# thekingofduck/fuzzdicts **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/thekingofduck-fuzzdicts).** 8,355 stars · 2,480 forks · Python ## Links - GitHub: https://github.com/TheKingOfDuck/fuzzDicts - awesome-repositories: https://awesome-repositories.com/repository/thekingofduck-fuzzdicts.md ## Topics `directory` `fuzz-testing` `fuzzer` `fuzzing` `paramter` `password` `pentesting` `username` `wfuzz` ## Description fuzzDicts is a repository of curated wordlists and dictionaries designed for web application fuzzing. It provides collections of strings and payloads used to discover hidden files, subdomains, and security vulnerabilities. The project includes specialized libraries for different security testing vectors, such as dictionaries for common request and cookie parameters, lists of common subdomain prefixes, and collections of passwords and default vendor credentials for brute-force testing. It also maintains a security payload library containing character sequences used to identify flaws like SQL injection and cross-site scripting. The available datasets cover several capability areas, including hidden asset discovery, subdomain enumeration, and security vulnerability scanning. ## Tags ### Part of an Awesome List - [Attack Payloads and Wordlists](https://awesome-repositories.com/f/awesome-lists/security/attack-payloads-and-wordlists.md) — Provides extensive collections of patterns, dictionaries, and payloads for security testing. - [Fuzzing Wordlists](https://awesome-repositories.com/f/awesome-lists/security/fuzzing-wordlists.md) — Provides curated collections of payloads and patterns specifically for web application security fuzzing. ([source](https://github.com/thekingofduck/fuzzdicts#readme)) - [Wordlists and Payloads](https://awesome-repositories.com/f/awesome-lists/learning/wordlists-and-payloads.md) — Comprehensive collection of fuzzing dictionaries. ### Security & Cryptography - [Web Application Fuzzing](https://awesome-repositories.com/f/security-cryptography/web-application-fuzzing.md) — Provides curated wordlists and payloads specifically designed for discovering hidden files and vulnerabilities in web applications. - [Security Parameter Wordlists](https://awesome-repositories.com/f/security-cryptography/security-parameter-wordlists.md) — Supplies curated collections of common parameters used to discover hidden application entry points. - [Security Vulnerability Scanning](https://awesome-repositories.com/f/security-cryptography/security-vulnerability-scanning.md) — Provides specialized character sequences and exploit patterns for identifying security flaws in web applications. - [Subdomain Discoveries](https://awesome-repositories.com/f/security-cryptography/subdomain-discoveries.md) — Provides comprehensive lists of common subdomain prefixes to discover undocumented hosts and expand the attack surface. ([source](https://github.com/thekingofduck/fuzzdicts#readme)) - [Subdomain Enumeration Tools](https://awesome-repositories.com/f/security-cryptography/subdomain-enumeration-tools.md) — Supplies predefined lists of common host prefixes used to identify undocumented network assets. - [Security Wordlists](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/exploit-development-utilities/security-wordlists.md) — Supplies comprehensive security wordlists including usernames, passwords, and payloads for vulnerability discovery. ([source](https://github.com/thekingofduck/fuzzdicts#readme)) - [Credential Brute-Forcing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/credential-brute-forcing.md) — Provides lists of common passwords and default vendor credentials for automated authentication testing. - [Wordlists](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/credential-brute-forcing/wordlists.md) — Provides libraries of common passwords and default vendor credentials for testing authentication strength. - [Injection Payloads](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/injection-payloads.md) — Supplies crafted strings used to test for injection vulnerabilities across various execution contexts. - [Hidden Parameter Discovery](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/web-application-penetration-testing/hidden-parameter-discovery.md) — Provides the data necessary for identifying hidden or undocumented parameters in web applications. - [Payload Libraries](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/exploit-payloads/payload-libraries.md) — Ships a specialized library of character sequences for identifying flaws like SQL injection and cross-site scripting. - [Hidden File Discovery](https://awesome-repositories.com/f/security-cryptography/hidden-file-discovery.md) — Provides common extensions and directory names used to locate undisclosed files on remote servers. ([source](https://github.com/thekingofduck/fuzzdicts#readme)) - [Cross-Site Scripting Payloads](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/cross-site-scripting-payloads.md) — Supplies curated collections of scripts and techniques for testing cross-site scripting vulnerabilities. ### Development Tools & Productivity - [Identifier Prefixes](https://awesome-repositories.com/f/development-tools-productivity/identifier-generators/identifier-prefixes.md) — Provides common host prefixes used to identify hidden sub-assets through automated enumeration. - [Directory Fuzzing](https://awesome-repositories.com/f/development-tools-productivity/response-driven-request-generation/response-driven-fuzzing/directory-fuzzing.md) — Provides wordlists specifically designed for iterative fuzzing to uncover unlinked files and administrative panels. ### Testing & Quality Assurance - [Fuzzing Request Sequences](https://awesome-repositories.com/f/testing-quality-assurance/request-sequence-definitions/fuzzing-request-sequences.md) — Supplies the data required to send sequences of modified requests to locate hidden directories.