Skip to content

🔍 ConfigFinder

Welcome to ConfigFinder

The GTFOBins for configuration files - Your quick reference for identifying sensitive files during pentests and security audits.


🎯 Why ConfigFinder?

During a pentest, audit, or reconnaissance, quickly identifying critical configuration files is essential. ConfigFinder centralizes this information to save you precious time.

Usage Example

🔎 Service discovered: Apache HTTP Server
⚡ Search on ConfigFinder
✅ Instant result:
   • /etc/apache2/apache2.conf
   • /etc/apache2/sites-enabled/
   • /var/log/apache2/access.log
   • .htaccess, .htpasswd

✨ Features

  • 🔎 Instant Search


    Quickly find files by service name or technology

  • 📁 Organized Categories


    Browse by type: Web, Database, Auth, CMS, etc.

  • 💻 Multi-OS


    Paths for Linux, Windows, and macOS

  • 🎯 Targeted Information


    Configs, logs, credentials, and pentest tips


🚀 Quick Start

1. Browse by Category

Explore services organized by type in the left menu:

  • Web Servers: Apache, Nginx, IIS...
  • Databases: MySQL, PostgreSQL, MongoDB...
  • CMS: WordPress, Drupal, Joomla...
  • Authentication: SSH, FTP, LDAP...

Use the search bar at the top to instantly find a specific service.

3. Consult the Documentation

Each service has a complete page with:

  • 📂 Configuration files
  • 📝 Log files
  • 🔑 Credential locations
  • 💡 Pentest tips
  • 🖥️ Multi-OS paths

📊 Documented Services

Project Under Development

ConfigFinder is under active development. New services are added regularly.

Current Progress:

  • MkDocs infrastructure
  • Documentation template
  • First 10 services (MVP)
  • 50 services
  • 100 services

🎯 Target Audience

ConfigFinder is designed for:

  • Pentesters and security consultants
  • Red Teams and Blue Teams
  • Students in cybersecurity
  • System Administrators
  • Security Researchers

🤝 Contributing

ConfigFinder is an open source community project. Your contributions are welcome!

See Contributing Guide View on GitHub

How to Help?

  1. Add a service: Create a page for a missing service
  2. Improve: Complete existing pages
  3. Report: Open an issue for errors or suggestions
  4. Share: Spread the word about ConfigFinder

📚 Inspiration

ConfigFinder is inspired by recognized community projects in cybersecurity:


📞 Contact

Questions, suggestions, or want to contribute?


⭐ If this project is useful to you, don't forget to star it on GitHub!

Made with ❤️ by the cybersec community