:keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

View on GitHub


      Folder  Name       Description of Contents
abnormal-http-traffic Abnormal HTTP traffic including SQL injection attacks
abnormal-uri-rfc Abnormal URI’s from RFC3986 Section 5.4.2
all-multiproxy-list anonymous and non-anonymous proxy list
apache-pfs-crypto Apache Perfect Forward Secrecy Cryptography configuration statements https://blog.qualys.com/ssllabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
anonymous-multiproxy-list anonymous proxy list
content-policy-directives Content Security Policy directives from HTTP replies
content-policy-directives Content Security Policy directives via CSP.com
content-policy-headers Content Security Policy HTTP response headers via CSP.com
content-policy-sources Content Security Policy sources via CSP.com
csp-header-apache Content-Security-Policy HTTP response header Apache config
csp-header-iis Content-Security-Policy HTTP response header IIS config
csp-header-nginx Content-Security-Policy HTTP response header NGINX config
danwin1210-onion-links https://danwin1210.me/onions.php?format=text
dirsearch-words-list words parsed from the Go implementation of dirsearch tool’s dict.txt file https://github.com/evilsocket/dirsearch/blob/master/dict.txt
example-uri-refs Example URI’s from the RFC3986 URI specification issues list
mozilla-cacerts-list Info and PEM’s on Certificate Authorities used by Mozilla
ocsp-urls-list list of OCSP URL’s
onion-cab-list list of TOR sites that used to be hosted on onion.cab via https://web.archive.org/web/*/onion.cab/list.php
onion-links-list List of .onion sites verified in 2017 left on pastebin.com
proc-model-defs https://html.spec.whatwg.org/multipage/webappapis.html#definitions-2
rails-secret-tokens Ruby on Rails secret authorization token string values
referrer-policy-directives Referrer Policy directives
rfc1918-common-addrs RFC1918 based IPv4 private network address spaces for SSRF attacks
scripting-media-types list of web scripting media types
snort-http-inspect Snort HTTP inspect module global configuration variables
transport-security-state HSTS preloaded list in machine-readable format https://cs.chromium.org/chromium/src/net/http/transport_security_state_static.json
uri-spec-issues Messages to the URI-WG mailing list about ambiguous URI syntax
variable-name-strings Commonly lucrative HTTP GET query variable names
variable-value-strings Typical HTTP GET query variable values
webdev-security-checklist A web developer security checklist from https://www.powerdown.io/blog/posts/web-developer-security-checklist.html
whatwg-urlstd-examples Examples in (URL Standard)[https://url.spec.whatwg.org]