模糊测试 ======================================== Web Fuzz ---------------------------------------- - `wfuzz `_ - `SecLists `_ - `fuzzdb `_ - `foospidy payloads `_ - `ffuf `_ Fast web fuzzer written in Go 扫描器 ---------------------------------------- - `Nuclei `_ a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use - `xray `_ 安全评估工具,支持常见 web 安全问题扫描和自定义 poc XSS Payloads ---------------------------------------- - `PORTSWIGGER XSS cheat sheet `_ - `Pgaijin66 XSS-Payloads `_ - `OWASP XSS `_ Burp插件 ---------------------------------------- - `BurpBounty `_ Scan Check Builder - `BurpShiroPassiveScan `_ - `IntruderPayloads `_ A collection of Burpsuite Intruder payloads 字典 ---------------------------------------- - `Blasting dictionary `_ - `pydictor `_ A powerful and useful hacker dictionary builder for a brute-force attack - `fuzzDicts `_ Web Pentesting Fuzz 字典 - `bruteforce lists `_ - `CT subdomains `_ - `PentesterSpecialDict `_ 渗透测试人员专用精简化字典 Unicode Fuzz ---------------------------------------- - `utf16encode `_ WAF Bypass ---------------------------------------- - `abuse ssl bypass waf `_ - `wafninja `_