Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
☆362Aug 14, 2024Updated last year
Alternatives and similar repositories for werdlists
Users that are interested in werdlists are comparing it to the libraries listed below
Sorting:
- Scan secrets from Continuous Integration Build Logs☆53Oct 14, 2019Updated 6 years ago
- Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT☆404Updated this week
- A python script that filters, checks the validity, generates clickable link(s) of subdomain(s), and reports their status☆89Oct 29, 2020Updated 5 years ago
- A highly configurable Framework for easy automated web scanning☆381Jul 13, 2020Updated 5 years ago
- Pathbrute☆456Jun 3, 2020Updated 5 years ago
- A permutation generation tool written in golang☆209Jul 15, 2019Updated 6 years ago
- A simple SSRF-testing sheriff written in Go☆336Oct 31, 2024Updated last year
- Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.☆543Aug 23, 2018Updated 7 years ago
- Jsdir is a Burp Suite extension that extracts hidden paths from js files and beautifies it for further reading.☆122Sep 12, 2020Updated 5 years ago
- A tool for fetching archived URLs (to be rewritten in Go).☆41Jul 19, 2018Updated 7 years ago
- A Burp Extension designed to identify argument injection vulnerabilities.☆122Apr 16, 2019Updated 6 years ago
- OSINT scanning tool which discovers and maps directories found in javascript files hosted on a website.☆228Feb 24, 2019Updated 7 years ago
- ☆32Apr 6, 2021Updated 4 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆135Sep 25, 2019Updated 6 years ago
- List of Awesome Asset Discovery Resources☆2,377Jan 22, 2025Updated last year
- gathers the XSS cheatsheet payloads and creates a usable wordlist☆74Jan 4, 2021Updated 5 years ago
- rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments☆250Oct 15, 2019Updated 6 years ago
- Common Web Managers Fuzz Wordlists☆176Jan 2, 2026Updated 2 months ago
- An hourly updated list of subdomains gathered from certificate transparency logs☆349Oct 13, 2021Updated 4 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- A place to store my own wordlists, and link to others that are useful☆108Nov 15, 2023Updated 2 years ago
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.☆470Nov 14, 2019Updated 6 years ago
- A Burp Suite content discovery plugin that add the smart into the Buster!☆32Jan 22, 2018Updated 8 years ago
- Automatic tool for DNS rebinding-based SSRF attacks☆304Aug 21, 2020Updated 5 years ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intel…☆1,054Jan 3, 2025Updated last year
- A lists of words based on common web directory and file names lists of words based on common web directory and file names. These wordlist…☆240May 16, 2019Updated 6 years ago
- A tool that can help detect and takeover subdomains with dead DNS records☆12Aug 23, 2018Updated 7 years ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆1,027Feb 5, 2021Updated 5 years ago
- Extract (links/possible endpoints) from responses & filter them via decoding/sorting☆93Aug 27, 2019Updated 6 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- A wordlist of API names for web application assessments☆870Jun 17, 2025Updated 8 months ago
- Generates lists of live hosts and URLs for targeting, automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts a…☆367Jul 23, 2022Updated 3 years ago
- DOM XSS scanner for Single Page Applications☆414Nov 15, 2025Updated 3 months ago
- Benchmarking repo for secrets scanning☆243Aug 18, 2024Updated last year
- A Comprehensive Web Fuzzer and Content Discovery Tool☆552Jul 21, 2023Updated 2 years ago
- MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering…☆1,598Mar 2, 2026Updated last week
- Toolkit to detect and keep track on Blind XSS, XXE & SSRF☆293Aug 23, 2019Updated 6 years ago
- A bash script that fetches and maintains thousands of DNS resolvers☆65Aug 24, 2020Updated 5 years ago
- A script to enumerate virtual hosts on a server.☆690Dec 28, 2017Updated 8 years ago