fuzzdb-project/fuzzdb

Features

• Fuzzing Resources - Provides the fundamental collections of malformed inputs required for security fuzzing workflows.
• Penetration Testing Resources - Provides extensive collections of payloads for testing XSS, SQL injection, and other common web security vulnerabilities.
• Command Injection - Provides a wide array of payloads and techniques to test for and exploit OS command injection.
• Directory Traversal - Offers curated lists of directory traversal patterns and exotic encodings to identify filesystem vulnerabilities.
• Predictable Path Lists - Includes lists of common system log files and writable paths to facilitate local file inclusion attacks.
• Web Security Evasion - Provides curated lists of bypass patterns and encodings to test the effectiveness of web security filters.
• Application Fault Payloads - Supplies datasets of corrupted Unicode and null bytes designed to provoke unexpected application behavior and crashes.
• Fault Injection Datasets - Provides a collection of corrupted Unicode, null bytes, and escape codes to trigger crashes and logic errors.
• Security Fault Patterns - Includes datasets of malicious inputs and fault patterns to identify security vulnerabilities during dynamic testing.
• Dictionary-Based Resource Discovery - Provides curated wordlists of common system paths and filenames to identify hidden files and directories on remote servers.
• Control Character Payloads - Supplies collections of null bytes and terminal escape codes to test application handling of non-printable characters.
• WAF Bypass Payloads - Provides curated lists of patterns and regex dictionaries to bypass security filters and WAFs during testing.
• Predictable Resource Discovery - Provides dictionaries of common file paths to discover hidden or unprotected assets on a server.
• Filter Bypasses - Ships a specialized library of polyglots and encoded strings designed to circumvent WAF rules and input sanitizers.
• Sensitive File Discovery - Provides curated dictionaries of common directory and file paths to discover hidden or sensitive resources on remote servers.
• Cross-Site Scripting Payloads - Provides a comprehensive collection of XSS payloads and polyglots to test for script injection and filter bypasses.
• Injection Payloads - Provides a comprehensive collection of crafted strings to test for injection vulnerabilities across various protocols and contexts.
• Remote File Inclusion Payloads - Provides specific payloads to test for remote file inclusion vulnerabilities.
• Web Application Penetration Testing - Supplies a comprehensive dataset of payloads for identifying common security flaws in web services.
• HTTP Protocol Faults - Provides dictionaries of malicious headers and CRLF sequences to identify web request parsing vulnerabilities.
• Data Type Identifiers - Includes patterns that automatically detect and categorize sensitive data types like credit card numbers and PII within responses.
• Unicode Fault Injection - Provides corrupted and non-standard Unicode characters to verify application processing of invalid multi-byte text.
• Web Content Fault Injection - Provides malformed HTML tags and JavaScript attributes to test how applications handle unexpected web content.
• Leak Detection Patterns - Provides predefined regular expression patterns to scan server responses for sensitive data leaks and system errors.
• Directory Indexing Detection - Provides patterns to verify if a server incorrectly exposes the underlying file system through directory indexing.
• Pattern-Based Generation - Includes curated attack patterns that can be combined with target injection points to generate malicious payloads.
• Upload Filter Bypass Payloads - Offers alternative file extensions and naming patterns to circumvent blacklist or whitelist restrictions on uploaded files.
• Misconfiguration Scanning - Includes regular expression patterns to detect common security misconfigurations and software errors in responses.
• Path Disclosure Payloads - Provides invalid filenames and filesystem characters used to provoke error messages that reveal absolute server drive paths.
• Configuration Audits - Provides data to identify insecure server settings like directory indexing and predictable file locations.
• Source Disclosure Payloads - Ships directory traversal and file disclosure patterns to detect unauthorized access to system files and source code.
• LDAP - Supplies a curated list of attack patterns to test for security vulnerabilities in LDAP implementations.
• XPath - Supplies a curated collection of patterns and dictionaries for testing XML path language injection.
• Open URL Redirect Payloads - Provides common URL patterns to test if an application improperly redirects users to untrusted external destinations.
• Writable Directory Discovery - Provides lists of common writable paths to identify where uploaded files can be stored on a server.
• Fuzzing - Dictionary of attack patterns and injection primitives.
• Attack Payloads and Wordlists - Dictionary of attack patterns for black-box application testing.
• Fuzzing and Injection - Dictionary of attack patterns for fault injection and discovery.
• Fuzzing Wordlists - Database of attack patterns and fuzzing payloads for web applications.
• Security Tools - Dictionary of attack patterns for black-box fault injection.
• Vulnerability Wordlists - Database of attack patterns and payloads for web application fuzzing.
• Web Exploitation - Dictionary of attack patterns for web application fuzzing.

Star history