Skip to content
Directory listing of world readable files for appsec work
Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
file_listings
README.md
pull_file_listings.sh

README.md

OS-File-List

This project is a repository of default files on various distributions of Linux. Effectively, we went to each provider (AWS/Azure/DigitalOcean), created every Linux virtual machine and pulled a listing of every world readable file.

We also created a basic user account on each instance and listed readable files from that perspective.

Why?

File listings can be extremely useful in web application testing. A couple use cases:

  • List of files that should exist via LFI/Directory Traversal
  • Different files and their locations can help fingerprint the distribution
  • Bypass WAFs by not using common files (e.g. /etc/passwd)
You can’t perform that action at this time.