:keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

View on GitHub


      Folder  Name       Description of Contents
alternative-to-dmoz Sitemap of alternative.to which is similar to DMOZ categories via http://alternative.to/sitemap
apache-httpd-programs list of Apache httpd programs and descriptions
apache-gitbox-repos apache.org GitBox Repositories https://gitbox.apache.org/repos/asf
common-colon-logins colon delimited lines of common user and pass combinations
content-types-all sorted and unique list of all files enumerating strings used as Content-Type request header
content-types-list a list of MIME content types via IANA https://iana.org/assignments/media-types/media-types.xhtml
coupon-codes-list hand-crafted list of shopping cart application coupon code strings
github-api-emojis Emoji icons supported by GitHub API in JSON format https://api.github.com/emojis
github-emojis-list same as github-api-emojis, but only a single emoji names on each line
google-strings-list very long list of strings parsed from Google SERP’s
index-woorank-technologies list of technologies that WooRank can detect on a web site https://index.woorank.com/en/technologies
mime-types-list MIME (Multipurpose Internet Media eXtensions) types list parsed from freeformatter.com https://freeformatter.com/mime-types-list.html
npm-crawler-modules NodeJS modules list created by npm-crawler tool https://github.com/grant/npm-crawler/blob/master/modules.txt
npm-modules-list NodeJS modules list from ~/node_modules directory
percent-encoding-double all one-byte values doubly percent-encoded
percent-encoding-single all one-byte values encoded in percent-encoding style
scripting-media-types list of web scripting media types
secureblackbox-activex-control https://www.secureblackbox.com/kb/help/ref_dc_activex.html
secureblackbox-flex-control https://www.secureblackbox.com/kb/help/ref_dc_flex.html
secureblackbox-java-applet https://www.secureblackbox.com/kb/help/ref_dc_java.html
siteminder-authreason-codes SiteMinder AUTHREASON query parameter values..
wahh-tasks-checklist Web Application Hacker’s Handbook tasks checklist
wahh-test-method Web Application Hacker’s Handbook test methodology
wappalyzer-fingerprint-patterns wappalyzer_fingerprints.json copied from the aquatone source tree https://github.com/michenriksen/aquatone/blob/master/static/wappalyzer_fingerprints.json
webapp-code-execution HTTP GET queries that may result in remote code execution
webapp-common-logins credentials commonly used to login to web applications
webapp-file-prepends Strings often found prepended to filenames on the web
websphere-errors-text Descriptions of errors returned by IBM WebSphere Application Server
websphere-server-namespaces Identifier strings extracted in WebSphere reverse
youtubedl-list-extractors Various video platforms that the youtube-dl command can download media files from according to its command-line flag, --list-extractors