Twitter wordlist suggestions

People are finding it in wild.

Environment files:

PS: env.js can also contain sensitive information.

/assets/env.js
/env.js
/static/.env
/assets/.env
/.env

JFrog Panel:

These path can contain critical data.

/ui/
/ui/repos/tree/General/

Nette Framework

app/config/config.local.neon

IIS

If you encounter the default IIS Windows window, do not forget to check /haproxy and /netdata

also check about IIS short file name disclosure.

PreviousWordlistsNextTips & Tricks

Last updated