[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-8207":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":15,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":15,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":16,"starSnapshotCount":16,"syncStatus":27,"lastSyncTime":28,"discoverSource":29},8207,"fuzzdb","fuzzdb-project\u002Ffuzzdb","fuzzdb-project","Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.","",null,"PHP",8927,2110,358,5,0,1,36,40.97,false,"master",true,[],"2026-06-12 02:01:50","FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.  \r\n\r\n**Attack Patterns -**\r\nFuzzDB contains comprehensive lists of [attack payload](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Ftree\u002Fmaster\u002Fattack) primitives for fault injection testing. \r\nThese patterns, categorized by attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, http header crlf injections, SQL injection, NoSQL injection, and more. For example, FuzzDB catalogs 56 patterns that can potentially be interpreted as a null byte and contains lists of [commonly used methods](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Fblob\u002Fmaster\u002Fattack\u002Fbusiness-logic\u002FCommonMethodNames.txt) such as \"get, put, test,\" and name-value pairs than [trigger debug modes](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Fblob\u002Fmaster\u002Fattack\u002Fbusiness-logic\u002FCommonDebugParamNames.txt).\u003Cbr>\r\n\r\n**Discovery -**\r\nThe popularity of standard software packaging distribution formats and installers resulted in resources like [logfiles and administrative directories](http:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FForced_browsing) frequently being located in a small number of [predictable locations](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Ftree\u002Fmaster\u002Fdiscovery\u002Fpredictable-filepaths).\r\nFuzzDB contains a comprehensive dictionary, sorted by platform type, language, and application, making brute force testing less brutish.\u003Cbr>\r\nhttps:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Ftree\u002Fmaster\u002Fdiscovery\r\n\r\n**Response Analysis -**\r\nMany interesting server responses are [predictable strings](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Ftree\u002Fmaster\u002Fregex). \r\nFuzzDB contains a set of regex pattern dictionaries to match against server responses. In addition to common server error messages, FuzzDB contains regex for credit cards, social security numbers, and more.\u003Cbr>\r\n\r\n**Other useful stuff -**\r\nWebshells in different languages, common password and username lists, and some handy wordlists.\r\n\r\n**Documentation -**\r\nMany directories contain a README.md file with usage notes.\r\nA collection of [documentation](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Ftree\u002Fmaster\u002Fdocs) from around the web that is helpful for using FuzzDB to construct test cases is also included. \u003Cbr>\r\n\r\n### Usage tips for pentesting with FuzzDB ###\r\nhttps:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Fwiki\u002Fusagehints\r\n\r\n### How people use FuzzDB ###\r\nFuzzDB is like an application security scanner, without the scanner. \r\nSome ways to use FuzzDB:\r\n  * Website and application service black-box penetration testing with \r\n   * [OWASP Zap](https:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FOWASP_Zed_Attack_Proxy_Project) proxy's FuzzDB Zap Extension \r\n   * Burp Proxy's [intruder](http:\u002F\u002Fportswigger.net\u002Fintruder\u002F) tool and scanner\r\n   * [PappyProxy](http:\u002F\u002Fwww.pappyproxy.com\u002F), a console-based intercepting proxy\r\n  * To identify interesting service responses using grep patterns for PII, credit card numbers, error messages, and more\r\n  * Inside custom tools for testing software and application protocols\r\n  * Crafting security test cases for GUI or command line software with standard test automation tools\r\n  * Incorporating into other Open Source software or commercial products\r\n  * In training materials and documentation\r\n  * To learn about software exploitation techniques\r\n  * To improve your security testing product or service\r\n \r\n### How were the patterns collected? ###\r\nMany, many hours of research and pentesting. And\r\n  * analysis of default app installs\r\n  * analysis of system and application documentation\r\n  * analysis of error messages\r\n  * researching old web exploits for repeatable attack strings\r\n  * scraping scanner payloads from  http logs\r\n  * various books, articles, blog posts, mailing list threads\r\n  * other open source fuzzers and pentest tools\r\nand the input of contributors: https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Fgraphs\u002Fcontributors\r\n\r\n### Places you can find FuzzDB ###\r\nOther security tools and projects that incorporate FuzzzDB in whole or part\r\n  * OWASP Zap Proxy fuzzdb plugin https:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FOWASP_Zed_Attack_Proxy_Project\r\n  * SecLists https:\u002F\u002Fgithub.com\u002Fdanielmiessler\u002FSecLists\r\n  * TrustedSec Pentesters Framework https:\u002F\u002Fgithub.com\u002Ftrustedsec\u002Fptf\r\n  * Rapid7 Metasploit https:\u002F\u002Fgithub.com\u002Frapid7\u002Fmetasploit-framework\r\n  * Portswigger Burp Suite http:\u002F\u002Fportswigger.net\r\n  * Protofuzz https:\u002F\u002Fgithub.com\u002Ftrailofbits\u002Fprotofuzz\r\n  * BlackArch Linux https:\u002F\u002Fwww.blackarch.org\u002F\r\n  * ArchStrike Linux https:\u002F\u002Farchstrike.org\u002F\r\n\r\n### Download ###\r\n**Preferred method is to check out sources via git, new payloads are added frequently**\r\n\r\n```\r\ngit clone https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb.git --depth 1\r\n\r\n```\r\nWhile in the FuzzDB dir, you can update your local repo with the command\r\n```\r\ngit pull\r\n```\r\nThis Stackoverflow gives ideas on how to keep a local repository tidy: https:\u002F\u002Fstackoverflow.com\u002Fquestions\u002F38171899\u002Fhow-to-reduce-the-depth-of-an-existing-git-clone\u002F46004595#46004595\r\n\r\nYou can also browse the [FuzzDB github sources](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002F) and there is always a fresh [zip file](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002Farchive\u002Fmaster.zip)\r\n\r\nNote: Some antivirus\u002Fantimalware software will alert on FuzzDB. To resolve, the filepath should be whitelisted. There is nothing in FuzzDB that can harm your computer as-is, however due to the risk of local file include attacks it's not recommended to store this repository on a server or other important system. Use at your own risk. \r\n\r\n### Who ###\r\nFuzzDB was created by Adam Muntner (amuntner @ gmail.com)\r\nFuzzDB (c) Copyright Adam Muntner, 2010-2019\r\nPortions copyrighted by others, as noted in commit comments and README.md files. \r\n\r\nThe FuzzDB license is New BSD and Creative Commons by Attribution. The ultimate goal of this project is to make the patterns contained within obsolete. If you use this project in your work, research, or commercial product, you are required to cite it. That's it. I always enjoy hearing about how people are using it to find an interesting bug or in a tool, send me an email and let me know. \r\n\r\nSubmissions are always welcome!\r\n\r\nOfficial FuzzDB project page: [https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002F](https:\u002F\u002Fgithub.com\u002Ffuzzdb-project\u002Ffuzzdb\u002F)\r\n","FuzzDB 是一个用于黑盒应用程序故障注入和资源发现的攻击模式与原语字典。该项目提供了全面的故障注入测试攻击载荷，包括可能导致操作系统命令注入、目录遍历、源码暴露等多种安全问题的模式，并按攻击类型及平台分类。此外，FuzzDB 还包含可预测资源位置列表以及匹配服务器响应的正则表达式集合，帮助减少暴力测试的盲目性。它适用于网站和服务的安全渗透测试场景，如通过OWASP ZAP或Burp Suite等工具进行自动化或手动漏洞扫描时使用。",2,"2026-06-11 03:16:45","top_language"]