A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Potentially dangerous files

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

Collection of quality safety articles. Awesome articles.

构建并优化高效的渗透测试字典集合，以提升网络安全从业人员的测试效率和效果。

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

上传漏洞fuzz字典生成脚本

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.

1337 Wordlists for Bug Bounty Hunting

瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf

OneScan是递归目录扫描的BurpSuite插件

Fast HTTP enumerator

Fuzz your Rust code with Google-developed Honggfuzz !

Fuzz test your application using your OpenAPI or Swagger API definition without coding

Black box fuzzer for web applications

💀 Don't fear the Reaper 👻

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

Windows Kernel Drivers fuzzer

REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows

Rust-based framework to Fuzz Solana programs, designed to help you ship secure code.