sQuo Posted April 8, 2014 Share Posted April 8, 2014 using-fuzzdb-for-testing-website-security/ READ: This is the hidden content, please Sign In or Sign Up What's in fuzzdb? Predictable Resource Locations - Because of the popularity of a small number of server types, platforms, and package formats, resources such as logfiles and administrative directories are typically located in a small number of predictable locations. FuzzDB contains a comprehensive database of these, sorted by platform type, language, and application, making brute force testing less brutish. Attack Patterns - Categorized by platform, language, and attack type, malicious and malformed inputs known to cause information leakage and exploitation have been collected into sets of test cases. FuzzDB contains comprehensive lists of attack payloads known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, http header crlf injections, and more. Response Analysis - Since system responses also contain predictable strings, fuzzdb contains a set of regex pattern dictionaries such as interesting error messages to aid detection software security defects, lists of common Session ID cookie names, and more. Other useful stuff - Webshells, common password and username lists, and some handy wordlists. Documentation - Helpful documentation and cheatsheets sourced from around the web that are relevant to the payload categories are also provided. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts