From dcf5d8162cbe01732a02f5bfd29fd4672737949f Mon Sep 17 00:00:00 2001
From: Nikos Gk <1519209+ngkogkos@users.noreply.github.com>
Date: Sat, 28 Sep 2019 19:20:35 +0300
Subject: [PATCH] Update with missing common endpoints

Update list following discussion on Twitter: https://twitter.com/NahamSec/status/1177672652011343873
---
 Discovery/Web-Content/quickhits.txt | 42 ++++++++++++++++++++++++++---
 1 file changed, 39 insertions(+), 3 deletions(-)

diff --git a/Discovery/Web-Content/quickhits.txt b/Discovery/Web-Content/quickhits.txt
index 134027b5..5dd42774 100644
--- a/Discovery/Web-Content/quickhits.txt
+++ b/Discovery/Web-Content/quickhits.txt
@@ -123,10 +123,10 @@
 /.gitk
 /.gitkeep
 /.gitlab
+/.gitlab-ci.yml
 /.gitlab/issue_templates
 /.gitlab/merge_request_templates
 /.gitlab/route-map.yml
-/.gitlab-ci.yml
 /.gitmodules
 /.gitreview
 /.grunt/
@@ -439,6 +439,7 @@
 /_index.php
 /_install
 /_layouts
+/_legacy
 /_log/
 /_log/access-log
 /_log/access.log
@@ -487,6 +488,9 @@
 /accounts
 /accounts.sql
 /accounts.txt
+/activity
+/actuator
+/actuator/heapdump
 /add.php
 /adduser
 /adm
@@ -537,6 +541,7 @@
 /admin/fckeditor/editor/filemanager/upload/asp/upload.asp
 /admin/fckeditor/editor/filemanager/upload/aspx/upload.aspx
 /admin/fckeditor/editor/filemanager/upload/php/upload.php
+/admin/heapdump
 /admin/include/spaw2/dialogs/dialog.php
 /admin/includes/configure.php~
 /admin/js/tiny_mce/
@@ -586,6 +591,7 @@
 /adminer-4.2.0-mysql.php
 /adminer-4.2.0.php
 /adminer.php
+/adminer.sql
 /adminer/
 /adminer/adminer.php
 /administracao.php
@@ -618,6 +624,7 @@
 /ajax/app/yahoo/yahoo.htm
 /alfa/
 /all.sql
+/altair
 /amad.php
 /amministratore.php
 /answers/error_log
@@ -631,7 +638,9 @@
 /apc/apc.php
 /apc/index.php
 /api/
+/api/batch
 /api/error_log
+/api/proxy
 /apibuild.pyc
 /app.config
 /app.js
@@ -680,6 +689,7 @@
 /app_dev.php
 /appcache.manifest
 /application.log
+/application.wadl
 /application/cache/
 /application/logs/
 /apps/frontend/config/app.yml
@@ -753,6 +763,7 @@
 /base/
 /bb-admin/
 /bd.sql
+/beans
 /beta/
 /bigdump.php
 /billing
@@ -845,6 +856,7 @@
 /changelog.txt
 /CHANGES.html
 /changes.txt
+/charts
 /checked_accounts.txt
 /chubb.xml
 /cidr.txtа
@@ -862,6 +874,7 @@
 /classes/cookie.txt
 /cleanup.log
 /ClientAccessPolicy.xml
+/clientaccesspolicy.xml
 /cliente/downloads/h4xor.php
 /clients.mdb
 /clients.sql
@@ -944,10 +957,10 @@
 /config/application.ini
 /config/aws.yml
 /config/banned_words.txt
-/config/config.ini
 /config/config.inc.php
 /config/config.inc.php.bak
 /config/config.inc.php.dist
+/config/config.ini
 /config/database.yml
 /config/database.yml.pgsql
 /config/database.yml.sqlite3
@@ -1013,7 +1026,6 @@
 /crond/logs/
 /cronlog.txt
 /crossdomain.xml
-/clientaccesspolicy.xml
 /culeadora.txt
 /custom/db.ini
 /customers.csv
@@ -1101,6 +1113,7 @@
 /debug_error.jsp
 /default.php
 /delete.php
+/demo 
 /demo.php
 /demo/ejb/index.html
 /demo/sql/index.jsp
@@ -1123,6 +1136,7 @@
 /doctrine/schema/tmx.yml
 /documentation/config.yml
 /dom.php
+/download
 /download.php
 /download/history.csv
 /download/users.csv
@@ -1174,6 +1188,7 @@
 /engine/classes/swfupload/swfupload.swf
 /engine/classes/swfupload/swfupload_f9.swf
 /engine/libs/spaw/dialogs/dialog.php
+/env
 /environment.rb
 /err
 /error
@@ -1235,6 +1250,7 @@
 /FCKeditor22/
 /FCKeditor23/
 /FCKeditor24/
+/fetch
 /ffftp.ini
 /file.php
 /file.sql
@@ -1292,12 +1308,18 @@
 /globals.inc
 /grabbed.html
 /gradlew
+/graph
+/graphiql
+/graphql
+/graphql-explorer
+/graphql/console
 /Gruntfile.js
 /haproxy_stats
 /haproxy_stats1
 /haproxy_stats2
 /haproxy_stats3
 /HEADER.txt
+/heapdump
 /HISTORY
 /HISTORY.rst
 /home.rar
@@ -1407,6 +1429,7 @@
 /ispmgr/
 /javax.faces.resource.../WEB-INF/web.xml.jsf
 /jdbc
+/jenkins/script
 /jira/
 /jmx-console
 /jmx-console/
@@ -1540,6 +1563,7 @@
 /maintenance/test2.php
 /Makefile
 /manage.py
+/manage/heapdump
 /manager/
 /manager/html
 /master.passwd
@@ -1560,6 +1584,7 @@
 /memoria
 /mercurial.ini
 /META-INF/context.xml
+/metrics
 /moadmin.php
 /moderator.php
 /moderator/
@@ -1611,6 +1636,7 @@
 /nginx.conf
 /nginx_status
 /nohup.out
+/nomad
 /npm-debug.log
 /nst.php
 /nstview.php
@@ -1636,6 +1662,7 @@
 /orders.xls
 /orders_log
 /ospfd.conf
+/out
 /output-build.txt
 /p.php
 /p/m/a/
@@ -1895,6 +1922,7 @@
 /project.pbxproj
 /project.xml
 /propel.ini
+/proxy
 /prv/
 /public/spaw2/dialogs/dialog.php
 /publication_list.xml
@@ -1913,7 +1941,9 @@
 /Read
 /Read%20Me.txt
 /read.me
+/read_file
 /Read_Me.txt
+/readfile
 /README
 /readme
 /README.htm
@@ -1960,6 +1990,8 @@
 /secring.bak
 /secring.pgp
 /secring.skr
+/secure/attachmentzip/
+/secure/ConfigureReport.jspa
 /sentemails.log
 /serv-u.ini
 /server-info
@@ -2060,6 +2092,7 @@
 /STATUS.txt
 /status.xsl
 /status/
+/status2
 /statusicon/
 /stronghold-info
 /stronghold-status
@@ -2071,6 +2104,7 @@
 /svn.revision
 /SVN/
 /svn/
+/swagger-ui 
 /swfupload
 /sxd/
 /sxd/backup/
@@ -2136,6 +2170,7 @@
 /test9.php
 /test_
 /test_ip.php
+/testing
 /tests
 /tests/phpunit_report.xml
 /Thumbs.db
@@ -2261,6 +2296,7 @@
 /vb.rar
 /vb.sql
 /vb.zip
+/version
 /VERSION.txt
 /view.php
 /vtund.conf