Pentesting Sharepoint

Sources:

Gdorks Wordlist:

Dirbust Wordlist:

Merged from:

/admin/_layouts
/_catalogs/masterpage/Forms/AllItems.aspx
/_catalogs/wp/forms/allitems.aspx
/_catalogs/wt/Forms/Common.aspx
/default.aspx
/Forms/DispForm.aspx
/Forms/DispForm.aspx?ID=1
/Forms/EditForm.aspx
/Forms/EditForm.aspx?ID=1
/Forms/Forms/AllItems.aspx
/Forms/MyItems.aspx
/Forms/NewForm.aspx
/_layouts/1033/IMAGES
/_layouts/aclinv.aspx
/_layouts/addrole.aspx
/_layouts/AdminRecycleBin.aspx
/_layouts/AreaNavigationSettings.aspx
/_layouts/AreaTemplateSettings.aspx
/_Layouts/AreaWelcomePage.aspx
/_layouts/associatedgroups.aspx
/_layouts/bpcf.aspx
/_Layouts/ChangeSiteMasterPage.aspx
/_layouts/create.aspx
/_layouts/editgrp.aspx
/_layouts/editprms.aspx
/_layouts/groups.aspx
/_layouts/help.aspx
/_layouts/images/
/_layouts/listedit.aspx
/_layouts/listfeed.aspx
/_layouts/managefeatures.aspx
/_layouts/ManageFeatures.aspx?Scope=Site
/_layouts/mcontent.aspx
/_layouts/mngctype.aspx
/_layouts/mngfield.aspx
/_layouts/mngsiteadmin.aspx
/_layouts/mngsubwebs.aspx
/_layouts/mngsubwebs.aspx?view=sites
/_layouts/mobile/mbllists.aspx
/_layouts/MyInfo.aspx
/_layouts/MyPage.aspx
/_layouts/MyTasks.aspx
/_layouts/navoptions.aspx
/_layouts/NewDwp.aspx
/_layouts/newgrp.aspx
/_layouts/newsbweb.aspx
/_layouts/PageSettings.aspx
/_layouts/people.aspx
/_layouts/people.aspx?MembershipGroupId=0
/_layouts/permsetup.aspx
/_layouts/picker.aspx
/_layouts/policy.aspx
/_layouts/policyconfig.aspx
/_layouts/policycts.aspx
/_layouts/Policylist.aspx
/_layouts/prjsetng.aspx
/_layouts/quiklnch.aspx
/_layouts/recyclebin.aspx
/_Layouts/RedirectPage.aspx
/_Layouts/RedirectPage.aspx?Target={SiteCollectionUrl}_catalogs/masterpage
/_layouts/role.aspx
/_layouts/settings.aspx
/_layouts/SiteDirectorySettings.aspx
/_layouts/sitemanager.aspx
/_Layouts/SiteManager.aspx?lro=all
/_layouts/spcf.aspx
/_layouts/storman.aspx
/_layouts/themeweb.aspx
/_layouts/topnav.aspx
/_layouts/user.aspx
/_layouts/userdisp.aspx
/_layouts/userdisp.aspx?Force=True&id=1
/_layouts/userdisp.aspx?Force=True&id=10
/_layouts/userdisp.aspx?Force=True&id=11
/_layouts/userdisp.aspx?Force=True&id=12
/_layouts/userdisp.aspx?Force=True&id=13
/_layouts/userdisp.aspx?Force=True&id=14
/_layouts/userdisp.aspx?Force=True&id=15
/_layouts/userdisp.aspx?Force=True&id=16
/_layouts/userdisp.aspx?Force=True&id=17
/_layouts/userdisp.aspx?Force=True&id=18
/_layouts/userdisp.aspx?Force=True&id=19
/_layouts/userdisp.aspx?Force=True&id=2
/_layouts/userdisp.aspx?Force=True&id=20
/_layouts/userdisp.aspx?Force=True&id=3
/_layouts/userdisp.aspx?Force=True&id=4
/_layouts/userdisp.aspx?Force=True&id=5
/_layouts/userdisp.aspx?Force=True&id=6
/_layouts/userdisp.aspx?Force=True&id=7
/_layouts/userdisp.aspx?Force=True&id=8
/_layouts/userdisp.aspx?Force=True&id=9
/_layouts/userdisp.aspx?ID=1
/_layouts/useredit.aspx
/_layouts/useredit.aspx?ID=1&Source=%2F%5Flayouts%2Fpeople%2Easpx
/_layouts/viewgrouppermissions.aspx
/_layouts/viewlsts.aspx
/_layouts/vsubwebs.aspx
/_layouts/WPPrevw.aspx?ID=247
/_layouts/wrkmng.aspx
/Pages/default.aspx
/Pages/Forms/AllItems.aspx
/shared documents/forms/allitems.aspx
/_vti_bin/Admin.asmx
/_vti_bin/alerts.asmx
/_vti_bin/alerts.asmx?wsdl
/_vti_bin/AreaService.asmx
/_vti_bin/Authentication.asmx
/_vti_bin/BusinessDataCatalog.asmx
/_vti_bin/copy.asmx
/_vti_bin/diagnostics.asmx
/_vti_bin/dspsts.asmx
/_vti_bin/dws.asmx
/_vti_bin/ExcelService.asmx
/_vti_bin/forms.asmx
/_vti_bin/imaging.asmx
/_vti_bin/lists.asmx
/_vti_bin/meetings.asmx
/_vti_bin/People.asmx
/_vti_bin/permissions.asmx
/_vti_bin/search.asmx
/_vti_bin/SharepointEmailWS.asmx
/_vti_bin/SiteData.asmx
/_vti_bin/sites.asmx
/_vti_bin/spdisco.aspx
/_vti_bin/spscrawl.asmx
/_vti_bin/spsdisco.aspx
/_vti_bin/spsearch.asmx
/_vti_bin/UserGroup.asmx
/_vti_bin/UserProfileService.asmx
/_vti_bin/versions.asmx
/_vti_bin/views.asmx
/_vti_bin/WebPartPages.asmx
/_vti_bin/webs.asmx
/_vti_inf.html