When installed, Apache Tomcat also creates the docs and examples directories to help developers with application development and deployment. By default, the URIs for the folders are as follows:
- /docs/
- /examples/
We can also use SecLists (https://github.com/danielmiessler/SecLists) to enumerate sensitive files in Tomcat:
The preceding screenshot shows the different files and folders that can be used to identify an instance with Tomcat installed on it. In the next section, we will work out how to identify the version numbers of Tomcat installations.