search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.29k stars 2.64k forks source link

Web Application hidden and Critical File Detection #7033

Closed sudouday closed 1 year ago

sudouday commented 1 year ago

Template Information:

This template can be used to detect hidden files within web applications, which may be overlooked by traditional scanning techniques. Hidden files may include sensitive data or configuration files that can be exploited by attackers to gain unauthorized access or control over the application.

The template will send a series of HTTP requests to the target URL, looking for hidden files such as backup files, configuration files, or files that are typically hidden from view in the web server directory. If any files are detected, the template will generate a report detailing the files found.

reference: https://www.freecodecamp.org/news/how-to-fuzz-hidden-directories-files-with-ffuf/

How to use: nuclei -u -t webapp-hidden-files.yaml

Nuclei Template:

id: webapp-hidden-files

info:
  name: webapp-hidden-files
  author: sudouday
  severity: medium
  tags: file,exposure,disclosure,backup

requests:
  - method: GET
    path:
      - "{{BaseURL}}/images/home1.jpg"
      - "{{BaseURL}}/?tesref=true"
      - "{{BaseURL}}/listproducts.php?cat=1"
      - "{{BaseURL}}/admin/"
      - "{{BaseURL}}/.idea/modules.xml"
      - "{{BaseURL}}/admin/.htaccess"
      - "{{BaseURL}}/admin/?/login"
      - "{{BaseURL}}/.idea/scopes/scope_settings.xml"
      - "{{BaseURL}}/admin/_logs/access.log"
      - "{{BaseURL}}/.idea/encodings.xml"
      - "{{BaseURL}}/CVS/Root"
      - "{{BaseURL}}/admin/_logs/error-log"
      - "{{BaseURL}}/admin/_logs/error.log"
      - "{{BaseURL}}/admin/_logs/error_log"
      - "{{BaseURL}}/admin/_logs/login.txt"
      - "{{BaseURL}}/admin/access.log"
      - "{{BaseURL}}/admin/access.txt"
      - "{{BaseURL}}/Connections/"
      - "{{BaseURL}}/admin/account"
      - "{{BaseURL}}/admin/account.%EXT%"
      - "{{BaseURL}}/admin/account.html"
      - "{{BaseURL}}/admin/account.php"
      - "{{BaseURL}}/admin/admin"
      - "{{BaseURL}}/admin/admin-login"
      - "{{BaseURL}}/admin/admin-login.%EXT%"
      - "{{BaseURL}}/admin/admin-login.html"
      - "{{BaseURL}}/admin/admin-login.php"
      - "{{BaseURL}}/admin/admin.%EXT%"
      - "{{BaseURL}}/admin/admin.html"
      - "{{BaseURL}}/admin/admin.php"
      - "{{BaseURL}}/admin/admin.shtml"
      - "{{BaseURL}}/admin/admin/login"
      - "{{BaseURL}}/admin/admin_login"
      - "{{BaseURL}}/admin/admin_login.%EXT%"
      - "{{BaseURL}}/admin/admin_login.html"
      - "{{BaseURL}}/admin/admin_login.php"
      - "{{BaseURL}}/admin/adminLogin"
      - "{{BaseURL}}/admin/adminLogin.%EXT%"
      - "{{BaseURL}}/admin/adminLogin.htm"
      - "{{BaseURL}}/admin/adminLogin.html"
      - "{{BaseURL}}/admin/adminLogin.php"
      - "{{BaseURL}}/admin/backup/"
      - "{{BaseURL}}/admin/backups/"
      - "{{BaseURL}}/admin/config.php"
      - "{{BaseURL}}/admin/controlpanel"
      - "{{BaseURL}}/admin/controlpanel.%EXT%"
      - "{{BaseURL}}/admin/controlpanel.htm"
      - "{{BaseURL}}/admin/controlpanel.html"
      - "{{BaseURL}}/admin/controlpanel.php"
      - "{{BaseURL}}/admin/cp"
      - "{{BaseURL}}/admin/cp.%EXT%"
      - "{{BaseURL}}/admin/cp.html"
      - "{{BaseURL}}/admin/cp.php"
      - "{{BaseURL}}/admin/db/"
      - "{{BaseURL}}/admin/default"
      - "{{BaseURL}}/admin/default.asp"
      - "{{BaseURL}}/admin/default/admin.asp"
      - "{{BaseURL}}/admin/default/login.asp"
      - "{{BaseURL}}/admin/download.php"
      - "{{BaseURL}}/admin/dumper/"
      - "{{BaseURL}}/admin/error.log"
      - "{{BaseURL}}/admin/error.txt"
      - "{{BaseURL}}/admin/error_log"
      - "{{BaseURL}}/admin/export.php"
      - "{{BaseURL}}/admin/FCKeditor"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/connectors/asp/upload.asp"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/connectors/php/connector.php"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/connectors/php/upload.php"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/upload/asp/upload.asp"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/upload/aspx/upload.aspx"
      - "{{BaseURL}}/admin/fckeditor/editor/filemanager/upload/php/upload.php"
      - "{{BaseURL}}/admin/file.php"
      - "{{BaseURL}}/admin/files.php"
      - "{{BaseURL}}/admin/home"
      - "{{BaseURL}}/admin/home.%EXT%"
      - "{{BaseURL}}/admin/home.html"
      - "{{BaseURL}}/admin/home.php"
      - "{{BaseURL}}/admin/includes/configure.php~"
      - "{{BaseURL}}/admin/index"
      - "{{BaseURL}}/admin/index.%EXT%"
      - "{{BaseURL}}/admin/index.asp"
      - "{{BaseURL}}/admin/index.html"
      - "{{BaseURL}}/admin/index.php"
      - "{{BaseURL}}/admin/js/tiny_mce"
      - "{{BaseURL}}/admin/js/tiny_mce/"
      - "{{BaseURL}}/admin/js/tinymce"
      - "{{BaseURL}}/admin/js/tinymce/"
      - "{{BaseURL}}/Admin/knowledge/dsmgr/users/GroupManager.%EXT%"
      - "{{BaseURL}}/Admin/knowledge/dsmgr/users/UserManager.%EXT%"
      - "{{BaseURL}}/admin/log"
      - "{{BaseURL}}/admin/login"
      - "{{BaseURL}}/admin/login.%EXT%"
      - "{{BaseURL}}/Admin/login.%EXT%"
      - "{{BaseURL}}/admin/login.asp"
      - "{{BaseURL}}/admin/login.do"
      - "{{BaseURL}}/admin/login.htm"
      - "{{BaseURL}}/admin/login.html"
      - "{{BaseURL}}/admin/login.jsp"
      - "{{BaseURL}}/admin/login.php"
      - "{{BaseURL}}/admin/login.py"
      - "{{BaseURL}}/admin/login.rb"
      - "{{BaseURL}}/Admin/login/"
      - "{{BaseURL}}/admin/logon.jsp"
      - "{{BaseURL}}/admin/logs/"
      - "{{BaseURL}}/admin/logs/access-log"
      - "{{BaseURL}}/admin/logs/access.log"
      - "{{BaseURL}}/admin/logs/access_log"
      - "{{BaseURL}}/admin/logs/err.log"
      - "{{BaseURL}}/admin/logs/error-log"
      - "{{BaseURL}}/admin/logs/error.log"
      - "{{BaseURL}}/admin/logs/error_log"
      - "{{BaseURL}}/admin/logs/login.txt"
      - "{{BaseURL}}/admin/manage"
      - "{{BaseURL}}/admin/manage.asp"
      - "{{BaseURL}}/admin/manage/admin.asp"
      - "{{BaseURL}}/admin/manage/login.asp"
      - "{{BaseURL}}/admin/mysql/"
      - "{{BaseURL}}/admin/phpMyAdmin"
      - "{{BaseURL}}/admin/phpmyadmin/"
      - "{{BaseURL}}/admin/phpMyAdmin/"
      - "{{BaseURL}}/admin/pMA/"
      - "{{BaseURL}}/admin/pma/"
      - "{{BaseURL}}/admin/pol_log.txt"
      - "{{BaseURL}}/admin/private/logs"
      - "{{BaseURL}}/admin/release"
      - "{{BaseURL}}/admin/scripts/fckeditor"
      - "{{BaseURL}}/admin/secure/logon.jsp"
      - "{{BaseURL}}/admin/signin"
      - "{{BaseURL}}/admin/sqladmin/"
      - "{{BaseURL}}/admin/sxd/"
      - "{{BaseURL}}/admin/sysadmin/"
      - "{{BaseURL}}/admin/tiny_mce"
      - "{{BaseURL}}/admin/tinymce"
      - "{{BaseURL}}/admin/upload.php"
      - "{{BaseURL}}/admin/uploads.php"
      - "{{BaseURL}}/admin/user_count.txt"
      - "{{BaseURL}}/admin/web/"
      - "{{BaseURL}}/admin0"
      - "{{BaseURL}}/admin00"
      - "{{BaseURL}}/admin08"
      - "{{BaseURL}}/admin09"
      - "{{BaseURL}}/admin1"
      - "{{BaseURL}}/admin1.%EXT%"
      - "{{BaseURL}}/admin1.htm"
      - "{{BaseURL}}/admin1.html"
      - "{{BaseURL}}/admin1.php"
      - "{{BaseURL}}/admin1/"
      - "{{BaseURL}}/admin12"
      - "{{BaseURL}}/admin123"
      - "{{BaseURL}}/admin150"
      - "{{BaseURL}}/admin2"
      - "{{BaseURL}}/admin2.%EXT%"
      - "{{BaseURL}}/admin2.asp"
      - "{{BaseURL}}/admin2.cfm"
      - "{{BaseURL}}/admin2.html"
      - "{{BaseURL}}/admin2.old/"
      - "{{BaseURL}}/admin2.php"
      - "{{BaseURL}}/admin2/"
      - "{{BaseURL}}/admin2/index.%EXT%"
      - "{{BaseURL}}/admin2/index.php"
      - "{{BaseURL}}/admin2/login.%EXT%"
      - "{{BaseURL}}/admin2/login.php"
      - "{{BaseURL}}/admin2006/"
      - "{{BaseURL}}/admin2007"
      - "{{BaseURL}}/admin2007/"
      - "{{BaseURL}}/admin2008"
      - "{{BaseURL}}/admin2008/"
      - "{{BaseURL}}/admin2009"
      - "{{BaseURL}}/admin2009/"
      - "{{BaseURL}}/admin2010"
      - "{{BaseURL}}/admin2010/"
      - "{{BaseURL}}/admin2011"
      - "{{BaseURL}}/admin2011/"
      - "{{BaseURL}}/admin2012/"
      - "{{BaseURL}}/admin2013/"
      - "{{BaseURL}}/admin21"
      - "{{BaseURL}}/admin256"
      - "{{BaseURL}}/admin3"
      - "{{BaseURL}}/admin3/"
      - "{{BaseURL}}/admin3388"
      - "{{BaseURL}}/admin4"
      - "{{BaseURL}}/admin4.nsf"
      - "{{BaseURL}}/admin4/"
      - "{{BaseURL}}/admin44cp"
      - "{{BaseURL}}/admin4_account/"
      - "{{BaseURL}}/admin4_colon/"
      - "{{BaseURL}}/admin5/"
      - "{{BaseURL}}/admin7"
      - "{{BaseURL}}/admin711"
      - "{{BaseURL}}/admin750"
      - "{{BaseURL}}/admin777"
      - "{{BaseURL}}/admin88"
      - "{{BaseURL}}/admin888"
      - "{{BaseURL}}/admin99"
      - "{{BaseURL}}/admin_"
      - "{{BaseURL}}/admin_/"
      - "{{BaseURL}}/admin_04"
      - "{{BaseURL}}/admin_05"
      - "{{BaseURL}}/admin_0ec"
      - "{{BaseURL}}/admin_1"
      - "{{BaseURL}}/admin_101"
      - "{{BaseURL}}/admin_19_july"
      - "{{BaseURL}}/admin_action.%EXT%"
      - "{{BaseURL}}/admin_actions.%EXT%"
      - "{{BaseURL}}/admin_address.%EXT%"
      - "{{BaseURL}}/admin_admin"
      - "{{BaseURL}}/admin_admin.%EXT%"
      - "{{BaseURL}}/admin_ads.%EXT%"
      - "{{BaseURL}}/admin_advert.%EXT%"
      - "{{BaseURL}}/admin_album.%EXT%"
      - "{{BaseURL}}/admin_alldel.%EXT%"
      - "{{BaseURL}}/admin_area"
      - "{{BaseURL}}/admin_area.php"
      - "{{BaseURL}}/admin_area/"
      - "{{BaseURL}}/admin_area/admin"
      - "{{BaseURL}}/admin_area/admin.%EXT%"
      - "{{BaseURL}}/admin_area/admin.html"
      - "{{BaseURL}}/admin_area/admin.php"
      - "{{BaseURL}}/admin_area/index.%EXT%"
      - "{{BaseURL}}/admin_area/index.html"
      - "{{BaseURL}}/admin_area/index.php"
      - "{{BaseURL}}/admin_area/login"
      - "{{BaseURL}}/admin_area/login.%EXT%"
      - "{{BaseURL}}/admin_area/login.html"
      - "{{BaseURL}}/admin_area/login.php"
      - "{{BaseURL}}/admin_assist.%EXT%"
      - "{{BaseURL}}/admin_assist1.%EXT%"
      - "{{BaseURL}}/admin_assist2.%EXT%"
      - "{{BaseURL}}/admin_assist3.%EXT%"
      - "{{BaseURL}}/admin_assist4.%EXT%"
      - "{{BaseURL}}/admin_awards.%EXT%"
      - "{{BaseURL}}/admin_backend"
      - "{{BaseURL}}/admin_backup"
      - "{{BaseURL}}/admin_badword.%EXT%"
      - "{{BaseURL}}/admin_banner"
      - "{{BaseURL}}/admin_banner.%EXT%"
      - "{{BaseURL}}/admin_bans.%EXT%"
      - "{{BaseURL}}/admin_bedit.%EXT%"
      - "{{BaseURL}}/admin_beta"
      - "{{BaseURL}}/admin_bk"
      - "{{BaseURL}}/admin_board"
      - "{{BaseURL}}/admin_board.%EXT%"
      - "{{BaseURL}}/admin_boardset.%EXT%"
      - "{{BaseURL}}/admin_c"
      - "{{BaseURL}}/admin_cat.%EXT%"
      - "{{BaseURL}}/admin_catalog"
      - "{{BaseURL}}/admin_cd"
      - "{{BaseURL}}/admin_censoring.%EXT%"
      - "{{BaseURL}}/admin_cmgd_1"
      - "{{BaseURL}}/admin_cms"
      - "{{BaseURL}}/admin_common"
      - "{{BaseURL}}/admin_comp.%EXT%"
      - "{{BaseURL}}/admin_compactdb.%EXT%"
      - "{{BaseURL}}/admin_config.%EXT%"
      - "{{BaseURL}}/admin_control"
      - "{{BaseURL}}/admin_count.%EXT%"
      - "{{BaseURL}}/admin_cp"
      - "{{BaseURL}}/admin_custom"
      - "{{BaseURL}}/admin_customer"
      - "{{BaseURL}}/admin_customers.%EXT%"
      - "{{BaseURL}}/admin_d"
      - "{{BaseURL}}/admin_data.%EXT%"
      - "{{BaseURL}}/admin_db"
      - "{{BaseURL}}/admin_default.%EXT%"
      - "{{BaseURL}}/admin_deletecat.%EXT%"
      - "{{BaseURL}}/admin_dev"
      - "{{BaseURL}}/admin_dev.%EXT%"
      - "{{BaseURL}}/admin_dir"
      - "{{BaseURL}}/admin_down.%EXT%"
      - "{{BaseURL}}/admin_edit.%EXT%"
      - "{{BaseURL}}/admin_edit_firm.%EXT%"
      - "{{BaseURL}}/admin_edit_page.%EXT%"
      - "{{BaseURL}}/admin_edite.%EXT%"
      - "{{BaseURL}}/admin_en"
      - "{{BaseURL}}/admin_events"
      - "{{BaseURL}}/admin_expired.%EXT%"
      - "{{BaseURL}}/admin_files"
      - "{{BaseURL}}/admin_forums.%EXT%"
      - "{{BaseURL}}/admin_gespro"
      - "{{BaseURL}}/admin_groups.%EXT%"
      - "{{BaseURL}}/admin_guestbook.%EXT%"
      - "{{BaseURL}}/admin_help"
      - "{{BaseURL}}/admin_home.%EXT%"
      - "{{BaseURL}}/admin_images"
      - "{{BaseURL}}/admin_imgmod.%EXT%"
      - "{{BaseURL}}/admin_imob_1"
      - "{{BaseURL}}/admin_imob_2"
      - "{{BaseURL}}/admin_index"
      - "{{BaseURL}}/admin_index.%EXT%"
      - "{{BaseURL}}/admin_index.asp"
      - "{{BaseURL}}/admin_info.%EXT%"
      - "{{BaseURL}}/admin_iprev.%EXT%"
      - "{{BaseURL}}/admin_js"
      - "{{BaseURL}}/admin_ldown.%EXT%"
      - "{{BaseURL}}/admin_left.%EXT%"
      - "{{BaseURL}}/admin_links.%EXT%"
      - "{{BaseURL}}/admin_loader.%EXT%"
      - "{{BaseURL}}/admin_login"
      - "{{BaseURL}}/admin_login.%EXT%"
      - "{{BaseURL}}/admin_login.html"
      - "{{BaseURL}}/admin_login.php"
      - "{{BaseURL}}/admin_login/"
      - "{{BaseURL}}/admin_login/admin.asp"
      - "{{BaseURL}}/admin_login/login.asp"
      - "{{BaseURL}}/admin_logon"
      - "{{BaseURL}}/admin_logon.%EXT%"
      - "{{BaseURL}}/admin_logon/"
      - "{{BaseURL}}/admin_logout.%EXT%"
      - "{{BaseURL}}/admin_logs.%EXT%"
      - "{{BaseURL}}/admin_main"
      - "{{BaseURL}}/admin_main.%EXT%"
      - "{{BaseURL}}/admin_main.txt"
      - "{{BaseURL}}/admin_manage"
      - "{{BaseURL}}/admin_media"
      - "{{BaseURL}}/admin_members.%EXT%"
      - "{{BaseURL}}/admin_menu"
      - "{{BaseURL}}/admin_menu.%EXT%"
      - "{{BaseURL}}/admin_messages.%EXT%"
      - "{{BaseURL}}/admin_my_avatar.%EXT%"
      - "{{BaseURL}}/admin_navigation"
      - "{{BaseURL}}/admin_netref"
      - "{{BaseURL}}/admin_neu"
      - "{{BaseURL}}/admin_new"
      - "{{BaseURL}}/admin_news"
      - "{{BaseURL}}/admin_news.%EXT%"
      - "{{BaseURL}}/admin_newspost.%EXT%"
      - "{{BaseURL}}/admin_nonssl"
      - "{{BaseURL}}/admin_old"
      - "{{BaseURL}}/admin_online"
      - "{{BaseURL}}/admin_options.%EXT%"
      - "{{BaseURL}}/admin_pages"
      - "{{BaseURL}}/admin_panel"
      - "{{BaseURL}}/admin_panel.%EXT%"
      - "{{BaseURL}}/admin_partner"
      - "{{BaseURL}}/admin_pass"
      - "{{BaseURL}}/admin_paylog.%EXT%"
      - "{{BaseURL}}/admin_payment.%EXT%"
      - "{{BaseURL}}/admin_pc"
      - "{{BaseURL}}/admin_pcc"
      - "{{BaseURL}}/admin_pdf.%EXT%"
      - "{{BaseURL}}/admin_pending.%EXT%"
      - "{{BaseURL}}/admin_picks.%EXT%"
      - "{{BaseURL}}/admin_pmmaint.%EXT%"
      - "{{BaseURL}}/admin_pn"
      - "{{BaseURL}}/admin_policy.%EXT%"
      - "{{BaseURL}}/admin_poll.%EXT%"
      - "{{BaseURL}}/admin_pop_mail.%EXT%"
      - "{{BaseURL}}/admin_postings.%EXT%"
      - "{{BaseURL}}/admin_ppc"
      - "{{BaseURL}}/admin_pr"
      - "{{BaseURL}}/admin_pragma6"
      - "{{BaseURL}}/admin_private"
      - "{{BaseURL}}/admin_process.%EXT%"
      - "{{BaseURL}}/admin_report"
      - "{{BaseURL}}/admin_reports"
      - "{{BaseURL}}/admin_reset.%EXT%"
      - "{{BaseURL}}/admin_review"
      - "{{BaseURL}}/admin_rotator.%EXT%"
      - "{{BaseURL}}/admin_rules.%EXT%"
      - "{{BaseURL}}/admin_save"
      - "{{BaseURL}}/admin_scripts"
      - "{{BaseURL}}/admin_search.%EXT%"
      - "{{BaseURL}}/admin_search_ip.%EXT%"
      - "{{BaseURL}}/admin_searchlog.%EXT%"
      - "{{BaseURL}}/admin_secure"
      - "{{BaseURL}}/admin_settings.%EXT%"
      - "{{BaseURL}}/admin_setup.%EXT%"
      - "{{BaseURL}}/admin_shop"
      - "{{BaseURL}}/admin_SigImage.%EXT%"
      - "{{BaseURL}}/admin_site"
      - "{{BaseURL}}/admin_sitestat.%EXT%"
      - "{{BaseURL}}/admin_staff"
      - "{{BaseURL}}/admin_store"
      - "{{BaseURL}}/admin_story.%EXT%"
      - "{{BaseURL}}/admin_stuff"
      - "{{BaseURL}}/admin_super"
      - "{{BaseURL}}/admin_sync.%EXT%"
      - "{{BaseURL}}/admin_tdet.%EXT%"
      - "{{BaseURL}}/admin_temp"
      - "{{BaseURL}}/admin_template.%EXT%"
      - "{{BaseURL}}/admin_templates"
      - "{{BaseURL}}/admin_test"
      - "{{BaseURL}}/admin_test.%EXT%"
      - "{{BaseURL}}/admin_tool"
      - "{{BaseURL}}/admin_tools"
      - "{{BaseURL}}/admin_tools/"
      - "{{BaseURL}}/admin_top.%EXT%"
      - "{{BaseURL}}/admin_tpl"
      - "{{BaseURL}}/admin_udown.%EXT%"
      - "{{BaseURL}}/admin_update.%EXT%"
      - "{{BaseURL}}/admin_user"
      - "{{BaseURL}}/admin_user.%EXT%"
      - "{{BaseURL}}/admin_userdet.%EXT%"
      - "{{BaseURL}}/admin_users"
      - "{{BaseURL}}/admin_users.%EXT%"
      - "{{BaseURL}}/admin_usrmgr.%EXT%"
      - "{{BaseURL}}/admin_util"
      - "{{BaseURL}}/admin_web"
      - "{{BaseURL}}/admin_website"
      - "{{BaseURL}}/admin_welcome.%EXT%"
      - "{{BaseURL}}/admin_wjg"
      - "{{BaseURL}}/admina"
      - "{{BaseURL}}/admina.%EXT%"
      - "{{BaseURL}}/adminandy"
      - "{{BaseURL}}/adminArea"
      - "{{BaseURL}}/adminarea"
      - "{{BaseURL}}/adminarea/"
      - "{{BaseURL}}/adminarea/admin.%EXT%"
      - "{{BaseURL}}/adminarea/admin.html"
      - "{{BaseURL}}/adminarea/admin.php"
      - "{{BaseURL}}/adminarea/index.%EXT%"
      - "{{BaseURL}}/adminarea/index.html"
      - "{{BaseURL}}/adminarea/index.php"
      - "{{BaseURL}}/adminarea/login.%EXT%"
      - "{{BaseURL}}/adminarea/login.html"
      - "{{BaseURL}}/adminarea/login.php"
      - "{{BaseURL}}/adminB"
      - "{{BaseURL}}/adminbackups"
      - "{{BaseURL}}/adminbanners.%EXT%"
      - "{{BaseURL}}/adminbb"
      - "{{BaseURL}}/adminbecas"
      - "{{BaseURL}}/adminbereich"
      - "{{BaseURL}}/adminbeta"
      - "{{BaseURL}}/adminblog"
      - "{{BaseURL}}/adminc"
      - "{{BaseURL}}/adminc.%EXT%"
      - "{{BaseURL}}/adminCalendar.%EXT%"
      - "{{BaseURL}}/AdminCaptureRootCA"
      - "{{BaseURL}}/admincatgroup.%EXT%"
      - "{{BaseURL}}/admincby"
      - "{{BaseURL}}/admincc"
      - "{{BaseURL}}/admincenter"
      - "{{BaseURL}}/admincenter.%EXT%"
      - "{{BaseURL}}/admincheg"
      - "{{BaseURL}}/AdminClients"
      - "{{BaseURL}}/adminclude"
      - "{{BaseURL}}/adminCMS"
      - "{{BaseURL}}/admincms"
      - "{{BaseURL}}/admincodes"
      - "{{BaseURL}}/AdminConnections"
      - "{{BaseURL}}/adminconsole"
      - "{{BaseURL}}/admincontent"
      - "{{BaseURL}}/admincontrol"
      - "{{BaseURL}}/admincontrol.%EXT%"
      - "{{BaseURL}}/admincontrol.html"
      - "{{BaseURL}}/admincontrol.php"
      - "{{BaseURL}}/admincontrol/"
      - "{{BaseURL}}/admincontrol/login.%EXT%"
      - "{{BaseURL}}/admincontrol/login.html"
      - "{{BaseURL}}/admincontrol/login.php"
      - "{{BaseURL}}/admincp"
      - "{{BaseURL}}/admincp.%EXT%"
      - "{{BaseURL}}/admincp/"
      - "{{BaseURL}}/admincp/index.%EXT%"
      - "{{BaseURL}}/admincp/index.asp"
      - "{{BaseURL}}/admincp/index.html"
      - "{{BaseURL}}/admincp/js/kindeditor/"
      - "{{BaseURL}}/admincp/login"
      - "{{BaseURL}}/admincp/login.%EXT%"
      - "{{BaseURL}}/admincp/login.asp"
      - "{{BaseURL}}/admincp/upload/"
      - "{{BaseURL}}/admincpanel"
      - "{{BaseURL}}/admincrud"
      - "{{BaseURL}}/admincurrency.%EXT%"
      - "{{BaseURL}}/admindav.%EXT%"
      - "{{BaseURL}}/admindb"
      - "{{BaseURL}}/admindemo"
      - "{{BaseURL}}/admine"
      - "{{BaseURL}}/adminED"
      - "{{BaseURL}}/adminedit"
      - "{{BaseURL}}/adminemails.%EXT%"
      - "{{BaseURL}}/adminer-3.4.0-en.%EXT%"
      - "{{BaseURL}}/adminer-3.4.0-mysql.%EXT%"
      - "{{BaseURL}}/adminer-3.4.0.%EXT%"
      - "{{BaseURL}}/adminer-4.0.3-mysql.php"
      - "{{BaseURL}}/adminer-4.0.3.php"
      - "{{BaseURL}}/adminer-4.1.0-mysql.php"
      - "{{BaseURL}}/adminer-4.1.0.php"
      - "{{BaseURL}}/adminer-4.2.0-mysql.php"
      - "{{BaseURL}}/adminer-4.2.0.php"
      - "{{BaseURL}}/adminer.php"
      - "{{BaseURL}}/adminer/"
      - "{{BaseURL}}/adminer/adminer.php"
      - "{{BaseURL}}/adminer_coverage.ser"
      - "{{BaseURL}}/AdminEvents"
      - "{{BaseURL}}/adminexec.%EXT%"
      - "{{BaseURL}}/adminfeedback"
      - "{{BaseURL}}/adminfeedback.%EXT%"
      - "{{BaseURL}}/adminFiles"
      - "{{BaseURL}}/adminfiles"
      - "{{BaseURL}}/adminFlora"
      - "{{BaseURL}}/adminfolder"
      - "{{BaseURL}}/adminforce"
      - "{{BaseURL}}/adminforms"
      - "{{BaseURL}}/adminforum"
      - "{{BaseURL}}/adminftp"
      - "{{BaseURL}}/adminfunction.%EXT%"
      - "{{BaseURL}}/adminfunctions.%EXT%"
      - "{{BaseURL}}/admingames"
      - "{{BaseURL}}/admingen"
      - "{{BaseURL}}/admingh"
      - "{{BaseURL}}/adminguide"
      - "{{BaseURL}}/adminhome"
      - "{{BaseURL}}/adminhome.%EXT%"
      - "{{BaseURL}}/adminHome.%EXT%"
      - "{{BaseURL}}/adminhtml"
      - "{{BaseURL}}/admini"
      - "{{BaseURL}}/adminibator"
      - "{{BaseURL}}/adminindex.%EXT%"
      - "{{BaseURL}}/admininistration"
      - "{{BaseURL}}/admininitems.%EXT%"
      - "{{BaseURL}}/admininterface"
      - "{{BaseURL}}/adminis"
      - "{{BaseURL}}/adminis.php"
      - "{{BaseURL}}/adminisrator"
      - "{{BaseURL}}/administ"
      - "{{BaseURL}}/administation"
      - "{{BaseURL}}/administator"
      - "{{BaseURL}}/administer"
      - "{{BaseURL}}/administer/"
      - "{{BaseURL}}/administr8"
      - "{{BaseURL}}/administr8.php"
      - "{{BaseURL}}/administr8/"
      - "{{BaseURL}}/administra"
      - "{{BaseURL}}/administracao"
      - "{{BaseURL}}/Administracao.%EXT%"
      - "{{BaseURL}}/administracao.%EXT%"
      - "{{BaseURL}}/administracao.php"
      - "{{BaseURL}}/administrace"
      - "{{BaseURL}}/administracija"
      - "{{BaseURL}}/administracio"
      - "{{BaseURL}}/administracion"
      - "{{BaseURL}}/Administracion.%EXT%"
      - "{{BaseURL}}/administracion.%EXT%"
      - "{{BaseURL}}/administracion.php"
      - "{{BaseURL}}/administracion/"
      - "{{BaseURL}}/administracja"
      - "{{BaseURL}}/administrador"
      - "{{BaseURL}}/administrador/"
      - "{{BaseURL}}/administraotr"
      - "{{BaseURL}}/administrar"
      - "{{BaseURL}}/administrare"
      - "{{BaseURL}}/administrasjon"
      - "{{BaseURL}}/administrate"
      - "{{BaseURL}}/administrateur"
      - "{{BaseURL}}/administrateur.%EXT%"
      - "{{BaseURL}}/Administrateur.%EXT%"
      - "{{BaseURL}}/administrateur.php"
      - "{{BaseURL}}/administrateur/"
      - "{{BaseURL}}/administratie"
      - "{{BaseURL}}/administratie/"
      - "{{BaseURL}}/administration"
      - "{{BaseURL}}/administration.%EXT%"
      - "{{BaseURL}}/Administration.%EXT%"
      - "{{BaseURL}}/Administration.html"
      - "{{BaseURL}}/administration.html"
      - "{{BaseURL}}/administration.php"
      - "{{BaseURL}}/administration.shtml"
      - "{{BaseURL}}/Administration.shtml"
      - "{{BaseURL}}/administration/"
      - "{{BaseURL}}/administration/Sym.php"
      - "{{BaseURL}}/administrative"
      - "{{BaseURL}}/administrative/"
      - "{{BaseURL}}/administrative/login_history"
      - "{{BaseURL}}/administrativo"
      - "{{BaseURL}}/administrator"
      - "{{BaseURL}}/Administrator"
      - "{{BaseURL}}/administrator-login/"
      - "{{BaseURL}}/administrator.%EXT%"
      - "{{BaseURL}}/Administrator.%EXT%"
      - "{{BaseURL}}/administrator.htm"
      - "{{BaseURL}}/Administrator.htm"
      - "{{BaseURL}}/administrator.html"
      - "{{BaseURL}}/Administrator.html"
      - "{{BaseURL}}/administrator.jsp"
      - "{{BaseURL}}/Administrator.jsp"
      - "{{BaseURL}}/administrator.php"
      - "{{BaseURL}}/administrator.py"
      - "{{BaseURL}}/administrator.rb"
      - "{{BaseURL}}/Administrator.shtml"
      - "{{BaseURL}}/administrator.shtml"
      - "{{BaseURL}}/administrator/"
      - "{{BaseURL}}/Administrator/"
      - "{{BaseURL}}/administrator/.htaccess"
      - "{{BaseURL}}/administrator/account"
      - "{{BaseURL}}/administrator/account.%EXT%"
      - "{{BaseURL}}/administrator/account.html"
      - "{{BaseURL}}/administrator/account.php"
      - "{{BaseURL}}/administrator/admin.asp"
      - "{{BaseURL}}/administrator/admin/"
      - "{{BaseURL}}/administrator/db/"
      - "{{BaseURL}}/administrator/index.%EXT%"
      - "{{BaseURL}}/administrator/index.html"
      - "{{BaseURL}}/administrator/index.php"
      - "{{BaseURL}}/administrator/login"
      - "{{BaseURL}}/Administrator/login"
      - "{{BaseURL}}/administrator/login.%EXT%"
      - "{{BaseURL}}/administrator/login.asp"
      - "{{BaseURL}}/administrator/login.html"
      - "{{BaseURL}}/administrator/login.php"
      - "{{BaseURL}}/administrator/logs"
      - "{{BaseURL}}/administrator/phpmyadmin/"
      - "{{BaseURL}}/administrator/phpMyAdmin/"
      - "{{BaseURL}}/administrator/pma/"
      - "{{BaseURL}}/administrator/PMA/"
      - "{{BaseURL}}/administrator/web/"
      - "{{BaseURL}}/administrator2"
      - "{{BaseURL}}/administratoraccounts/"
      - "{{BaseURL}}/administratorlogin"
      - "{{BaseURL}}/administratorlogin.php"
      - "{{BaseURL}}/administratorlogin/"
      - "{{BaseURL}}/administrators"
      - "{{BaseURL}}/administrators.php"
      - "{{BaseURL}}/administrators.pwd"
      - "{{BaseURL}}/administrators/"
      - "{{BaseURL}}/administratsiya"
      - "{{BaseURL}}/administrer"
      - "{{BaseURL}}/administrivia"
      - "{{BaseURL}}/administrivia/"
      - "{{BaseURL}}/adminitem"
      - "{{BaseURL}}/adminitem/"
      - "{{BaseURL}}/adminitems"
      - "{{BaseURL}}/adminitems.php"
      - "{{BaseURL}}/adminitems/"
      - "{{BaseURL}}/AdminJDBC"
      - "{{BaseURL}}/adminjsp"
      - "{{BaseURL}}/admink"
      - "{{BaseURL}}/adminka"
      - "{{BaseURL}}/adminka.%EXT%"
      - "{{BaseURL}}/adminko"
      - "{{BaseURL}}/adminl.%EXT%"
      - "{{BaseURL}}/adminlevel"
      - "{{BaseURL}}/AdminLicense"
      - "{{BaseURL}}/adminlinks"
      - "{{BaseURL}}/adminlinks.%EXT%"
      - "{{BaseURL}}/adminlist.%EXT%"
      - "{{BaseURL}}/adminlistings.x"
      - "{{BaseURL}}/adminlocales.%EXT%"
      - "{{BaseURL}}/adminlogin"
      - "{{BaseURL}}/adminlogin.%EXT%"
      - "{{BaseURL}}/adminLogin.%EXT%"
      - "{{BaseURL}}/adminLogin.html"
      - "{{BaseURL}}/adminlogin.php"
      - "{{BaseURL}}/adminLogin.php"
      - "{{BaseURL}}/adminLogin/"
      - "{{BaseURL}}/adminlogin/"
      - "{{BaseURL}}/adminlogon"
      - "{{BaseURL}}/adminlogon.%EXT%"
      - "{{BaseURL}}/adminlogon/"
      - "{{BaseURL}}/adminm"
      - "{{BaseURL}}/adminm.%EXT%"
      - "{{BaseURL}}/AdminMain"
      - "{{BaseURL}}/adminmanager"
      - "{{BaseURL}}/adminmassmail.%EXT%"
      - "{{BaseURL}}/adminmaster"
      - "{{BaseURL}}/adminMember.%EXT%"
      - "{{BaseURL}}/adminmember/"
      - "{{BaseURL}}/adminmenu"
      - "{{BaseURL}}/adminmodule"
      - "{{BaseURL}}/adminn"
      - "{{BaseURL}}/adminnav.%EXT%"
      - "{{BaseURL}}/adminnet"
      - "{{BaseURL}}/adminnew"
      - "{{BaseURL}}/adminnews"
      - "{{BaseURL}}/adminnorthface"
      - "{{BaseURL}}/admino"
      - "{{BaseURL}}/adminok"
      - "{{BaseURL}}/adminOLD"
      - "{{BaseURL}}/adminold"
      - "{{BaseURL}}/adminonline"
      - "{{BaseURL}}/adminonly"
      - "{{BaseURL}}/adminopanel"
      - "{{BaseURL}}/adminp"
      - "{{BaseURL}}/adminpage"
      - "{{BaseURL}}/adminpages"
      - "{{BaseURL}}/adminpanel"
      - "{{BaseURL}}/adminPanel"
      - "{{BaseURL}}/adminpanel.%EXT%"
      - "{{BaseURL}}/adminpanel.html"
      - "{{BaseURL}}/adminpanel.php"
      - "{{BaseURL}}/adminpanel/"
      - "{{BaseURL}}/adminPeople.cfm"
      - "{{BaseURL}}/adminPHP"
      - "{{BaseURL}}/adminpool"
      - "{{BaseURL}}/adminpp"
      - "{{BaseURL}}/adminPR24"
      - "{{BaseURL}}/adminprefs.%EXT%"
      - "{{BaseURL}}/adminpro"
      - "{{BaseURL}}/adminpro/"
      - "{{BaseURL}}/AdminProps"
      - "{{BaseURL}}/adminq"
      - "{{BaseURL}}/adminradii"
      - "{{BaseURL}}/AdminRealm"
      - "{{BaseURL}}/adminreports"
      - "{{BaseURL}}/adminresources"
      - "{{BaseURL}}/adminroot"
      - "{{BaseURL}}/admins"
      - "{{BaseURL}}/admins.%EXT%"
      - "{{BaseURL}}/admins.asp"
      - "{{BaseURL}}/admins.php"
      - "{{BaseURL}}/admins/"
      - "{{BaseURL}}/admins/backup/"
      - "{{BaseURL}}/admins/log.txt"
      - "{{BaseURL}}/adminsales"
      - "{{BaseURL}}/adminscripts"
      - "{{BaseURL}}/adminserver"
      - "{{BaseURL}}/adminSettings.%EXT%"
      - "{{BaseURL}}/adminsFUCKYOU.%EXT%"
      - "{{BaseURL}}/adminshop"
      - "{{BaseURL}}/adminshout"
      - "{{BaseURL}}/adminsite"
      - "{{BaseURL}}/adminsite/"
      - "{{BaseURL}}/adminsql"
      - "{{BaseURL}}/adminstaff"
      - "{{BaseURL}}/adminStatistics.%EXT%"
      - "{{BaseURL}}/adminstore"
      - "{{BaseURL}}/adminstration"
      - "{{BaseURL}}/adminstuff"
      - "{{BaseURL}}/adminsys"
      - "{{BaseURL}}/adminsystem"
      - "{{BaseURL}}/adminsystems"
      - "{{BaseURL}}/admint"
      - "{{BaseURL}}/admintable.%EXT%"
      - "{{BaseURL}}/adminTeb"
      - "{{BaseURL}}/admintemplates"
      - "{{BaseURL}}/admintest"
      - "{{BaseURL}}/adminth"
      - "{{BaseURL}}/AdminThreads"
      - "{{BaseURL}}/admintool"
      - "{{BaseURL}}/admintool.jsp"
      - "{{BaseURL}}/admintools"
      - "{{BaseURL}}/AdminTools/"
      - "{{BaseURL}}/admintopvnet"
      - "{{BaseURL}}/adminui"
      - "{{BaseURL}}/adminus"
      - "{{BaseURL}}/adminuser"
      - "{{BaseURL}}/adminusers"
      - "{{BaseURL}}/adminusers.%EXT%"
      - "{{BaseURL}}/adminv"
      - "{{BaseURL}}/adminv2"
      - "{{BaseURL}}/adminv3"
      - "{{BaseURL}}/AdminVersion"
      - "{{BaseURL}}/adminweb"
      - "{{BaseURL}}/adminWfvkW.%EXT%"
      - "{{BaseURL}}/adminx"
      - "{{BaseURL}}/adminXP"
      - "{{BaseURL}}/adminxxx"
      - "{{BaseURL}}/adminz"
      - "{{BaseURL}}/adminzone"
      - "{{BaseURL}}/admloginuser.%EXT%"
      - "{{BaseURL}}/admloginuser.php"
      - "{{BaseURL}}/admpar/.ftppass"
      - "{{BaseURL}}/admrev/.ftppass"
      - "{{BaseURL}}/admrev/_files/"
      - "{{BaseURL}}/adovbs.inc"
      - "{{BaseURL}}/ads"
      - "{{BaseURL}}/adsamples/"
      - "{{BaseURL}}/adv.%EXT%"
      - "{{BaseURL}}/advadmin"
      - "{{BaseURL}}/advertise"
      - "{{BaseURL}}/advertising"
      - "{{BaseURL}}/adview"
      - "{{BaseURL}}/advisories"
      - "{{BaseURL}}/advsearch.%EXT%"
      - "{{BaseURL}}/AdvWorks/equipment/catalog_type.%EXT%"
      - "{{BaseURL}}/afadmin"
      - "{{BaseURL}}/affadmin"
      - "{{BaseURL}}/affiliate"
      - "{{BaseURL}}/affiliate.%EXT%"
      - "{{BaseURL}}/affiliate.php"
      - "{{BaseURL}}/affiliate_admin"
      - "{{BaseURL}}/affiliate_terms.%EXT%"
      - "{{BaseURL}}/affiliates"
      - "{{BaseURL}}/affiliates.sql"
      - "{{BaseURL}}/agadmin"
      - "{{BaseURL}}/agent_admin"
      - "{{BaseURL}}/aiadmin"
      - "{{BaseURL}}/ainstall"
      - "{{BaseURL}}/ajax"
      - "{{BaseURL}}/ajfhasdfgsagfakjhgd"
      - "{{BaseURL}}/akeeba.backend.log"
      - "{{BaseURL}}/AlbumCatalogWeb"
      - "{{BaseURL}}/AlbumCatalogWeb/"
      - "{{BaseURL}}/AlbumCatalogWeb/docs/"
      - "{{BaseURL}}/AlbumCatalogWeb/docsservlet"
      - "{{BaseURL}}/AlbumCatalogWeb/docsservlet/"
      - "{{BaseURL}}/AlbumCatalogWebservlet"
      - "{{BaseURL}}/AlbumCatalogWebservlet/"
      - "{{BaseURL}}/albums"
      - "{{BaseURL}}/all"
      - "{{BaseURL}}/all/modules/ogdi_field/plugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf"
      - "{{BaseURL}}/alm_admin"
      - "{{BaseURL}}/amad.php"
      - "{{BaseURL}}/amministratore.php"
      - "{{BaseURL}}/analog.html"
      - "{{BaseURL}}/anews_admin"
      - "{{BaseURL}}/answers/error_log"
      - "{{BaseURL}}/apache/logs/access.log"
      - "{{BaseURL}}/apache/logs/access_log"
      - "{{BaseURL}}/apache/logs/error.log"
      - "{{BaseURL}}/apache/logs/error_log"
      - "{{BaseURL}}/apadminred"
      - "{{BaseURL}}/apadminred.html"
      - "{{BaseURL}}/apc-nrp.php"
      - "{{BaseURL}}/apc.php"
      - "{{BaseURL}}/apc/apc.php"
      - "{{BaseURL}}/apc/index.php"
      - "{{BaseURL}}/aphtpasswd.html"
      - "{{BaseURL}}/api"
      - "{{BaseURL}}/api.log"
      - "{{BaseURL}}/api/"
      - "{{BaseURL}}/api/error_log"
      - "{{BaseURL}}/api/swagger.yml"
      - "{{BaseURL}}/apibuild.pyc"
      - "{{BaseURL}}/app"
      - "{{BaseURL}}/APP"
      - "{{BaseURL}}/app-admin"
      - "{{BaseURL}}/app.config"
      - "{{BaseURL}}/app/.htaccess"
      - "{{BaseURL}}/app/bin"
      - "{{BaseURL}}/app/composer.json"
      - "{{BaseURL}}/app/composer.lock"
      - "{{BaseURL}}/app/config/adminConf.json"
      - "{{BaseURL}}/app/config/database.yml"
      - "{{BaseURL}}/app/config/database.yml.pgsql"
      - "{{BaseURL}}/app/config/database.yml.sqlite3"
      - "{{BaseURL}}/app/config/database.yml_original"
      - "{{BaseURL}}/app/config/database.yml~"
      - "{{BaseURL}}/app/config/databases.yml"
      - "{{BaseURL}}/app/config/global.json"
      - "{{BaseURL}}/app/config/parameters.ini"
      - "{{BaseURL}}/app/config/parameters.yml"
      - "{{BaseURL}}/app/config/routes.cfg"
      - "{{BaseURL}}/app/config/schema.yml"
      - "{{BaseURL}}/app/dev"
      - "{{BaseURL}}/app/docs"
      - "{{BaseURL}}/app/etc/config.xml"
      - "{{BaseURL}}/app/etc/enterprise.xml"
      - "{{BaseURL}}/app/etc/fpc.xml"
      - "{{BaseURL}}/app/etc/local.additional"
      - "{{BaseURL}}/app/etc/local.xml"
      - "{{BaseURL}}/app/etc/local.xml.additional"
      - "{{BaseURL}}/app/etc/local.xml.bak"
      - "{{BaseURL}}/app/etc/local.xml.live"
      - "{{BaseURL}}/app/etc/local.xml.localRemote"
      - "{{BaseURL}}/app/etc/local.xml.phpunit"
      - "{{BaseURL}}/app/etc/local.xml.template"
      - "{{BaseURL}}/app/etc/local.xml.vmachine"
      - "{{BaseURL}}/app/etc/local.xml.vmachine.rm"
      - "{{BaseURL}}/app/languages"
      - "{{BaseURL}}/app/log/"
      - "{{BaseURL}}/app/logs/"
      - "{{BaseURL}}/app/phpunit.xml"
      - "{{BaseURL}}/app/src"
      - "{{BaseURL}}/app/sys"
      - "{{BaseURL}}/app/testing"
      - "{{BaseURL}}/app/unschedule.bat"
      - "{{BaseURL}}/app/vendor"
      - "{{BaseURL}}/app/vendor-src"
      - "{{BaseURL}}/app_admin"
      - "{{BaseURL}}/App_Code"
      - "{{BaseURL}}/App_Data"
      - "{{BaseURL}}/app.php"
      - "{{BaseURL}}/app_dev.php"
      - "{{BaseURL}}/appadmin"
      - "{{BaseURL}}/appcache.manifest"
      - "{{BaseURL}}/AppInstallStatusServlet"
      - "{{BaseURL}}/apple"
      - "{{BaseURL}}/applet"
      - "{{BaseURL}}/application.log"
      - "{{BaseURL}}/application.wadl"
      - "{{BaseURL}}/application/cache/"
      - "{{BaseURL}}/application/logs/"
      - "{{BaseURL}}/ApplicationProfileSample"
      - "{{BaseURL}}/ApplicationProfileSample/"
      - "{{BaseURL}}/ApplicationProfileSample/docs/"
      - "{{BaseURL}}/ApplicationProfileSampleservlet"
      - "{{BaseURL}}/ApplicationProfileSampleservlet/"
      - "{{BaseURL}}/applications"
      - "{{BaseURL}}/AppManagementStatus"
      - "{{BaseURL}}/apps"
      - "{{BaseURL}}/apps/frontend/config/app.yml"
      - "{{BaseURL}}/apps/frontend/config/databases.yml"
      - "{{BaseURL}}/AppServer"
      - "{{BaseURL}}/archive"
      - "{{BaseURL}}/archive.rar"
      - "{{BaseURL}}/archive.sql"
      - "{{BaseURL}}/archive.tar"
      - "{{BaseURL}}/archive.tar.gz"
      - "{{BaseURL}}/archive.zip"
      - "{{BaseURL}}/archiver"
      - "{{BaseURL}}/archives"
      - "{{BaseURL}}/Archi~1/"
      - "{{BaseURL}}/archi~1/"
      - "{{BaseURL}}/arrow"
      - "{{BaseURL}}/art"
      - "{{BaseURL}}/article"
      - "{{BaseURL}}/article.%EXT%"
      - "{{BaseURL}}/article/admin"
      - "{{BaseURL}}/article/admin/admin.asp"
      - "{{BaseURL}}/articles"
      - "{{BaseURL}}/Articles.%EXT%"
      - "{{BaseURL}}/artikeladmin"
      - "{{BaseURL}}/as-admin"
      - "{{BaseURL}}/asp.aspx"
      - "{{BaseURL}}/asp/"
      - "{{BaseURL}}/aspnet_client"
      - "{{BaseURL}}/aspnet_files/"
      - "{{BaseURL}}/aspnet_webadmin"
      - "{{BaseURL}}/asps/"
      - "{{BaseURL}}/ASPSamp/AdvWorks/equipment/catalog_type.%EXT%"
      - "{{BaseURL}}/aspwpadmin"
      - "{{BaseURL}}/aspxspy.aspx"
      - "{{BaseURL}}/assets"
      - "{{BaseURL}}/assets/fckeditor"
      - "{{BaseURL}}/assets/js/fckeditor"
      - "{{BaseURL}}/assets/npm-debug.log"
      - "{{BaseURL}}/asterisk.log"
      - "{{BaseURL}}/astroadmin"
      - "{{BaseURL}}/asynchbeans/"
      - "{{BaseURL}}/asynchbeans/docs/"
      - "{{BaseURL}}/AT-admin.cgi"
      - "{{BaseURL}}/atlassian-ide-plugin.xml"
      - "{{BaseURL}}/atom"
      - "{{BaseURL}}/attachmentedit.%EXT%"
      - "{{BaseURL}}/audio"
      - "{{BaseURL}}/auth"
      - "{{BaseURL}}/auth.%EXT%"
      - "{{BaseURL}}/auth.cgi"
      - "{{BaseURL}}/auth.htm"
      - "{{BaseURL}}/auth.html"
      - "{{BaseURL}}/auth.inc"
      - "{{BaseURL}}/auth.jsp"
      - "{{BaseURL}}/auth.php"
      - "{{BaseURL}}/auth.pl"
      - "{{BaseURL}}/auth.py"
      - "{{BaseURL}}/auth.rb"
      - "{{BaseURL}}/auth/"
      - "{{BaseURL}}/Auth/"
      - "{{BaseURL}}/auth/adm"
      - "{{BaseURL}}/auth/admin"
      - "{{BaseURL}}/auth/login"
      - "{{BaseURL}}/auth/login.%EXT%"
      - "{{BaseURL}}/auth/login.html"
      - "{{BaseURL}}/auth/login.jsp"
      - "{{BaseURL}}/auth/login.shtml"
      - "{{BaseURL}}/auth/logon"
      - "{{BaseURL}}/auth/signin"
      - "{{BaseURL}}/auth_user_file.txt"
      - "{{BaseURL}}/authadmin"
      - "{{BaseURL}}/authadmin.php"
      - "{{BaseURL}}/authadmin/"
      - "{{BaseURL}}/authenticate"
      - "{{BaseURL}}/authenticate.php"
      - "{{BaseURL}}/authenticatedy"
      - "{{BaseURL}}/authentication"
      - "{{BaseURL}}/authentication.php"
      - "{{BaseURL}}/author"
      - "{{BaseURL}}/authorization.config"
      - "{{BaseURL}}/authorized_keys"
      - "{{BaseURL}}/authors"
      - "{{BaseURL}}/authuser"
      - "{{BaseURL}}/authuser.php"
      - "{{BaseURL}}/autologin"
      - "{{BaseURL}}/autologin.php"
      - "{{BaseURL}}/autologin/"
      - "{{BaseURL}}/awards"
      - "{{BaseURL}}/awstats"
      - "{{BaseURL}}/awstats.conf"
      - "{{BaseURL}}/awstats.pl"
      - "{{BaseURL}}/awstats/"
      - "{{BaseURL}}/axis1/axis1-admin/"
      - "{{BaseURL}}/axis2/axis2-admin/"
      - "{{BaseURL}}/azureadmin/"
      - "{{BaseURL}}/b"
      - "{{BaseURL}}/b2badmin/"
      - "{{BaseURL}}/b_admin"
      - "{{BaseURL}}/bac"
      - "{{BaseURL}}/back"
      - "{{BaseURL}}/back-end/"
      - "{{BaseURL}}/back-office/"
      - "{{BaseURL}}/back-up"
      - "{{BaseURL}}/back.%EXT%"
      - "{{BaseURL}}/back.sql"
      - "{{BaseURL}}/backadmin"
      - "{{BaseURL}}/backend.%EXT%"
      - "{{BaseURL}}/backend/"
      - "{{BaseURL}}/backend/core/info.xml"
      - "{{BaseURL}}/backend_dev.%EXT%"
      - "{{BaseURL}}/backend_dev/"
      - "{{BaseURL}}/backup"
      - "{{BaseURL}}/backup.7z"
      - "{{BaseURL}}/backup.htpasswd"
      - "{{BaseURL}}/backup.inc"
      - "{{BaseURL}}/backup.inc.old"
      - "{{BaseURL}}/backup.old"
      - "{{BaseURL}}/backup.rar"
      - "{{BaseURL}}/backup.sql"
      - "{{BaseURL}}/backup.sql.old"
      - "{{BaseURL}}/backup.tar"
      - "{{BaseURL}}/backup.tar.bz2"
      - "{{BaseURL}}/backup.tar.gz"
      - "{{BaseURL}}/backup.tgz"
      - "{{BaseURL}}/backup.zip"
      - "{{BaseURL}}/backup/"
      - "{{BaseURL}}/backup0/"
      - "{{BaseURL}}/backup1/"
      - "{{BaseURL}}/backup123/"
      - "{{BaseURL}}/backup2/"
      - "{{BaseURL}}/backups"
      - "{{BaseURL}}/backups.7z"
      - "{{BaseURL}}/backups.inc"
      - "{{BaseURL}}/backups.inc.old"
      - "{{BaseURL}}/backups.old"
      - "{{BaseURL}}/backups.rar"
      - "{{BaseURL}}/backups.sql"
      - "{{BaseURL}}/backups.sql.old"
      - "{{BaseURL}}/backups.tar"
      - "{{BaseURL}}/backups.tar.bz2"
      - "{{BaseURL}}/backups.tar.gz"
      - "{{BaseURL}}/backups.tgz"
      - "{{BaseURL}}/backups.zip"
      - "{{BaseURL}}/backups/"
      - "{{BaseURL}}/badmin"
      - "{{BaseURL}}/bak"
      - "{{BaseURL}}/bandwidth/"
      - "{{BaseURL}}/Bank/"
      - "{{BaseURL}}/Bank/services/Transfer_SEI"
      - "{{BaseURL}}/Bank/services/Transfer_SEI/wsdl"
      - "{{BaseURL}}/banner"
      - "{{BaseURL}}/banner.%EXT%"
      - "{{BaseURL}}/banner/"
      - "{{BaseURL}}/banner2"
      - "{{BaseURL}}/banneradmin"
      - "{{BaseURL}}/banneradmin/"
      - "{{BaseURL}}/banners"
      - "{{BaseURL}}/banners.%EXT%"
      - "{{BaseURL}}/banners/"
      - "{{BaseURL}}/base"
      - "{{BaseURL}}/base/"
      - "{{BaseURL}}/basic"
      - "{{BaseURL}}/bb"
      - "{{BaseURL}}/bb-admin"
      - "{{BaseURL}}/bb-admin/"
      - "{{BaseURL}}/bb-admin/admin"
      - "{{BaseURL}}/bb-admin/admin.%EXT%"
      - "{{BaseURL}}/bb-admin/admin.html"
      - "{{BaseURL}}/bb-admin/admin.php"
      - "{{BaseURL}}/bb-admin/index.%EXT%"
      - "{{BaseURL}}/bb-admin/index.html"
      - "{{BaseURL}}/bb-admin/index.php"
      - "{{BaseURL}}/bb-admin/login"
      - "{{BaseURL}}/bb-admin/login.%EXT%"
      - "{{BaseURL}}/bb-admin/login.html"
      - "{{BaseURL}}/bb-admin/login.php"
      - "{{BaseURL}}/bbadmin"
      - "{{BaseURL}}/bbadmin/"
      - "{{BaseURL}}/BBApp"
      - "{{BaseURL}}/bbemail"
      - "{{BaseURL}}/bbpre"
      - "{{BaseURL}}/bbs/admin/login"
      - "{{BaseURL}}/bbs/admin_index.asp"
      - "{{BaseURL}}/bea_wls_internal"
      - "{{BaseURL}}/bea_wls_internal/a2e2gp2r2/x.jsp"
      - "{{BaseURL}}/bea_wls_internal/classes/"
      - "{{BaseURL}}/bea_wls_internal/getior"
      - "{{BaseURL}}/bea_wls_internal/HTTPClntRecv"
      - "{{BaseURL}}/bea_wls_internal/HTTPClntSend"
      - "{{BaseURL}}/bea_wls_internal/iiop/ClientClose"
      - "{{BaseURL}}/bea_wls_internal/iiop/ClientLogin"
      - "{{BaseURL}}/bea_wls_internal/iiop/ClientRecv"
      - "{{BaseURL}}/bea_wls_internal/iiop/ClientSend"
      - "{{BaseURL}}/bea_wls_internal/psquare/x.jsp"
      - "{{BaseURL}}/bea_wls_internal/WebServiceServlet"
      - "{{BaseURL}}/bea_wls_internal/WLDummyInitJVMIDs"
      - "{{BaseURL}}/beanManaged"
      - "{{BaseURL}}/BeenThere"
      - "{{BaseURL}}/behat.yml"
      - "{{BaseURL}}/beheer/"
      - "{{BaseURL}}/bel_admin"
      - "{{BaseURL}}/Berksfile"
      - "{{BaseURL}}/bestellvorgang.%EXT%"
      - "{{BaseURL}}/beta"
      - "{{BaseURL}}/bgadmin"
      - "{{BaseURL}}/bigadmin/"
      - "{{BaseURL}}/BigDump.%EXT%"
      - "{{BaseURL}}/Bigdump.%EXT%"
      - "{{BaseURL}}/bigdump.php"
      - "{{BaseURL}}/BigDump/"
      - "{{BaseURL}}/billing"
      - "{{BaseURL}}/billing/killer.php"
      - "{{BaseURL}}/bin"
      - "{{BaseURL}}/Bin/"
      - "{{BaseURL}}/bin/"
      - "{{BaseURL}}/bin/config.sh"
      - "{{BaseURL}}/bin/hostname"
      - "{{BaseURL}}/bin/reset-db-prod.sh"
      - "{{BaseURL}}/bin/reset-db.sh"
      - "{{BaseURL}}/BingSiteAuth.xml"
      - "{{BaseURL}}/bins/"
      - "{{BaseURL}}/bitrix"
      - "{{BaseURL}}/bitrix/admin/help.php"
      - "{{BaseURL}}/bitrix/admin/index.php"
      - "{{BaseURL}}/bitrix/authorization.config"
      - "{{BaseURL}}/bitrix/backup/"
      - "{{BaseURL}}/bitrix/dumper/"
      - "{{BaseURL}}/bitrix/error.log"
      - "{{BaseURL}}/bitrix/import/"
      - "{{BaseURL}}/bitrix/import/files"
      - "{{BaseURL}}/bitrix/import/import"
      - "{{BaseURL}}/bitrix/import/m_import"
      - "{{BaseURL}}/bitrix/logs/"
      - "{{BaseURL}}/bitrix/modules/error.log"
      - "{{BaseURL}}/bitrix/modules/error.log.old"
      - "{{BaseURL}}/bitrix/modules/main/admin/restore.php"
      - "{{BaseURL}}/bitrix/modules/main/classes/mysql/agent.php"
      - "{{BaseURL}}/bitrix/modules/smtpd.log"
      - "{{BaseURL}}/bitrix/modules/updater.log"
      - "{{BaseURL}}/bitrix/modules/updater_partner.log"
      - "{{BaseURL}}/bitrix/otp/"
      - "{{BaseURL}}/bitrix/php_interface/dbconn.php2"
      - "{{BaseURL}}/bitrix/web.config"
      - "{{BaseURL}}/biy/upload/"
      - "{{BaseURL}}/biz_admin"
      - "{{BaseURL}}/biz_admin_bak"
      - "{{BaseURL}}/bizadmin"
      - "{{BaseURL}}/BizTalkServer"
      - "{{BaseURL}}/Black.php"
      - "{{BaseURL}}/black/template.xml"
      - "{{BaseURL}}/blacklist.dat"
      - "{{BaseURL}}/blank"
      - "{{BaseURL}}/blocks"
      - "{{BaseURL}}/blog"
      - "{{BaseURL}}/Blog"
      - "{{BaseURL}}/blog/error_log"
      - "{{BaseURL}}/blog/fckeditor"
      - "{{BaseURL}}/blog/wp-content/backup-db/"
      - "{{BaseURL}}/blog/wp-content/backups/"
      - "{{BaseURL}}/blog/wp-login"
      - "{{BaseURL}}/blog/wp-login.php"
      - "{{BaseURL}}/blog_admin"
      - "{{BaseURL}}/blogadmin"
      - "{{BaseURL}}/blogindex/"
      - "{{BaseURL}}/blogs"
      - "{{BaseURL}}/bluadmin"
      - "{{BaseURL}}/bmadmin"
      - "{{BaseURL}}/bnt_admin"
      - "{{BaseURL}}/bo0om.ru"
      - "{{BaseURL}}/boadmin"
      - "{{BaseURL}}/board"
      - "{{BaseURL}}/boardadmin"
      - "{{BaseURL}}/book"
      - "{{BaseURL}}/books"
      - "{{BaseURL}}/Bootstrap"
      - "{{BaseURL}}/borat"
      - "{{BaseURL}}/bot.txt"
      - "{{BaseURL}}/bower.json"
      - "{{BaseURL}}/box.json"
      - "{{BaseURL}}/bpadmin"
      - "{{BaseURL}}/Brocfile.coffee"
      - "{{BaseURL}}/Brocfile.js"
      - "{{BaseURL}}/brokeradmin"
      - "{{BaseURL}}/browse"
      - "{{BaseURL}}/browser/"
      - "{{BaseURL}}/brunch-config.coffee"
      - "{{BaseURL}}/brunch-config.js"
      - "{{BaseURL}}/bsadmin"
      - "{{BaseURL}}/buck.sql"
      - "{{BaseURL}}/bugs"
      - "{{BaseURL}}/build"
      - "{{BaseURL}}/build.local.xml"
      - "{{BaseURL}}/build.sh"
      - "{{BaseURL}}/build.xml"
      - "{{BaseURL}}/build/build.properties"
      - "{{BaseURL}}/build/buildinfo.properties"
      - "{{BaseURL}}/build_config_private.ini"
      - "{{BaseURL}}/bullet"
      - "{{BaseURL}}/busadmin"
      - "{{BaseURL}}/business"
      - "{{BaseURL}}/businessadmin"
      - "{{BaseURL}}/button"
      - "{{BaseURL}}/buttons"
      - "{{BaseURL}}/buy"
      - "{{BaseURL}}/bvadmin"
      - "{{BaseURL}}/bw-admin"
      - "{{BaseURL}}/bx_1c_import.php"
      - "{{BaseURL}}/c"
      - "{{BaseURL}}/c-h.v2.php"
      - "{{BaseURL}}/c100.php"
      - "{{BaseURL}}/c22.php"
      - "{{BaseURL}}/c99.php"
      - "{{BaseURL}}/c99shell.php"
      - "{{BaseURL}}/cache"
      - "{{BaseURL}}/cache/"
      - "{{BaseURL}}/cache/sql_error_latest.cgi"
      - "{{BaseURL}}/cache_html"
      - "{{BaseURL}}/cacheadmin"
      - "{{BaseURL}}/cachemgr.cgi"
      - "{{BaseURL}}/cachemonitor"
      - "{{BaseURL}}/cachemonitor/statistics.jsp"
      - "{{BaseURL}}/cacti"
      - "{{BaseURL}}/cadmin"
      - "{{BaseURL}}/cadmins/"
      - "{{BaseURL}}/Cakefile"
      - "{{BaseURL}}/cal"
      - "{{BaseURL}}/calendar"
      - "{{BaseURL}}/callback"
      - "{{BaseURL}}/camadmin"
      - "{{BaseURL}}/cancel.html"
      - "{{BaseURL}}/Capfile"
      - "{{BaseURL}}/careers"
      - "{{BaseURL}}/cart"
      - "{{BaseURL}}/cartadmin"
      - "{{BaseURL}}/catalog"
      - "{{BaseURL}}/catalog.wci"
      - "{{BaseURL}}/catalog_admin"
      - "{{BaseURL}}/catalog_admin.%EXT%"
      - "{{BaseURL}}/catalogadmin"
      - "{{BaseURL}}/catalogsearch"
      - "{{BaseURL}}/categories"
      - "{{BaseURL}}/category"
      - "{{BaseURL}}/cb-admin"
      - "{{BaseURL}}/cbx-portal/js/zeroclipboard/ZeroClipboard.swf"
      - "{{BaseURL}}/cc"
      - "{{BaseURL}}/cc-errors.txt"
      - "{{BaseURL}}/cc-log.txt"
      - "{{BaseURL}}/cc_admin"
      - "{{BaseURL}}/ccadmin"
      - "{{BaseURL}}/ccbill.log"
      - "{{BaseURL}}/ccct-admin"
      - "{{BaseURL}}/ccp14admin/"
      - "{{BaseURL}}/cdadmin"
      - "{{BaseURL}}/cell.xml"
      - "{{BaseURL}}/cells"
      - "{{BaseURL}}/cerberusweb"
      - "{{BaseURL}}/cert/"
      - "{{BaseURL}}/certcontrol/"
      - "{{BaseURL}}/certenroll/"
      - "{{BaseURL}}/Certificate"
      - "{{BaseURL}}/certificate"
      - "{{BaseURL}}/certsrv/"
      - "{{BaseURL}}/cfexec.cfm"
      - "{{BaseURL}}/CFIDE"
      - "{{BaseURL}}/CFIDE/Administrator/"
      - "{{BaseURL}}/cfide/administrator/index.cfm"
      - "{{BaseURL}}/CFIDE/Administrator/startstop.html"
      - "{{BaseURL}}/CFIDE/scripts/ajax/FCKeditor"
      - "{{BaseURL}}/cgi"
      - "{{BaseURL}}/cgi-admin"
      - "{{BaseURL}}/cgi-bin"
      - "{{BaseURL}}/CGI-BIN/"
      - "{{BaseURL}}/cgi-bin/"
      - "{{BaseURL}}/cgi-bin/a1stats/a1disp.cgi"
      - "{{BaseURL}}/cgi-bin/awstats.pl"
      - "{{BaseURL}}/cgi-bin/awstats/"
      - "{{BaseURL}}/cgi-bin/htimage.exe?2,2"
      - "{{BaseURL}}/cgi-bin/htmlscript"
      - "{{BaseURL}}/cgi-bin/imagemap.exe?2,2"
      - "{{BaseURL}}/cgi-bin/index.html"
      - "{{BaseURL}}/cgi-bin/logi.php"
      - "{{BaseURL}}/cgi-bin/login"
      - "{{BaseURL}}/cgi-bin/php.ini"
      - "{{BaseURL}}/cgi-bin/test.cgi"
      - "{{BaseURL}}/cgi-bin2/"
      - "{{BaseURL}}/cgi-dos/"
      - "{{BaseURL}}/cgi-exe/"
      - "{{BaseURL}}/cgi-local/"
      - "{{BaseURL}}/cgi-perl/"
      - "{{BaseURL}}/cgi-shl/"
      - "{{BaseURL}}/cgi-sys"
      - "{{BaseURL}}/cgi-sys/"
      - "{{BaseURL}}/cgi-win/"
      - "{{BaseURL}}/cgi.pl/"
      - "{{BaseURL}}/cgi/"
      - "{{BaseURL}}/cgi/account/"
      - "{{BaseURL}}/cgi/common.cg"
      - "{{BaseURL}}/cgi/common.cgi"
      - "{{BaseURL}}/cgibin/"
      - "{{BaseURL}}/cgis/"
      - "{{BaseURL}}/Cgishell.pl"
      - "{{BaseURL}}/change.log"
      - "{{BaseURL}}/changeall.php"
      - "{{BaseURL}}/CHANGELOG"
      - "{{BaseURL}}/ChangeLog"
      - "{{BaseURL}}/changelog.html"
      - "{{BaseURL}}/CHANGELOG.LOG"
      - "{{BaseURL}}/CHANGELOG.log"
      - "{{BaseURL}}/CHANGELOG.md"
      - "{{BaseURL}}/changelog.md"
      - "{{BaseURL}}/CHANGELOG.txt"
      - "{{BaseURL}}/ChangeLog.txt"
      - "{{BaseURL}}/Changelog.txt"
      - "{{BaseURL}}/changelog.txt"
      - "{{BaseURL}}/CHANGELOG.TXT"
      - "{{BaseURL}}/CHANGES"
      - "{{BaseURL}}/CHANGES.html"
      - "{{BaseURL}}/CHANGES.md"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "index of backup"
          - ".php"
          - ".xml"
          - "html"
          - "php3"
          - "cgi"
          - "ico"
          - "log"
          - "asp"
          - "rb"
          - "txt"
          - "jpg"
          - "log"
          - "zip"
          - "aspx"
          - "js"
          - "exe"
          - "py"
          - "png"
          - "old"
          - "cfm"
          - "admin"
          - "login"
          - "backup"
          - "sql"
          - ".access"
          - ".swp"
          - "bash_history"
          - "bash_logout"
          - "bashrc"
          - "tmp"
          - "git"
          - "index"
          - "info"
          - "branches"
          - "HEAD"
          - "logs"
          - "Admin.shtml"
          - "admin.shtml"
          - "admin.srf"
          - "admin.woa"
          - "admin/"
          - "admin/.config"
          - "admin/.htaccess"
          - "admin/?/login"
          - "admin/_logs/access-log"
          - "admin/_logs/access.log"
          - "admin/_logs/err.log"
          - "admin/_logs/error-log"
          - "admin/_logs/error.log"
          - "admin/_logs/error_log"
          - "admin/_logs/login.txt"
          - "admin/access.log"
          - "admin/access.txt"
          - "admin/access_log"
          - "admin/account"
          - "admin/account.%EXT%"
          - "admin/account.html"
          - "admin/account.php"
          - "admin/admin"
          - "admin/admin-login"
          - "admin/admin-login.%EXT%"
          - "admin/admin-login.html"
          - "admin/admin-login.php"
          - "admin/admin.%EXT%"
          - "admin/admin.html"
          - "admin/admin.php"
          - "admin/admin.shtml"
          - "admin/admin/login"
          - "admin/admin_login"
          - "admin/admin_login.%EXT%"
          - "admin/admin_login.html"
          - "admin/admin_login.php"
          - "admin/adminLogin"
          - "admin/adminLogin.%EXT%"
          - "admin/adminLogin.htm"
          - "admin/adminLogin.html"
          - "admin/adminLogin.php"
          - "admin/backup/"
          - "admin/backups/"
          - "admin/config.php"
          - "admin/controlpanel"
          - "admin/controlpanel.%EXT%"
          - "admin/controlpanel.htm"
          - "admin/controlpanel.html"
          - "admin/controlpanel.php"
          - "admin/cp"
          - "admin/cp.%EXT%"
          - "admin/cp.html"
          - "admin/cp.php"
          - "admin/db/"
          - "admin/default"
          - "admin/default.asp"
          - "admin/default/admin.asp"
          - "admin/default/login.asp"
          - "admin/download.php"
          - "admin/dumper/"
          - "admin/error.log"
          - "admin/error.txt"
          - "admin/error_log"
          - "admin/export.php"
          - "admin/FCKeditor"
          - "admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp"
          - "admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx"
          - "admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php"
          - "admin/fckeditor/editor/filemanager/connectors/asp/connector.asp"
          - "admin/fckeditor/editor/filemanager/connectors/asp/upload.asp"
          - "admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx"
          - "admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx"
          - "admin/fckeditor/editor/filemanager/connectors/php/connector.php"
          - "admin/fckeditor/editor/filemanager/connectors/php/upload.php"
          - "admin/fckeditor/editor/filemanager/upload/asp/upload.asp"
          - "admin/fckeditor/editor/filemanager/upload/aspx/upload.aspx"
          - "admin/fckeditor/editor/filemanager/upload/php/upload.php"
          - "admin/file.php"
          - "admin/files.php"
          - "admin/home"
          - "admin/home.%EXT%"
          - "admin/home.html"
          - "admin/home.php"
          - "admin/includes/configure.php~"
          - "admin/index"
          - "admin/index.%EXT%"
          - "admin/index.asp"
          - "admin/index.html"
          - "admin/index.php"
          - "admin/js/tiny_mce"
          - "admin/js/tiny_mce/"
          - "admin/js/tinymce"
          - "admin/js/tinymce/"
          - "Admin/knowledge/dsmgr/users/GroupManager.%EXT%"
          - "Admin/knowledge/dsmgr/users/UserManager.%EXT%"
          - "admin/log"
          - "admin/login"
          - "admin/login.%EXT%"
          - "Admin/login.%EXT%"
          - "admin/login.asp"
          - "admin/login.do"
          - "admin/login.htm"
          - "admin/login.html"
          - "admin/login.jsp"
          - "admin/login.php"
          - "admin/login.py"
          - "admin/login.rb"
          - "Admin/login/"
          - "admin/logon.jsp"
          - "admin/logs/"
          - "admin/logs/access-log"
          - "admin/logs/access.log"
          - "admin/logs/access_log"
          - "admin/logs/err.log"
          - "admin/logs/error-log"
          - "admin/logs/error.log"
          - "admin/logs/error_log"
          - "admin/logs/login.txt"
          - "admin/manage"
          - "admin/manage.asp"
          - "admin/manage/admin.asp"
          - "admin/manage/login.asp"
          - "admin/mysql/"
          - "admin/phpMyAdmin"
          - "admin/phpmyadmin/"
          - "admin/phpMyAdmin/"
          - "admin/pMA/"
          - "admin/pma/"
          - "admin/pol_log.txt"
          - "admin/private/logs"
          - "admin/release"
          - "admin/scripts/fckeditor"
          - "admin/secure/logon.jsp"
          - "admin/signin"
          - "admin/sqladmin/"
          - "admin/sxd/"
          - "admin/sysadmin/"
          - "admin/tiny_mce"
          - "admin/tinymce"
          - "admin/upload.php"
          - "admin/uploads.php"
          - "admin/user_count.txt"
          - "admin/web/"
          - "admin0"
          - "admin00"
          - "admin08"
          - "admin09"
          - "admin1"
          - "admin1.%EXT%"
          - "admin1.htm"
          - "admin1.html"

      - type: status

        status:
          - 200

    projectdiscovery.io

[INF] Using Nuclei Engine 2.9.0 (outdated) [INF] Using Nuclei Templates 9.4.1 (latest) [INF] Templates added in last update: 69 [INF] Templates loaded for scan: 1 [INF] Targets loaded for scan: 1 [hiddenfiles] [http] [medium] https://www.airtel.in/images/home1.jpg [hiddenfiles] [http] [medium] https://www.airtel.in/?tesref=true [hiddenfiles] [http] [medium] https://www.airtel.in/admin/_logs/error.log [hiddenfiles] [http] [medium] https://www.airtel.in/admin/_logs/error_log [hiddenfiles] [http] [medium] https://www.airtel.in/admin/_logs/login.txt [hiddenfiles] [http] [medium] https://www.airtel.in/admin/mysql/ [hiddenfiles] [http] [medium] https://www.airtel.in/admin/uploads.php [hiddenfiles] [http] [medium] https://www.airtel.in/admin/user_count.txt

[INF] Using Nuclei Engine 2.9.0 (outdated) [INF] Using Nuclei Templates 9.4.1 (latest) [INF] Templates added in last update: 69 [INF] Templates loaded for scan: 1 [INF] Targets loaded for scan: 1 [hiddenfiles] [http] [medium] https://www.airtel.in/admin/logs/err.log [hiddenfiles] [http] [medium] https://www.airtel.in/admin/logs/error-log [hiddenfiles] [http] [medium] https://www.airtel.in/admin/logs/error.log [hiddenfiles] [http] [medium] https://www.airtel.in/admin/logs/error_log [hiddenfiles] [http] [medium] https://www.airtel.in/admin/logs/login.txt [hiddenfiles] [http] [medium] https://www.airtel.in/admin/logs/access-log [hiddenfiles] [http] [medium] https://www.airtel.in/admin/logs/access.log

Screenshot from 2023-04-05 15-17-44 Screenshot from 2023-04-05 15-17-54 Screenshot from 2023-04-05 15-18-04

I deleted some lines code in the template because github is showing comment is too long. so i attached the yaml file in the txt format. webapp-hidden-files.txt

DhiyaneshGeek commented 1 year ago

Hi @sudouday the templates contains only single matcher , it just looks for status code 200 , so it will lead to a lot of false positive

DhiyaneshGeek commented 1 year ago

Hi @sudouday Due to the weak matcher and inactivity of the issue, we are closing this 😄

Thank you