Web shell / backdoor filenames
Known web shell and backdoor filenames for discovering attacker-dropped scripts left on compromised web servers.
- Size
- 14.4 KB
- Category
- Web Content
- Source
- danielmiessler/SecLists
- License
- MIT
- Recommended tools
- ffufgobusterferoxbuster
Preview
First 15 entries. Download or copy the full list (14.4 KB) using the buttons above.
.gitignore 023.jsp 08小组内部交流专用.asp 1.png 12309.php 1427683968524.jpg 2.png 3.png 3fexe Shell.asp 4.png 404 infiltrate team.asp 404 Not Found.php 404.php 404super.php 404webshell.php
Known web shell and backdoor filenames for discovering attacker-dropped scripts left on compromised web servers.
This list is geared toward web content and directory discovery. It contains roughly 14.4 KB and pairs well with tools such as ffuf, gobuster, feroxbuster. Pick the smallest list that fits your engagement: shorter lists are faster and quieter for online attacks, while larger lists give broader coverage for offline work where speed is less of a constraint.
You can copy the sample preview straight from this page, copy the entire list to
your clipboard, or download the raw .txt file. The full list is served directly
from its upstream source on GitHub.
Sourced from danielmiessler/SecLists and distributed under MIT. Only use wordlists against systems you are explicitly authorized to test.