp/sap/crm_ui_start",
"sap/bc/webdynpro",
"sap/bc/webdynpro/sap",
# SAP NetWeaver Development Infrastructure
"tc.CBS.Appl", # Seen in CVE-2021-33690
# Apache Struts
# nb: The "config-browser" ones are from the Config Browser Plugin (https://struts.apache.org/plugins/config-browser/)
"struts",
"struts/config-browser",
"struts2-showcase",
"struts2-showcase/config-browser",
"struts2-showcase/integration",
"struts2-showcase/skill",
"struts2-showcase/validation",
"struts2-blank",
"struts2-blank/config-browser",
"struts2-blank/example",
"struts2-basic",
"struts2-basic/config-browser",
"struts2-mailreader",
"struts2-mailreader/config-browser",
"struts2-portlet",
"struts2-portlet/config-browser",
"struts2-rest-showcase",
"struts2-rest-showcase/config-browser",
"struts2-rest-showcase/orders",
"struts-cookbook",
"struts-cookbook/config-browser",
"struts-examples",
"struts-examples/config-browser",
"config-browser",
"starter",
"starter/config-browser",
# Ivanti Avalanche
"AvalancheWeb",
# VMware Workspace ONE UEM
"AirWatch",
# Used by an unknown scanner checking for Laravel ".env" files
"app",
"apps",
"assets",
"config",
"core",
"core/app",
"core/Database",
"cron",
"cronlab",
"database",
"lab",
"lib",
"vendor",
# Oracle E-Business Suite
"OA_HTML",
"OA_HTML/cabo",
"OA_HTML/cabo/jsLibs",
"OA_HTML/cabo/jsps",
"OA_HTML/cabo/styles",
"OA_HTML/media",
"OA_MEDIA",
# Sun/Oracle Web Server
"admingui",
"admingui/version",
# Various SAP products
"sap",
"sap/public",
# SICF service on SAP AS ABAP
"sap/public/bc",
"sap/public/bc/abap",
# SAP Internet Communication Framework (ICF)
"sap/public/bc/icf",
"sap/public/bc/icf/systemloginjs",
# SAP Internet Communication Manager (ICM)
"sap/admin",
"sap/admin/icp",
"sap/admin/public",
"sap/admin/public/resources",
"sap/admin/publicicp",
# SAP Web Dispatcher
"sap/wdisp",
"sap/wdisp/admin",
"sap/wdisp/admin/icp",
"sap/wdisp/admin/public",
"sap/wdisp/admin/public/resources",
"sap/wdisp/admin/publicicp",
# Additional unknown SAP URLs
"SAP",
"SAP/BC",
"SAP/BC/UI5_UI5",
"SAP/BC/UI5_UI5/SYM",
"SAP/BC/UI5_UI5/SYM/SU_SUPPLIER",
# nb: sap/bc is already included in some other places
"sap/bc/gui",
"sap/bc/gui/sap",
"sap/bc/gui/sap/its",
"sap/bc/nwbc",
"sap/bc/nwbc/srm",
# Those have been seen on NetWeaver systems
"sap/public/bc/icons",
"sap/public/bc/ur",
"sap/public/bc/ur/Login",
"sap/public/bc/ur/Login/assets",
"sap/public/bc/ur/Login/assets/corbu",
"sap/public/bc/ur/nw5",
"sap/public/bc/ur/nw5/themes",
"sap/public/bc/ur/nw7",
"sap/public/bc/ur/nw7/js",
"sap/public/bc/ur/nw7/js/classes",
"sap/public/bc/ur/nw7/js/texts",
# SAP XML Data Archiving Service on SAP AS Java
"DataArchivingService",
"DataArchivingService/webcontent",
"DataArchivingService/webcontent/cas",
"DataArchivingService/webcontent/aas",
# Pega Infinity
"prweb",
"prweb/app",
"prweb/app/default",
"prweb/PRAuth",
"prweb/PRAuth/app",
"prweb/PRAuth/app/default",
"prweb/PRAuth/SSO",
# FLIR AX8
"FLIR",
"FLIR/usr",
"FLIR/usr/www",
"FLIR/usr/www/application",
"FLIR/usr/www/application/controller",
"camera",
"home",
"login",
"public",
"settings",
"storage",
# Cisco HyperFlex Connect
"hx",
"hx/api",
"upload",
# Self Service Password [LDAP Tool Box (LTB)]
"ssp",
"ssp/rest",
"ssp/rest/v1",
"ssp/rest/v2",
"rest",
"rest/v1",
"rest/v2",
# SolarWinds Orion Platform (e.g. NPM)
"Orion",
# HP / H3C iMC
"imc",
"imc/javax.faces.resource",
# Zend Framework config file location
"application",
"application/configs",
"configs",
# Apache Airflow
"admin",
"admin/airflow",
"admin/airflow/login",
"admin/configurationview",
"admin/login",
"aws_mwaa",
"aws_mwaa/login",
"airflow",
# ConcatServlet of Eclipse Jetty
"concat?",
# Unknown servlet of Eclipse Jetty
"static?",
# Mentioned as a directory in https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
"context",
# Seen in various active checks for Eclipse Jetty
"dump",
"jsp",
"jspsnoop",
"jspsnoop/ERROR",
"test",
"test/jsp",
# Maipu Network devices
"php",
"php/common",
"webui",
# Akkadian Provisioning Manager
"pme",
"pme/database",
"pme/database/pme",
"pme/media",
"pme/backups",
# Lucee
"lucee",
"lucee/admin",
"lucee/doc",
"lucee/res",
"lucee/res/js",
"lucee/templates",
"lucee/templates/error",
# FanRuan FineReport
"FineReport",
"FineReport/decision",
"WebReport",
"WebReport/decision",
"webroot",
"webroot/decision",
# VICIdial
"agc",
"agc3",
"vicidial",
"vicidial/agent_reports",
# Acronis Cyber Protect
"idp",
"idp/authorize",
"am",
"am/api",
"am/api/1",
"am/api/2",
"api",
"api/1",
"api/2",
"backup-console",
# FCKeditor / CKEditor
"fckeditor",
"editor",
"admin/fckeditor",
"sites/all/modules/fckeditor",
"resources/fckeditor",
"clientscript/fckeditor",
"wp-content/plugins/fckeditor-for-wordpress/fckeditor",
"FCKeditor",
"inc/fckeditor",
"includes/fckeditor",
"include/fckeditor",
"modules/fckeditor",
"plugins/fckeditor",
"HTMLEditor",
"admin/htmleditor",
"sites/all/modules/fckeditor/fckeditor",
"ckeditor",
"admin/ckeditor",
"sites/all/modules/ckeditor",
"resources/ckeditor",
"clientscript/ckeditor",
"wp-content/plugins/ckeditor-for-wordpress/ckeditor",
"vendor/plugins/fckeditor/public/javascripts",
"extensions/FCKeditor",
"extensions/FCKeditor/fckeditor",
# Huawei Home Gateway
"api",
"api/system",
"lib",
"html",
"lang",
# Cisco ASA / ASDM
"+CSCOT+",
"+CSCOE+",
"+CSCOE+/files",
"+CSCOE+/saml",
"+CSCOE+/saml/sp",
"+CSCOE+/sdesktop",
"+CSCOU+",
"+webvpn+",
"admin",
"admin/public",
"CACHE",
"CACHE/sdesktop",
"CACHE/sdesktop/install",
"CACHE/sdesktop/install/binaries",
"CSCOSSLC",
# W-Agora
"w-agora",
"cms",
# Online Grades
"grades",
"onlinegrades",
# Adobe Experience Manager (AEM)
"bin",
"bin/wcm",
"libs",
"libs/granite",
"libs/granite/core",
"libs/granite/core/content",
"system",
"system/console",
"system/sling",
"system/sling/cqform",
"crx",
"crx/de",
"crx/packmgr",
"etc",
"etc/clientlibs",
"etc/clientlibs/granite",
"etc/designs",
"content",
"content/dam",
"etc.clientlibs",
"etc.clientlibs/clientlibs",
"etc.clientlibs/clientlibs/granite",
"mnt", # All "mnt" ones have been seen in CVE-2019-16469
"mnt/overlay",
"mnt/overlay/dam",
"mnt/overlay/dam/gui",
"mnt/overlay/dam/gui/content",
"mnt/overlay/dam/gui/content/assets",
# Prometheus
"alerts",
"graph",
"status",
"flags",
"config",
"rules",
"targets",
"tsdb-status",
"service-discovery",
"api",
"api/v1",
"api/v1/status",
# Some known JavaServer Faces (JSF2) apps / endpoints
"costModule",
"costModule/faces",
"faces",
"secureader",
"myaccount",
"SupportPortlet",
"SupportPortlet/faces",
"javax.faces.resource",
# Veeam Backup Enterprise Manager
"scripts",
"scripts/build",
"scripts/build/production",
"scripts/build/production/MainApp",
# OpenAM, MITREid Connect and other OAuth related products
"openam",
"OpenAM",
"opensso",
"sso",
"openam/.well-known",
"OpenAM/.well-known",
"opensso/.well-known",
"sso/.well-known",
"openam/.well-known/webfinger",
"OpenAM/.well-known/webfinger",
"opensso/.well-known/webfinger",
"sso/.well-known/webfinger",
"connect",
"connect/register",
"oauth",
"oauth/token",
"oauth/confirm_acces",
"openid-connect-server-webapp",
"openid-connect-server-webapp/register",
"openid-connect-server-webapp/api",
"openid-connect-server-webapp/api/clients",
"authorize",
# Circontrol CirCarLife / OCPP
"html",
"html/MainFrame",
"html/app",
"html/app/controllers",
"html/app/directives",
"html/app/partials",
"html/app/services",
"html/app/views",
"html/device-id",
"html/libs",
"html/log",
"html/repository",
"html/resources",
"html5",
"services",
"services/cmd",
"services/config",
"services/logs",
"services/logs/system_logs",
"services/system",
"services/user",
# WD My Book Live
"UI",
# LISTSERV Maestro
"lui",
"hub",
# Appnitro MachForm
"machform",
# IBM Maximo
"maximo",
"maximo/webclient",
"maximo/weblcient/login",
"meaweb",
"meaweb/os",
# IceWarp Mail Server
"webdav",
"webdav/ticket",
"webmail",
"webmail/basic",
"webmail/calendar",
"webmail/calendar/minimizer",
"webmail/client",
"webmail/client/skins",
"webmail/client/skins/default",
"webmail/client/skins/default/css",
"webmail/inc",
"webmail/pda",
"webmail/pda/controller",
# Kaseya VSA
"vsapres",
"vsapres/web20",
"vsapres/web20/core",
"vsapres/js",
"vsapres/js/thirdparty",
"vsapres/js/thirdparty/material",
"vsapres/assets",
"vsapres/assets/css",
"vsapres/js",
"vsapres/js/kaseya",
"vsapres/js/kaseya/web",
"vsapres/js/kaseya/web/Helpers",
"vsapres/images",
"vsapres/images/common",
"themes",
"themes/default",
"themes/default/images",
# Dell Wyse Management Suite
"ccm-web",
"ccm-web/admin",
"ccm-web/image",
# Seagate BlackArmor NAS
"backupmgt",
"admin",
# osCommerce
"osc",
"oscommerce",
"store",
"catalog",
"shop",
# MagicFlow
"msa",
# KevinLAB products (4st Solar, EMS, BEMS, HEMS) but also possible others
"http",
"dashboard",
"pages",
"modules",
"login",
"res",
# <- Start entries from 2021/gb_generic_http_web_dirs_dir_trav.nasl
 # MERCUSYS Mercury X18G
"loginLess",
# Gate One
"downloads",
# st module for Node.js
"public",
# Node.js and Spring MVC
"static",
# Spring MVC
"spring-mvc-showcase",
"spring-mvc-showcase/resources",
# ZEIT Next.js
"_next",
# LG SuperSign CMS
"signEzUI",
"signEzUI/playlist",
"signEzUI/playlist/edit",
"signEzUI/playlist/edit/upload",
"node_modules", # node-srv node module
# Node RED Dashboard
"ui_base",
"ui_base/js",
# Elasticsearch
"_plugin",
"_plugin/head",
# Oracle GlassFish Server
"resource",
"resource/file",
"theme",
"theme/META-INF",
# Rubedo
"theme/default",
"theme/default/img",
# Pallets Werkzeug
"base_import",
"base_import/static",
"web",
"web/static",
"base",
"base/static",
# Deltek Maconomy
"cgi-bin/Maconomy",
"cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS",
# D-Link Routers
"uir",
# Galera WebTemplate
"GallerySite",
"GallerySite/filesrc",
# Ruby on Rails
"assets",
# RaidenMAILD Mail Server
"webeditor",
# -> End entries from 2021/gb_generic_http_web_dirs_dir_trav.nasl
# Sage X3
"auth",
"auth/sage-id",
"auth/login",
"auth/login/page",
"auth/forgetMe",
"syracuse-auth",
"syracuse-auth/html",
# IBM Web Content Manager
"wps",
"wps/wcm",
"wps/wcm/webinterface",
"wps/wcm/webinterface/login",
# Orbis CMS
"orbis",
"orbis/admin",
"Orbis",
"Orbis/admin",
# DynPage CMS
"dynpage",
# BaconMap
"baconmap",
"baconmap/admin",
"map",
"map/admin",
# Node RED Dashboard
"ui_base",
"ui_base/js",
# qdPM
"core",
"core/config",
# SAP Manufacturing Integration and Intelligence (xMII) component
"XMII",
# Chamilo LMS
"chamilo",
# SOGo Groupware Webmail
"SOGo",
"SOGo/so",
"SOGo.woa",
"SOGo.woa/WebServerResources",
# EFI Fiery
"WT2Home",
"wt3",
"wt4",
"wt4/configure",
# XEROX printers
"Config",
"home",
"home/msg",
"isgw",
"properties",
"setting",
"ssm",
"ssm/Management",
"ssm/Management/Anonymous",
"stat",
"stat/php",
"sws",
"sws/util",
"toolkits",
"toolkits/mobileWebToolkit",
"toolkits/mobileWebToolkit/js",
"vdesk",
"wt4",
"web_lang",
"webglue/isw",
"XUX-gfocal",
"XUX-gfocal/xux-js",
"XUX-gfocal/xux-l10n",
# Fujifilm printers
"common/api",
"ews",
"ews/setting",
"globalnav",
"globalnav/js",
"globalnav/msg",
"globalnav/template",
"home/api",
"home/js",
"home/template",
"permissions/api",
"system/api",
"wuilib",
"wuilib/js",
"wuilib/msg",
# e.g. Microsoft Open Management Infrastructure (OMI)
"wsman",
# Microsoft Sharepoint
"_api",
"_api/web",
# Microsoft FronPage / IIS / Exchange related
"_mem_bin",
"_vti_bin",
"_vti_bot",
"_vti_cnf",
"_vti_log",
"_vti_pvt",
"_vti_shm",
"_vti_txt",
"exchange",
"msadc",
"msadc/Samples",
"msadc/Samples/SELECTOR",
"iisadmin",
"iisadmpwd",
"iisprotect",
"iissamples",
"iissamples/sdk",
"iissamples/sdk/asp",
"iissamples/sdk/asp/docs",
"pbserver",
"rpc",
"scripts/iisadmin",
"Sites",
"Sites/Knowledge",
"Sites/Knowledge/Membership",
"Sites/Knowledge/Membership/Inspired",
"Sites/Knowledge/Membership/Inspiredtutorial",
"Sites/Samples",
"Sites/Samples/Knowledge",
"Sites/Samples/Knowledge/Membership",
"Sites/Samples/Knowledge/Membership/Inspired",
"Sites/Samples/Knowledge/Membership/Inspiredtutorial",
"Sites/Samples/Knowledge/Push",
"Sites/Samples/Knowledge/Search",
"SiteServer",
"SiteServer/Publishing",
# ManageEngine OpManager and / or Desktop Central.
# nb: a few might already exist in the list but where added here for easier maintenance
"api",
"api/json",
"api/json/nfausers",
"apiclient",
"apiclient/ember",
"cachestart",
"jsp",
"jsp/admin",
"jspf",
"servlet",
"servlets",
"unauthenticatedservlets",
# Ciso Prime Infrastructure (PIS)
"xmp_data_handler_service",
# Red Hat JBoss Operations Network (JON)
"jboss-remoting-servlet-invoker",
"jboss-remoting-servlet-invoker/ServerInvokerServlet",
# Kentico CMS
"CMSPages",
"App_Themes",
# PHP MicroCMS
"microcms",
# VMware vRealize Orchestrator
"vco",
"vco/client",
"vco/files",
"vco/files/home",
"vco/resources",
"vco/vco-client-install",
"vco-controlcenter",
"vco-controlcenter/client",
# FatPipe MPVPN, IPVPN, WARP
"fpui",
"fpui/jsp",
"fpui/pages",
"fpui/pages/jsp",
# Tuleap
"account",
"api",
"api/explorer",
"soap",
"soap/index.php", # nb: This is expected, the URL looks like /soap/index.php/
# Apache Druid
"druid",
"druid/indexer",
"druid/indexer/v1",
"druid/coordinator",
"druid/coordinator/v1",
"druid/coordinator/v1/lookups",
"public",
# ZenCart
"zen-cart",
# CM Scout
"cmscout",
"cmscout/tiny_mce",
"cmscout/tiny_mce/plugins",
"cmscout/tiny_mce/plugins/ibrowser",
# Gallo
"gallo",
"gallo/core",
"gallo/core/includes",
# GDL
"gdl",
"gdl42",
# eoCMS
"eocms",
# Symfony Security Configuration
"app",
"app/config",
"config",
"config/packages",
# Site2Nite Boat
"boat-webdesign",
"products/boat-webdesign/www",
# Pentaho Business Analytics
"api",
"api/ldap",
"api/ldap/config",
"api/ldap/config/ldapTreeNodeChildren",
"api/repos",
"api/repos/dashboards",
"api/userrolelist",
"pentaho",
"pentaho/api",
"pentaho/api/ldap",
"pentaho/api/ldap/config",
"pentaho/api/ldap/config/ldapTreeNodeChildren",
"pentaho/api/repos",
"pentaho/api/repos/dashboards",
"pentaho/api/userrolelist",
"pentaho-solutions",
"pentaho-solutions/api",
"pentaho-solutions/api/ldap",
"pentaho-solutions/api/ldap/config",
"pentaho-solutions/api/ldap/config/ldapTreeNodeChildren",
"pentaho-solutions/api/repos",
"pentaho-solutions/api/repos/dashboards",
"pentaho-solutions/api/userrolelist",
# Sitecore CMS/XP
"login",
"identity",
"identity/login",
"identity/login/shell",
"shell",
"shell/ClientBin",
"shell/ClientBin/Reporting",
"sitecore",
"sitecore/login",
"sitecore/identity",
"sitecore/identity/login",
"sitecore/identity/login/shell",
"sitecore/shell",
"sitecore/shell/ClientBin",
"sitecore/shell/ClientBin/Reporting",
# PithCMS
"PithCMS",
# Metabase
"auth",
"metabase",
"metabase/auth",
# Wiki Web Help
"wwh",
"wikihelp",
# Amcrest Technologies IP Camera
"custom_lang",
# Q-See IP Camera
"web_caps",
# AlstraSoft AskMe
"ask",
# SIMM Management System
"sms",
"SMS",
# phpBazar
"phpBazar",
"phpBazar/admin",
"PHPBazar",
"PHPBazar/admin",
# Papoo CMS
"papoo",
"pp",
# Pecio CMS
"pecio",
"pecio_cms",
"pecio-cms",
# Grafana and various default plugins (see 2021/grafana/gb_grafana_dir_trav_vuln_dec21_active.nasl)
# nb: The default plugin list is only checked on the "/" root dir on purpose to keep the list little bit smaller.
"grafana",
"grafana/public",
"grafana/public/plugins",
"public",
"public/plugins",
"public/plugins/alertGroups",
"public/plugins/alertlist",
"public/plugins/alertmanager",
"public/plugins/annolist",
"public/plugins/barchart",
"public/plugins/bargauge",
"public/plugins/candlestick",
"public/plugins/canvas",
"public/plugins/cloudwatch",
"public/plugins/dashboard",
"public/plugins/dashlist",
"public/plugins/debug",
"public/plugins/elasticsearch",
"public/plugins/gauge",
"public/plugins/geomap",
"public/plugins/gettingstarted",
"public/plugins/grafana",
"public/plugins/grafana-azure-monitor-datasource",
"public/plugins/grafana-clock-panel",
"public/plugins/grafana-simple-json-datasource",
"public/plugins/graph",
"public/plugins/graphite",
"public/plugins/heatmap",
"public/plugins/histogram",
"public/plugins/influxdb",
"public/plugins/jaeger",
"public/plugins/live",
"public/plugins/logs",
"public/plugins/loki",
"public/plugins/mixed",
"public/plugins/mssql",
"public/plugins/mysql",
"public/plugins/news",
"public/plugins/nodeGraph",
"public/plugins/opentsdb",
"public/plugins/piechart",
"public/plugins/pluginlist",
"public/plugins/postgres",
"public/plugins/prometheus",
"public/plugins/stackdriver",
"public/plugins/stat",
"public/plugins/state-timeline",
"public/plugins/status-history",
"public/plugins/table",
"public/plugins/table-old",
"public/plugins/tempo",
"public/plugins/testdata",
"public/plugins/text",
"public/plugins/timeseries",
"public/plugins/welcome",
"public/plugins/xychart",
"public/plugins/zipkin",
# Apache JSPWiki
"JSPWiki",
"JSPWiki/scripts",
"JSPWiki/templates",
# MobileIron Core / Sentry / Endpoint Manager Mobile (EPMM)
"mics",
"mifs",
"mifs/c",
"mifs/c/windows",
"mifs/c/windows/api",
"mifs/c/windows/api/v2",
"mifs/c/windows/api/v2/device",
"mifs/scripts",
"mifs/user",
# PhreeBooks
"phreeBooks",
"phreeBooks/soap",
"phreebooks",
"phreebooks/soap",
"pb",
"pb/soap",
# dl_stats
"dl_stats",
# Snort Report
"snort",
"snortreport",
"snortreport-1.3.1",
# Auerswald COMmander / COMpact
"statics",
"statics/html",
"statics/script",
# Ubiquiti UniFi Network
"manage",
"manage/account",
"manage/angular",
"setup",
"setup/static",
"setup/static/js",
# LittlePhpGallery
"gallery",
"images",
# SQLiteManager
"sqlitemanager",
"SQLiteManager",
"sqlite",
# Apache James Web Admin (https://james.apache.org/server/manage-webadmin.html)
# nb: While those are some kind of API / entpoints and not directories we're still keeping it
# for consistency reasons and because some of these might exist as dirs on other systems.
"address",
"address/aliases",
"address/forwards",
"address/groups",
"cassandra",
"cassandra/mailbox",
"cassandra/version",
"deletedMessages",
"deletedMessages/users",
"dlp",
"dlp/rules",
"domainMappings",
"domains",
"events",
"events/deadLetter",
"events/deadLetter/groups",
"healthcheck",
"healthcheck/checks",
"jmap",
"mailboxes",
"mailQueues",
"mailRepositories",
"mappings",
"mappings/address",
"mappings/user",
"messasges",
"quota",
"quota/domains",
"quota/users",
"sieve",
"sieve/quota",
"sieve/quota/users",
"tasks",
"users",
"users/givenUser",
# Lexmark printers
"cgi-bin",
"cgi-bin/dynamic",
"cgi-bin/dynamic/printer",
"cgi-bin/dynamic/printer/config",
"cgi-bin/dynamic/printer/config/reports",
"cgi-bin/dynamic/printer/config/secure",
"Settings",
"Settings/Device",
"webglue",
# VMware Horizon
"appblast",
"appblast/webclient",
"broker",
"portal",
"portal/webclient",
# AjaXplorer
"ajaxplorer",
"ajaxplorer/plugins",
"filemanager",
"filemanager/plugins",
"xplorer",
"xplorer/plugins",
# Abtp Portal Project
"abtpportal",
"abtpportal/includes",
"abtpportal/includes/esqueletos",
"portal",
"portal/includes",
"portal/includes/esqueletos",
# SolarWinds Web Help Desk
"helpdesk",
"helpdesk/assetReport",
"helpdesk/WebObjects",
"helpdesk/WebObjects/Helpdesk.woa",
"helpdesk/WebObjects/Helpdesk.woa/ajax",
"helpdesk/WebObjects/Helpdesk.woa/wa",
"helpdesk/WebObjects/Helpdesk.woa/wo",
# ClearSite
"clearsite",
"clearsite/include",
# Xoops Celepar
"xoopsclepar",
# Evaria ECMS
"ecms",
"ecms/admin",
"cms",
"cms/admin",
# 68kb
"68k",
"68k/themes",
"68k/themes/admin",
"68k/themes/admin/default",
"68k/themes/admin/default/modules",
"themes",
"themes/admin",
"themes/admin/default",
"themes/admin/default/modules",
# JpGraph
"jpgraph",
"jpgraph/docportal",
"jpgraph/docs",
# Moxa MXview
"assets",
"certs",
"resources",
"resources/tmp",
# XWiki
"xwiki",
"xwiki/bin",
"xwiki/bin/login",
"xwiki/bin/login/XWiki",
"xwiki/bin/loginsubmit/XWiki",
"xwiki/bin/view",
"xwiki/bin/view/Main",
"xwiki/bin/view/XWiki",
"xwiki/resources",
# MyBackup
"backup",
"mybackup",
# Jamf Pro
"api",
"api/v1",
"assets",
"uapi",
"uapi/v1",
"ui",
# SureMDM
"suremdm",
"suremdm/console",
"suremdm/console/browserservice.aspx",
"suremdm/console/ConsolePage",
"console",
"console/browserservice.aspx",
"console/ConsolePage",
# Siestta
"siesta",
"Siestta",
# TCExam
"tcexam",
"tcexam/public",
"tcecam/public/code",
"TCExam",
"TCExam/public",
"TCExam/public/code",
# justVisual
"jv",
"jv/www",
"www",
# openstock / opentel
"openstock",
"openstock/scr",
"openmairie_stock",
"openmairie_stock/scr",
"openmairie_Tel",
"openmairie_Tel/scr",
"opentel",
"opentel/scr",
# phpThumb
"demo",
"demo/demo",
"phpThumb",
"phpThumb/demo",
# Event Horizon
"eventhorizon",
"eventh",
# FlatPress
"flatpress",
"blog",
# Cobbler
"cobbler_web",
"cobbler_webui_content",
# BMC Track-It!
"trackit",
"trackit/Account",
"TrackIt",
"TrackIt/Account",
"TrackIT",
"TrackIT/Account",
"TrackItWeb",
"TrackItWeb/Account",
"tiweb",
"tiweb/Account",
# Zabbix
"zabbix",
"monitoring",
# nuBuilder
"nubuilder",
"nubuilder/productionnu2",
"productionnu2",
# Whizzy CMS
"whizzy",
# AWCM
"awcm",
"awcm/includes",
"cms",
"cms/includes",
"includes",
# JAF CMS
"jaf",
"jaf/module",
"jaf/module/forum",
"cms",
"cms/module",
"cms/module/forum",
"module",
"module/forum",
# PHP Traverser
"phptraverser",
"phptraverser/assets",
"phptraverser/assets/plugins",
"phptraverser/assets/plugins/mp3_id",
"assets",
"assets/plugins",
"assets/plugins/mp3_id",
# JAG (Just Another Guestbook)
"jag",
"JAG",
# Direct News
"dn",
"dn/library",
# ccTiddly
"cctiddly",
"cctiddly/includes",
"includes",
# DNET Live-Status
"dnet",
# VoIPmonitor
"php",
"php/model",
"voipmonitor",
"voipmonitor/php",
"voipmonitor/php/model",
# Dolphin
"dolph",
"dolph/administration",
"dolph/xml",
"dolph/xmlrpc",
"dolph/modules",
"dolph/modules/boonex",
"dolph/modules/boonex/custom_rss",
"dolphin",
"dolphin/administration",
"dolphin/xml",
"dolphin/xmlrpc",
"dolphin/modules",
"dolphin/modules/boonex",
"dolphin/modules/boonex/custom_rss",
"administration",
"xml",
"xmprpc",
"modules",
"modules/boonex",
"modules/boonex/custom_rss",
# Jasig / Apereo Central Authentication Service (CAS)
# REST API Endpoint URLs got taken from https://fawnoos.com/2019/06/12/cas61x-rest-api/
"actuator",
"login",
"logout",
"p3",
"p3/proxyValidate",
"p3/serviceValidate",
"proxy",
"proxyValidate",
"serviceValidate",
"static",
"v1",
"v1/services",
"v1/tickets",
"validate",
"webjars",
"cas",
"cas/actuator",
"cas/login",
"cas/logout",
"cas/p3",
"cas/p3/proxyValidate",
"cas/p3/serviceValidate",
"cas/proxy",
"cas/proxyValidate",
"cas/serviceValidate",
"cas/static",
"cas/v1",
"cas/v1/services",
"cas/v1/tickets",
"cas/validate",
"cas/webjars",
"cas-server-webapp",
"cas-server-webapp/actuator",
"cas-server-webapp/login",
"cas-server-webapp/logout",
"cas-server-webapp/p3",
"cas-server-webapp/p3/proxyValidate",
"cas-server-webapp/p3/serviceValidate",
"cas-server-webapp/proxy",
"cas-server-webapp/proxyValidate",
"cas-server-webapp/serviceValidate",
"cas-server-webapp/static",
"cas-server-webapp/v1",
"cas-server-webapp/v1/services",
"cas-server-webapp/v1/tickets",
"cas-server-webapp/validate",
"cas-server-webapp/webjars",
# Yealink Device Management Platform
"premise",
"premise/front",
"sm",
"sm/api",
"sm/api/v1",
"sm/api/v1/firewall",
"sm/api/v1/firewall/zone",
# Cisco Unified Communications Manager
"ccmadmin",
"cucm-uds",
# Cisco Unified Communications Self Care Portal
"ucmuser",
"ucmuser/open",
# Cisco Prime License Manager
"elm-admin",
"elm-admin/faces",
# VMware Spring Cloud Gateway
"actuator",
"actuator/gateway",
"actuator/gateway/routes",
# Mollify
"mollify",
"mollify/backend",
"mollify/backend/plugin",
"mollify/backend/plugin/Registration",
"backend",
"backend/plugin",
"backend/plugin/Registration",
# Nakid CMS
"nakid",
"nakid/modules",
"nakid/modules/catalog",
"nakid/assets",
"nakid/assets/addons",
"nakid/assets/addons/kcfinder",
"Nakid",
"Nakid/modules",
"Nakid/modules/catalog",
"Nakid/assets",
"Nakid/assets/addons",
"Nakid/assets/addons/kcfinder",
"modules",
"modules/catalog",
"assets",
"assets/addons",
"assets/addons/kcfinder",
# Fretsweb
"fretsweb",
# Casdoor
"api",
"static",
"swagger",
# MantisBT
"bugs",
"bugtracker",
"mantis",
"mantisbt",
# Atlassian Jira Service Management
"jira",
"jira/servicedesk",
"jira/servicedesk/customer",
"jira/servicedesk/customer/user",
"servicedesk",
"servicedesk/customer",
"servicedesk/customer/user",
"servicedesk/servicedesk",
"servicedesk/servicedesk/customer",
"servicedesk/servicedesk/customer/user",
"sd",
"sd/servicedesk",
"sd/servicedesk/customer",
"sd/servicedesk/customer/user",
# Atlassian Fisheye Crucible
"crucible",
"crucible/rest-service-fecru",
"fisheye",
"fisheye/rest-service-fecru",
"rest-service-fecru",
# HP/HPE/Micro Focus Universal CMDB
"status",
"jmx-console",
"ucmdb-api",
"ucmdb-browser",
"ucmdb-client",
"ucmdb-ui",
"ucmdb-ui/cms",
"ucmdb-ui/static",
"ucmdb-ui/static/act",
"ucmdb-ui/static/CMS",
# Code42 Server
"login",
"c42api",
"c42api/v1",
"c42api/v2",
"c42api/v3",
# RuubikCMS
"cms",
"cms/extra",
"ruubikcms",
"ruubikcms/extra",
"extra",
# CompactCMS
"compactcms",
"ccms",
"cms",
# WHMCS
"cart",
"shop",
"whmcs",
"bill",
"support",
"management",
# Kyocera printers
"basic",
"dvcinfo",
"dvcinfo/dvcconfig",
"eng",
"eng/basic",
"eng/security",
"eng/start",
"eng/status",
"js",
"js/jssrc",
"js/jssrc/model",
"js/jssrc/model/dvcinfo",
"js/jssrc/model/dvcinfo/dvcconfig",
"js/jssrc/model/startwlm",
"start",
"startwlm",
"wlmeng",
"wlmdeu",
"ws",
"ws/km-wsdl",
"ws/km-wsdl/setting",
# Hastymail2
"Hastymail2",
"hastymail2",
"hastymail",
"hm2",
# Mitel Audio and Web Conferencing (AWC)
"awcuser",
"awcuser/cgi-bin",
# Qianbo Enterprise Web Site Management System
"en",
# SAP Knowledge Warehouse, some from https://help.sap.com/docs/SAP_NETWEAVER_AS_ABAP_FOR_SOH_740/816f1f952d244bbf9dd5063e2a0e66b0/4dd97e99125c3606e10000000a15822b.html?version=7.40.15
"logon_ui_resources",
"SAPIKS",
"SAPIKS/KW",
"SAPIKS2",
"SAPIKS2/jsp",
"SAPIrExtHelp",
"SAPIrExtHelp/random", # nb: As seen in CVE-2021-42063
# Atlassian Crowd
"crowd",
"crowd/admin",
"crowd/services",
# nb:
# - No "crowd" in front of these are expected
# - The "plugins/servlet" seems to be also valid for at least Jira
"plugins",
"plugins/servlet",
"plugins/servlet/oauth",
"plugins/servlet/oauth/users",
# Siemens SICAM A8000 and possible other devices
"3P",
"lib",
"sicweb-ajax",
"sicweb-md",
# BeyondTrust Remote Support
"api",
"content",
"files",
# BeyondTrust Secure Remote Access
"appliance",
"appliance/content",
# webEdition CMS
"webedition",
"webEdition",
# Gitea
"gitea",
# AlquistManager
"asd",
# Clustering
"img",
# F5 BIG-IP
# nb: There might be more, this only adds the known ones from a few existing VTs.
"mgmt",
"mgmt/shared",
"mgmt/shared/authn",
"mgmt/shared/authz",
"mgmt/tm",
"mgmt/tm/auth",
"mgmt/tm/auth/user",
"mgmt/tm/util",
"tmui",
"tmui/locallb",
"tmui/locallb/workspace",
# WSO2 Carbon Products
"admin",
"accountrecoveryendpoint",
"authenticationendpoint",
"carbon",
"carbon/product",
"devportal",
"fileupload",
"publisher",
# osTicket
"osticket",
"osticket/upload",
"osTicket",
"osTicket/upload",
"upload",
# Web File Browser
"webFileBrowser",
"webfilebrowser",
# Zyxel USG and ATP
"ztp",
"ztp/cgi-bin",
# QNAP NAS and additionl software for it
"cgi-bin/html",
"cgi-bin/loginTheme",
"cgi-bin/surveillance",
"gallery",
"musicstation",
"photo",
"photo/gallery",
"video",
"video/api",
# SonicWall SMA/SRA
"__api__",
"__extraweb__",
"__extraweb__/assets",
"Console",
"Console/UI",
"spog",
"workplace",
"workplace/access",
# SonicWall Firewalls
"atp",
"resources",
"Security_Services",
"sonicui",
"sonicui/7",
"sonicui/7/login",
"stats",
# osCSS
"catalog",
"osCSS",
# MyNews
"mynews",
"mynews/includes",
"mynews/includes/tiny_mce",
"mynews/includes/tiny_mce/plugins",
"mynews/includes/tiny_mce/plugins/filemanager",
"mynews/includes/tiny_mce/plugins/filemanager/classes",
"mynews/includes/tiny_mce/plugins/filemanager/classes/FileManager",
"mynews/includes/tiny_mce/plugins/filemanager/classes/FileManager/FileSystems",
"news",
"news/includes",
"news/includes/tiny_mce",
"news/includes/tiny_mce/plugins",
"news/includes/tiny_mce/plugins/filemanager",
"news/includes/tiny_mce/plugins/filemanager/classes",
"news/includes/tiny_mce/plugins/filemanager/classes/FileManager",
"news/includes/tiny_mce/plugins/filemanager/classes/FileManager/FileSystems",
"includes",
"includes/tiny_mce",
"includes/tiny_mce/plugins",
"includes/tiny_mce/plugins/filemanager",
"includes/tiny_mce/plugins/filemanager/classes",
"includes/tiny_mce/plugins/filemanager/classes/FileManager",
"includes/tiny_mce/plugins/filemanager/classes/FileManager/FileSystems",
# LoveCMS
"cms",
"cms/system",
"cms/system/admin",
"lovecms",
"lovecms/system",
"lovecms/system/admin",
"system",
"system/admin",
# ezCourses
"eafb",
"eafb/admin",
"ezCourses",
"ezCourses/admin",
"ezcourses",
"ezcourses/admin",
"courses",
"courses/admin",
# phpWebSite
"phpwebsite",
# Oracle Access Manager (OAM)
"oam",
"oam/pages",
"oam/pages/js",
"oam/server",
"oam/server/opensso",
# CultBooking
"cb",
"cultbooking",
"CultBooking",
# ActivDesk
"adesk",
"hdesk",
"support",
# Xenon
"xenon",
# Xiaomi Routers
"api-third-party",
"api-third-party/download",
"api-third-party/download/extdisks",
"api-third-party/download/private",
"api-third-party/download/public",
"backup",
"backup/log",
# Support Incident Tracker
"tracker",
"support",
"sit",
# awiki
"awiki",
"wiki",
# i-Gallery
"igallery",
"gallery",
# BLOG:CMS
"blog",
"blog/photo",
"blog/photo/templates",
"blog/photo/templates/admin_default",
"cms",
"cms/photo",
"cms/photo/templates",
"cms/photo/templates/admin_default",
"photo",
"photo/templates",
"photo/templates/admin_default",
# Citrix ADM
"admin_ui",
"admin_ui/mas",
"admin_ui/mas/ent",
"nitro",
"nitro/v1",
"nitro/v1/config",
# HP 3Com Switch
"web",
"web/device",
# OpenEMR
"interface",
"interface/login",
"contrib",
"contrib/util",
"contrib/util/ubuntu_package_scripts",
"contrib/util/ubuntu_package_scripts/production",
"openemr/interface",
"openemr/interface/login",
"openemr/contrib",
"openemr/contrib/util",
"openemr/contrib/util/ubuntu_package_scripts",
"openemr/contrib/util/ubuntu_package_scripts/production",
# Xerox DocuShare
"dsweb",
"dsweb/ResultBackgroundJobMultiple",
"dsweb/webex",
"docushare/dsweb",
"docushare/dsweb/ResultBackgroundJobMultiple",
"docushare/dsweb/webex",
"share/dsweb",
"share/dsweb/ResultBackgroundJobMultiple",
"share/dsweb/webex",
# elFinder
"elfinder",
"elfinder/files",
"elfinder/php",
"elFinder",
"elFinder/files",
"elFinder/php",
# VMware Site Recovery Manager
"configure",
"configure/app",
"configure/app/landing",
"dr",
"dr/authentication",
"dr/authentication/oauth2",
# Intramaps
"applicationengine",
"ApplicationEngine",
"IntraMaps/applicationengine",
"IntraMaps/ApplicationEngine",
"intramaps75/applicationengine",
"intramaps75/ApplicationEngine",
"IntraMaps70/applicationengine",
"IntraMaps70/ApplicationEngine",
# Free Hosting Manager
"fhm",
"fhm/admin",
"freehostingmanager",
"freehostingmanager/admin",
# PhotoPost
"photopost",
"photos",
"gallery",
"photo",
# Cisco Nexus Dashboard
"api",
"api/config",
"api/config/class",
"external_dependencies",
"static",
"uiplugins",
"uiplugins/header",
"uiservices",
# CAREL pCOWeb based devices
"http",
"http/hc",
"http/index",
"http/rdz",
"usr-cgi",
# FileWave Management Suite
"filewave",
"filewave/api",
"filewave/api/config",
"filewave/api/config/v1",
"filewave/api/auth",
"ios",
"api",
"api/vppv2",
# Ignition
"ignition",
# Escortservice
"escortservice",
# DLGuard
"dlguard",
"dlguard/cart",
"dlg",
"dlg/cart",
"store",
"store/dlg",
"store/dlg/cart",
"cbdm",
"cbdm/cart",
# GoAnywhere MFT
"goanywhere",
"goanywhere/admin",
"goanywhere/auth",
"goanywhere/images",
"goanywhere/images/logos",
"goanywhere/javax.faces.resource",
"goanywhere/lic",
"goanywhere/license",
"goanywhere/scripts",
"goanywhere/styles",
"goanywhere/styles/themes",
"webclient",
#Veritas OpsCenter
"opscenter",
"opscenter/features",
"opscenter/features/common",
"opscenter/features/common/include",
"opscenter/features/common/login",
"opscenter/webcommon",
"opscenter/webcommon/common",
"opscenter/webcommon/common/include",
"opscenter/webcommon/framework",
"opscenter/webcommon/widgets",
# Various from 2014/gb_bash_shellshock_rce_vuln_http_active.nasl
"aktivate",
"aktivate/cgi-bin",
"apps",
"apps/web",
"axis-cgi",
"axis-cgi/buffer",
"b2-include",
"bandwidth",
"ccbill",
"cgi-bin/a1stats",
"cgi-bin/admin",
"cgi-bin/auction",
"cgi-bin/blog",
"cgi-bin/boozt",
"cgi-bin/boozt/admin",
"cgi-bin/bulk",
"cgi-bin/calendar",
"cgi-bin/cbmc",
"cgi-bin/classifieds",
"cgi-bin/.cobalt",
"cgi-bin/.cobalt/alert",
"cgi-bin/.cobalt/message",
"cgi-bin/.cobalt/siteUserMod",
"cgi-bin/common",
"cgi-bin/CSMailto",
"cgi-bin/csPassword",
"cgi-bin/dbman",
"cgi-bin/emu",
"cgi-bin/emu/html",
"cgi-bin/emumail",
"cgi-bin/ezshopper",
"cgi-bin/ezshopper2",
"cgi-bin/ezshopper3",
"cgi-bin/fom",
"cgi-bin/gbook",
"cgi-bin/handler",
"cgi-bin/handler/netsonar",
"cgi-bin/if",
"cgi-bin/if/admin",
"cgi-bin/ikonboard",
"cgi-bin/ImageFolio",
"cgi-bin/ImageFolio/admin",
"cgi-bin/mail",
"cgi-bin/mojo",
"cgi-bin/mt",
"cgi-bin/mt-static",
"cgi-bin/photo",
"cgi-bin/photo/protected",
"cgi-bin/pollit",
"cgi-bin/powerup",
"cgi-bin/publisher",
"cgi-bin/replicator",
"cgi-bin/sbcgi",
"cgi-bin-sdb",
"cgi-bin/search",
"cgi-bin/smartsearch",
"cgi-bin/store",
"cgi-bin/technote",
"cgi-bin/test",
"cgi-bin/way-board",
"cgi-bin/webcart",
"cgi-bin/webmail",
"cgi-bin/webmail/html",
"cgi-bin/Web_Store",
"cgi-bin/whois",
"cgi-bin/YaBB",
"cgis",
"cgis/wwwboard",
"cgi-sys",
"cp",
"cp/rac",
"dasdec",
"dcforum",
"edittag",
"ez2000",
"fcgi-bin",
"hitmatic",
"hp_docs",
"hp_docs/cgi-bin",
"html",
"html/cgi-bin",
"megabook",
"ministats",
"mods",
"mods/apage",
"_mt",
"oem_webstage",
"oem_webstage/cgi-bin",
"photo",
"photodata",
"phppath",
"pub",
"quikmail",
"reviews",
"ROADS",
"ROADS/cgi-bin",
"servers",
"shop",
"technote",
"ucsm",
"users",
"users/scripts",
"vood",
"vood/cgi-bin",
"Web_Store",
"webtools",
"webtools/bonsai",
"wwwboard",
# Veritas NetBackup Appliance
"appliance",
"appliance/common",
"appliance/common/css",
"appliance/modules",
"appliance/modules/common",
"appliance/modules/common/css",
"appliance/modules/common/images",
"appliance/modules/common/includes",
"appliance/modules/common/includes/ext-js",
"appliance/modules/common/includes/ext-js/resources",
"appliance/modules/common/includes/ext-js/resources/css",
"appliance/modules/common/includes/widgets",
"appliance/modules/common/js",
"appliance/modules/login",
"appliance/modules/login/css",
"appliance/modules/login/js",
"appliance/modules/logout",
"appliance/modules/logout/js",
# OpenNMS
"opennms",
"opennms/assets",
"opennms/images",
# 1024 CMS
"cms",
"cms/complete-modules",
"cms/complete-modules/modules",
"cms/complete-modules/modules/forcedownload",
"complete-modules",
"complete-modules/modules",
"complete-modules/modules/forcedownload",
# allocPSA
"login",
# Course MS
"coursems",
# Progress WS_FTP Server
"AHT",
"AHT/AHT_UI",
"AHT/AHT_UI/public",
"AHT/AHT_UI/public/js",
"thinclient",
"ThinClient",
"ThinClient/WTM",
"ThinClient/WTM/public",
"ThinClient/WTM/public/js",
# PHPAuctions
"phpauctions",
"phpauction",
"auction",
# Lasernet CMS
"cms",
"lasernet",
# ea-gBook
"ea-gBook",
"gbuch",
"gb",
"guestbook",
"Gaestebuch",
# Zimbra
"zimbraAdmin",
"zimbraAdmin/js",
"zimbraAdmin/js/zimbraMail",
"zimbraAdmin/js/zimbraMail/share",
"zimbraAdmin/js/zimbraMail/share/model",
"js",
"js/zimbraMail",
"js/zimbraMail/share",
"js/zimbraMail/share/model",
"res",
# Hikvision IP Cameras
"doc",
"doc/page",
"doc/script",
"doc/script/config",
"doc/script/config/system",
"doc/script/lib",
"doc/script/lib/seajs",
"doc/script/lib/seajs/seajs", # nb: Duplicated folder name is expected
"doc/script/lib/seajs/config",
"doc/ui",
"ISAPI",
"ISAPI/Security",
"ISAPI/Security/sessionLogin",
"SDK",
# VMware HCX
"hybridity",
"hybridity/ui",
"hybridity/ui/hcx-client",
"hybridity/api",
# IBSng
"IBSng",
"IBSng/util",
# SysAid Help Desk
"sysaid",
"servicePortal",
"servicePortal/static",
"api",
"api/v1",
# Digital College
"dc",
"dc/includes",
"dc/includes/tiny_mce",
"dc/includes/tiny_mce/plugins",
"dc/includes/tiny_mce/plugins/imagemanager",
"college",
"college/includes",
"college/includes/tiny_mce",
"college/includes/tiny_mce/plugins",
"college/includes/tiny_mce/plugins/imagemanager",
"includes",
"includes/tiny_mce",
"includes/tiny_mce/plugins",
"includes/tiny_mce/plugins/imagemanager",
# LotusCMS
"lcms",
"cms",
# Tosiba printers
"Device",
"TopAccess",
"TopAccess/Administrator",
"TopAccess/Administrator/Setup",
"TopAccess/Administrator/Setup/ScanToFile",
"TopAccess/Device",
"cgi-bin",
"cgi-bin/dynamic",
"cgi-bin/dynamic/printer",
"cgi-bin/dynamic/printer/config",
"cgi-bin/dynamic/printer/config/reports",
# Tableau server
"auth",
"javascripts",
"javascripts/api",
"vizportal",
"vizportal/api",
"vizportal/api/web",
"vizportal/api/web/v1",
# Apache APISIX and Apache APISIX Dashboard
"apisix",
"apisix/admin",
"apisix/admin/routes",
"apisix/admin/tool",
# F-Secure Policy Manager (Server and Proxy)
"fsms",
# dotProject
"dotproject",
"dotProject",
"Dotproject",
# Accruent Analytics
"bi",
"bi/v1",
"bi/lib",
"bi/js",
# Alertus Console
"AlertusWeb",
# PHP Coupon Script
"phpcoupon",
"coupon",
# phpGraphy
"phpgraphy",
"phpgraphy/themes",
"phpgraphy/themes/default",
"themes",
"themes/default",
# Avaya Contact Center Select
"CCMALogin",
"CCMALogin/Home",
"common",
"common/asps",
# RStudio Connect
"connect",
# Axis Commerce
"axis",
"axis/admin",
"axis/search",
"shop",
"shop/admin",
"shop/search",
# RhinOS CMS
"rhinos",
"rhinos/admin",
"rhinos/admin/lib",
"rhinos/admin/lib/gradient",
"rhinos-es-3.0",
"rhinos-es-3.0/admin",
"rhinos-es-3.0/admin/lib",
"rhinos-es-3.0/admin/lib/gradient",
"admin",
"admin/lib",
"admin/lib/gradient",
# Dell EMC RecoveryPoint
"WDM",
"deployer",
"deployer/rest",
# Cynet 360
"SitePages",
"WebApp",
"WebApp/SettingsExclusion",
"WebApp/DeceptionUser",
# ExtremeCloud IQ
"acct-webapp",
"acct-webapp/oauth",
"acct-webapp/security",
# IBM Cognos Analytics
"bi",
"ibmanalytics",
"ibmanalytics/bi",
"cognos",
"cognos/bi",
"ibmcognos",
"ibmcognos/bi",
"analytics",
"analytics/bi",
"cognosanalytics",
"cognosanalytics/bi",
"datacenter",
"datacenter/bi",
# Fortinet Fortiportal
"fpc",
# Community Server
"utility",
# web@all
"webatall",
"weball",
# CMS Lokomedia
"lokomedia",
# Podcast Generator
"podcast",
# DmxReady Secure Document Library
"SecureDocumentLibrary",
"SecureDocumentLibrary/admin",
"SecureDocumentLibrary/admin/SecureDocumentLibrary",
"SecureDocumentLibrary/admin/SecureDocumentLibrary/DocumentLibraryManager",
"admin/SecureDocumentLibrary",
"admin/SecureDocumentLibrary/DocumentLibraryManager",
# SyndeoCMS
"starnet",
# Betsy
"betsy",
# JetBrains Hub
"hub",
"hub/auth",
"hub/api",
"hub/api/rest",
"hub/api/rest/oauth2",
"hub/api/rest/oauth2/interactive",
# SAP BusinessObjects Business Intelligence Platform
"BOE",
"BOE/CMC",
"BOE/portal",
# HESK
"hesk",
"help",
"helpdesk",
"ticket",
# todoyu
"todoyu",
# phpBugTracker
"phpbt",
"bugtracker",
"bugs",
# Progress DataDirect Hybrid Data Pipeline
"hdpui",
# netjukebox
"netjukebox",
# Ajax File and Image Manager / PHP File Manager
"fm",
"fm/ajaxfilemanager",
"file",
"file/ajaxfilemanager",
"filemanager",
"filemanager/ajaxfilemanager",
"ajaxfilemanager",
# Silex
"silex",
# Ruckus (Virtual) SmartZone
"cas",
"wsg", # nb: Also seen on Ruckus SmartCell Gateway
# VMware Workspace ONE Assist
"wbc",
"AdminWebPortal",
# Ax Developer CMS
"axdcms",
"axdcms/modules",
"axdcms/modules/profile",
"cms",
"cms/modules",
"cms/modules/prifile",
"modules",
"modules/profile",
# Room Juice
"roomjuice",
# TimeLive
"timelive",
"TimeLive",
"timetracking",
"TimeTracking",
# BigBlueButton (BBB)
"b", # nb: On the Docker image
"bigbluebutton",
"bigbluebutton/api",
"demo",
# POSH,
"posh",
"posh/portal",
# Wowza Streaming Engine
"enginemanager",
# Batavi
"batavi",
"batavi/admin",
"shop",
"shop/admin",
# PHPShop
"shop",
"phpshop",
# Portix-CMS
"portix",
# WebCalendar
"WebCalendar",
"webcalendar",
"calendar",
# Synology DSM/SRM
"synoSDSjslib",
"synohdpack",
"webapi",
"webdefault",
"webdefault/css",
"webdefault/js",
"webfm",
"webman",
"webman/3rdparty",
"webman/modules",
"webman/resources",
# phpWebThings
"phpwebthings",
"phpwebthings/core",
"webthings",
"webhtings/core",
"phpwt",
"phpwt/core",
"things",
"things/core",
# gCards
"gcards",
# Open-Xchange (OX) App Suite
"appsuite",
"appsuite/api",
"appsuite/apps",
"appsuite/apps/io.ox",
# LISTSERV
"listserv",
# Barracuda CloudGen Firewall
"portal",
"portal/plugins",
"sslvpn_api",
"sslvpn_api/authentication",
"totp_api",
"totp_api/authentication",
# Cisco Wireless LAN Controller (WLC)
"EmWeb",
"data",
"data/rfdashboard",
"dojo",
"helpfiles",
"helpfiles/oweb",
"nls",
"screens",
"screens/aaa",
"screens/apf",
"screens/base",
"screens/dashContent",
"screens/port",
"screens/qos",
"screens/snmp",
"screens/spam",
"screens/stats",
"screens/trapmgr",
"screens/webui",
"udm-resources",
# Cisco SD-WAN vManage
"dataservice",
# Fork CMS
"frontend",
# BackupPC
"backuppc",
# Zenphoto
"zenphoto",
"zenphoto/zp-core",
"zp-core",
# Trombinoscope
"trombi",
# XODA
"xoda",
# Micro Focus ZENworks
"zenworks",
"zenworks/jsp",
"zenworks/jsp/fw",
"zenworks/jsp/fw/internal",
# GeoServer
"geoserver",
"geoserver/web",
"geoserver/web/wicket",
"geoserver/web/wicket/bookmarkable",
# Narcissus
"narcissus",
"narcissus-master",
# appRain CMF
"appRain",
"appRain/profile",
"apprain",
"apprain/profile",
# Sophos Cyberoam UTM/NGFW
"corporate",
"corporate/webpages",
# Sophos Cyberoam Central Console (CCC)
"CCC",
# Pandora FMS
"fms",
"pandora_console",
"pandora_console/mobile",
"pandora_console/enterprise",
"pandora_console/enterprise/meta",
"pandora_console/enterprise/meta/general",
# PHP Booking Calendar
"booking_calendar",
"cal",
# Harmonic NSG 9000 Devices
"PY",
# SilerStripe CMS
"dev",
"dev/build",
"Security",
"cms",
"cms/dev",
"cms/dev/build",
"cms/Security",
"silverstripe",
"silverstripe/dev",
"silverstripe/dev/build",
"silverstripe/Security",
"Silverstripe",
"Silverstripe/dev",
"Silverstripe/dev/build",
"Silverstripe/Security",
"silverstripe-cms",
"silverstripe-cms/dev",
"silverstripe-cms/dev/build",
"silverstripe-cms/Security",
"Silverstripe-cms",
"Silverstripe-cms/dev",
"Silverstripe-cms/dev/build",
"Silverstripe-cms/Security",
# Cisco Collaboration Server
"webline",
"webline/html",
"webline/html/admin",
"webline/html/admin/wcs",
# ManageEngine Key Manager Plus
"apiclient",
# Annuaire PHP
"annuaire",
"annuaire/admin",
"Annuaire",
"Annuaire/admin",
# WAGO I/O System 758 series
"cgi-bin/ssi.cgi",
# WAGO Ethernet Web-based Management / PLC
"wbm",
"wbm/css",
"wbm/images",
"wbm/js",
"wbm/php",
"wbm/php/parameter",
"wbm/php/plugins",
"wbm/plugins",
"wbm/plugins/wbm-aide",
"wbm/plugins/wbm-bacnet",
"wbm/plugins/wbm-certificate-uploads",
"wbm/plugins/wbm-clock",
"wbm/plugins/wbm-cloud-connectivity",
"wbm/plugins/wbm-create-image",
"wbm/plugins/wbm-diagnostic",
"wbm/plugins/wbm-firewall",
"wbm/plugins/wbm-information",
"wbm/plugins/wbm-ipk-uploads",
"wbm/plugins/wbm-legal-information",
"wbm/plugins/wbm-legal-information/platform",
"wbm/plugins/wbm-legal-information/platform/pfcXXX",
"wbm/plugins/wbm-massstorage",
"wbm/plugins/wbm-modbus",
"wbm/plugins/wbm-networking",
"wbm/plugins/wbm-opcua",
"wbm/plugins/wbm-openvpn-ipsec",
"wbm/plugins/wbm-package-server",
"wbm/plugins/wbm-ports",
"wbm/plugins/wbm-runtime-configuration",
"wbm/plugins/wbm-runtime-information",
"wbm/plugins/wbm-runtime-services",
"wbm/plugins/wbm-security",
"wbm/plugins/wbm-serial-interface",
"wbm/plugins/wbm-service-interface",
"wbm/plugins/wbm-snmp",
"wbm/plugins/wbm-statusdate",
"wbm/plugins/wbm-statusled",
"wbm/plugins/wbm-statusled/platform",
"wbm/plugins/wbm-statusled/platform/pfcXXX",
"wbm/plugins/wbm-statusled/platform/pfcXXX/parameter",
"wbm/plugins/wbm-statusled/platform/pfcXXX/parameter/transforms",
"wbm/plugins/wbm-statusplcswitch",
"wbm/plugins/wbm-user",
"webserv",
"webserv/cplcfg",
# Sourcefabric Newscoop
"newscoop",
"newscoop/admin",
# Cartweaver
"cartweaver",
"cartweaver/admin",
"cartweaver/admin/helpfiles",
"cartScripts",
"cartScripts/admin",
"cartScripts/admin/helpfiles",
"cw",
"cw/admin",
"cw/admin/helpfiles",
"admin/helpfiles",
# SnipSnap Wiki
"space",
"snipsnap",
"snipsnap/space",
# Alpha Networks Router (e.g. ASL-26555)
"APIS",
# Micro Focus / NetIQ / Novell iManager
"nps",
"nps/servlet",
"nps/UninstallerData",
# Micro Focus / Novell GroupWise
"gwadmin-console",
"gw",
"gw/webaccess",
"servlet",
# SAP XI / PI but maybe also other products as well
"rep",
"rep/start",
"webdynpro",
"webdynpro/dispatcher",
"webdynpro/dispatcher/sap.com",
"webdynpro/dispatcher/sap.com/com.sap.xi.adminweb",
"webdynpro/dispatcher/sap.com/pb",
"webdynpro/dispatcher/sap.com/tc~lm~itsam~ui~mainframe~wd",
"webdynpro/dispatcher/sap.com/tc~mdm~srmcat~uiutil", # Utilities Page of the SRM-MDM Catalog
"webdynpro/dispatcher/sap.com/tc~sec~ume~wd~enduser",
"webdynpro/dispatcher/sap.com/tc~wd~eptests",
"webdynpro/dispatcher/sap.com/tc~wd~tools",
# Mattermost Server
"api",
"api/v4",
"api/v4/teams",
"api/v4/users",
"api/v4/users/me",
"api/v4/users/me/teams",
"plugins",
"plugins/focalboard",
"plugins/focalboard/api",
"plugins/focalboard/api/v2",
"plugins/playbooks",
"plugins/playbooks/api",
"plugins/playbooks/api/v0",
"plugins/playbooks/api/v0/playbooks",
"plugins/playbooks/api/v0/runs",
# HPE OfficeConnect Switches
"htdocs/lang",
"htdocs/lang/en_us",
"htdocs/login",
"htdocs/lua",
"htdocs/lua/ajax",
"htdocs/lua/deviceviewer",
"htdocs/lua/menu",
"htdocs/pages",
"htdocs/pages/base",
"htdocs/pages/main",
"htdocs/pages/switching",
"htdocs/static",
# TerraMaster NAS devices
"tos",
"v2",
"module",
# Axis devices
"aca",
"axis-cgi",
"axis-cgi/buffer",
"axis-cgi/prod_brand_info",
"axis-media",
"axis-release",
"camera",
"intercom",
"intercom/img",
"operator",
"view",
# Fortinet FortiADC
"ui",
"api/platform",
# Fortinet FortiNAC
"gui",
"api",
# Bluadmin
"bluadmin",
# SonicWall ViewPoint, GMS
"sgms",
"sgms/reports",
"sgms/reports/scheduledreports",
"sgms/reports/scheduledreports/configure",
"ws",
"ws/msw",
"ws/msw/tenant",
# OSClass
"osclass",
"osclass/oc-admin",
"oc-admin",
# Ektron CMS
"cms",
"cms/WorkArea",
"cms/WorkArea/ContentDesigner",
"cms400min",
"cms400min/WorkArea",
"cms400min/WorkArea/ContentDesigner",
"cms400.net",
"cms400.net/WorkArea",
"cms400.net/WorkArea/ContentDesigner",
"cms400",
"cms400/WorkArea",
"cms400/WorkArea/ContentDesigner",
"WorkArea",
"WorkArea/ContentDesigner",
# Amcrest / Dahua IP cameras
"current_config",
# Apache NiFi
"nifi",
"nifi-api",
"nifi-api/flow",
"nifi-api/access",
# Alcatel-Lucent OmniSwitch
"web",
"web/content",
"lang",
# Riello NetMan 204
"assets",
"javascripts",
"json",
"partials",
"stylesheets",
"vendor",
# TeamPass
"sources",
"sources/upload",
"teampass/sources",
"teampass/sources/upload",
"TeamPass/sources",
"TeamPass/sources/upload",
# Trend Micro Smart Protection Server
"tmcss",
# Various apps using ZK Framework
"zkau",
"zkau/web",
"zkc",
"zkc/zkau",
"zkc/zkau/web",
# Apache OpenMeetings
"openmeetings",
"openmeetings/services",
"openmeetings/services/info",
"openmeetings/docs",
"apache/openmeetings",
"apache/openmeetings/services",
"apache/openmeetings/services/info",
"apache/openmeetings/docs",
"services",
"services/info",
# Enterprise Resource Planning
"erp",
"erp/Portal",
"erp/Portal/WUC",
"Portal",
"Portal/WUC",
# Zend Framework
"production",
"production/application",
"production/application/configs",
"application",
"application/configs",
# Liferay Portal / DXP
"api",
"api/jsonws",
"web",
"web/guest",
"Liferay",
"Liferay/api",
"Liferay/api/jsonws",
"Liferay/web",
"Liferay/web/guest",
# From CVE-2021-33990 of Liferay Portal
"html",
"html/js",
"html/js/editor",
"html/js/editor/ckeditor",
"html/js/editor/ckeditor/editor",
"html/js/editor/ckeditor/editor/filemanager",
"html/js/editor/ckeditor/editor/filemanager/browser",
"html/js/editor/ckeditor/editor/filemanager/browser/liferay",
"Liferay/html",
"Liferay/html/js",
"Liferay/html/js/editor",
"Liferay/html/js/editor/ckeditor",
"Liferay/html/js/editor/ckeditor/editor",
"Liferay/html/js/editor/ckeditor/editor/filemanager",
"Liferay/html/js/editor/ckeditor/editor/filemanager/browser",
"Liferay/html/js/editor/ckeditor/editor/filemanager/browser/liferay",
# Sybase EAServer
"WebConsole",
"console",
# SolarWinds Database Performance Analyzer (DPA)
"iwc",
"iwc/javascript",
"iwc/javascript/common",
"iwc/javascript/jquery",
"iwc/pages",
"iwc/pages/css",
# e.g. Checkmk / Check_MK (core and appliance)
"check_mk",
"checkmk",
"checkmk/check_mk",
"cmk",
"cmk/check_mk",
"monitor",
"monitor/check_mk",
"webconf",
# Apache Superset
"login",
"superset",
"superset/welcome",
"superset/profile",
"static",
"static/assets",
# Kerio WinRoute Firewall
"nonauth",
# netOffice Dwins
"netoffice",
"netoffice/general",
"netoffice/expenses",
"Dwins",
"Dwins/general",
"Dwins/expenses",
"general",
"expenses",
# Unknown Huawei devices
"umweb",
# op5 / OP5 Monitor
"monitor",
"monitor/application",
"monitor/application/views",
"monitor/modules",
"monitor/op5",
"monitor/op5/pnp",
"ninja",
"ninja/application",
"op5config",
"portal",
# MailEnable
"mewebmail",
"mewebmail/Mondo",
"mewebmail/Mondo/lang",
"mewebmail/Mondo/lang/sys",
"mail",
"mail/Mondo",
"mail/Mondo/lang",
"mail/Mondo/lang/sys",
"webmail",
"webmail/Mondo",
"webmail/Mondo/lang",
"webmail/Mondo/lang/sys",
"Mondo",
"Mondo/lang",
"Mondo/lang/sys",
# Oracle OPERA
"OperaHelp",
"OperaLogin",
"Operajserv",
"Operajserv/webarchive",
"operabin",
# Dolibarr
"dolibarr",
"dolibarr/htdocs",
"htdocs",
# cPanel
"cpanelwebcall",
# Moxa MiiNePort
"moxa",
# TVersity
"geturl",
# Andromeda Streaming Server
"streams",
"music",
"andromeda",
"mp3",
# Semantic Enterprise Wiki
"mediawiki",
"smw",
# ProWiki
"prowoki",
# ArticleSetup
"ArticleSetup",
"ArticleSetup/upload",
# Mitel MiCollab / MiVoice Business Express
"awc",
"awcuser",
"awcuser/cgi-bin",
"icw",
"portal",
"portal/login",
"portal/loginPage",
"server-common",
"server-common/cgi-bin",
"server-manager",
"ucs",
"ucs/json",
"ucs/micollab",
"ucs/micollab/libs",
"ucs/micollab/platform",
"ucs/micollab/resources",
"ucs/v1",
"vcs",
# phpVideoPro
"phpvideopro",
"video",
# w-CMS
"w-cms",
"w_cms",
# SAPID CMS
"sapid",
"sapid/usr",
"sapid/usr/extensions",
"usr",
"usr/extensions",
# Possible location of AWS credentials / profile files
".aws",
# Open Business Management (OBM)
"obm",
# PRADO PHP
"prado",
"prado/tests",
"prado/tests/test_tools",
"tests",
"tests/test_tools",
# JamWiki
"jamwiki",
"jamwiki/en",
"JamWiki",
"JamWiki/en",
"wiki",
"wiki/en",
# EditWrxLite CMS
"editwrx",
# Omni-Secure
"oss5",
"oss5/lib",
"oss6",
"oss6/lib",
"oss7",
"oss7/lib",
# pfile
"pfile",
# Palo Alto PAN-OS / GlobalProtect
"api",
"ca",
"CA",
"esp",
"global-protect",
"global-protect/msi",
"global-protect/portal",
"login",
"php",
"php/utils",
"sslmgr",
# Schneider Electric Wonderware / AVEVA InTouch Access Anywhere (Secure Gateway)
"AccessAnywhere",
"AccessAnywhere/lib",
"AccessAnywhere/resources",
"AccessAnywhere/resources/lang",
"AccessAnywhere/src",
"AccessNow",
"Admin",
"SG",
"SG/Scripts",
# AVEVA Plant SCADA Access Anywhere
"AccessNow",
"PlantSCADAAccessAnywhere",
"PlantSCADAAccessAnywhere/lib",
"PlantSCADAAccessAnywhere/resources",
"PlantSCADAAccessAnywhere/resources/lang",
"PlantSCADAAccessAnywhere/src",
# Odoo
"base_import",
"base_import/static",
# Caucho Resin
"caucho-status",
"cmp",
"faq",
"ref",
"resin-admin",
"resin-doc",
# Progress MOVEit Transfer
"api",
"api/v1",
"api/v1/folders",
"api/v1/users",
"moveitisapi", # nb: Seen on https://github.com/Neo23x0/signature-base/blob/ec3edef498b01b6da71d7fb1c6dc271cc0d16993/yara/vuln_moveit_0day_jun23.yar#L2
# Home Assistant OS and Home Assistant Supervised installations (Docker images don't have these)
"api",
"api/hassio",
"api/hassio/app",
"api/hassio_ingress",
# Inductive Automation Ignition
"main",
"main/res",
"main/res/sys",
"main/system",
"main/web",
"main/web/config",
"main/web/home",
"main/web/status",
"main/web/wicket",
"main/web/wicket/resource",
# Allaire/Macromedia/Adobe JRun Sample Files, see e.g. pre2008/DDI_JRun_Sample_Files.nasl
"cfanywhere",
"docs",
"docs/servlets",
"jsp",
"webl",
# VMware vRealize Network Insight / Aria Operations for Networks
"saas",
"vneraapp",
"vneraapp/assets",
# EZsite Forum
"Database",
"forum/Database",
# Basilic
"basilic",
"basilic/Config",
# asaanCart
"asaancart",
"asaancart/libs",
"asaancart/libs/smarty_ajax",
"shop",
"shop/libs",
"shop/libs/smarty_ajax",
"libs/smarty_ajax",
# AMSI
"amsi",
"AMSI",
# Arcserve Unified Data Protection (UDP)
"authenticationendpoint",
"commonauth",
"contents",
"contents/service",
"gateway",
"gateway/services",
"management",
"samlsso",
"UDPUpdates",
"UDPUpdates/Config",
"WebServiceImpl",
"WebServiceImpl/services",
# Clearswift MIMEsweeper
"MSWSMTP",
"MSWSMTP/Common",
"MSWSMTP/Common/Authentication",
# Adminer
"adminer",
# Adobe RoboHelp Server, from e.g.:
# https://blog.adobe.com/en/publish/2012/11/05/publishing-your-first-project-on-robohelp-server-9
"robohelp",
"robohelp/admin",
"robohelp/robo",
"robohelp/robo/server",
"robohelp/server",
# Apache Axis / Axis2
"axis",
"axis/services",
"axis/servlet",
"axis2",
"axis2/axis2-admin",
"axis2/axis2-web",
"axis2/services",
"axis2/services/Version",
"axis2/services/version",
## SAP Business Objects 12 and/or 3com IMC (See CVE-2010-2103)
"imcws",
"imcws/axis2-admin",
"imcws/axis2-web",
"imcws/services",
"imcws/services/Version",
"imcws/services/version",
"imcws/servlet",
## Computer Associates ARCserve D2D r15 Web Service (See CVE-2010-0219 / https://www.exploit-db.com/exploits/15869)
"WebServiceImpl",
"WebServiceImpl/axis2-admin",
"WebServiceImpl/axis2-web",
"WebServiceImpl/services",
"WebServiceImpl/services/Version",
"WebServiceImpl/services/version",
"WebServiceImpl/servlet",
## SAP BusinessObjects Enterprise XI 3.2 (See CVE-2010-0219)
"dswsbobje",
"dswsbobje/axis2-admin",
"dswsbobje/axis2-web",
"dswsbobje/services",
"dswsbobje/services/Version",
"dswsbobje/services/version",
"dswsbobje/servlet",
## SAP BusinessObjects
"BusinessProcessBI",
"BusinessProcessBI/axis2-admin",
"BusinessProcessBI/axis2-web",
"BusinessProcessBI/services",
"BusinessProcessBI/services/Version",
"BusinessProcessBI/services/version",
"BusinessProcessBI/servlet",
## VMware Smarts NCM
"Api",
"Api/axis2-admin",
"Api/axis2-web",
"Api/services",
"Api/services/Version",
"Api/services/version",
"Api/servlet",
## Oracle Communications Billing and Revenue Management Web Services Manager
"infranetwebsvc",
"infranetwebsvc/axis2-admin",
"infranetwebsvc/axis2-web",
"infranetwebsvc/services",
"infranetwebsvc/services/Version",
"infranetwebsvc/services/version",
"infranetwebsvc/servlet",
"BrmWebServices",
"BrmWebServices/axis2-admin",
"BrmWebServices/axis2-web",
"BrmWebServices/services",
"BrmWebServices/services/Version",
"BrmWebServices/services/version",
"BrmWebServices/servlet",
## Unknown
"ws",
"ws/axis2-admin",
"ws/axis2-web",
"ws/services",
"ws/services/Version",
"ws/services/version",
"ws/servlet",
"services",
## Microstrategy Web 10.4 (See CVE-2020-11450)
"MicroStrategyWS",
"MicroStrategyWS/axis2-admin",
"MicroStrategyWS/axis2-web",
"MicroStrategyWS/services",
"MicroStrategyWS/services/Version",
"MicroStrategyWS/services/version",
"MicroStrategyWS/servlet",
## JBoss.net Axis integration
"jboss-net",
"jboss-net/axis2-admin",
"jboss-net/axis2-web",
"jboss-net/services",
"jboss-net/services/Version",
"jboss-net/services/version",
"jboss-net/servlet",
## Tomcat, seen "in the wild"
"tomcat",
"tomcat/axis2-admin",
"tomcat/axis2-web",
"tomcat/services",
"tomcat/services/Version",
"tomcat/services/version",
"tomcat/servlet",
"tomcat/axis",
"tomcat/axis/axis2-admin",
"tomcat/axis/axis2-web",
"tomcat/axis/services",
"tomcat/axis/services/Version",
"tomcat/axis/services/version",
"tomcat/axis/servlet",
## Both for JBuilder Apache Axis
"wssgs",
"wssgs/axis2-admin",
"wssgs/axis2-web",
"wssgs/services",
"wssgs/services/Version",
"wssgs/services/version",
"wssgs/servlet",
"tresearch",
"tresearch/axis2-admin",
"tresearch/axis2-web",
"tresearch/services",
"tresearch/services/Version",
"tresearch/services/version",
"tresearch/servlet",
# Apache Hadoop
"cluster",
# Cisco Application Policy Infrastructure Controller (APIC)
"insieme",
"insieme/stromboli",
"insieme/stromboli/meta",
# Cisco Network Analysis Module (NAM)
"authenticate",
# Cisco Prime Collaboration Provisioning Web Interface
"cupm",
"dfcweb",
"dfcweb/lib",
"dfcweb/lib/cupm",
"dfcweb/lib/cupm/nls",
# Cisco Prime Infrastructure (PIS) Web Interface
"webacs",
"webacs/js",
"webacs/js/xmp",
"webacs/js/xmp/nls",
"webacs/pages",
"webacs/pages/common",
# Docker HTTP REST API (API versions might need to be re-checked in the future...)
"container",
"containers", # nb: Both not seen so far but might be related...
"images",
"v1.12.0",
"v1.12.0/containers",
"v1.12.0/images",
"v1.19",
"v1.19/containers",
"v1.19/images",
"v1.21",
"v1.21/containers",
"v1.21/images",
"v1.24",
"v1.24/containers",
"v1.24/images",
"v1.26",
"v1.26/containers",
"v1.26/images",
"v1.29",
"v1.29/containers",
"v1.29/images",
"v1.37",
"v1.37/containers",
"v1.37/images",
"v1.39",
"v1.39/containers",
"v1.39/images",
"v1.40",
"v1.40/containers",
"v1.40/images",
"v1.41",
"v1.41/containers",
"v1.41/images",
"v1.43",
"v1.43/containers",
"v1.43/images",
# ExpressionEngine CMS
"cms/system",
"system",
# Eyes Of Network (EON)
"eonapi",
# Froxlor Server Management Panel
"froxlor",
# Junos Space Web-UI
"mainui",
# ZOHO / ManageEngine products
"manageengine",
# Pacific Timesheet
"timesheet",
# phpPgAdmin
"phpPgAdmin",
"pgadmin",
"phppgadmin",
# Sensiolabs Symfony
"_profiler",
"symfony",
"symfony/src",
"symfony/src/Symfony",
"symfony/src/Symfony/Component",
"symfony/src/Symfony/Component/Console",
"symfony/web",
"symfony/web/app_dev.php",
"symfony/web/app_dev.php/_configurator",
"symfony/web/app_dev.php/_configurator/step",
"src",
"src/Symfony",
"src/Symfony/Component",
"src/Symfony/Component/Console",
"web",
"web/app_dev.php",
"web/app_dev.php/_configurator",
"web/app_dev.php/_configurator/step",
# vtiger CRM
"crm",
"vtigercrm",
# Zenoss Server
"zport",
"zport/acl_users",
"zport/acl_users/cookieAuthHelper",
# Mailman
"mailman",
# Apache Tiles
"apidocs",
"apidocs/org",
"apidocs/org/apache",
"apidocs/org/apache/tiles",
"apidocs/org/apache/tiles/definition",
"apidocs/org/apache/tiles/definition/digester",
"tiles/apidocs",
"tiles/apidocs/org",
"tiles/apidocs/org/apache",
"tiles/apidocs/org/apache/tiles",
"tiles/apidocs/org/apache/tiles/definition",
"tiles/apidocs/org/apache/tiles/definition/digester",
# Mahara
"mahara",
"mahara/admin",
# RainLoop Webmail
"mail",
"rainloop",
"webmail",
# nb:
# - Windows Server Update Services (WSUS)
# - IIS/Windows is usually case insensitive
"WsusAdmin",
"WsusAdmin/Common",
"WsusAdmin/Errors",
# 3CX Phone System Management Console
"#",
"api",
"connect",
"public",
"signin",
"webclient",
"webclient/#",
"webclient/api",
"webclient/api/Login",
"webclient/SignIn",
# Those are from CVE-2022-48482/CVE-2022-48483 of the same product
"Electron",
"Electron/download",
"Electron/download/windows",
# Skype for Business Server
"dialin",
"lwa",
"lwa/Webpages",
"PassiveAuth",
# IPP / CUPS systems
"ipp",
"printer", # nb: From RFC3510
"printers",
# Konica Minolta printers
"wcd",
# Brother HL printers
"general",
# SATO printers
"WebConfig",
# HP / Hewlett Packard printers
"DevMgmt",
"cdm",
"cdm/system",
"cdm/system/v1",
"hp",
"hp/device",
"hp/device/InternalPages",
"hp/device/SignIn",
"hp/device/webAccess",
"hp/jetdirect",
# Epson printers
"PRESENTATION",
"PRESENTATION/ADVANCED",
"PRESENTATION/ADVANCED/FORCE_PASSWORD",
"PRESENTATION/ADVANCED/INFO_PRTINFO",
"PRESENTATION/HTML",
"PRESENTATION/HTML/TOP",
# RICOH printers
"web",
"web/guest",
"web/guest/en",
"web/guest/en/websys",
"web/guest/en/websys/status",
# PHPMoAdmin
"phpmoadmin",
"modamin",
"wu-modadmin",
# AMI MegaRAC SP
"help",
"impl",
"Java",
"lib",
"page",
"res",
"str",
"style",
# Trend Micro Control Manager (TMCM) / Apex Central
"ControlManager",
"ControlManager/download",
"ControlManager/help",
"WebApp",
"WebApp/Administration",
"WebApp/common",
"WebApp/common/yui",
"WebApp/CommonDataBackend",
"WebApp/CommonDataBackend/CommonDataResource",
"WebApp/ExeDashboardBackend",
"WebApp/ExeDashboardBackend/ExeDashboardResource",
"WebApp/html",
"WebApp/js",
"WebApp/page",
"WebApp/Reports",
"WebApp/UserManager",
"WebApp/v1es",
"WebApp/widget",
# Redfish API
# nb: Those are the default ones defined in / by:
# https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.18.0.html#redfish-defined-uris-and-relative-reference-rules
"redfish",
"redfish/v1",
"redfish/v1/Schemas",
# From the RackHD API Reference Guide
"redfish/v1/systems",
# From the SuperMicro API Reference Guide
"redfish/v1/Registries",
"redfish/v1/UpdateService",
# A few seen in the scope of CVE-2021-29203
"redfish/v1/AccountService",
"redfish/v1/AccountService/Accounts",
"redfish/v1/SessionService",
"redfish/v1/SessionService/Sessions",
# Atlassian Bitbucket
"bitbucket",
"stash",
# Kubernetes API Server
"apis",
"apis/admissionregistration.k8s.io",
"apis/apiextensions.k8s.io",
"apis/apiregistration.k8s.io",
"apis/apps",
"apis/authentication.k8s.io",
"apis/authorization.k8s.io",
"apis/autoscaling",
"apis/batch",
"apis/certificates.k8s.io",
"apis/coordination.k8s.io",
"apis/custom.metrics.k8s.io",
"apis/discovery.k8s.io",
"apis/events.k8s.io",
"apis/extensions",
"apis/metrics.k8s.io",
"apis/networking.k8s.io",
"apis/node.k8s.io",
"apis/policy",
"apis/rbac.authorization.k8s.io",
"apis/scheduling.k8s.io",
"apis/storage.k8s.io",
"healthz",
"livez",
"openapi",
"readyz",
"version",
# Adiscon Loganalyzer
"loganalyzer",
# Adobe BlazeDS
"flex2gateway",
"flex2gateway/http",
"flex2gateway/httpsecure",
"flex2gateway/cfamfpolling",
"flex2gateway/amf",
"flex2gateway/amfpolling",
"messagebroker",
"messagebroker/http",
"messagebroker/httpsecure",
"blazed",
"blazeds/messagebroker",
"blazeds/messagebroker/http",
"blazeds/messagebroker/httpsecure",
"samples",
"samples/messagebroker",
"samples/messagebroker/http",
"samples/messagebroker/httpsecure",
"lcds",
"lcds/messagebroker",
"lcds/messagebroker/http",
"lcds/messagebroker/httpsecure",
"lcds-samples",
"lcds-samples/messagebroker",
"lcds-samples/messagebroker/http",
"lcds-samples/messagebroker/httpsecure",
# Dell Foundation Services
"Dell%20Foundation%20Services",
"Dell%20Foundation%20Services/eDell",
"Dell%20Foundation%20Services/eDell/IeDellCapabilitiesApi",
"Dell%20Foundation%20Services/eDell/IeDellCapabilitiesApi/REST",
# eTouch SamePage
"samepage",
"samepage/cm",
"samepage/cm/blogrss",
"samepage/cm/newui",
"samepage/cm/newui/wiki",
"cm",
"cm/blogrss",
"cm/newui",
"cm/newui/wiki",
# FIT2CLOUD JumpServer
"api",
"api/v1",
"api/v1/authentication",
"api/v1/authentication/connection-token",
"api/v1/terminal",
"api/v1/terminal/sessions",
"api/v1/users",
"api/v1/users/connection-token",
"auth",
"auth/login",
"core",
"core/auth",
"core/auth/login",
"core/auth/password",
"guacamole",
"koko",
"login",
"luna",
"media",
"static",
"static/js",
"static/js/plugins",
"ui",
"users",
"users/login",
"ws",
# Buffalo NAS
"lightbox",
"lightbox/css",
"lightbox/images",
"lightbox/js",
"adapter",
"adapter/ext",
"normalcss",
"webaccess",
"st",
"st/js",
"bower_components",
"help",
"help/ja",
"js",
"js/application",
"js/backup",
"js/backup/backup",
"js/backup/directcopy",
"js/backup/failover",
"js/backup/replication",
"js/backup/rsync",
"js/backup/timemachine",
"js/common",
"js/disk",
"js/disk/disk",
"js/disk/iscsi",
"js/disk/lvm",
"js/disk/raid",
"js/disk/usbdisk",
"js/dojo",
"js/ext",
"js/ext/resources",
"js/ext/resources/css",
"js/manage",
"js/network",
"js/service",
"js/service/web",
"js/share",
"js/staticData",
"js/ux",
"js/webservice",
# PHPRecipeBook
"phprecipebook",
"recipebook",
"recipe",
# ISPWorker
"ispworker",
"ispworker/module",
"ispworker/module/biz",
"ispworker/module/ticket",
"module",
"module/biz",
"module/ticket",
# WPEngine
"_wpeprivate",
# Sangfor Next Generation Application Firewall (NGAF)
"html",
"svpn_html",
# Honeywell Printers
"assets",
"assets/css",
"assets/images",
"assets/js",
"configure",
"contact",
"inprint",
"service",
"statistics",
"main",
"manage",
# nForum
"nforum",
"forum",
"board",
# ComicShout
"comic",
# BlindBlog
"cbblog",
"blindblog",
# Comparison Engine Power
"comparisonengine",
"compare",
# A4Desk Event Calendar
"calendar",
"calendar/admin",
# Citrix / NetScaler Gateway / ADC
"epa",
"epa/scripts",
"epa/scripts/linux",
"epa/scripts/mac",
"logon",
"logon/fonts",
"logon/LogonPoint",
"logon/LogonPoint/Authentication",
"logon/LogonPoint/clients",
"logon/LogonPoint/clients/HTML5Client",
"logon/LogonPoint/clients/HTML5Client/src",
"logon/LogonPoint/receiver",
"logon/LogonPoint/receiver/images",
"logon/LogonPoint/receiver/images/common",
"logon/LogonPoint/receiver/js",
"logon/LogonPoint/receiver/js/external",
"logon/themes",
"logon/themes/Default",
"logon/themes/Default/css",
"oauth",
"oauth/idp",
"oauth/idp/.well-known",
"vpn",
"vpn/images",
"vpn/js",
"vpn/js/rdx",
"vpn/js/rdx/core",
"vpn/js/rdx/core/css",
"vpn/themes",
# Kopano Konnect, various examples taken from:
# https://kopano.com/blog/short-introduction-kopano-konnect/
".well-known",
".well-known/openid-configuration",
"konnect",
"konnect/v1",
"signin",
# EZ-Blog
"blog",
"blog/public",
"ezblog",
"ezblog/public",
# Seen on Viessmann Vitogate CVE-2023-5702
"cgi-bin/config",
"cgi-bin/de",
# SalesCart
"online",
"online/customer",
# phpCommunity2
"phpcom",
# FacilCMS
"facil-cms",
# RevSense
"revsense",
# Nagios / Nagios XI
"nagios",
"nagiosxi",
"nagiosxi/about",
"nagiosxi/includes",
"nagiosxi/includes/js",
"nagiosxi/includes/js/jquery",
# PHP Petition Signing Script
"petition",
"petition/signing_system-admin",
"signing_system-admin",
# Qlik Sense
"internal_forms_authentication",
"hub",
"resources",
"resources/qmc",
"resources/qmc/fonts",
# OneOrZero Helpdesk
"oozv1657",
"oozv1657/common",
"helpdesk",
"helpdesk/common",
# 2532|Gigs
"2532Gigs",
"Gigs",
"bands",
# Ray Framework from https://huntr.com/bounties/83dd8619-6dc3-4c98-8f1b-e620fedcd1f6/
"static",
"static/js",
# TUTOS
"php",
"php/admin",
"tutos",
"tutos/php",
"tutos/php/admin",
# RitsBlog
"blog",
"blog/blogAdmin",
"ritsblog",
"ritsblog/blogAdmin",
"RitsBlog/blogAdmin",
# GScripts.net DNS Tools
"whois",
"dns_tools",
# Golabi CMS
"golabi",
"golabi/Templates",
"golabi/Templates/default",
"cms/Templates",
"cms/Templates/default",
"Templates",
"Templates/default",
# ClearBudget
"ClearBudget",
"ClearBudget/db",
"cb",
"cb/db",
# JobHunt
"jobs",
# EZ Hotscripts
"ez",
# Beerwin's PhpLinkAdmin
"phplinkadmin",
# Microsoft Graph PHP SDK
"vendor",
"vendor/microsoft",
"vendor/microsoft/microsoft-graph",
"vendor/microsoft/microsoft-graph/tests",
"vendor/microsoft/microsoft-graph-core",
"vendor/microsoft/microsoft-graph-core/tests",
# Fortinet FortiSIEM
"phoenix",
"phoenix/html",
"phoenix/html/template",
"phoenix/html/vendor",
"phoenix/html/views",
"phoenix/javax.faces.resource",
"phoenix/js",
"phoenix/rest",
"phoenix/rest/h5",
"phoenix/resources",
"phoenix/resources/header",
# Forcepoint Email Security
"pem",
"pem/login",
"pem/login/pages",
# Websense Triton
"triton",
"triton/login",
"triton/login/pages",
# Wedge Networks wedgeOS Management Console
"ssgmanager",
# Qwerty CMS
"qwerty",
# Dell Printers
"ews",
"ews/status",
"port_255",
"general",
"status",
"Information",
"printer",
"cgi-bin/dynamic",
"cgi-bin/dynamic/printer",
"cgi-bin/dynamic/printer/config",
"cgi-bin/dynamic/printer/config/reports",
# TurnkeyForms Local Classifieds
"classifieds",
"classifieds/Site_Admin",
"localclassifieds",
"localclassifieds/classifieds",
"localclassifieds/classifieds/Site_Admin",
# CS Whois Lookup
"whois",
"cs-whois",
"cs-dns",
# LogRover
"LogRover",
# Yap Blog
"yap",
# GhostScripter Amazon Shop
"amazon",
# AnswerBook2
"ab2",
"ab2/Help_C",
# Ecava IntegraXor
"DEM0",
"project",
"ecava",
"integraxor",
# Cybozu products
"cbgrn",
"garoon",
"grn",
"cbag",
"office",
"cgi-bin/cbag",
"cbdb",
"dezie",
"cbmw",
"mailwise",
# PHP Rocket Add-in
"phprocketaddin",
# Various from 2018/phpunit/gb_phpunit_rce.nasl
"wp-content",
"wp-content/plugins",
"wp-content/plugins/mm-plugin",
"wp-content/plugins/mm-plugin/inc",
"wp-content/plugins/mm-plugin/inc/vendors",
"wp-content/plugins/mm-plugin/inc/vendors/vendor",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/contabileads",
"wp-content/plugins/contabileads/integracoes",
"wp-content/plugins/contabileads/integracoes/mautic",
"wp-content/plugins/contabileads/integracoes/mautic/api-library",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit/src",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/realia",
"wp-content/plugins/realia/libraries",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit/src",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/wp-rocket",
"wp-content/plugins/wp-rocket/vendor",
"wp-content/plugins/wp-rocket/vendor/phpunit",
"wp-content/plugins/wp-rocket/vendor/phpunit/phpunit",
"wp-content/plugins/wp-rocket/vendor/phpunit/phpunit/src",
"wp-content/plugins/wp-rocket/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/wp-rocket/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/jekyll-exporter",
"wp-content/plugins/jekyll-exporter/vendor",
"wp-content/plugins/jekyll-exporter/vendor/phpunit",
"wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit",
"wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src",
"wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/dzs-videogallery",
"wp-content/plugins/dzs-videogallery/class_parts",
"wp-content/plugins/dzs-videogallery/class_parts/vendor",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP",
"wp-content/plugins/cloudflare",
"wp-content/plugins/cloudflare/vendor",
"wp-content/plugins/cloudflare/vendor/phpunit",
"wp-content/plugins/cloudflare/vendor/phpunit/phpunit",
"wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src",
"wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util",
"wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP",
"sites",
"sites/all",
"sites/all/libraries",
"sites/all/libraries/mailchimp",
"sites/all/libraries/mailchimp/vendor",
"sites/all/libraries/mailchimp/vendor/phpunit",
"sites/all/libraries/mailchimp/vendor/phpunit/phpunit",
"sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src",
"sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util",
"sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP",
"sites/default",
"sites/default/libraries",
"sites/default/libraries/mailchimp",
"sites/default/libraries/mailchimp/vendor",
"sites/default/libraries/mailchimp/vendor/phpunit",
"sites/default/libraries/mailchimp/vendor/phpunit/phpunit",
"sites/default/libraries/mailchimp/vendor/phpunit/phpunit/src",
"sites/default/libraries/mailchimp/vendor/phpunit/phpunit/src/Util",
"sites/default/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP",
"vendor",
"vendor/phpunit",
"vendor/phpunit/phpunit",
"vendor/phpunit/phpunit/src",
"vendor/phpunit/phpunit/src/Util",
"vendor/phpunit/phpunit/src/Util/PHP",
"modules",
"modules/autoupgrade",
"modules/autoupgrade/vendor",
"modules/autoupgrade/vendor/phpunit",
"modules/autoupgrade/vendor/phpunit/phpunit",
"modules/autoupgrade/vendor/phpunit/phpunit/src",
"modules/autoupgrade/vendor/phpunit/phpunit/src/Util",
"modules/autoupgrade/vendor/phpunit/phpunit/src/Util/PHP",
"modules/pscartabandonmentpro",
"modules/pscartabandonmentpro/vendor",
"modules/pscartabandonmentpro/vendor/phpunit",
"modules/pscartabandonmentpro/vendor/phpunit/phpunit",
"modules/pscartabandonmentpro/vendor/phpunit/phpunit/src",
"modules/pscartabandonmentpro/vendor/phpunit/phpunit/src/Util",
"modules/pscartabandonmentpro/vendor/phpunit/phpunit/src/Util/PHP",
"modules/ps_facetedsearch",
"modules/ps_facetedsearch/vendor",
"modules/ps_facetedsearch/vendor/phpunit",
"modules/ps_facetedsearch/vendor/phpunit/phpunit",
"modules/ps_facetedsearch/vendor/phpunit/phpunit/src",
"modules/ps_facetedsearch/vendor/phpunit/phpunit/src/Util",
"modules/ps_facetedsearch/vendor/phpunit/phpunit/src/Util/PHP",
"modules/gamification",
"modules/gamification/vendor",
"modules/gamification/vendor/phpunit",
"modules/gamification/vendor/phpunit/phpunit",
"modules/gamification/vendor/phpunit/phpunit/src",
"modules/gamification/vendor/phpunit/phpunit/src/Util",
"modules/gamification/vendor/phpunit/phpunit/src/Util/PHP",
"modules/ps_checkout",
"modules/ps_checkout/vendor",
"modules/ps_checkout/vendor/phpunit",
"modules/ps_checkout/vendor/phpunit/phpunit",
"modules/ps_checkout/vendor/phpunit/phpunit/src",
"modules/ps_checkout/vendor/phpunit/phpunit/src/Util",
"modules/ps_checkout/vendor/phpunit/phpunit/src/Util/PHP",
"apps-external",
"apps-external/polls",
"apps-external/polls/vendor",
"apps-external/polls/vendor/phpunit",
"apps-external/polls/vendor/phpunit/phpunit",
"apps-external/polls/vendor/phpunit/phpunit/src",
"apps-external/polls/vendor/phpunit/phpunit/src/Util",
"apps-external/polls/vendor/phpunit/phpunit/src/Util/PHP",
"apps",
"apps/polls",
"apps/polls/vendor",
"apps/polls/vendor/phpunit",
"apps/polls/vendor/phpunit/phpunit",
"apps/polls/vendor/phpunit/phpunit/src",
"apps/polls/vendor/phpunit/phpunit/src/Util",
"apps/polls/vendor/phpunit/phpunit/src/Util/PHP",
"vendor",
"vendor/phpunit",
"vendor/phpunit/phpunit",
"vendor/phpunit/phpunit/Util",
"vendor/phpunit/phpunit/Util/PHP",
"vendor/phpunit/src",
"vendor/phpunit/src/Util",
"vendor/phpunit/src/Util/PHP",
"vendor/phpunit/Util",
"vendor/phpunit/Util/PHP",
"phpunit",
"phpunit/phpunit",
"phpunit/phpunit/src",
"phpunit/phpunit/src/Util",
"phpunit/phpunit/src/Util/PHP",
"phpunit/phpunit/Util",
"phpunit/phpunit/Util/PHP",
"phpunit/src",
"phpunit/src/Util",
"phpunit/src/Util/PHP",
"phpunit/Util",
"phpunit/Util/PHP",
"lib",
"lib/phpunit",
"lib/phpunit/phpunit",
"lib/phpunit/phpunit/src",
"lib/phpunit/phpunit/src/Util",
"lib/phpunit/phpunit/src/Util/PHP",
"lib/phpunit/phpunit/Util",
"lib/phpunit/phpunit/Util/PHP",
"lib/phpunit/src",
"lib/phpunit/src/Util",
"lib/phpunit/src/Util/PHP",
"lib/phpunit/Util",
"lib/phpunit/Util/PHP",
"ckeditor",
"ckeditor/plugins",
"ckeditor/plugins/ajaxplorer",
"ckeditor/plugins/ajaxplorer/phpunit",
"ckeditor/plugins/ajaxplorer/phpunit/src",
"ckeditor/plugins/ajaxplorer/phpunit/src/Util",
"ckeditor/plugins/ajaxplorer/phpunit/src/Util/PHP",
"plugins",
"plugins/ajaxplorer",
"plugins/ajaxplorer/phpunit",
"plugins/ajaxplorer/phpunit/src",
"plugins/ajaxplorer/phpunit/src/Util",
"plugins/ajaxplorer/phpunit/src/Util/PHP",
"laravel_web",
"laravel_web/vendor",
"laravel_web/vendor/phpunit",
"laravel_web/vendor/phpunit/phpunit",
"laravel_web/vendor/phpunit/phpunit/src",
"laravel_web/vendor/phpunit/phpunit/src/Util",
"laravel_web/vendor/phpunit/phpunit/src/Util/PHP",
"mailgun-php",
"mailgun-php/vendor",
"mailgun-php/vendor/phpunit",
"mailgun-php/vendor/phpunit/phpunit",
"mailgun-php/vendor/phpunit/phpunit/src",
"mailgun-php/vendor/phpunit/phpunit/src/Util",
"mailgun-php/vendor/phpunit/phpunit/src/Util/PHP",
"modules",
"modules/gamification",
"modules/gamification/vendor",
"modules/gamification/vendor/phpunit",
"modules/gamification/vendor/phpunit/phpunit",
"modules/gamification/vendor/phpunit/phpunit/src",
"modules/gamification/vendor/phpunit/phpunit/src/Util",
"modules/gamification/vendor/phpunit/phpunit/src/Util/PHP",
"core",
"core/vendor",
"core/vendor/phpunit",
"core/vendor/phpunit/phpunit",
"core/vendor/phpunit/phpunit/src",
"core/vendor/phpunit/phpunit/src/Util",
"core/vendor/phpunit/phpunit/src/Util/PHP",
"app",
"app/vendor",
"app/vendor/phpunit",
"app/vendor/phpunit/phpunit",
"app/vendor/phpunit/phpunit/src",
"app/vendor/phpunit/phpunit/src/Util",
"app/vendor/phpunit/phpunit/src/Util/PHP",
"laravel",
"laravel/vendor",
"laravel/vendor/phpunit",
"laravel/vendor/phpunit/phpunit",
"laravel/vendor/phpunit/phpunit/src",
"laravel/vendor/phpunit/phpunit/src/Util",
"laravel/vendor/phpunit/phpunit/src/Util/PHP",
"workspace",
"workspace/drupal",
"workspace/drupal/vendor",
"workspace/drupal/vendor/phpunit",
"workspace/drupal/vendor/phpunit/phpunit",
"workspace/drupal/vendor/phpunit/phpunit/src",
"workspace/drupal/vendor/phpunit/phpunit/src/Util",
"workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP",
"panel",
"panel/vendor",
"panel/vendor/phpunit",
"panel/vendor/phpunit/phpunit",
"panel/vendor/phpunit/phpunit/src",
"panel/vendor/phpunit/phpunit/src/Util",
"panel/vendor/phpunit/phpunit/src/Util/PHP",
"admin",
"admin/ckeditor",
"admin/ckeditor/plugins",
"admin/ckeditor/plugins/ajaxplorer",
"admin/ckeditor/plugins/ajaxplorer/phpunit",
"admin/ckeditor/plugins/ajaxplorer/phpunit/src",
"admin/ckeditor/plugins/ajaxplorer/phpunit/src/Util",
"admin/ckeditor/plugins/ajaxplorer/phpunit/src/Util/PHP",
"dev",
"dev/vendor",
"dev/vendor/phpunit",
"dev/vendor/phpunit/phpunit",
"dev/vendor/phpunit/phpunit/src",
"dev/vendor/phpunit/phpunit/src/Util",
"dev/vendor/phpunit/phpunit/src/Util/PHP",
"lib",
"lib/phpunit",
"lib/phpunit/phpunit",
"lib/phpunit/phpunit/Util",
"lib/phpunit/phpunit/Util/PHP",
"demo",
"demo/vendor",
"demo/vendor/phpunit",
"demo/vendor/phpunit/phpunit",
"demo/vendor/phpunit/phpunit/src",
"demo/vendor/phpunit/phpunit/src/Util",
"demo/vendor/phpunit/phpunit/src/Util/PHP",
"cms",
"cms/vendor",
"cms/vendor/phpunit",
"cms/vendor/phpunit/phpunit",
"cms/vendor/phpunit/phpunit/src",
"cms/vendor/phpunit/phpunit/src/Util",
"cms/vendor/phpunit/phpunit/src/Util/PHP",
"crm",
"crm/vendor",
"crm/vendor/phpunit",
"crm/vendor/phpunit/phpunit",
"crm/vendor/phpunit/phpunit/src",
"crm/vendor/phpunit/phpunit/src/Util",
"crm/vendor/phpunit/phpunit/src/Util/PHP",
"lib",
"lib/phpunit",
"lib/phpunit/src",
"lib/phpunit/src/Util",
"lib/phpunit/src/Util/PHP",
"lib/phpunit/Util",
"lib/phpunit/Util/PHP",
"backup",
"backup/vendor",
"backup/vendor/phpunit",
"backup/vendor/phpunit/phpunit",
"backup/vendor/phpunit/phpunit/src",
"backup/vendor/phpunit/phpunit/src/Util",
"backup/vendor/phpunit/phpunit/src/Util/PHP",
"blog",
"blog/vendor",
"blog/vendor/phpunit",
"blog/vendor/phpunit/phpunit",
"blog/vendor/phpunit/phpunit/src",
"blog/vendor/phpunit/phpunit/src/Util",
"blog/vendor/phpunit/phpunit/src/Util/PHP",
"api",
"api/vendor",
"api/vendor/phpunit",
"api/vendor/phpunit/phpunit",
"api/vendor/phpunit/phpunit/src",
"api/vendor/phpunit/phpunit/src/Util",
"api/vendor/phpunit/phpunit/src/Util/PHP",
"admin",
"admin/vendor",
"admin/vendor/phpunit",
"admin/vendor/phpunit/phpunit",
"admin/vendor/phpunit/phpunit/src",
"admin/vendor/phpunit/phpunit/src/Util",
"admin/vendor/phpunit/phpunit/src/Util/PHP",
"yii",
"yii/vendor",
"yii/vendor/phpunit",
"yii/vendor/phpunit/phpunit",
"yii/vendor/phpunit/phpunit/src",
"yii/vendor/phpunit/phpunit/src/Util",
"yii/vendor/phpunit/phpunit/src/Util/PHP",
"lib",
"lib/vendor",
"lib/vendor/phpunit",
"lib/vendor/phpunit/phpunit",
"lib/vendor/phpunit/phpunit/src",
"lib/vendor/phpunit/phpunit/src/Util",
"lib/vendor/phpunit/phpunit/src/Util/PHP",
"zend",
"zend/vendor",
"zend/vendor/phpunit",
"zend/vendor/phpunit/phpunit",
"zend/vendor/phpunit/phpunit/src",
"zend/vendor/phpunit/phpunit/src/Util",
"zend/vendor/phpunit/phpunit/src/Util/PHP",
# Magento
"admin",
"downloader",
"magento",
"magento/admin",
"magento/downloader",
"shop",
"shop/admin",
"shop/downloader",
# Amasty Product Feed for Magento
"amfeed",
"amfeed/main",
"magento/amfeed",
"magento/amfeed/main",
"shop/amfeed",
"shop/amfeed/main",
# Magmi (Magento Mass Importer)
"magmi",
"magmi/web",
"magmi-importer",
"magmi-importer/web",
# Woltlab Burning Board
"wcf",
"wcf/acp",
"forum/wcf",
"forum/wcf/acp",
"board/wcf",
"board/wcf/acp",
# Tecomat Foxtrot
"syswww",
# Trackplus Allegra
"allegra",
"track",
# PHPFootball
"phpfootball",
# Digital Scribe
"DigitalScribe",
"digitalscribe",
# e-Vision CMS
"evision",
"evision/modules",
"evision/modules/plain",
"evision/modules/plain/adminpart",
"cms/modules",
"cms/modules/plain",
"cms/modules/plain/adminpart",
"modules",
"modules/plain",
"modules/plain/adminpart",
# PassWiki
"passwiki",
# Butterfly Organizer
"organizer",
# Taifajobs
"tjobs",
"jobs",
# TinX
"tinxcms",
"tinxcms/system",
"cms/system",
# Advantech iView
"iView3",
# MCshoutbox
"MCshoutBox",
"shoutbox",
"box"); # nb: Don't add more dirs here and add them in the second testDirList2 below instead (see relevant note for the background)

# nb: Making it "unique" for the first time to avoid an overlong initial list
testDirList = make_list_unique( testDirList );

# nb: Unfortunately the list above has reached some kind of internal memory limit and at least
# openvas-nasl-lint on 21.04 is "crashing" with a:
# > memory exhausted
# so we're creating a second list here and making both "unique" before continuing later.
#
testDirList2 = make_list(
# Apache Subversion 'mod_dav_svn'
"projects",
"repo",
"repo/trunk",
"repo/projects",
"repository",
"svn",
"svn/repos",
"svn/trunk",
"trunk",
# Atlassian Confluence
"bootstrap",
"confluence",
"dashboard",
"display",
"download",
"download/attachments",
"opensearch",
"pages",
"plugins",
"rest",
"rest/tinymce",
"rest/tinymce/1",
"rest/tinymce/1/macro",
"s",
"setup",
"spacedirectory",
"spaces",
"template",
"template/aui", # nb: From CVE-2023-22527
"users",
"wiki",
# DM FileManager
"dm-filemanager",
"dm-filemanager/dm-albums",
"dm-filemanager/dm-albums/templates",
"dm-filemanager/albums",
"dm-filemanager/albums/templates",
"dmf",
"dmf/dm-albums",
"dmf/dm-albums/templates",
"dmf/albums",
"dmf/albums/templates",
"dm-albums",
"dm-albums/templates",
"albums",
"albums/templates",
# Dagger
"dagger",
"dagger/skins",
"cms/skins",
"skins",
# Simply Classified
"classified",
# Rspamd
"js",
"js/lib",
"rspamd",
"rspamd/js",
"rspamd/js/lib",
# IBM Aspera Faspex / Aspera Console / Aspera Orchestrator
"aspera",
"aspera/console",
"aspera/orchestrator",
"aspera/orchestrator/api",
# IBM Operational Decision Manager
"DecisionRunner",
"DecisionService",
"decisioncenter",
"decisioncenter/js",
"decisioncenter/js/dist",
"decisioncenter/themes",
"decisioncenter/webjars",
"decisioncenter-api",
"decisioncenter-api/v1",
"res", # nb: "Rule Execution Server"
"teamserver",
"teamserver/faces",
# Kemp LoadMaster / ECS Connection Manager
"access",
"accessv2",
"directory",
"progs",
"progs/admin",
"progs/doconfig",
"progs/fwaccess",
"progs/geoctrl",
"progs/networks",
"progs/useradmin",
# Artica Proxy
"tailon",
"tailon/ws",
# Aruba ClearPass Policy Manager
"tips",
"insight",
# Devolutions Server
"rdms",
"rdms/api",
"dvls",
"dvls/api",
# Fortinet FortiWLM
"wlm",
"ems",
"ems/cgi-bin",
# LDAP Account Manager (LAM)
"ldap",
"ldap/templates",
"ldap/templates/config",
"ldap/templates/lib",
"ldap-account-manager",
"ldap-account-manager/templates",
"ldap-account-manager/templates/config",
"ldap-account-manager/templates/lib",
"lam",
"lam/templates",
"lam/templates/config",
"lam/templates/lib",
"templates",
"templates/config",
"templates/lib",
# Ivanti Neurons for ITSM
"HEAT",
# Claris FileMaker (Pro or Server)
"admin-console",
"fmi",
"fmi/iwp",
"fmi/iwp/res",
"fmi/iwp/res/swe",
# Jenkins
"asynchPeople",
"asynchPeople/api",
"whoAmI",
"jenkins",
"jenkins/asynchPeople",
"jenkins/asynchPeople/api",
"jenkins/whoAmI",
# Progress Telerik Report Server
"Account",
"Startup",
# Progress Telerik Reporting
"reports",
"reports/api",
"reporting",
"reporting/api",
"Reporting",
"Reporting/api",
# Progress Flowmon
"homepage",
"homepage/auth",
# ForgeRock Access Management
"openam",
"openam/XUI",
"am",
"am/XUI",
"auth",
"auth/XUI",
"authn",
"authn/XUI",
"sso",
"sso/XUI",
"XUI",
# Fortra FileCatalyst Workflow
"workflow",
"workflow/jsp",
"workflow/jsp/includes",
"workflow/jsp/templatesParentDir",
"workflow/servlet",
# pgAdmin
"pgadmin",
"pgadmin/browser",
"pgadmin-web",
"pgadmin-web/browser",
"pgAdmin",
"pgAdmin/browser",
"browser",
# HP Poly IP Phones
"form-submit",
# CrushFTP
"WebInterface",
"WebInterface/CrushReports",
"WebInterface/Jobs",
"WebInterface/ManageShares",
"WebInterface/PGP",
"WebInterface/Preferences",
"WebInterface/Reports",
"WebInterface/Resources",
"WebInterface/TempAccounts",
"WebInterface/UserManager",
"WebInterface/admin",
"WebInterface/dashboard",
"WebInterface/function",
"WebInterface/jQuery",
"WebInterface/new-ui",
"WebInterface/new-ui/assets",
"WebInterface/new-ui/assets/js",
"WebInterface/new-ui/assets/js/app",
"WebInterface/new-ui/assets/js/utils",
"WebInterface/new-ui/assets/js/utils/api",
"WebInterface/new-ui/assets/styles",
"WebInterface/new-ui/assets/styles/components",
"WebInterface/new-ui/modules",
"WebInterface/new-ui/modules/loader",
"WebInterface/new-ui/modules/web-components",
"WebInterface/new-ui/modules/web-components/language",
"WebInterface/new-ui/modules/web-components/multitheme",
"WebInterface/sync",
"WebInterface/w3c",
# Dell OpenManage Enterprise
"core",
"core/console",
"core/api",
"api/ApplicationService",
# ReCrystallize Server
"ReCrystallizeServer",
# F5 BIG-IP Next Central Manager (CM)
"api",
"api/system",
"api/system/v1",
"api/v1",
"dashboard",
"gui",
"gui/assets",
"gui/assets/apps",
"gui/dashboard",
# HSC Mailinspector
"mailinspector",
"mailinspector/public",
# Veeam Service Provider Console
"uiapi",
"uiapi/Login",
"Login",
# OpenText Dimensions RM
"rtmBrowser",
# Elprolog Monitor WebAccess
"elpro-demo",
"webaccess",
# WikkaWiki
"wikka",
"wikawiki",
# OrangeHRM
"plugins",
"symfony",
"symfony/web",
"symfony/web/index.php",
"symfony/web/index.php/auth",
"templates",
"templates/recruitment",
"web",
"web/index.php",
"web/index.php/auth",
"hr",
"hr/plugins",
"hr/symfony",
"hr/symfony/web",
"hr/symfony/web/index.php",
"hr/symfony/web/index.php/auth",
"hr/templates",
"hr/templates/recruitment",
"hr/web",
"hr/web/index.php",
"hr/web/index.php/auth",
"hrm",
"hrm/plugins",
"hrm/symfony",
"hrm/symfony/web",
"hrm/symfony/web/index.php",
"hrm/symfony/web/index.php/auth",
"hrm/templates",
"hrm/templates/recruitment",
"hrm/web",
"hrm/web/index.php",
"hrm/web/index.php/auth",
"orangehrm",
"orangehrm/plugins",
"orangehrm/symfony",
"orangehrm/symfony/web",
"orangehrm/symfony/web/index.php",
"orangehrm/symfony/web/index.php/auth",
"orangehrm/templates",
"orangehrm/templates/recruitment",
"orangehrm/web",
"orangehrm/web/index.php",
"orangehrm/web/index.php/auth",
# php-Charts
"charts",
"charts/wizard",
"php-charts",
"php-charts/wizard",
"wizard",
# Check Point Firewall / Gaia (Admin login and SSL Network Extender)
"CSHELL",
"clients",
"login",
"skin",
"skin/chkp",
"theme",
"theme/css",
"theme/js",
# Dell Data Protection Advisor (DPA)
"assets",
"dpa-api",
"dpa-api/server",
# FreePBX
"freepbx",
# FtpLocate
"ftplocate",
# Oracle Portal
"portal",
"portal/pls",
"portal/pls/portal",
"pls",
"pls/portal",
# Dell EMC OpenManage Server Administrator (OMSA)
"oma",
"oma/css",
"oma/docs",
"oma/js",
"oma/skins",
"oma/skins/modern",
"servlet",
# Seen on ZyXEL NSA devices
"zyxel",
"zyxel/dojo",
"zyxel/js",
# Zoom Telephonics Devices
"hag",
"hag/pages",
# Ivanti EPM
"WebConsole",
"WSStatusEvents",
# Quicktime/Darwin Streaming Administration Server
"AdminHTML",
# FreeIPA
"ipa",
"ipa/ui",
# Microsys Promotic
"webdir",
# ConnectWise ManagedITSync integration for Kaseya VSA
"KaseyaCwWebService",
"KaseyaCwWebService/ManagedIT.asmx",
# PHPmyGallery
"phpmygallery",
"phpmygallery/_conf",
"gallery",
"gallery/_conf",
"_conf"
);

# nb: Before adding some host name parts and other dynamic things below making it "unique" again so
# that we have a smaller list here after the possible duplicates from above.
testDirList = make_list_unique( testDirList, testDirList2 );

# Add domain name parts, create_hostname_parts_list() always returns a list, even an empty one
hnlist = create_hostname_parts_list();

# nb:
# - No need to check for an empty "hnlist" string here (create_hostname_parts_list() could return
#   an empty list) as make_list() seems to be able to handle this
# - There is a final "make_list_unique()" call at the bottom after adding all other dynamic data so
#   we don't need to do this here
testDirList = make_list( testDirList, hnlist );

if( debug ) display( "::[ DDI Directory Scanner running in debug mode ]::" );

fake404 = string("");
Check200 = TRUE;
Check401 = TRUE;
Check403 = TRUE;
CheckRedirect = TRUE;

port = http_get_port( default:80 );

host = http_host_name( dont_add_port:TRUE );
if( debug ) display( ":: Checking directories on Hostname/IP:port " + host + ":" + port + "..." );

if( http_get_is_marked_broken( port:port, host:host ) )
  exit( 0 );

# counter for current failed requests
failedReqs = 0;
# counter for the current amount of done requests
currReqs = 0;
# counter for max failed requests
# The VT will exit if this is reached
# TBD: Make this configurable?
maxFailedReqs = 3;

# pull the robots.txt file
if( debug ) display( ":: Checking for robots.txt..." );
res = http_get_cache( item:"/robots.txt", port:port );
currReqs++;
if( ! res )
  failedReqs++;

if( res =~ "^HTTP/1\.[01] 200" && res =~ "Content-Type\s*:\s*text/plain" ) {

  body = http_extract_body_from_response( data:res );
  body = chomp( body );
  if( body ) {

    strings = split( body );

    foreach string( strings ) {

      if( egrep( pattern:"^\s*(dis)?allow\s*:.*/", string:string, icase:TRUE ) &&
          ! egrep( pattern:"^\s*(dis)?allow\s*:.*\.", string:string, icase:TRUE ) ) {

        # yes, i suck at regex's in nasl. I want my \s+!
        robot_dir = ereg_replace( pattern:"(dis)?allow\s*:\W*/(.*)$", string:string, replace:"\2", icase:TRUE );
        robot_dir = ereg_replace( pattern:"\W*$", string:robot_dir, replace:"", icase:TRUE );
        robot_dir = ereg_replace( pattern:"/$|\?$", string:robot_dir, replace:"", icase:TRUE );

        if( robot_dir != '' ) {
          testDirList = make_list( testDirList, robot_dir );
          if( debug ) display(":: Directory '", robot_dir, "' added to test list");
        }
      }
    }
  }
}

# pull the CVS/Entries file
if( debug ) display( ":: Checking for /CVS/Entries..." );
res = http_get_cache( item:"/CVS/Entries", port:port );
currReqs++;
if( ! res )
  failedReqs++;

if( res =~ "^HTTP/1\.[01] 200" ) {

  body = http_extract_body_from_response( data:res );
  body = chomp( body );
  if( body ) {

    strings = split( body, string( "\n" ) );

    foreach string( strings ) {

      if( egrep( pattern:"^D/(.+)/.*/.*/.*/.*", string:string, icase:FALSE ) ) {

        cvs_dir = ereg_replace( pattern:"^D/(.+)/.*/.*/.*/.*", string:string, replace:"\1", icase:FALSE );
        if( cvs_dir != '' ) {
          testDirList = make_list( testDirList, cvs_dir );
          if( debug ) display( ":: Directory '", cvs_dir, "' added to test list" );
        }
      }
    }
  }
}

# test for servers which return 200/403/401 for everything
req = http_get( item:"/non-existent" + rand() + "/", port:port );
res = http_keepalive_send_recv( port:port, data:req );
currReqs++;
if( ! res )
  failedReqs++;

if( res =~ "^HTTP/1\.[01] 200" ) {

  fake404 = 0;

  if( debug ) display( ":: This server returns 200 for non-existent directories" );

  foreach errmsg( errmessages_404 ) {
    if( egrep( pattern:errmsg, string:res, icase:TRUE ) && ! fake404 ) {
      fake404 = errmsg;
      if( debug ) display( ":: Using '", fake404, "' as an indication of a 404 error" );
      break;
    }
  }

  if( ! fake404 ) {
    if( debug ) display( ":: Could not find an error string to match against for the fake 404 response" );
    if( debug ) display( ":: Checks which rely on 200 responses are being disabled" );
    Check200 = FALSE;
  }
} else {
  fake404 = string( "BadString0987654321*DDI*" );
}

if( res =~ "^HTTP/1\.[01] 401" ) {
  if( debug ) display( ":: This server requires authentication for non-existent directories, disabling 401 checks" );
  Check401 = FALSE;
}

if( res =~ "^HTTP/1\.[01] 403" ) {
  if( debug ) display( ":: This server returns a 403 for non-existent directories, disabling 403 checks" );
  Check403 = FALSE;
}

if( res =~ "^HTTP/1\.[01] 30[0-8]" ) {
  if( debug ) display( ":: This server returns a redirect for non-existent directories, disabling redirect checks" );
  CheckRedirect = FALSE;
}

# start the actual directory scan
ScanRootDir = "/";

start = unixtime();
if( debug ) display( ":: Starting the directory scan..." );

# We make the list unique at the end again to avoid having doubled entries from e.g. the robots.txt
# or dynamically added data (like the host name list) and for easier maintenance of the initial list
# which could contain multiple entries.
testDirList = make_list_unique( testDirList );

foreach cdir( testDirList ) {

  url = ScanRootDir + cdir;
  res = http_get_cache( item:url + "/", port:port );
  currReqs++;
  if( ! res ) {
    failedReqs++;
    if( failedReqs >= maxFailedReqs ) {
      if( debug ) display( ":: Max number of failed requests (" + maxFailedReqs + ") reached (Amount of requests done: " + currReqs + ") + exiting..." );
      exit( 0 );
    }
    continue;
  }

  if( cgi_dirs_exclude_servermanual ) {

    # Ignore Apache2 manual if it exists. This is just huge static content
    # and slows down the scanning without any real benefit.
    if( url =~ "^/manual" ) {
      man_res = http_get_cache( item:"/manual/en/index.html", port:port );
      currReqs++;
      if( man_res && "Documentation - Apache HTTP Server" >< man_res ) {
        set_kb_item( name:"www/" + host + "/" + port + "/content/servermanual_directories", value:http_report_vuln_url( port:port, url:url, url_only:TRUE ) + ", Content: Apache HTTP Server Manual" );
        continue;
      }
    }

    # Similar to the above for Tomcat
    if( url =~ "^/tomcat-docs" ) {
      man_res = http_get_cache( item:"/tomcat-docs/", port:port );
      currReqs++;
      if( man_res && "Apache Tomcat" >< man_res && "Documentation Index" >< man_res ) {
        set_kb_item( name:"www/" + host + "/" + port + "/content/servermanual_directories", value:http_report_vuln_url( port:port, url:url, url_only:TRUE ) + ", Content: Apache Tomcat Documentation" );
        continue;
      }
    }

    # And the same for Caucho Resin
    if( url =~ "^/resin-doc" ) {
      man_res = http_get_cache( item:"/resin-doc/", port:port );
      currReqs++;
      if( man_res && ">Resin Documentation<" >< man_res ) {
        set_kb_item( name:"www/" + host + "/" + port + "/content/servermanual_directories", value:http_report_vuln_url( port:port, url:url, url_only:TRUE ) + ", Content: Caucho Resin Documentation" );
        continue;
      }
    }
  }

  http_code = int( substr( res, 9, 11 ) );
  if( ! res )
    res = "BogusBogusBogus";

  if( Check200 && http_code == 200 && ! ( egrep( pattern:fake404, string:res, icase:TRUE ) ) ) {

    if( debug ) display( ":: Discovered: " , ScanRootDir, cdir );

    add_discovered_list( dir:ScanRootDir + cdir, port:port, host:host );
  }

  # Pass any redirects we're getting to webmirror.nasl for further processing
  if( CheckRedirect && http_code =~ "^30[0-8]$" ) {

    if( debug )
      display( ":: Got a '", http_code, "' redirect for ", ScanRootDir, cdir, ", trying to extract the location..." );

    redirect = http_extract_location_from_redirect( port:port, data:res, debug:debug, current_dir:cdir );

    if( redirect ) {
      if( debug ) display( ":: Passing extracted redirect ", redirect ," to webmirror.nasl..." );
      set_kb_item( name:"DDI_Directory_Scanner/" + port + "/received_redirects", value:redirect );
      set_kb_item( name:"DDI_Directory_Scanner/" + host + "/" + port + "/received_redirects", value:redirect );
    }
  }

  if( Check403 && http_code == 403 ) {

    if( debug ) display( ":: Got a 403 for ", ScanRootDir, cdir, ", checking for file in the directory..." );

    req = http_get( item:ScanRootDir + cdir + "/NonExistent.html", port:port );
    res = http_keepalive_send_recv( data:req, port:port, bodyonly:FALSE );
    currReqs++;
    if( ! res )
      failedReqs++;

    if( res =~ "^HTTP/1\.[01] 403" ) {
      # the whole directory appears to be protected
      if( debug ) display( ":: 403 applies to the entire directory" );
    } else {
      if( debug ) display( ":: 403 applies to just directory indexes" );

      # the directory just has indexes turned off
      if( debug ) display( ":: Discovered: " , ScanRootDir, cdir );
      add_discovered_list( dir:ScanRootDir + cdir, port:port, host:host );
    }
  }

  if( Check401 && http_code == 401 ) {

    if( header = egrep( pattern:"^WWW-Authenticate\s*:", string:res, icase:TRUE ) ) {
      if( debug ) display( ":: Got a 401 for ", ScanRootDir + cdir, " containing a WWW-Authenticate header, adding to the dirs requiring auth..." );
      basic_auth = http_extract_basic_auth( data:res );
      add_auth_dir_list( dir:ScanRootDir + cdir, port:port, host:host, basic:basic_auth["basic_auth"], realm:basic_auth["realm"] );
    } else {
      if( debug ) display( ":: Got a 401 for ", ScanRootDir + cdir, " WITHOUT a WWW-Authenticate header, NOT adding to the dirs requiring auth..." );
    }
  }
}

if( debug ) display( ":: Finished scan (Done requests: ", currReqs, "), exiting..." );

exit( 0 );