:keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

View on GitHub


      Folder  Name       Description of Contents
all-redirect-params all parameters for location redirects combined as one file
arjun-params-db params.txt via Arjun
burp-parameter-names strings used by Burp Suite Scanner when scanning for query variable names
common-redirect-params parameters commonly used in location redirects
debug-query-parameters HTTP query parameter names related to debugging; this contains additions to fuzzdb/attack/business-logic/CommonDebugParamNames.txt
http-get-flags HTTP GET request parameters that aren’t assigned to
http-query-params common variable names used in POST bodies and GET requests
http-query-values typical HTTP query variable assignment value strings
long-redirect-params long parameter list most likely for location redirects
mobile-deeplink-params list from Virginia Tech deep link security whitepaper
php-easter-eggs PHP easter egg query string values for version fingerprinting
remote-file-includes examples of RFI (Remote File Inclusion) parameters
rfc6749-oauth2-params HTTP GET request parameters for OAuth2 from RFC6749
ssrf-crafting-sample server side request forgery crafting sample