SecLists-安全測試者的手冊

項目主頁

https://github.com/danielmiessler/SecLists

Stars

關於

SecLists is the security tester s companion. It s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed.

This project is maintained by Daniel Miessler and Jason Haddix.

翻譯如下：

SecLists是安全測試者的手冊。它是一份被收集在一起用於安全評估上的多類型清單的集合。清單類型包含了用戶名，密碼，URL，敏感數據的patterns（一般形式，程序猿們可以理解為正則表達式），模糊的payloads（數據載體，或數據表達形式），web shells等等。目標是讓安全測試者拉取本倉庫到一個新的測試盒子（需要被安全測試的檢查項）裡面並能夠訪問所有可能需要的清單類型。

本項目由Daniel Miessler 和Jason Haddix維護。

社區貢獻

Adam Muntner and for the FuzzDB content, including all authors from the FuzzDB project

Ron Bowes of SkullSecurity for collaborating and including all his lists here

Clarkson University for their research that led to the Clarkson list

All the authors listed in the XSS with context doc, which was found on pastebin and added to by us

Ferruh Mavitina for the beginnings of the LFI Fuzz list

Kevin Johnson for laudnaum shells

RSnake for fierce hostname list

Charlie Campbell for Spanish word list, numerous other contributions

Rob Fuller for the IZMY list

Mark Burnett for the 10 million passwords list

shipCod3 for an SSH user/pass list

Steve Crapo for doing splitting work on a number of large lists

Thanks to Blessen Thomas for recommending Mario s/cure53 s XSS vectors

Thanks to Danny Chrastil for submitting an anonymous JSON fuzzing list

Many thanks to geekspeed, EricSB, lukebeer, patrickmollohan, g0tmi1k, albinowax, and kurobeats for submitting via pull requests

Special thanks to shipcod3 for MANY contributions!

Thanks to Samar Dhwoj Acharya for allowing his Github Dorks content to be included!

Thanks to Liam Somerville for the excellent list of default passwords

Great thanks to Michael Henriksen for allowing us to include his Gitrob project s signatures

Honored to have @Brutelogic s brilliant XSS Cheatsheet added to the Fuzzing section!

Added 0xsobky s Ultimate XSS Polyglot!

This project stays great because of care and love from the community, and we will never forget that.

Downloading this repository is likely to cause a false-positive alarm by your antivirus or antimalware software, the filepath should be whitelisted. There is nothing in Seclists or FuzzDB that can harm your computer as-is, however it s not recommended to store these files on a server or other important system due to the risk of local file include attacks.

備註：這裡猿哥就不翻譯了，都是一些安全清單貢獻者的流水記錄和下載使用此倉庫時需要的注意事項（有些殺毒軟體會報毒）。

點擊展開全文

喜歡這篇文章嗎？立刻分享出去讓更多人知道吧！