Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
☆364Aug 14, 2024Updated last year
Alternatives and similar repositories for werdlists
Users that are interested in werdlists are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Scan secrets from Continuous Integration Build Logs☆53Oct 14, 2019Updated 6 years ago
- A python script that filters, checks the validity, generates clickable link(s) of subdomain(s), and reports their status☆89Oct 29, 2020Updated 5 years ago
- A permutation generation tool written in golang☆214Jul 15, 2019Updated 6 years ago
- A tool for fetching archived URLs (to be rewritten in Go).☆41Jul 19, 2018Updated 7 years ago
- OSINT scanning tool which discovers and maps directories found in javascript files hosted on a website.☆226Feb 24, 2019Updated 7 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Jsdir is a Burp Suite extension that extracts hidden paths from js files and beautifies it for further reading.☆122Sep 12, 2020Updated 5 years ago
- Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT☆410Updated this week
- A highly configurable Framework for easy automated web scanning☆384Jul 13, 2020Updated 5 years ago
- ☆32Apr 6, 2021Updated 5 years ago
- Pathbrute☆455Jun 3, 2020Updated 6 years ago
- A Burp Extension designed to identify argument injection vulnerabilities.☆125Apr 16, 2019Updated 7 years ago
- A bash script that fetches and maintains thousands of DNS resolvers☆64Aug 24, 2020Updated 5 years ago
- Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.☆545Aug 23, 2018Updated 7 years ago
- Extract (links/possible endpoints) from responses & filter them via decoding/sorting☆93Aug 27, 2019Updated 6 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments☆250Oct 15, 2019Updated 6 years ago
- A tool that can help detect and takeover subdomains with dead DNS records☆12Aug 23, 2018Updated 7 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆136Sep 25, 2019Updated 6 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆266Nov 18, 2021Updated 4 years ago
- A simple SSRF-testing sheriff written in Go☆338Oct 31, 2024Updated last year
- A place to store my own wordlists, and link to others that are useful☆108Nov 15, 2023Updated 2 years ago
- A tool that turns the authoritative nameservers of DNS providers to resolvers and resolves the target domain list. Please think of this a…☆25Sep 19, 2019Updated 6 years ago
- Hacked together script for feeding urls into Burp's Sitemap☆95Dec 7, 2025Updated 6 months ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆32Jan 22, 2018Updated 8 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- An hourly updated list of subdomains gathered from certificate transparency logs☆346Oct 13, 2021Updated 4 years ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,033Feb 5, 2021Updated 5 years ago
- A script to enumerate virtual hosts on a server.☆693Dec 28, 2017Updated 8 years ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intel…☆1,073Jan 3, 2025Updated last year
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆301Feb 12, 2023Updated 3 years ago
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆367Jul 23, 2022Updated 3 years ago
- Automatic tool for DNS rebinding-based SSRF attacks☆306Aug 21, 2020Updated 5 years ago
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,298Aug 18, 2025Updated 9 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- SSRF (Server Side Request Forgery) testing resources☆2,498Oct 12, 2024Updated last year
- List of Awesome Asset Discovery Resources☆2,645Jan 22, 2025Updated last year
- Common Web Managers Fuzz Wordlists☆177Jan 2, 2026Updated 5 months ago
- DOM XSS scanner for Single Page Applications☆416Nov 15, 2025Updated 6 months ago
- Benchmarking repo for secrets scanning☆247Aug 18, 2024Updated last year
- Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will m…☆100Dec 30, 2019Updated 6 years ago
- MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering…☆1,637Updated this week