首页 默认分类 正文
  • 本文约5299字,阅读需26分钟
  • 10347
  • 0

Web Fuzzing Box-Web模糊测试字典与Payloads

Web Fuzzing Box-Web模糊测试字典与Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞

字典大概列表

├── Brute [爆破]
│   ├── Abroad [国外字典]
│   ├── Application [服务、应用字典]
│   ├── Basic_401_Login.txt [401认证字典]
│   ├── Chinese [适用于中国的字典]
│   ├── Chinese_Hacker_Id.txt [中国黑客ID]
│   ├── Password [密码字典]
│   ├── Security_Product [安全产品]
│   ├── Subdomain [子域名]
│   ├── Test_Chinese_Mobilephonenumber.txt [中国手机号测试字典]
│   ├── Top [Top排名字典]
│   └── Username [用户名字典]

├── Dir [目录、文件名、接口]
│   ├── Api.txt [接口字典]
│   ├── Aspx_Asp_Cfm_Svc_Ashx_Asmx.txt [Aspx、Asp、Cfm、Svc、Ashx、Asmx后缀文件名字典]
│   ├── Burpsuite [适用于BurpSuite的字典,源于:https://gh0st.cn//archives/2020-02-13/1]
│   ├── Ctf.txt [适用于CTF比赛的字典]
│   ├── Directories.txt [目录字典]
│   ├── Jsp_Jspa_Do_Action.txt [Jsp、Jspa、Do、Action后缀文件名字典]
│   ├── Php.txt [Php后缀文件名字典]
│   └── Yujian [中国御剑字典]

├── Vuln [漏洞相关字典]
│   ├── Api [Api漏洞:绕过403、鉴权绕过]
│   ├── File_Upload [文件上传漏洞]
│   ├── File_Include [文件包含字典]
│   ├── Image_Dos [图片资源导致的DoS拒绝服务漏洞字典]
│   ├── Jsonp [JSONP跨域劫持漏洞字典]
│   ├── Open_Redirect [URL跳转漏洞字典]
│   ├── Sql_Injection [SQL注入字典]
│   ├── Traversal_Directory [遍历目录漏洞字典]
│   ├── Xml_Bomb [XML炸弹Payloads]
│   └── Xss [XSS字典与Payloads]

└── Web [Web测试字典]
    ├── *nix_Etc_Path [*nix系统的etc路径下的文件]
    ├── All_Html_Tag.txt [所有的HTML标签]
    ├── File_Extensions.txt [文件后缀名]
    ├── Http_Methods.txt [HTTP请求方式]
    ├── Integer_Overflows.txt [整数溢出]
    ├── Javascript_Filename.txt [Javascript文件名]
    ├── Lcoalhost.txt [本地地址]
    ├── Linux_File.txt [Linux文件]
    ├── Parameters [HTTP请求参数]
    ├── Proc_Path.txt [Proc路径下的文件]
    ├── Server_Log_Path.txt [服务日志路径]
    ├── Url_Schemes.txt [URL协议类型]
    ├── User_Agent.txt [UA头]
    └── Windows_File.txt [Windows文件]

字典详细列表

  ├── Web-Fuzzing-Box-main
    |   README.md
    |
    +---Brute
    |   |   Basic_401_Login.txt
    |   |   Chinese_Hacker_Id.txt
    |   |   Test_Chinese_Mobilephonenumber.txt
    |   |
    |   +---Abroad
    |   |       Asteroids.txt
    |   |       Bacteria.txt
    |   |       Bible.txt
    |   |       Common.txt
    |   |       Crackdict.txt
    |   |       English_Common.txt
    |   |       English_Length03.txt
    |   |       English_Length04.txt
    |   |       English_Length05.txt
    |   |       English_Length06.txt
    |   |       English_Length07.txt
    |   |       English_Length08.txt
    |   |       English_Length09.txt
    |   |       English_Length10.txt
    |   |       Films.txt
    |   |       Internet_Hosts.txt
    |   |       Koran.txt
    |   |       Ok.txt
    |   |       Places.txt
    |   |       Python.txt
    |   |       Sports.txt
    |   |       Startrek.txt
    |   |       Tolkien.txt
    |   |
    |   +---Application
    |   |   +---Ftp
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Imap
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Imap_Ssl
    |   |   |       Password.txt
    |   |   |
    |   |   +---Memcached
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Mongodb
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Mysql
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Oracle
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Phpmyadmin
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Pop3
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Postgresql
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Rdp
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Redis
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Smb
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Smtp
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Sqlserver
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Ssh
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Svn
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Telnet
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Tomcat
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   +---Vnc
    |   |   |       Password.txt
    |   |   |       Username.txt
    |   |   |
    |   |   \---Weblogic
    |   |           Password.txt
    |   |           Username.txt
    |   |
    |   +---Chinese
    |   |   \---Name
    |   |           9W_Name_Pinyin.txt
    |   |           Common_Name_Pinyin_Group.txt
    |   |           Top200_Name_Pinyin_Zhangw.txt
    |   |           Top200_Name_Pinyin_Zw.txt
    |   |           Top300_Lastname.txt
    |   |           Top500_Chinese_Simplified_Name.txt
    |   |           Top500_Name_Pinyin.txt
    |   |           Top500_Name_Pinyin_Group.txt
    |   |
    |   +---Password
    |   |       Common_Password.txt
    |   |       Router_Password.txt
    |   |       Top10W.txt
    |   |       Top_Dev_Password.txt
    |   |       Webshell.txt
    |   |       Wifi_Password_Top2000.txt
    |   |
    |   +---Security_Product
    |   |       华为产品弱口令.xlsx
    |   |       华为安全产品默认用户名密码速查表.xlsx
    |   |       国内外设备默认口令整理.txt
    |   |       国内防火墙默认密码.txt
    |   |       常见安全产品系统默认口令清单.xlsx
    |   |
    |   +---Subdomain
    |   |       20W_Subdomains.txt
    |   |       268W_Subdomains.txt
    |   |       312W_Subdomains.txt
    |   |       Sub.txt
    |   |       Top_Subdomains.txt
    |   |
    |   +---Top
    |   |       Top100.txt
    |   |       Top1000.txt
    |   |       Top10000.txt
    |   |       Top100000.txt
    |   |
    |   \---Username
    |           Top20_Admin_Username.txt
    |           Top500_Username.txt
    |
    +---Dir
    |   |   Api.txt
    |   |   Aspx_Asp_Cfm_Svc_Ashx_Asmx.txt
    |   |   Ctf.txt
    |   |   Directories.txt
    |   |   Jsp_Jspa_Do_Action.txt
    |   |   Php.txt
    |   |
    |   +---Burpsuite
    |   |       Burp_Dir.txt
    |   |       Burp_Extensions.txt
    |   |       Burp_Filenames.txt
    |   |
    |   \---Yujian
    |           Asp.txt
    |           Aspx.txt
    |           Backup.txt
    |           Dir.txt
    |           Jsp.txt
    |           Mdb.txt
    |           Php.txt
    |
    +---Vuln
    |   +---Api
    |   |       Bypass_Endpoint_Characters.txt
    |   |       Bypass_Endpoint_Headers.txt
    |   |
    |   +---File_Include
    |   |       Lfi.txt
    |   |
    |   +---File_Upload
    |   |   |   ASP.txt
    |   |   |   Common.txt
    |   |   |   JSP.txt
    |   |   |   PHP.txt
    |   |   |
    |   |   \---Fuzz_Extensions
    |   |           All_Upload_Fuzz.txt
    |   |           Apache_Upload_Fuzz.txt
    |   |           Asp_Upload_Fuzz.txt
    |   |           Iis_Upload_Fuzz.txt
    |   |           Jsp_Upload_Fuzz.txt
    |   |           Linux_Upload_Fuzz.txt
    |   |           Php_Upload_Fuzz.txt
    |   |           Tomcat_Upload_Fuzz.txt
    |   |           Win_Upload_Fuzz.txt
    |   |
    |   +---Image_Dos
    |   |       Image_Size_Params.txt
    |   |
    |   +---Jsonp
    |   |       Callback_File.txt
    |   |       Callback_Param.txt
    |   |
    |   +---Open_Redirect
    |   |       Location.txt
    |   |       Url_Redirect_Params.txt
    |   |
    |   +---Sql_Injection
    |   |       Sql.txt
    |   |
    |   +---Traversal_Directory
    |   |       Deep_Traversal.txt
    |   |       Directory_Traversal.txt
    |   |       Dotdotpwn.txt
    |   |       Traversals_8_Deep_Exotic_Encoding.txt
    |   |
    |   +---Xml_Bomb
    |   |       Billion_Laughs.xml
    |   |       External_Entity.xml
    |   |       Internal_Entity.xml
    |   |
    |   \---Xss
    |       |   Easyxsspayload.txt
    |       |   Events.txt
    |       |   Markdown_Xss_Payload.txt
    |       |   Xss_Swf_Fuzz.txt
    |       |
    |       \---Files
    |               Insecureflashfile.swf
    |               Jupyternotebookxss.ipynb
    |               Svg_Xss.svg
    |               Svg_Xss1.svg
    |               Svg_Xss2.svg
    |               Svg_Xss3.svg
    |               Xml_Xss.xml
    |               Xml_Xss_Cheatsheet.html
    |               Xsstest.swf
    |               Xss_Comment_Exif_Metadata_Double_Quote.png
    |               Xss_Comment_Exif_Metadata_Single_Quote.png
    |
    \---Web
        |   All_Html_Tag.txt
        |   File_Extensions.txt
        |   Http_Methods.txt
        |   Integer_Overflows.txt
        |   Javascript_Filename.txt
        |   Lcoalhost.txt
        |   Linux_File.txt
        |   Proc_Path.txt
        |   Server_Log_Path.txt
        |   Url_Schemes.txt
        |   User_Agent.txt
        |   Windows_File.txt
        |
        +---Parameters
        |       7W_Parameters.txt
        |       Actions.txt
        |       httparchive_parameters_top_1m_2020_11_21.txt
        |       Methods.txt
        |
        \---_nix_Etc_Path
                Aix.txt
                Centos.txt

项目地址:

https://github.com/gh0stkey/Web-Fuzzing-Box

 

温馨提示:本文最后更新于2021年1月6日 21:51,若内容或图片失效,请在下方留言或联系博主。
评论
更换验证码