Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Proviesec/directory-files-payload-lists

Directory scans
https://github.com/Proviesec/directory-files-payload-lists

bugbounty security

Last synced: 22 days ago
JSON representation

Directory scans

Awesome Lists containing this project

README

        

# directory and files payload-list
[![License](https://img.shields.io/badge/license-MIT-_red.svg)](https://opensource.org/licenses/MIT)
[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwisiswant0/go-dork/issues)
[![Twitter](https://img.shields.io/twitter/follow/proviesec?label=Follow)](https://twitter.com/proviesec)


Proviesec logo

Buy Me A Coffee

# Introduction

:star: Star us on GitHub — it motivates a lot! :star:

If you have any Directory or files payload, just create a PullRequest.

# how to use
Use my appropriate tool for this
https://github.com/Proviesec/PSFuzz

# Ideas

- [x] WordPress directory list
- [x] git directory list
- [x] Admin directory list
- [x] Grafana dir list
- [x] Joomla dir list
- [x] Wordpress dir list
- [x] Phpinfo dir list
- [x] Symfony dir list
- [x] top dir list
- [x] Config file dir list
- [x] phpMyAdmin dir list
- [ ] Magento directory list
- [x] htaccess dir list
- [x] dir list
- [x] Appropriate response for the respective directory or file

# The Bug Bounty unhelpful files and folders list
```
robots.txt
index.html
error.html
```

# Example
![image](https://user-images.githubusercontent.com/6010786/206578188-52dd4000-8268-446e-86be-caeea139ea85.png)

# Reports
https://hackerone.com/reports/1358249
https://hackerone.com/reports/1118898
https://hackerone.com/reports/1358249
https://hackerone.com/reports/1049402
https://hackerone.com/reports/1164854
https://hackerone.com/reports/1417288
https://hackerone.com/reports/1704035

# How To
https://github.com/ffuf/ffuf

# Writeups

https://blog.infiltrateops.io/tesla-paid-me-10-000-because-of-directory-indexing-c1be06c77a3e
https://infosecwriteups.com/how-i-was-able-to-bypass-the-admin-panel-without-the-credentials-d65f90e0e1e4