cpkkcb/fuzzDicts

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/cpkkcb/fuzzDicts)

cpkkcb / fuzzDicts

渗透测试路径字典，爆破字典。内容来自互联网和实战积累。

☆408

Alternatives and similar repositories for fuzzDicts

Users that are interested in fuzzDicts are comparing it to the libraries listed below

Sorting:

insightglacier / Dictionary-Of-Pentesting
View on GitHub
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
☆2,030Jul 21, 2023Updated 2 years ago
evilc0deooo / PentesterSpecialDict
View on GitHub
构建优化高效的渗透 fuzz 字典合集
☆1,887Jun 17, 2025Updated 8 months ago
F6JO / RouteVulScan
View on GitHub
Burpsuite - Route Vulnerable Scanning 递归式被动检测脆弱路径的burp插件
☆1,314Jun 29, 2024Updated last year
yuyan-sec / RedisEXP
View on GitHub
Redis 漏洞利用工具
☆938Jan 26, 2025Updated last year
exp1orer / JNDI-Inject-Exploit
View on GitHub
解决FastJson、Jackson、Log4j2、原生JNDI注入漏洞的高版本JDKBypass利用，探测本地可用反序列化gadget达到命令执行、回显命令执行、内存马注入
☆770Jan 26, 2022Updated 4 years ago
gh0stkey / Web-Fuzzing-Box
View on GitHub
Web Fuzzing Box - Web 模糊测试字典与一些Payloads
☆2,444May 28, 2025Updated 9 months ago
ki9mu / ARL-plus-docker
View on GitHub
基于ARL-V2.6.2修改后的版本
☆975Jun 26, 2025Updated 8 months ago
TheKingOfDuck / fuzzDicts
View on GitHub
You Know, For WEB Fuzzing !
☆8,258Nov 13, 2023Updated 2 years ago
EdgeSecurityTeam / EHole
View on GitHub
EHole(棱洞)3.0 重构版-红队重点攻击系统指纹探测工具
☆3,438Apr 2, 2024Updated last year
lijiejie / swagger-exp
View on GitHub
A Swagger API Exploit
☆1,370Jun 7, 2024Updated last year
p1g3 / JSINFO-SCAN
View on GitHub
递归式寻找域名和api。
☆723Aug 3, 2023Updated 2 years ago
pmiaowu / HostCollision
View on GitHub
用于host碰撞而生的小工具,专门检测渗透中需要绑定hosts才能访问的主机或内部系统
☆659Jun 13, 2024Updated last year
shuanx / BurpAPIFinder
View on GitHub
攻防演练过程中，我们通常会用浏览器访问一些资产，但很多未授权/敏感信息/越权隐匿在已访问接口过html、JS文件等，该插件能让我们发现未授权/敏感信息/越权/登陆接口等。
☆1,375Oct 3, 2024Updated last year
pmiaowu / BurpFastJsonScan
View on GitHub
一款基于BurpSuite的被动式FastJson检测插件
☆1,238Oct 1, 2022Updated 3 years ago
wyzxxz / jndi_tool
View on GitHub
JNDI服务利用工具 RMI/LDAP，支持部分场景回显、内存shell，高版本JDK场景下利用等，fastjson rce命令执行，log4j rce命令执行漏洞检测辅助工具
☆2,012May 21, 2024Updated last year
zxcvbn001 / password_brute_dictionary
View on GitHub
口令爆破字典，有键盘组合字典、拼音字典、字母与数字混合这三种类型
☆1,317Oct 8, 2021Updated 4 years ago
gh0stkey / CaA
View on GitHub
CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.
☆1,413Feb 9, 2026Updated 3 weeks ago
White-hua / Apt_t00ls
View on GitHub
高危漏洞利用工具
☆1,825Feb 12, 2025Updated last year
HoAd-sc / R-dict
View on GitHub
一些自己常用的渗透字典
☆230Aug 19, 2022Updated 3 years ago
shadowabi / S-BlastingDictionary
View on GitHub
自己搜集的爆破字典，包括常用用户名、密码弱口令、SQL万能密码等
☆630Jun 9, 2024Updated last year
hanc00l / nemo_go
View on GitHub
Nemo是用来进行自动化信息收集的一个简单平台，通过集成常用的信息收集工具和技术，实现对内网及互联网资产信息的自动收集，提高隐患排查和渗透测试的工作效率。
☆2,020Feb 9, 2026Updated 3 weeks ago
smxiazi / xia_sql
View on GitHub
xia SQL (瞎注) burp 插件，在每个参数后面填加一个单引号，两个单引号，一个简单的判断注入小插件。
☆1,229May 18, 2023Updated 2 years ago
vaycore / OneScan
View on GitHub
OneScan 是一款用于递归目录扫描的 BurpSuite 插件
☆1,230Jun 24, 2025Updated 8 months ago
shuanx / BurpFingerPrint
View on GitHub
BurpSuite插件集成Ehole指纹库并进行常见OA弱口令爆破插件
☆741Sep 5, 2024Updated last year
winezer0 / DynaScan
View on GitHub
完善的动态备份文件扫描工具实现动态字典渲染、动态结果判断、自动字典记录、的敏感文件扫描器
☆27May 21, 2025Updated 9 months ago
Ares-X / shiro-exploit
View on GitHub
Shiro反序列化利用工具，支持新版本(AES-GCM)Shiro的key爆破，配合ysoserial，生成回显Payload
☆897May 28, 2021Updated 4 years ago
lcvvvv / kscan
View on GitHub
Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。
☆4,252Aug 22, 2023Updated 2 years ago
pmiaowu / BurpShiroPassiveScan
View on GitHub
一款基于BurpSuite的被动式shiro检测插件
☆1,795Dec 14, 2022Updated 3 years ago
safe6Sec / ShiroExp
View on GitHub
shiro综合利用工具
☆647Apr 15, 2023Updated 2 years ago
lemonlove7 / dirsearch_bypass403
View on GitHub
目录扫描+JS文件中提取URL和子域+403状态绕过+指纹识别
☆857Sep 30, 2025Updated 5 months ago
kelvinBen / AppInfoScanner
View on GitHub
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN…
☆3,510Dec 18, 2022Updated 3 years ago
LittleBear4 / OA-EXPTOOL
View on GitHub
OA综合利用工具，集合将近20款OA漏洞批量扫描
☆1,340Oct 28, 2023Updated 2 years ago
chainreactors / spray
View on GitHub
最好用最智能最可控的目录Fuzz工具 | The most powerful, user-friendly, intelligent, and precise HTTP Fuzzer.
☆982Feb 12, 2026Updated 2 weeks ago
yhy0 / ExpDemo-JavaFX
View on GitHub
图形化漏洞利用Demo-JavaFX版
☆718Aug 31, 2021Updated 4 years ago
yuyan-sec / Doraemon
View on GitHub
渗透辅助 BurpSuite 小插件
☆232Nov 26, 2025Updated 3 months ago
loecho-sec / ARL-Finger-ADD
View on GitHub
灯塔（最新版）指纹添加脚本！
☆596Aug 12, 2021Updated 4 years ago
chainreactors / gogo
View on GitHub
面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams
☆2,009Feb 3, 2026Updated last month
i11us0ry / goon
View on GitHub
goon,集合了fscan和kscan等优秀工具功能的扫描爆破工具。功能包含：ip探活、port扫描、web指纹扫描、title扫描、压缩文件扫描、fofa获取、ms17010、mssql、mysql、postgres、redis、ssh、smb、rdp、telnet、to…
☆812Aug 5, 2024Updated last year
ExpLangcn / SiftScan
View on GitHub
SiftScan 是一个集成资产识别、资产梳理、资产收集、弱点检测、漏洞检测等的工具。它致力于提高红蓝对抗/脆弱性赏金的效率。is a tool that integrates asset identification, asset sorting, asset colle…
☆53Jan 17, 2024Updated 2 years ago