A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

• UpdatedSep 27, 2021
• BlitzBasic

Potentially dangerous files

• UpdatedAug 25, 2025

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

• UpdatedMay 28, 2025
• HTML

Collection of quality safety articles. Awesome articles.

• UpdatedSep 26, 2024

构建优化高效的渗透 fuzz 字典合集

• UpdatedJun 17, 2025
• PHP

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

• UpdatedMar 11, 2024
• Python

上传漏洞fuzz字典生成脚本

• UpdatedApr 1, 2021
• Python

OneScan 是一款用于递归目录扫描的 BurpSuite 插件

• UpdatedJun 24, 2025
• Java

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.

• UpdatedJan 9, 2023
• HTML

1337 Wordlists for Bug Bounty Hunting

• UpdatedSep 6, 2025

瓶颈渗透,web渗透,red红队,fuzz param,注释,js字典,ctf

• UpdatedJul 20, 2022
• Python

💀 Don't fear the Reaper 👻

• UpdatedOct 21, 2025
• Go

Fuzz your Rust code with Google-developed Honggfuzz !

• UpdatedNov 1, 2025
• Rust

Fast HTTP enumerator

• UpdatedApr 22, 2025
• Go

Fuzz test your application using your OpenAPI or Swagger API definition without coding

• UpdatedMar 6, 2025
• Python

Black box fuzzer for web applications

• UpdatedJul 20, 2025
• Go

Windows Kernel Drivers fuzzer

• UpdatedMar 15, 2017
• C

Rust-based framework to Fuzz Solana programs, designed to help you ship secure code.

• UpdatedNov 5, 2025
• Rust

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

• UpdatedFeb 12, 2023
• Go

REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows

• UpdatedJan 13, 2022
• F#