J-GainSec

It's for enumerating what files/functionality are being used to discover the attack surface of a Microsoft FIM instance. For example, determining access controls of each user, the xml files within...

There can be CGIs or other scripts accessible in the /aspnet_client/system_web/* directories even if the ladder two directories are inaccessible . I've encountered CKEditor being there before off the top...

Yes https://docs.microsoft.com/en-us/iis/configuration/system.webserver/cgi

It's for enumerating what files/functionality are being used to discover the attack surface of a SharePoint instance. From testing SharePoint instances.

https://the-infosec.com/2017/04/18/penetration-testing-sharepoint/

Done!

Should be good now

I downloaded the top 55 mobile apps and extracted relative links/parameters from each file in the apk and made a pretty awesome API wordlist. - Nullenc0de https://gist.github.com/nullenc0de/be4d0ac216ee4fecab5493555089b28d https://twitter.com/nullenc0de/status/1425973675715612672

Done, adding the other file now.

I have not but I'm happy too in the upcoming week if you'd like. I'm all good if not. You can close the issue. Thank you for your responsiveness and...