content
参数fuzz字典
xss fuzz字典
用户名字典
密码字典
目录字典
sql-fuzz字典
ssrf-fuzz字典
xxe字典
ctf字典
api字典
路由器后台字典
文件后缀fuzz
js文件字典
子域名字典
工具推荐:burpsuite,sqlmap,xssfork,wfuzz,webdirscan
参数fuzz字典
https://github.com/thekingofduck/fuzzdicts/blob/master/paramdict/parameter.txt
采集自thinkphp,yii2,phphub,zblog,discuzx,wordpress等常见php框架/cms。
使用技巧:如http://127.0.0.1/1.php ,视为可疑文件,进行fuzz param 选择get,post and (post json) and (get route) and cookie param
xss fuzz字典
https://github.com/thekingofduck/easyxsspayload/blob/master/easyxsspayload.txt
采集自github。
用户名字典
https://github.com/thekingofduck/fuzzdicts/tree/master/usernamedict
密码字典
https://github.com/thekingofduck/fuzzdicts/tree/master/passworddict
目录字典
https://github.com/thekingofduck/fuzzdicts/tree/master/directorydicts
sql fuzz字典
https://github.com/thekingofduck/fuzzdicts/blob/master/sqldict/sql.txt
ssrf fuzz字典
https://github.com/thekingofduck/fuzzdicts/blob/master/ssrfdicts
由\xeb\xfe师傅提供。
xxe字典
https://github.com/thekingofduck/fuzzdicts/tree/master/xxedicts
收集自百度。
ctf字典
https://github.com/thekingofduck/fuzzdicts/tree/master/ctfdict
采集自kingkaki,原先收集时百度直接下载的压缩包,没看到github链接,所以没标记来源,抱歉抱歉
api字典
https://github.com/thekingofduck/fuzzdicts/tree/master/apidict/api.txt
钟馗采集的代码写得很.....
路由器后台字典
https://github.com/thekingofduck/fuzzdicts/tree/master/routerdicts/pass.txt
文件后缀fuzz
https://github.com/thekingofduck/fuzzdicts/tree/master/uploadfileextdicts
采集自https://github.com/c0ny1/upload-fuzz-dic-builder
js文件字典
采集自:https://github.com/7dog7/bottleneckosmosis
项目地址:https://github.com/thekingofduck/fuzzdicts
- 关键词标签:
- 天融信 网络安全 渗透测试