Default Directory Listing
Used to locate web servers where directory listing is enabled unintentionally by the developer or sysadmin, and serving the delicious spicy foods directly to hackers with no efforts.
http.html:"index of /"
Backup Files
When changes are made by the web developer, first they make backup of existing important files and then start working on the project, but this is the point where we get in easily 🙂 . In other cases, they completely forget about it and remains there as it is. While some are honeypots to trap threat actors and just sniff what nefarious things the hacker is trying to play with the system and then catch them hopefully if beginner or just wait for the experienced threat actors to make a small mistake and it’s game over 💀
http.html:"index of /" http.html:"backup"
Compressed Achives
Similar to backup files, here the developer might be working on a linux system mostly as we can assume by looking at the extension itself.
http.html:"index of /" http.html:"tar.gz"
Database Files
One of the easy wins in bug hunting is information disclosure, mostly need not go into highly technical manual details like in manual WAF bypass for injection attacks, and directly enjoy the sensitive information it is providing for free🤑, admin credentials, user credentials, PII , internal structure of the database, tables, rows,columns, hashing used by the DB admin and unlimited opportunities of a persistent attacker.Not every company has regular pentest , audits, or not even a free vulnerability disclosure program, due to which these novice companies are the best fit for international attackers , attack and sell the data in dark web 🙂
http.html:"index of /" http.html:"database"
http.html:"index of /" http.html:"sql.gz"
http.html:"index of /" http.html:".sql"
http.html:"index of /" http.html:".db"
http.html:"index of /" http.html:"db_backup"
http.html:"index of /" http.html:"mysql.dump"
http.html:"index of /" http.html:".mdb"
Configuration Files
Find web servers where configuration files are accessible, in those files we can see details that store settings, preferences for various applications , servers and the OS. High probability of data leaks like API keys, tokens, file paths and directories, application settings, network information and much more.
http.html:"index of /" http.html:".xml"
http.html:"index of /" http.html:"config.xml"
#tomcat: db connection strings
http.html:"index of /" http.html:"server.xml"
WordPress Configuration Files
http.html:"index of /" http.html:"wp-config.php.txt"
http.html:"index of /" http.html:"wp-config.txt"
http.html:"index of /" http.html:"wp-config.php.bak"
http.html:"index of /" http.html:"wp-config.php.old"
http.html:"index of /" http.html:"wp-config.php.backup"
http.html:"index of /" http.html:"wp-config.php.zip"
http.html:"index of /" http.html:"wp-config.php.tar.gz"
Passwords
Passwords related to database, FTP, SSH, admin panel, email accounts, CMS login, network devices, RDP, VNC,etc…
http.html:"index of /" http.html:"pwd"
http.html:"index of /" http.html:"pass.txt"
http.html:"index of /" http.html:"password"
http.html:"index of /" http.html:"password.txt"
http.html:"index of /" http.html:"passwords.txt"
http.html:"index of /" http.html:"passwords.zip"
Windows Server Config Files
Configuration file of Microsoft IIS Windows Server.
http.html:"index of /" http.html:"web.config"
Exposed Logs
Records of who accessed the server, their IP addresses, timestamps and the resource that was served to the client, login attempts information, application logs that capture application events and status.Database logs that holds inforation of database queries, transactions and errors, further releaving SQL and data structures used.Firewall logs that includes IP,protocols and red flags of threats.
http.html:"index of /" http.html:".log"
http.html:"index of /" http.html:"access.log"
http.html:"index of /" http.html:"error.log"
http.html:"index of /" http.html:"php_error.log"
http.html:"index of /" http.html:"debug.log"
Configuration and Version Control Files
.env File: This is a configuration file typically used in development environments to store sensitive environment variables. Commonly found in web applications, .env files may contain:
- Database credentials (username, password, host, and port)
- API keys and tokens for third-party services
- Secret keys for session handling or encryption
- SMTP credentials for email servers
- Debugging and logging settings
.svn Directory: This is a directory created by the Subversion (SVN) version control system. When exposed, it can leak:
- Source code and historical versions of files, revealing internal application logic
- Commit messages that may describe vulnerabilities or sensitive changes
- Developer notes that may include hardcoded credentials, server paths, or deployment details
- File metadata that can give attackers insight into the structure of the application and directories
http.html:"index of /" http.html:".env"
http.html:"index of /" http.html:".svn"
Git Repositories
.gitDirectory: Exposing the.gitfolder allows attackers to access the full codebase, commit history, and branches, which can reveal sensitive information like hardcoded credentials and the app’s internal logic.gitconfigFile: This file contains Git configuration settings, user information, and possibly stored credentials
http.html:"index of /" http.html:".git"
http.html:"index of /" http.html:"gitconfig"
Note: Shodan Database Results keeps changing from time to time , as it regularly scans the entire internet and picks up new devices , ports, and systems connected along with detailed device details with country,location,time and meta-data of it as well 🙂