Web Pentesting Fuzz 字典,一个就够了。
工具推荐:burpsuite,sqlmap,xssfork,Wfuzz,webdirscan
https://github.com/TheKingOfDuck/fuzzDicts/blob/master/paramDict/parameter.txt
采集自ThinkPHP,yii2,phphub,Zblog,DiscuzX,WordPress等常见PHP框架/CMS。
https://github.com/TheKingOfDuck/easyXssPayload/blob/master/easyXssPayload.txt
采集自github。
https://github.com/TheKingOfDuck/fuzzDicts/tree/master/userNameDict
https://github.com/TheKingOfDuck/fuzzDicts/tree/master/passwordDict
https://github.com/TheKingOfDuck/fuzzDicts/tree/master/directoryDicts
https://github.com/TheKingOfDuck/fuzzDicts/blob/master/sqlDict/sql.txt
https://github.com/TheKingOfDuck/fuzzDicts/blob/master/ssrfDicts
由\xeb\xfe师傅提供。
https://github.com/TheKingOfDuck/fuzzDicts/tree/master/XXEDicts
收集自百度。