It is a curated list containing approximately 10,000 common directory names, file paths, and administrative endpoints used by web servers. Security researchers use this list with tools like , ffuf , or Gobuster to identify hidden or unprotected pages on a website. Key Components The list typically includes common paths such as:
: Discovering hidden subdirectories that are not linked from the main homepage. 10KHttp.txt
: Admins use it to "attack" their own servers to ensure that unauthorized paths return a 403 Forbidden or 404 Not Found status. Where to Find It It is a curated list containing approximately 10,000
: .env , config.php , web.config , settings.json . Backup Directories : /backup , /old , /temp , /archive.zip . Development Assets : /dev , /test , /git/ , /bitbucket . Common Use Cases : Admins use it to "attack" their own