there's nothing so permanent as temporary
DESCRIPTION
TRANSCRIPT
Fast Track“There's Nothing so Permanent as Temporary”
Alexa top 1,000,000 websites
Robots
Robots.txt
Google dork:inurl:robots filetype:txt
Disallow: /admin/*Disallow: /backup/*Disallow: /logs/*Disallow: /secret-file.tar.gz
Robots
Hypertext .htaccess .htpasswd
_.htpasswd !.htpasswd 0.htpasswd old.htpasswd %20.htpasswd backup.htpasswd 1.htpasswd
OS files
Thumbs.db ehthumbs.db Desktop.ini .DS_Store
.apdisk .AppleDouble .LSOverride
Logs access.log access_log error.log error_log
/log/* /logs/*
Logs
Logs
Google dorks:site:mysite.com filetype:logsite:mysite.com inurl:error_logsite:mysite.com inurl:access_log
Status /server-status/ /nginx-status/ /status/ /stats/ /stat/
DGT Release Checker for vBulletinvalidator.php
Tools for managing content in databases
/sqlbuddy/login.php /adminer/index.php /adminer/adminer.php /adminer.php /phpmyadmin/index.php /myadmin/index.php /pma/index.php
Revision control
/.svn/entries /.git/index /.hg/store/undo /.hg/store/data/
Revision control
.cvsignore .gitignore .gitignore_global .npmignore .svnignore .hgignore
Revision control
.hgrc (mercurial.ini for win) .gitconfig .gitattributes
Test files
test.php 1.php tst.php test1.php example.php demo.php
phpinfo.php php.php info.php i.php p.php
*.diff *.err *.orig *.rej .*.swo .*.swn .*.swm .*.swp *.vi *~ *.sass-cache *.cache
*.part .#.* *.bak *.backup *.un~ *.old *.tmp *.sublime-workspace *.sublime-project
Swap and backup files
Swap and backup files
Other configs
/WEB-INF/context.xml /WEB-INF/web.xml /web.config /dataobject.ini /.travis.yml /database.yml /config/AppData.config /inc/config.inc
/dataobjects.ini
/WEB-INF/context.xml
Statistic
/webstat/ /cgi-bin/awstats.pl
/apc.php /apc/index.php /apc/apc.php
IDE and other
/nbproject/ /.komodotools/ /.sass-cache/ /.idea/
.project .buildpath .settings .tmproj
IDE and other
/.config /.pki /.local /.cache /.filemgr-tmp /.shrc /.rhosts
/.profile /.mailrc /.mail_aliases /.login_conf /.login /.cshrc .cache
home = www
.bash_history
SSH
• /.ssh/known_host• /.ssh/authorized_keys• /.ssh/*
Attn!
/.ssh/id_rsa
@i_bo0om
Спасибо за внимание ;)