From aac5204f75322556f554b6078048711e44427984 Mon Sep 17 00:00:00 2001
From: toxydose <a.yakovlev911@gmail.com>
Date: Sun, 2 Dec 2018 02:23:41 +0200
Subject: [PATCH 1/2] add clientaccesspolicy.xml and crossdomain.xml files
 which are usually contains unsafe wildcarded configurations.

---
 Discovery/Web-Content/quickhits.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Discovery/Web-Content/quickhits.txt b/Discovery/Web-Content/quickhits.txt
index 35fa99c..af6ef34 100644
--- a/Discovery/Web-Content/quickhits.txt
+++ b/Discovery/Web-Content/quickhits.txt
@@ -1008,6 +1008,8 @@
 /cron/cron.sh
 /crond/logs/
 /cronlog.txt
+/crossdomain.xml
+/clientaccesspolicy.xml
 /culeadora.txt
 /custom/db.ini
 /customers.csv

From 277b243d61a57d6cd3fa7c8e1c44c1193c702cfa Mon Sep 17 00:00:00 2001
From: toxydose <a.yakovlev911@gmail.com>
Date: Sun, 2 Dec 2018 02:39:55 +0200
Subject: [PATCH 2/2] add slashes. Some servers are redirecting from folders
 without slashes to folders with slashes in the end of URI, and 302 is
 returned instead of 200

---
 Discovery/Web-Content/Logins.fuzz.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Discovery/Web-Content/Logins.fuzz.txt b/Discovery/Web-Content/Logins.fuzz.txt
index e71759e..33160b8 100644
--- a/Discovery/Web-Content/Logins.fuzz.txt
+++ b/Discovery/Web-Content/Logins.fuzz.txt
@@ -8,7 +8,7 @@
 /admin.py
 /admin.rb
 /admin/
-/administrator
+/administrator/
 /administrator.asp
 /administrator.aspx
 /administrator.cfm
@@ -24,7 +24,7 @@
 /cpanel/
 /default.asp
 /exchange/logon.asp
-/gs/admin
+/gs/admin/
 /index.php?u=
 /invocactf.php
 /login/