Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
☆362Aug 14, 2024Updated last year
Alternatives and similar repositories for werdlists
Users that are interested in werdlists are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Scan secrets from Continuous Integration Build Logs☆53Oct 14, 2019Updated 6 years ago
- A python script that filters, checks the validity, generates clickable link(s) of subdomain(s), and reports their status☆89Oct 29, 2020Updated 5 years ago
- A permutation generation tool written in golang☆211Jul 15, 2019Updated 6 years ago
- A tool for fetching archived URLs (to be rewritten in Go).☆41Jul 19, 2018Updated 7 years ago
- OSINT scanning tool which discovers and maps directories found in javascript files hosted on a website.☆227Feb 24, 2019Updated 7 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Jsdir is a Burp Suite extension that extracts hidden paths from js files and beautifies it for further reading.☆122Sep 12, 2020Updated 5 years ago
- Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT☆407Updated this week
- A highly configurable Framework for easy automated web scanning☆382Jul 13, 2020Updated 5 years ago
- ☆31Apr 6, 2021Updated 5 years ago
- Pathbrute☆455Jun 3, 2020Updated 5 years ago
- A bash script that fetches and maintains thousands of DNS resolvers☆65Aug 24, 2020Updated 5 years ago
- A Burp Extension designed to identify argument injection vulnerabilities.☆123Apr 16, 2019Updated 6 years ago
- Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.☆543Aug 23, 2018Updated 7 years ago
- Extract (links/possible endpoints) from responses & filter them via decoding/sorting☆93Aug 27, 2019Updated 6 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments☆250Oct 15, 2019Updated 6 years ago
- A tool that can help detect and takeover subdomains with dead DNS records☆12Aug 23, 2018Updated 7 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆136Sep 25, 2019Updated 6 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- A simple SSRF-testing sheriff written in Go☆337Oct 31, 2024Updated last year
- A tool that turns the authoritative nameservers of DNS providers to resolvers and resolves the target domain list. Please think of this a…☆25Sep 19, 2019Updated 6 years ago
- A place to store my own wordlists, and link to others that are useful☆108Nov 15, 2023Updated 2 years ago
- Hacked together script for feeding urls into Burp's Sitemap☆93Dec 7, 2025Updated 4 months ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆32Jan 22, 2018Updated 8 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- An hourly updated list of subdomains gathered from certificate transparency logs☆346Oct 13, 2021Updated 4 years ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intel…☆1,057Jan 3, 2025Updated last year
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,029Feb 5, 2021Updated 5 years ago
- A script to enumerate virtual hosts on a server.☆690Dec 28, 2017Updated 8 years ago
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.☆472Nov 14, 2019Updated 6 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆367Jul 23, 2022Updated 3 years ago
- Automatic tool for DNS rebinding-based SSRF attacks☆305Aug 21, 2020Updated 5 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, al…☆1,287Aug 18, 2025Updated 7 months ago
- List of Awesome Asset Discovery Resources☆2,457Jan 22, 2025Updated last year
- Benchmarking repo for secrets scanning☆244Aug 18, 2024Updated last year
- SSRF (Server Side Request Forgery) testing resources☆2,486Oct 12, 2024Updated last year
- Common Web Managers Fuzz Wordlists☆176Jan 2, 2026Updated 3 months ago
- DOM XSS scanner for Single Page Applications☆414Nov 15, 2025Updated 4 months ago
- Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will m…☆99Dec 30, 2019Updated 6 years ago