Web渗透测试Fuzz字典分享

Web渗透测试Fuzz字典分类

参数Fuzz字典
Xss Fuzz字典
用户名字典
密码字典
目录字典
sql-fuzz字典
ssrf-fuzz字典

XXE字典

参数Fuzz字典

https://github.com/TheKingOfDuck/fuzzDicts/blob/master/paramDict/parameter.txt

采集自ThinkPHP,yii2,phphub,Zblog,DiscuzX,WordPress等常见PHP框架/CMS

Xss Fuzz字典

https://github.com/TheKingOfDuck/easyXssPayload/blob/master/easyXssPayload.txt

采集自github

用户名字典

https://github.com/TheKingOfDuck/fuzzDicts/tree/master/userNameDict

密码字典

https://github.com/TheKingOfDuck/fuzzDicts/tree/master/passwordDict

目录字典

https://github.com/TheKingOfDuck/fuzzDicts/tree/master/directoryDicts

SQL Fuzz字典

https://github.com/TheKingOfDuck/fuzzDicts/blob/master/sqlDict/sql.txt

ssrf fuzz字典

https://github.com/TheKingOfDuck/fuzzDicts/blob/master/ssrfDicts
由xebxfe师傅提供。
https://github.com/doge-dog

XXE字典

https://github.com/TheKingOfDuck/fuzzDicts/tree/master/XXEDictsWeb

收集自百度。

ctf字典

https://github.com/TheKingOfDuck/fuzzDicts/tree/master/ctfDict

Api字典

https://github.com/TheKingOfDuck/fuzzDicts/tree/master/apiDict/api.txt

路由器后台字典

https://github.com/TheKingOfDuck/fuzzDicts/tree/master/routerDicts/pass.txt

联想:网络设备的默认密码(交换机、路由器、安全设备))

文件后缀Fuzz

https://github.com/TheKingOfDuck/fuzzDicts/tree/master/uploadFileExtDicts
采集自https://github.com/c0ny1/upload-fuzz-dic-builder

js文件字典

采集自:https://github.com/7dog7/bottleneckOsmosis

钟馗采集的代码写得很cxk 我真弟弟。。。

Github项目地址：
https://github.com/TheKingOfDuck/fuzzDicts