Web Fuzzing Box-Web模糊测试字典与Payloads
Web Fuzzing Box-Web模糊测试字典与Payloads,主要包含:弱口令暴力破解、目录以及文件枚举、Web漏洞
字典大概列表
├── Brute [爆破]
│ ├── Abroad [国外字典]
│ ├── Application [服务、应用字典]
│ ├── Basic_401_Login.txt [401认证字典]
│ ├── Chinese [适用于中国的字典]
│ ├── Chinese_Hacker_Id.txt [中国黑客ID]
│ ├── Password [密码字典]
│ ├── Security_Product [安全产品]
│ ├── Subdomain [子域名]
│ ├── Test_Chinese_Mobilephonenumber.txt [中国手机号测试字典]
│ ├── Top [Top排名字典]
│ └── Username [用户名字典]
├── Dir [目录、文件名、接口]
│ ├── Api.txt [接口字典]
│ ├── Aspx_Asp_Cfm_Svc_Ashx_Asmx.txt [Aspx、Asp、Cfm、Svc、Ashx、Asmx后缀文件名字典]
│ ├── Burpsuite [适用于BurpSuite的字典,源于:https://gh0st.cn//archives/2020-02-13/1]
│ ├── Ctf.txt [适用于CTF比赛的字典]
│ ├── Directories.txt [目录字典]
│ ├── Jsp_Jspa_Do_Action.txt [Jsp、Jspa、Do、Action后缀文件名字典]
│ ├── Php.txt [Php后缀文件名字典]
│ └── Yujian [中国御剑字典]
├── Vuln [漏洞相关字典]
│ ├── Api [Api漏洞:绕过403、鉴权绕过]
│ ├── File_Upload [文件上传漏洞]
│ ├── File_Include [文件包含字典]
│ ├── Image_Dos [图片资源导致的DoS拒绝服务漏洞字典]
│ ├── Jsonp [JSONP跨域劫持漏洞字典]
│ ├── Open_Redirect [URL跳转漏洞字典]
│ ├── Sql_Injection [SQL注入字典]
│ ├── Traversal_Directory [遍历目录漏洞字典]
│ ├── Xml_Bomb [XML炸弹Payloads]
│ └── Xss [XSS字典与Payloads]
└── Web [Web测试字典]
├── *nix_Etc_Path [*nix系统的etc路径下的文件]
├── All_Html_Tag.txt [所有的HTML标签]
├── File_Extensions.txt [文件后缀名]
├── Http_Methods.txt [HTTP请求方式]
├── Integer_Overflows.txt [整数溢出]
├── Javascript_Filename.txt [Javascript文件名]
├── Lcoalhost.txt [本地地址]
├── Linux_File.txt [Linux文件]
├── Parameters [HTTP请求参数]
├── Proc_Path.txt [Proc路径下的文件]
├── Server_Log_Path.txt [服务日志路径]
├── Url_Schemes.txt [URL协议类型]
├── User_Agent.txt [UA头]
└── Windows_File.txt [Windows文件]字典详细列表
├── Web-Fuzzing-Box-main
| README.md
|
+---Brute
| | Basic_401_Login.txt
| | Chinese_Hacker_Id.txt
| | Test_Chinese_Mobilephonenumber.txt
| |
| +---Abroad
| | Asteroids.txt
| | Bacteria.txt
| | Bible.txt
| | Common.txt
| | Crackdict.txt
| | English_Common.txt
| | English_Length03.txt
| | English_Length04.txt
| | English_Length05.txt
| | English_Length06.txt
| | English_Length07.txt
| | English_Length08.txt
| | English_Length09.txt
| | English_Length10.txt
| | Films.txt
| | Internet_Hosts.txt
| | Koran.txt
| | Ok.txt
| | Places.txt
| | Python.txt
| | Sports.txt
| | Startrek.txt
| | Tolkien.txt
| |
| +---Application
| | +---Ftp
| | | Password.txt
| | | Username.txt
| | |
| | +---Imap
| | | Password.txt
| | | Username.txt
| | |
| | +---Imap_Ssl
| | | Password.txt
| | |
| | +---Memcached
| | | Password.txt
| | | Username.txt
| | |
| | +---Mongodb
| | | Password.txt
| | | Username.txt
| | |
| | +---Mysql
| | | Password.txt
| | | Username.txt
| | |
| | +---Oracle
| | | Password.txt
| | | Username.txt
| | |
| | +---Phpmyadmin
| | | Password.txt
| | | Username.txt
| | |
| | +---Pop3
| | | Password.txt
| | | Username.txt
| | |
| | +---Postgresql
| | | Password.txt
| | | Username.txt
| | |
| | +---Rdp
| | | Password.txt
| | | Username.txt
| | |
| | +---Redis
| | | Password.txt
| | | Username.txt
| | |
| | +---Smb
| | | Password.txt
| | | Username.txt
| | |
| | +---Smtp
| | | Password.txt
| | | Username.txt
| | |
| | +---Sqlserver
| | | Password.txt
| | | Username.txt
| | |
| | +---Ssh
| | | Password.txt
| | | Username.txt
| | |
| | +---Svn
| | | Password.txt
| | | Username.txt
| | |
| | +---Telnet
| | | Password.txt
| | | Username.txt
| | |
| | +---Tomcat
| | | Password.txt
| | | Username.txt
| | |
| | +---Vnc
| | | Password.txt
| | | Username.txt
| | |
| | \---Weblogic
| | Password.txt
| | Username.txt
| |
| +---Chinese
| | \---Name
| | 9W_Name_Pinyin.txt
| | Common_Name_Pinyin_Group.txt
| | Top200_Name_Pinyin_Zhangw.txt
| | Top200_Name_Pinyin_Zw.txt
| | Top300_Lastname.txt
| | Top500_Chinese_Simplified_Name.txt
| | Top500_Name_Pinyin.txt
| | Top500_Name_Pinyin_Group.txt
| |
| +---Password
| | Common_Password.txt
| | Router_Password.txt
| | Top10W.txt
| | Top_Dev_Password.txt
| | Webshell.txt
| | Wifi_Password_Top2000.txt
| |
| +---Security_Product
| | 华为产品弱口令.xlsx
| | 华为安全产品默认用户名密码速查表.xlsx
| | 国内外设备默认口令整理.txt
| | 国内防火墙默认密码.txt
| | 常见安全产品系统默认口令清单.xlsx
| |
| +---Subdomain
| | 20W_Subdomains.txt
| | 268W_Subdomains.txt
| | 312W_Subdomains.txt
| | Sub.txt
| | Top_Subdomains.txt
| |
| +---Top
| | Top100.txt
| | Top1000.txt
| | Top10000.txt
| | Top100000.txt
| |
| \---Username
| Top20_Admin_Username.txt
| Top500_Username.txt
|
+---Dir
| | Api.txt
| | Aspx_Asp_Cfm_Svc_Ashx_Asmx.txt
| | Ctf.txt
| | Directories.txt
| | Jsp_Jspa_Do_Action.txt
| | Php.txt
| |
| +---Burpsuite
| | Burp_Dir.txt
| | Burp_Extensions.txt
| | Burp_Filenames.txt
| |
| \---Yujian
| Asp.txt
| Aspx.txt
| Backup.txt
| Dir.txt
| Jsp.txt
| Mdb.txt
| Php.txt
|
+---Vuln
| +---Api
| | Bypass_Endpoint_Characters.txt
| | Bypass_Endpoint_Headers.txt
| |
| +---File_Include
| | Lfi.txt
| |
| +---File_Upload
| | | ASP.txt
| | | Common.txt
| | | JSP.txt
| | | PHP.txt
| | |
| | \---Fuzz_Extensions
| | All_Upload_Fuzz.txt
| | Apache_Upload_Fuzz.txt
| | Asp_Upload_Fuzz.txt
| | Iis_Upload_Fuzz.txt
| | Jsp_Upload_Fuzz.txt
| | Linux_Upload_Fuzz.txt
| | Php_Upload_Fuzz.txt
| | Tomcat_Upload_Fuzz.txt
| | Win_Upload_Fuzz.txt
| |
| +---Image_Dos
| | Image_Size_Params.txt
| |
| +---Jsonp
| | Callback_File.txt
| | Callback_Param.txt
| |
| +---Open_Redirect
| | Location.txt
| | Url_Redirect_Params.txt
| |
| +---Sql_Injection
| | Sql.txt
| |
| +---Traversal_Directory
| | Deep_Traversal.txt
| | Directory_Traversal.txt
| | Dotdotpwn.txt
| | Traversals_8_Deep_Exotic_Encoding.txt
| |
| +---Xml_Bomb
| | Billion_Laughs.xml
| | External_Entity.xml
| | Internal_Entity.xml
| |
| \---Xss
| | Easyxsspayload.txt
| | Events.txt
| | Markdown_Xss_Payload.txt
| | Xss_Swf_Fuzz.txt
| |
| \---Files
| Insecureflashfile.swf
| Jupyternotebookxss.ipynb
| Svg_Xss.svg
| Svg_Xss1.svg
| Svg_Xss2.svg
| Svg_Xss3.svg
| Xml_Xss.xml
| Xml_Xss_Cheatsheet.html
| Xsstest.swf
| Xss_Comment_Exif_Metadata_Double_Quote.png
| Xss_Comment_Exif_Metadata_Single_Quote.png
|
\---Web
| All_Html_Tag.txt
| File_Extensions.txt
| Http_Methods.txt
| Integer_Overflows.txt
| Javascript_Filename.txt
| Lcoalhost.txt
| Linux_File.txt
| Proc_Path.txt
| Server_Log_Path.txt
| Url_Schemes.txt
| User_Agent.txt
| Windows_File.txt
|
+---Parameters
| 7W_Parameters.txt
| Actions.txt
| httparchive_parameters_top_1m_2020_11_21.txt
| Methods.txt
|
\---_nix_Etc_Path
Aix.txt
Centos.txt项目地址:
https://github.com/gh0stkey/Web-Fuzzing-Box
温馨提示:本文最后更新于2021年1月6日 21:51,若内容或图片失效,请在下方留言或联系博主。