🔍 ConfigFinder¶
Welcome to ConfigFinder
The GTFOBins for configuration files - Your quick reference for identifying sensitive files during pentests and security audits.
🎯 Why ConfigFinder?¶
During a pentest, audit, or reconnaissance, quickly identifying critical configuration files is essential. ConfigFinder centralizes this information to save you precious time.
Usage Example¶
🔎 Service discovered: Apache HTTP Server
⚡ Search on ConfigFinder
✅ Instant result:
• /etc/apache2/apache2.conf
• /etc/apache2/sites-enabled/
• /var/log/apache2/access.log
• .htaccess, .htpasswd
✨ Features¶
-
Instant Search
Quickly find files by service name or technology
-
Organized Categories
Browse by type: Web, Database, Auth, CMS, etc.
-
Multi-OS
Paths for Linux, Windows, and macOS
-
Targeted Information
Configs, logs, credentials, and pentest tips
🚀 Quick Start¶
1. Browse by Category¶
Explore services organized by type in the left menu:
- Web Servers: Apache, Nginx, IIS...
- Databases: MySQL, PostgreSQL, MongoDB...
- CMS: WordPress, Drupal, Joomla...
- Authentication: SSH, FTP, LDAP...
2. Use the Search¶
Use the search bar at the top to instantly find a specific service.
3. Consult the Documentation¶
Each service has a complete page with:
- 📂 Configuration files
- 📝 Log files
- 🔑 Credential locations
- 💡 Pentest tips
- 🖥️ Multi-OS paths
📊 Documented Services¶
Project Under Development
ConfigFinder is under active development. New services are added regularly.
Current Progress:
- MkDocs infrastructure
- Documentation template
- First 10 services (MVP)
- 50 services
- 100 services
🎯 Target Audience¶
ConfigFinder is designed for:
- ✅ Pentesters and security consultants
- ✅ Red Teams and Blue Teams
- ✅ Students in cybersecurity
- ✅ System Administrators
- ✅ Security Researchers
🤝 Contributing¶
ConfigFinder is an open source community project. Your contributions are welcome!
See Contributing Guide View on GitHub
How to Help?¶
- Add a service: Create a page for a missing service
- Improve: Complete existing pages
- Report: Open an issue for errors or suggestions
- Share: Spread the word about ConfigFinder
📚 Inspiration¶
ConfigFinder is inspired by recognized community projects in cybersecurity:
- GTFOBins - Unix binaries for privilege escalation
- HackTricks - Complete pentest guide
- PayloadsAllTheThings - Payload collection
📞 Contact¶
Questions, suggestions, or want to contribute?
- Organization: EpiHack Benin
- Email: epihack.benin@gmail.com
- GitHub: github.com/EPIHACKBENIN/ConfigFinder
⭐ If this project is useful to you, don't forget to star it on GitHub!
Made with ❤️ by the cybersec community