# This list comes from:
# - https://github.com/lightos/Panoptic
# - https://github.com/danielmiessler/SecLists
# /proc and /sys entries should be kept in sync with restricted-files.data

# Entries in this list generally use the shortest path that suffices for identifying them as dangerous.
# .ssh/id_rsa and .ssh/id_dsa for example, are both dangerous paths but are represented in this list as .ssh.
# The same applies to different log files below /var/log/mysql: var/log/mysql is enough to tell us that the request is suspicious.
# Additionally, similar paths with different roots are represented as a single entry.
# For example, the two entries usr/local/mysql/data/mysql.err and xampp/mysql/data/mysql.err are
# represented as mysal/data, as that is enough to identify the paths as being suspicious.


# Most of the dotfile entries can be generated from the following three commands.
# Unfortunately, the output contains many more entries, including some file
# extensions. There are also some entries that probably added by hand.
# curl -s https://raw.githubusercontent.com/lightos/Panoptic/master/home.txt | grep -E "^\." |  awk  '{ print tolower($0) }' | sort | uniq
# curl -s https://raw.githubusercontent.com/lightos/Panoptic/master/cases.xml | grep "file value" | cut -d'"' -f2 | grep -E "^\." |  awk  '{ print tolower($0) }' | sort | uniq
# curl -s https://raw.githubusercontent.com/danielmiessler/SecLists/master/Fuzzing/fuzz-Bo0oM.txt | grep -Ev '\\|\.\.|=\b|%' | grep -E "^\." |  awk  '{ print tolower($0) }' | sort | uniq
.access/
.addressbook
.anydesk/
.aptitude/config
.atom/
.aws/
.azure/
.bash_
.bashrc
.boto
.cache/
.cache/notify-osd.log
.cargo/
.config.local.php
.config/
.coverage
.coveralls.yml
.credentials
.cshrc
.cups/
.cvs
.dbus/
.deployment-secrets.txt
.docker/
.dockerignore
.drush/
# .env
.envrc
.eslintignore
.fbcindex
.forward
.ftpconfig
.gem/
.git/
.gitattributes
.gitconfig
.gitignore
.gitkeep
.gitmodules
.gnome/
.gnome2/
.gnomerc/
.gnupg/
.google_authenticator
.gsutil/
.hg/
.hgignore
.history
.hplip/hplip.conf
.htaccess
.htdigest
.htpasswd
.ipynb_checkpoints/
.java/
.ksh_history
.kube/
.lesshst
.lftp/
.lhistory
.lighttpdpassword
.lldb-history
.local/bin/
.local/lib/
.local/share/
.local/state/
.lynx_cookies
.minikube/
.msmtprc
.my.cnf
.myscmserverinfo
.mysql_history
.nano_history
.netrc
.node_repl_history
.npm/
.npmrc
.nsconfig
.nsr
.nvm/
.oh-my-
# .pac
# .pass
# .passwd
.password-store
.pearrc
.pgpass
.php_history
.pinerc
.pki/
.proclog
.procmailrc
.profile
.psql_history
# .pwd
.pytest_cache/
.python_history
.rediscli_history
.remote-sync.json
.rhistory
.rhosts
.rustup
.rustup/
.s3cfg
.secrets
.selected_editor
.settings/
.sh_history
.snap/
.sqlite_history
.ssh/
.subversion/
.svn/
.svnignore
.tconn/
.tcshrc
.terraform.lock.hcl
.terraform/
.thunderbird/
.tmux.conf
.tools/
.tor/
.travis.yaml
.travis.yml
.vagrant.d/
.vidalia/
.vim/
.viminfo
.vimrc
.vmware/
.vscode
.web.config.swp
.wget-hsts
.www_acl
.wwwacl
.xauthority
.yarnrc
.zhistory
.zsh_history
.zshenv
.zshrc

/php.ini
/tmp/

# Generic config filenames and common permutations
config.asp
config_dev.asp
config-dev.asp
config.dev.asp
config_prod.asp
config-prod.asp
config.prod.asp
config.sample.asp
config-sample.asp
config_sample.asp
config_test.asp
config-test.asp
config.test.asp
config.ini
config_dev.ini
config-dev.ini
config.dev.ini
config_prod.ini
config-prod.ini
config.prod.ini
config.sample.ini
config-sample.ini
config_sample.ini
config_test.ini
config-test.ini
config.test.ini
config.json
config_dev.json
config-dev.json
config.dev.json
config_prod.json
config-prod.json
config.prod.json
config.sample.json
config-sample.json
config_sample.json
config_test.json
config-test.json
config.test.json
config.php
config_dev.php
config-dev.php
config.dev.php
config_prod.php
config-prod.php
config.prod.php
config.sample.php
config-sample.php
config_sample.php
config_test.php
config-test.php
config.test.php
config.pl
config_dev.pl
config-dev.pl
config.dev.pl
config_prod.pl
config-prod.pl
config.prod.pl
config.sample.pl
config-sample.pl
config_sample.pl
config_test.pl
config-test.pl
config.test.pl
config.py
config_dev.py
config-dev.py
config.dev.py
config_prod.py
config-prod.py
config.prod.py
config.sample.py
config-sample.py
config_sample.py
config_test.py
config-test.py
config.test.py
config.rb
config_dev.rb
config-dev.rb
config.dev.rb
config_prod.rb
config-prod.rb
config.prod.rb
config.sample.rb
config-sample.rb
config_sample.rb
config_test.rb
config-test.rb
config.test.rb
config.toml
config_dev.toml
config-dev.toml
config.dev.toml
config_prod.toml
config-prod.toml
config.prod.toml
config.sample.toml
config-sample.toml
config_sample.toml
config_test.toml
config-test.toml
config.test.toml
config.txt
config_dev.txt
config-dev.txt
config.dev.txt
config_prod.txt
config-prod.txt
config.prod.txt
config.sample.txt
config-sample.txt
config_sample.txt
config_test.txt
config-test.txt
config.test.txt
config.xml
config_dev.xml
config-dev.xml
config.dev.xml
config_prod.xml
config-prod.xml
config.prod.xml
config.sample.xml
config-sample.xml
config_sample.xml
config_test.xml
config-test.xml
config.test.xml
config.yaml
config_dev.yaml
config-dev.yaml
config.dev.yaml
config_prod.yaml
config-prod.yaml
config.prod.yaml
config.sample.yaml
config-sample.yaml
config_sample.yaml
config_test.yaml
config-test.yaml
config.test.yaml
config.yml
config_dev.yml
config-dev.yml
config.dev.yml
config_prod.yml
config-prod.yml
config.prod.yml
config.sample.yml
config-sample.yml
config_sample.yml
config_test.yml
config-test.yml
config.test.yml
config.sample.inc.php
credentials.json
secrets.json
secrets.yaml
secrets.yml
# Compressed database dumps
.sql.001
.sql.7z
.sql.bz
.sql.ace
.sql.arj
.sql.cpio
.sql.gz
.sql.lha
.sql.lz
.sql.pa
.sql.pea
.sql.r00
.sql.r01
.sql.r02
.sql.r03
.sql.r04
.sql.r05
.sql.r06
.sql.r07
.sql.r08
.sql.r09
.sql.rar
.sql.rev
.sql.tar
.sql.taz
.sql.tbz
.sql.tgz
.sql.txz
.sql.uha
.sql.xz
.sql.yz1
.sql.z
# CVE-2023-49103
phpinfo.php
# AWS cli
aws.yaml
aws.yml
aws-key.yaml
aws-key.yml
# Python cache
__pycache__/
# Windows system ini files
boot.ini
system.ini
win.ini
# NodeJS log file
pm2.log
# Generic log filename
debug.log
# Mysql/MariaDB config file
debian.cnf
my.cnf
mysql.cnf
mysqldump.cnf
# FTP config files
ftp-sync.json
# Yarn log files
yarn-debug.log
yarn-error.log
# Code coverage config file
coverage.xml
# Apache httpd entries can be generated with the following command:
# curl -s https://raw.githubusercontent.com/lightos/Panoptic/master/cases.xml | grep "file value" | cut -d'"' -f2 | awk -F/ '{ { if (length($NF) > 0) {v1 = NF-1; v2 = NF} else {v1 = NF-2; v2 = NF-1} print tolower($v1"/"$v2) }) }' | grep apache | sort | uniq
apache/access.conf
apache/apache.conf
apache/apache2.conf
apache/audit_log
apache/conf
apache/default-server.conf
apache/error_log
apache/error.log
apache/httpd.conf
apache/log
apache2/apache.conf
apache2/apache2.conf
apache2/conf
apache2/default-server.conf
apache2/envvars
apache2/httpd.conf
apache2/httpd2.conf
apache2/logs
apache2/mods
apache2/ports.conf
apache2/sites
apache2/ssl-global.conf
apache2/vhosts.d
apache22/conf
apache22/httpd.conf
apache22/logs
apache24/conf
apache24/httpd.conf
apache24/logs
app/etc/local.xml
boot.ini
boot/grub/grub.cfg
boot/grub/menu.lst
config.sample.php
config.inc.php
config/app.php
config/custom.php
config/database.php
config/parameters.php
config/settings.inc.php
configuration.php
cpanel/logs
database.yaml
database.yml
data/elasticsearch
data/kafka
defaults.inc.php
etc/.java
etc/acpi
etc/adduser.conf
etc/alias
etc/alsa
etc/alternatives
etc/amavis
etc/anacrontab
etc/ansible
etc/apache/access.conf
etc/apache/apache.conf
etc/apache/default-server.conf
etc/apache/httpd.conf
etc/apache/vhosts.conf
etc/apache2
etc/apm
etc/apparmor
etc/apport
etc/apt
etc/asciidoc
etc/at.allow
etc/at.deny
etc/audit
etc/avahi
etc/bash.bashrc
etc/bash_completion.d
etc/bashrc
etc/bind
etc/binfmt.d
etc/bluetooth
etc/bonobo-activation
etc/bootptab
etc/brltty
etc/byobu
etc/ca-certificates
etc/calendar
etc/casper.conf
etc/centos-release
etc/chatscripts
etc/chkrootkit.conf
etc/chromium-browser
etc/chrootusers
etc/chttp.conf
etc/clam.d
etc/clamav
etc/cni
etc/console-setup
etc/coraza-waf
etc/cracklib
etc/cron.allow
etc/cron.d
etc/cron.hourly
etc/cron.monthly
etc/cron.weekly
etc/cron.yearly
etc/crontab
etc/crowdsec
etc/crypttab
etc/cups
etc/cvs-cron.conf
etc/cvs-pserver.conf
etc/dbus-1
etc/dconf
etc/debconf.conf
etc/debian_version
etc/default
etc/deluser.conf
etc/depmod.d
etc/dhcp
etc/dictionaries-common
etc/dkms
etc/dns2tcpd.conf
etc/dnsmasq.d
etc/docker
etc/dockeretc/dpkg
etc/dovecot
etc/e2fsck.conf
etc/elasticsearch
etc/emacs
etc/env.php
etc/environment.d
etc/esound/esd.conf
etc/etter.conf
etc/exports
etc/fail2ban
etc/fedora-release
etc/firebird
etc/firefox
etc/firewall
etc/fonts
etc/foremost.conf
etc/freshclam.conf
etc/fstab
etc/ftpaccess
etc/ftpchroot
etc/ftphosts
etc/ftpusers
etc/fuse.conf
etc/fwupd
etc/gconf
etc/gdb
etc/gdm3
etc/geoclue
etc/ghostscript
etc/gimp
etc/gitlab
etc/glvnd
etc/gnome
etc/gnucash
etc/gnustep
etc/groff
etc/group
etc/grub.conf
etc/grub.d
etc/gshadow
etc/gss
etc/gtk-2.0
etc/gtk-3.0
etc/hdparm.conf
etc/host.conf
etc/hostname
etc/hosts
etc/hp
etc/http/conf
etc/http/httpd.conf
etc/httpd
etc/ifplugd
etc/imagemagick-6
etc/inetd.conf
etc/init
etc/insserv.conf.d
etc/ipfw
etc/iproute2
etc/iptables
etc/issue
etc/java
etc/kafka
etc/kbd/config
etc/kernel
etc/kibana
etc/ld.so.conf
etc/ldap
etc/letsencrypt
etc/libblockdev
etc/libibverbs.d
etc/libnl-3
etc/libpaper.d
etc/libreoffice
etc/lighttpd
etc/lilo.conf
etc/logcheck
etc/login.defs
etc/logrotate.conf
etc/logrotate.d
etc/logstash
etc/logwatch
etc/lsb-release
etc/ltrace.conf
etc/lvm
etc/lynx
etc/mail
etc/mandrake-release
etc/manpath.config
etc/mc
etc/menu
etc/miredo-server.conf
etc/miredo.conf
etc/miredo/miredo-server.conf
etc/miredo/miredo.conf
etc/modprobe.d
etc/modsecurity
etc/modulesf
etc/mongod.conf
etc/monit
etc/mono
etc/motd
etc/mplayer
etc/mpv
etc/mtab
etc/mtools.conf
etc/muddleftpd
etc/muddleftpd.com
etc/muttrc.d
etc/my.cnf
etc/my.conf
etc/mysql
etc/netplan
etc/network
etc/networkmanager
etc/newsyslog.conf
etc/newt
etc/nghttpx
etc/nginx
etc/nikto
etc/npasswd
etc/nsswitch.conf
etc/nuxeo.conf
etc/odbcdatasources
etc/openal
etc/opendkim
etc/opendmarc
etc/openldap/ldap.conf
etc/openmpi
etc/opt
etc/os-release
etc/osxhttpd
etc/osync
etc/packagekit
etc/pam.conf
etc/pam.d
etc/pam.d/proftpd
etc/passwd
etc/password
etc/pcmcia
etc/perl
etc/php
etc/pki
etc/pm
etc/polkit-1
etc/postfix
etc/postgresql
etc/ppp
etc/printcap
etc/profile
etc/proftp.conf
etc/proftpd
etc/pulse
etc/pure-ftpd
etc/pureftpd
etc/python
etc/qemu
etc/rc.conf
etc/rc.d/rc.httpd
etc/rc0.d
etc/rc1.d
etc/rc2.d
etc/rc3.d
etc/rc4.d
etc/rc5.d
etc/rc6.d
etc/rcs.d
etc/redhat-release
etc/redis-sentinel.conf
etc/redis.conf
etc/resolv.conf
etc/resolvconf
etc/rsyslog.d
etc/samba
etc/sane.d
etc/scw-release
etc/security
etc/selinux
etc/sensors.conf
etc/sensors.d
etc/sensors3.conf
etc/sgml
etc/shadow
etc/signon-ui
etc/skel
etc/slackware-release
etc/smb.conf
etc/smbpasswd
etc/smi.conf
etc/snmp
etc/sogo
etc/sound
etc/spamassassin
etc/speech-dispatcher
etc/squid
etc/squirrelmail
etc/ssh
etc/ssl
etc/sso
etc/stunnel
etc/subgid
etc/subuid
etc/subversion
etc/sudoers
etc/suse-release
etc/sw-cp-server/applications.d
etc/sysconfig
etc/sysctl.conf
etc/sysctl.d
etc/syslog.conf
etc/sysstat
etc/system-release-cpe
etc/systemd
etc/termcap
etc/terminfo
etc/texmf
etc/thermald
etc/thnuclnt
etc/thunderbird
etc/timezone
etc/timidity
etc/tinyproxy
etc/tmpfiles.d
etc/tor/tor-tsocks.conf
etc/tsocks.conf
etc/ubuntu-advantage
etc/udev
etc/udisks2
etc/ufw
etc/unbound
etc/update-manager
etc/update-motd.d
etc/update-notifier
etc/updatedb.conf
etc/upower
etc/urlview
etc/usb_modeswitch.d
etc/utmp
etc/vhcs2/proftpd/proftpd.conf
etc/vim
etc/vmware
etc/vsftpd.chroot_list
etc/vsftpd.conf
etc/vsftpd/vsftpd.conf
etc/vulkan
etc/w3m
etc/webmin
etc/wicd
etc/wireshark
etc/wpa_supplicant
etc/wu-ftpd
etc/x11
etc/xdg
etc/xml
gitlab.rb
gitlab_config_
gruntfile.js
home/postgres
http/httpd.conf
httpd/conf/httpd.conf
includes/configure.php
inetpub/wwwroot/global.asa
initial_root_password
jakarta/dist/tomcat
jakarta/tomcat/conf
jakarta/tomcat/logs
library/webserver/documents
lighttpd/conf
lighttpd/lighttpd.conf
lighttpd/log
localsettings.php
logs/access_log
logs/access.log
logs/error_log
logs/error.log
logs/pure-ftpd.log
logs/samba.log
logs/security_debug_log
logs/security_log
lsws/conf
lsws/logs
mysql/bin/my.ini
mysql/data
mysql/my.cnf
mysql/my.ini
nginx/conf/nginx.conf
npm-debug.log
opt/apache
opt/apache2
opt/httpd/apache.conf
opt/httpd/apache2.conf
opt/httpd/conf/
opt/jboss
opt/lampp
opt/nuxeo
opt/tomcat
opt/xampp
package-lock.json
package.json
parameters.yml
pgsql/bin/pg_passwd
pgsql/data
php/apache.conf
php/apache2.conf
php/httpd.conf
php5/apache.conf
php5/apache2.conf
php5/httpd.conf
postgresql/log/
/proc/
proc/0
proc/1
proc/2
proc/3
proc/4
proc/5
proc/6
proc/7
proc/8
proc/9
proc/acpi
proc/asound
proc/bootconfig
proc/buddyinfo
proc/bus
proc/cgroups
proc/cmdline
proc/config.gz
proc/consoles
proc/cpuinfo
proc/crypto
proc/devices
proc/diskstats
proc/dma
proc/docker
proc/driver
proc/dynamic_debug
proc/execdomains
proc/fb
proc/filesystems
proc/fs
proc/interrupts
proc/iomem
proc/ioports
proc/ipmi
proc/irq
proc/kallsyms
proc/kcore
proc/key-users
proc/keys
proc/kmsg
proc/kpagecgroup
proc/kpagecount
proc/kpageflags
proc/latency_stats
proc/loadavg
proc/locks
proc/mdstat
proc/meminfo
proc/misc
proc/modules
proc/mounts
proc/mpt
proc/mtd
proc/mtrr
proc/net
proc/pagetypeinfo
proc/partitions
proc/pressure
proc/sched_debug
proc/schedstat
proc/scsi
proc/self
proc/slabinfo
proc/softirqs
proc/stat
proc/swaps
proc/sys
proc/sysrq-trigger
proc/sysvipc
proc/thread-self
proc/timer_list
proc/timer_stats
proc/tty
proc/uptime
proc/version
proc/version_signature
proc/vmallocinfo
proc/vmstat
proc/zoneinfo
program files
psa/admin
pureftpd/etc
root/anaconda-ks.cfg
routing.yml
samba/lib
sb/config
security.yml
server/default/conf
server/default/deploy
server/default/log
services.yml
sftp.json
sites/default/default.settings.php
sites/default/settings.local.php
sites/default/settings.php
squirrelmail/www
/sys/
sys/block
sys/bus
sys/class
sys/dev
sys/devices
sys/firmware
sys/fs
sys/hypervisor
sys/kernel
sys/module
sys/power
system/library/webobjects/adaptors
system32/config
system32/inetsrv/config
tmp/access.log
tmp/kafka-logs
typo3conf/localconf.php
usr/etc/pure-ftpd.conf
usr/home/user/lighttpd
usr/lib/cron/log
usr/lib/php
usr/lib/rpm/rpm.log
usr/lib/security
usr/local/zeus/web
usr/pkg/etc/httpd
usr/pkgsrc/net/pureftpd
usr/ports/contrib/pure-ftpd
usr/ports/ftp/pure-ftpd
usr/sbin/mudlogd
usr/sbin/mudpasswd
usr/share/adduser
usr/share/logs
usr/share/squirrelmail
usr/share/tomcat
usr/spool/lp
usr/spool/mqueue
var/adm
var/apache/logs
var/apache2/config.inc
var/cpanel
var/cron/log
var/data/elasticsearch
var/data/mysql-bin
var/htmp
var/lib/elasticsearch
var/lib/mysql
var/lib/pgsql
var/lib/squirrelmail
var/lighttpd
var/local/www/conf
var/log
var/lp/logs
var/mail
var/mysql-bin
var/mysql.log
var/nm2/postgresql.conf
var/postgresql
var/run/utmp
var/saf/_log
var/saf/port/log
var/spool
var/webmin
var/www
volumes/macintosh_hd
volumes/webbackup
wamp/bin/apache
wamp/bin/mysql
wamp/bin/php
wamp/logs
web.config
webpack.config.js
windows/comsetup.log
windows/debug/netsetup.log
windows/odbc.ini
windows/repair/setup.log
windows/setupact.log
windows/setupapi.log
windows/setuperr.log
windows/system32
windows/syswow64
windows/updspapi.log
windows/windowsupdate.log
windows/wmsetup.log
winnt/repair
winnt/system32/logfiles
wp-config.
wp-config-
wp-config_
www/conf/httpd.conf
www/logs
xampp/apache/logs
xampp/filezillaftp
xampp/htdocs
xampp/mercurymail
xampp/mysql/data
xampp/php
xampp/sendmail
xampp/webalizer/webalizer.conf
yarn.lock