# Always-check sensitive paths — generic web targets
robots.txt
sitemap.xml
sitemap_index.xml
sitemap-index.xml
sitemaps.xml
humans.txt
security.txt
.well-known/security.txt
.well-known/openid-configuration
.well-known/jwks.json
.well-known/oauth-authorization-server
.well-known/assetlinks.json
.well-known/apple-app-site-association
crossdomain.xml
clientaccesspolicy.xml
README
README.md
README.txt
CHANGELOG
CHANGELOG.md
LICENSE
LICENSE.txt
TODO
TODO.txt
NOTES
NOTES.md
admin
administrator
admin.php
admin/login
admin/login.php
adminer.php
phpinfo.php
info.php
test.php
debug
debug.php
debug.log
error.log
error_log
errors.log
access.log
server-status
server-info
status
healthz
health
metrics
swagger
swagger.json
swagger.yaml
swagger-ui.html
swagger-ui
openapi.json
openapi.yaml
v1/swagger.json
v2/swagger.json
v3/api-docs
api-docs
api/docs
api/v1
api/v2
api/v3
api/swagger
graphql
graphiql
__graphql
playground
console
config
configs
config.json
config.xml
config.yaml
config.yml
configuration.json
configuration.yaml
settings.json
settings.yaml
settings.yml
appsettings.json
appsettings.Development.json
appsettings.Production.json
parameters.yml
parameters.yaml
local.xml
secrets.json
secrets.yaml
secrets.yml
secret.txt
secret.json
secret.yaml
credentials
credentials.json
credentials.txt
credentials.csv
backup
backup.zip
backup.tar
backup.tar.gz
backup.tar.bz2
backup.sql
backup.sql.gz
backup.bak
backups
backups.zip
bak
old
www.zip
www.tar.gz
site.zip
site.tar.gz
htdocs.zip
public.zip
upload
uploads
files
data
data.zip
data.sql
db.sql
db.sql.gz
database.sql
database.sql.gz
dump.sql
dump.sql.gz
backup.dump
.htaccess
.htpasswd
.user.ini
web.config
phpunit.xml
composer.json
composer.lock
package.json
package-lock.json
yarn.lock
pnpm-lock.yaml
Pipfile
Pipfile.lock
poetry.lock
pyproject.toml
requirements.txt
requirements-dev.txt
Gemfile
Gemfile.lock
go.mod
go.sum
Cargo.toml
Cargo.lock
build.gradle
build.sbt
pom.xml
Makefile
makefile
.travis.yml
.gitlab-ci.yml
.circleci/config.yml
.github/workflows
Jenkinsfile
azure-pipelines.yml
bitbucket-pipelines.yml
