Mirrors/fuzzdb
2
0
Fork 0
mirror of https://github.com/fuzzdb-project/fuzzdb.git synced 2025-02-16 16:28:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source
This commit is contained in:
Adam Muntner 2015-10-25 12:06:52 -04:00
parent 1405fba80a
commit 3a35bfdcf5
1 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -1,7 +1,7 @@
FuzzDB is the most comprehensive Open Source database of malicious inputs, predictable resource names, greppable strings for server response messages, and other resources like web shells. It's like an application security scanner, without the scanner.
# Download #
**Preferred method is to check out sources via git, since new payloads are added frequently**
**Preferred method is to check out sources via git, new payloads are added frequently**
```
git clone git@github.com:fuzzdb-project/fuzzdb.git fuzzdb
```
@ -10,7 +10,7 @@ While in the FuzzDB dir, you can update your local repo with the command
```
git pull
```
You can also browse the [FuzzDB github sources](https://github.com/fuzzdb-project/fuzzdb/tree/master).
You can also browse the [FuzzDB github sources](https://github.com/fuzzdb-project/fuzzdb/tree/master) and there is always a [zip file](https://github.com/fuzzdb-project/fuzzdb/archive/master.zip)
# What's in FuzzDB? #
@ -38,6 +38,7 @@ Webshells, common password and username lists, and some handy wordlists.
Helpful documentation and cheatsheets sourced from around the web that are relevant to the payload categories are also provided. Many directories contain a README.md file with usage notes.
(https://github.com/fuzzdb-project/fuzzdb/tree/master/docs)
# Why was FuzzDB created? #
The sets of payloads currently built in to open source fuzzing and scanning software are poorly representative of the total body of potential attack patterns. Commercial scanners are a bit better, but not much. However, commercial tools also have a downside, in that that they tend to lock these patterns away in obfuscated binaries.
@ -48,6 +49,7 @@ FuzzDB was created to aggregate all known attack payloads and common predictable
Released under the dual New BSD and Creative Commons by Attribution licenses, FuzzDB can be leveraged to improve the test cases built into open source and commercial testing software.
# How was the data collected? #
Lots of hours of research while performing penetration tests:
@ -61,6 +63,7 @@ Lots of hours of research while performing penetration tests:
and the input of contributors: https://github.com/fuzzdb-project/fuzzdb/graphs/contributors
# How to Use fuzzdb #
FuzzDB is like an open source application security scanner, without the scanner.
@ -77,12 +80,13 @@ Other ways fuzzdb is often used:
* in training materials and documentation
* to learn about software exploitation techniques
# Who #
FuzzDB was created by Adam Muntner (unix23 @ gmail.com)
FuzzDB was created by Adam Muntner (amuntner @ gmail.com)
The FuzzDB license is New BSD and Creative Commons by Attribution. I want this project to be freely available in order to make the patterns contained within obsolete. If you use this project in your work, research, or commercial product, you are required to cite it. That's it.
FuzzDB (c) Copyright Adam Muntner, 2010-2015
Portions copyrighted by others, see the package and svn checkin comments for details.
Portions copyrighted by others, as noted in commit comments and README.md files.