Fuzzdb updated to v1.06

A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.

Fuzzdb is a comprehensive set of known attack pattern sequences to be utilized for intelligent brute force testing in order to rapidly identify exploitable conditions in new applications.

Primary sources used for attack pattern research:

  • researching old web exploits for repeatable attack strings
  • scraping scanner patterns from http logs
  • various books, articles, blog posts, mailing list threads
  • patterns gleaned from other open source fuzzers and pentest tools
  • analysis of default app installs
  • system and application documentation
  • error messages

License is New BSD/ Creative Commons/Attribution.

More information: here


  • Added more sqli attack and enumeration patterns, reorganized sqli tree, in svn not in tarball yet (4/22/2010)
  • Added more web shells (4/20/2010)
  • FreeBSD FreshPorts now carries fuzzdb http://www.mail-archive.com/cvs-all@freebsd.org/msg166332.html (4/19/2010)
  • Latest version: scrubbed spaces from file and path names for better shell navigation, rearranged files using a functional approach, added the /regex dir containing things you might want to look for on returned pages. Initial checkin contains a large set of error messages and list of common session ID cooke names.(4/17/2010)