GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → insightglacier → Dictionary Of Pentesting

insightglacier / Dictionary Of Pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Programming Languages

shell
77523 projects

Labels

databasepentestingdnspentestwifibugbountypasswordfuzzingdictionarybruteforcefingerprintsubdomainwebsecurity

Projects that are alternatives of or similar to Dictionary Of Pentesting

Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+97.97%)
Mutual labels:  subdomain, pentest, bugbounty, fuzzing
Pentesterspecialdict
渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker
Stars: ✭ 391 (-20.53%)
Mutual labels:  dictionary, dns, pentest, fuzzing
Getaltname
Extract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-34.96%)
Mutual labels:  dns, subdomain, pentesting, pentest
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+1372.76%)
Mutual labels:  pentesting, bruteforce, fuzzing, bugbounty
Cloudfail
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Stars: ✭ 1,239 (+151.83%)
Mutual labels:  database, pentesting, pentest, bruteforce
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+748.17%)
Mutual labels:  database, pentest, password
ComPP
Company Passwords Profiler (aka ComPP) helps making a bruteforce wordlist for a targeted company.
Stars: ✭ 44 (-91.06%)
Mutual labels:  password, bruteforce, pentest
Dumb
Dumain Bruteforcer - a fast and flexible domain bruteforcer
Stars: ✭ 54 (-89.02%)
Mutual labels:  dns, bruteforce, subdomain
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+3.05%)
Mutual labels:  fuzzing, bugbounty, pentest
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (-40.24%)
Mutual labels:  bruteforce, fuzzing, bugbounty
uberscan
Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.
Stars: ✭ 31 (-93.7%)
Mutual labels:  password, bruteforce, pentest
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-92.89%)
Mutual labels:  pentesting, bugbounty, pentest
Aiodnsbrute
Python 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (-24.8%)
Mutual labels:  dns, subdomain, pentesting
AzureAD Autologon Brute
Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Stars: ✭ 90 (-81.71%)
Mutual labels:  password, bruteforce, pentest
ras-fuzzer
RAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (-91.46%)
Mutual labels:  subdomain, fuzzing, bugbounty
HolyTips
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+145.93%)
Mutual labels:  bugbounty, pentest, websecurity
Fuzzdicts
Web Pentesting Fuzz 字典,一个就够了。
Stars: ✭ 4,013 (+715.65%)
Mutual labels:  pentesting, password, fuzzing
Sonarsearch
A MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (-39.63%)
Mutual labels:  dns, subdomain, bugbounty
Information collection handbook
Handbook of information collection for penetration testing and src
Stars: ✭ 447 (-9.15%)
Mutual labels:  dns, subdomain, pentesting
Zydra
Stars: ✭ 178 (-63.82%)
Mutual labels:  dictionary, password, bruteforce
View All Similar Projects ➔

Dictionary-Of-Pentesting

简介

收集一些常用的字典,用于渗透测试、SRC漏洞挖掘、爆破、Fuzzing等实战中。

收集以实用为原则。目前主要分类有认证类、文件路径类、端口类、域名类、无线类、正则类。

涉及的内容包含设备默认密码、文件路径、通用默认密码、HTTP参数、HTTP请求头、正则、应用服务默认密码、子域名、用户名、系统密码、Wifi密码等。

该项目计划持续收集。

更新记录

2021.02.19

  1. 增加aem路径列表

2021.02.07

  1. 增加top25 漏洞参数(SQLI/XSS/RCE/OPENREDIRECT/LFI/SSRF)

2021.02.04

  1. 增加all.txt 字典。

2021.02.03

  1. 增加amass的子域名字典。

2021.01.31

  1. 增加AllAboutBugBounty项目的文档

2021.01.27

  1. 增加几个可能导致RCE的端口

2021.01.24

  1. 增加两个github dork

2021.01.16

  1. 增加cve的一些路径

  2. 一些已知错误配置的路径

  3. 一些API端点或服务器信息的特殊路径

  4. 以上3种的合集(去重后)

2021.01.13

  1. 增加callback参数字典

  2. 增加常见报错信息字符串列表

  3. 增加debug参数字典

  4. 增加snmp密码字典

  5. 增加weblogic常见用户名密码

  6. 增加oracle用户名、密码字典

2021.01.04

  1. 增加DefaultCreds-cheat-sheet

2021.01.03

  1. 增加crackstation下载地址(由于字典太大,给出下载链接)。

  2. 增加rockyou字典。

  3. 增加cain字典。

2021.01.02

  1. 增加webshell密码字典

  2. 增加7w和81万请求参数字典

  3. 增加Lcoalhost地址字典

  4. HTML标签列表

2020.12.31

  1. 增加域账户弱密码字典(7000+)

2020.12.30

  1. 增加ntlm验证的路径

2020.12.15

  1. 增加github dork的搜索脚本。

2020.12.09

  1. 增加CEH web services的用户名和密码字典。

2020.12.07

  1. 增加oracle路径列表

2020.11.23

  1. 增加ctf字典。

  2. 增加摄像rtsp默认路径和默认用户名和密码

2020.11.14

  1. 增加1个ics 默认密码字典

  2. 增加1个设备默认密码字典(3400余条)

2020.11.04

  1. 增加 Wordpress BruteForc List

2020.11.03

  1. 增加几个默认口令

2020.10.15

  1. 增加一些payload

2020.09.30

  1. 增加常见可以RCE的端口

2020.09.29

  1. bugbounty oneliner rce

  2. 一些默认路径

  3. top 100k 密码字典

  4. top 5k 用户名字典

  5. 一些代码审计正则表达式

2020.09.27

  1. 增加cms识别指纹规则集,包含 fofa/Wappalyzer/WEBEYE/web中间件/开发语言 等众多指纹库内容

2020.09.22

  1. 修改swagger字典,添加5条路径

2020.09.21

  1. 增加3种类型密码字典,拼音、纯数字、键盘密码字典

  2. 增加scada 默认密码,硬编码等列表

2020.09.18

  1. 增加11k+用户名密码组合

2020.09.17

  1. 增加action后缀 top 100

  2. javascript 中on事件列表

  3. URL 16进制fuzz

2020.09.15

  1. 增加XXE bruteforce wordlist

  2. 增加sql备份文件名字典

  3. 删除重复的spring boot内容

2020.09.10

  1. 增加自己收集的webservices内容。包含webservices目录,文件名,拓展名。后续计划增加存在漏洞webservices路径内容

  2. readme中增加更新历史

2020.09.09

  1. 增加weblogic路径

  2. 增加swagger路径

  3. 增加graphql路径

  4. 增加spring-boot路径

  5. 去掉device/default_password_list.txt文件中的空行

2020.09.08

  1. 更新jsFileDict.txt字典,增加4个js文件名

2020.09.07

  1. 添加绕过ip限制的http请求投

  2. 修改readme.md

2020.08.29

  1. 增加常见设备、安全产品默认口令

  2. 增加一行命令的BugBounty tips

  3. 增加两处参数字典

  4. 增加bruteforce-lists的字典

  5. Readme 文件增加来源。逐渐完善。

2020.08.28

  1. 增加api路径

  2. 增加js文件路径

  3. 增加http请求参数

  4. 增加http请求参数值

2020.08.27

  1. 删除一些多余文件

  2. 精简Files下的dict的层级

  3. 增加DirBuster字典

  4. 增加spring boot actuator字典

2020.08.26

首次提交

来源&致谢(排名不分先后。目前还不全,会陆续完善)

该项目内容均来源于网络或自己整理,感谢各位大佬们的共享精神和辛苦付出~

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].