The following table lists of sources of FuzzDB for security testing payloads:
Fuzz database |
Description |
FuzzDB |
FuzzDB compressive application security testing dictionary for attack patterns (injection, XSS, directory traversals), Discovery (admin directories or sensitive files), response analysis (regular expression patterns), web backdoors samples and user/pwd list. |
Naughty Strings |
The Naughty Strings provides a very long list of strings. There are two formats provided, blns.txt and blns.json. |
Seclists |
This is similar to FuzzDB which provides various kinds of Fuzz data, such as command injections, JSON, LDAP, User agents, XSS, char, numeric, Unicode data and so on. |
Radamsa |
Unlike previous FuzzDB providing a list of word dictionary, it's a tool that can dynamically generate format-specific based on a given sample. |