gh0stkey
Web-Fuzzing-Box
HTML

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

Last updated Jul 10, 2026
2.8k
Stars
442
Forks
0
Issues
0
Stars/day
Attention Score
97
Language breakdown
No language data available.
Files click to expand
README

Web-Fuzzing-Box

English | 中文

Web Fuzzing Box - A collection of web fuzzing dictionaries and payloads, including: brute force attacks, directory and file enumeration, web vulnerabilities...

Real-world case studies using these dictionaries: https://gh0st.cn/archives/2019-11-11/1 https://gh0st.cn/archives/2018-07-25/1

Some parameters, directories, filenames and related data are sourced from the CaA project: https://github.com/gh0stkey/CaA

❯ tree -L 2
.
├── Brute [Brute Force]
│   ├── Application [Service & Application Dictionary]
│   ├── Basic401Login.txt [401 Authentication Dictionary]
│   ├── Full_Name [Name Pinyin Dictionary]
│   ├── Password [Password Dictionary]
│   ├── Ports [Port Dictionary]
│   ├── Security_Product [Security Products]
│   ├── Subdomain [Subdomain]
│   ├── Top_Password [Top Ranked Passwords]
│   ├── TestChineseMobilephonenumber.txt [Test Mobile Numbers]
│   └── Username [Username Dictionary]

├── Dir [Directory, Filename, API] │ ├── Others [Other Dictionaries] │ ├── Burpsuite [Dictionaries for BurpSuite] │ ├── Wooyun [Wooyun Historical Vulnerability Directories & Files] │ └── Yujian [Chinese Yujian Dictionary]

├── Vuln [Vulnerability Related Dictionaries] │ ├── Api_Bypass [API Vulnerabilities: 403 Bypass, Auth Bypass] │ ├── File_Upload [File Upload Vulnerabilities] │ ├── Logic [Logic Vulnerabilities] │ ├── File_Include [File Inclusion Dictionary] │ ├── Image_Dos [Image Resource DoS Vulnerability Dictionary] │ ├── JWT_Attack [JWT Attack Dictionary] │ ├── Jsonp [JSONP Cross-Domain Hijacking Dictionary] │ ├── Open_Redirect [URL Redirect Vulnerability Dictionary] │ ├── Sql_Injection [SQL Injection Dictionary] │ ├── Traversal_Directory [Directory Traversal Vulnerability Dictionary] │ ├── Xml_Bomb [XML Bomb Payloads] │ └── Xss [XSS Dictionary & Payloads]

├── Other [Other Dictionaries] │ ├── 2W_Words.txt │ └── Chinese Province Mobile Number Segments

└── Web [Web Testing Dictionary] ├── File_Path [Some Files and Paths] ├── Funcation_Name.txt [Function Names] ├── HTML [HTML Related] ├── Headers [HTTP Headers] ├── Http_Methods.txt [HTTP Request Methods] ├── Integer_Overflows.txt [Integer Overflow] ├── Javascript_Filename.txt [JavaScript Filenames] ├── Lcoalhost.txt [Localhost Addresses] ├── Dict [Verb/Noun Dictionary, Request Parameters] ├── URL [URL Related Protocols and Types] └── ViewState_Key.txt [For ViewState Deserialization]

Acknowledgements

yuanhaiGreg: Contributed file upload parameters, ViewStateKey

wallarm: jwt-secrets author

🔗 More in this category

© 2026 GitRepoTrend · gh0stkey/Web-Fuzzing-Box · Updated daily from GitHub