10.5. 模糊测试

10.5.1. Web Fuzz

• wfuzz
• SecLists
• fuzzdb
• foospidy payloads
• ffuf Fast web fuzzer written in Go

10.5.2. 扫描器

• Nuclei a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use
• xray 安全评估工具，支持常见 web 安全问题扫描和自定义 poc

10.5.3. XSS Payloads

• PORTSWIGGER XSS cheat sheet
• Pgaijin66 XSS-Payloads
• OWASP XSS

10.5.4. Burp插件

• BurpBounty Scan Check Builder
• BurpShiroPassiveScan
• IntruderPayloads A collection of Burpsuite Intruder payloads

10.5.5. 字典

• Blasting dictionary
• pydictor A powerful and useful hacker dictionary builder for a brute-force attack
• fuzzDicts Web Pentesting Fuzz 字典
• bruteforce lists
• CT subdomains
• PentesterSpecialDict 渗透测试人员专用精简化字典

10.5.6. Unicode Fuzz

• utf16encode

10.5.7. WAF Bypass

• abuse ssl bypass waf
• wafninja