fuzzdb-project
diff --git a/‎.gitignore
+1 b/‎.gitignore
+1
diff --git a/‎README.md
+10-4 b/‎README.md
+10-4
diff --git a/‎_copyright.txt
+1-1 b/‎_copyright.txt
+1-1
diff --git a/‎attack/authentication/README.md
+4 b/‎attack/authentication/README.md
+4
diff --git a/‎attack/authentication/php_magic_hashes.fuzz.txt
+24 b/‎attack/authentication/php_magic_hashes.fuzz.txt
+24
diff --git a/‎attack/control-chars/NullByteRepresentations.txt
+7 b/‎attack/control-chars/NullByteRepresentations.txt
+7
diff --git a/‎attack/control-chars/true.txt
+9 b/‎attack/control-chars/true.txt
+9
diff --git a/‎attack/format-strings/format-strings.txt
+10 b/‎attack/format-strings/format-strings.txt
+10
diff --git a/‎attack/ip/localhost.txt
+10-1 b/‎attack/ip/localhost.txt
+10-1
diff --git a/‎attack/lfi/common-unix-httpd-log-locations.txt
+22 b/‎attack/lfi/common-unix-httpd-log-locations.txt
+22
@@ -0,0 +1 @@
+*.DS_Store
@@ -1,4 +1,8 @@
-FuzzDB was created to increase the likelihood of causing and identifying conditions of security interest through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.  
+_____________________________________
+FYI: The /web-backdoors folder may trigger anti-virus scanners.
+_____________________________________
+
+FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.  
 
 **Attack Patterns -**
 FuzzDB contains comprehensive lists of [attack payload](https://github.com/fuzzdb-project/fuzzdb/tree/master/attack) primitives for fault injection testing. 
@@ -64,20 +68,22 @@ Other security tools and projects that incorporate FuzzzDB in whole or part
 **Preferred method is to check out sources via git, new payloads are added frequently**
 
 ```
-git clone https://github.com/fuzzdb-project/fuzzdb.git
+git clone https://github.com/fuzzdb-project/fuzzdb.git --depth 1
 
 ```
 While in the FuzzDB dir, you can update your local repo with the command
 ```
 git pull
 ```
-You can also browse the [FuzzDB github sources](https://github.com/fuzzdb-project/fuzzdb/) and there is always a [zip file](https://github.com/fuzzdb-project/fuzzdb/archive/master.zip)
+This Stackoverflow gives ideas on how to keep your local repository tidy: https://stackoverflow.com/questions/38171899/how-to-reduce-the-depth-of-an-existing-git-clone/46004595#46004595
+
+You can also browse the [FuzzDB github sources](https://github.com/fuzzdb-project/fuzzdb/) and there is always a fresh [zip file](https://github.com/fuzzdb-project/fuzzdb/archive/master.zip)
 
 Note: Some antivirus/antimalware software will alert on FuzzDB. To resolve, the filepath should be whitelisted. There is nothing in FuzzDB that can harm your computer as-is, however due to the risk of local file include attacks it's not recommended to store this repository on a server or other important system.  
 
 ### Who ###
 FuzzDB was created by Adam Muntner (amuntner @ gmail.com)
-FuzzDB (c) Copyright Adam Muntner, 2010-2017
+FuzzDB (c) Copyright Adam Muntner, 2010-2019
 Portions copyrighted by others, as noted in commit comments and README.md files. 
 
 The FuzzDB license is New BSD and Creative Commons by Attribution. The ultimate goal of this project is to make the patterns contained within obsolete. If you use this project in your work, research, or commercial product, you are required to cite it. That's it. I always enjoy hearing about how people are using it to find an interesting bug or in a tool, send me an email and let me know. 
 
@@ -1,4 +1,4 @@
-Copyright (c) 2010-2017, Adam Muntner
+Copyright (c) 2010-2019, Adam Muntner
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 
@@ -0,0 +1,4 @@
+
+php_magic_hashes.fuzz.txt - See, https://www.whitehatsec.com/blog/magic-hashes/
+"the following “magic” strings are substantially more likely to evaluate to true when hashed given a completely random hash..."
+
@@ -0,0 +1,24 @@
+00e00099
+00e05651056780370631793326323796
+00e1839085851394356611454660337505469745
+00e2521569708250889666329543741175098562
+00e38549671092424173928143648452
+00e4706040169225543861400227305532507173
+0e015339760548602306096794382326
+0e01697014920826425936632356870426876167
+0e074025
+0e07766915004133176347055865026311692244
+0e251331818775808475952406672980
+0e266546927425668450445617970135
+0e316321729023182394301371028665
+0e34042599806027333661050958199580964722
+0e462097431906509019562988736854
+0e4868841162506296635201967091461310754872302741
+0e495317064156922585933029613272
+0e591528
+0e684322
+0e69173478833895223726165786906905141502
+0e73845709713699
+0e817678
+0e908730200858058999593322639865
+0e9108479697641294204710754930487725109982883677
@@ -54,3 +54,10 @@ u"\u0000"
 %FE%80%80%80%80%80%80
 
 �
+%2500
+%252500
+%25252500
+%25%30%30
+\x%30%30
+%%30%30
+%25%2530%2530
@@ -0,0 +1,9 @@
+TRUE
+true
+1
+-1
+4294967295
+0xFFFFFFFF
+\FFFFFFFF
+\FFFFFFFF\
+\xFFFFFFFF
@@ -55,3 +55,13 @@ ppppp%x
 ppppp%n
 %@
 %@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@
+%*
+%*p
+%*x
+%*s
+%*S
+%*$*
+%*$*p
+%*$*x
+%*$*s
+%*$*S
@@ -10,7 +10,7 @@
 2130706434
 7F000001
 7F000002
-localhost
+localhos
 127.123.123.123
 0x7f.1
 017700000001
@@ -53,3 +53,12 @@ test.localtest.me
 0000:0000:0000:0000:0000:ffff:127.0.0.1
 A.34.192.228.43.1time.127.0.0.1.99times.repeat.rebind.network
 hostname
+0177.1
+0177.2
+0177.0.1
+0177.0.2
+017700000001
+017700000002
+0x7F000001
+0x7F000002
+0X07f.0.0.1
@@ -16,6 +16,7 @@
 /var/log/apache2/access_log 
 /var/log/apache/access.log 
 /var/log/apache2/access.log 
+/var/log/apache2/other_vhosts_access.log
 /var/log/access_log 
 /var/log/access.log 
 /var/www/logs/error_log 
@@ -28,3 +29,24 @@
 /var/log/apache2/error.log 
 /var/log/error_log 
 /var/log/error.log 
+/var/log/nginx/error.log
+/var/log/nginx/access.log
+/opt/apache2/conf/httpd.conf
+/opt/apache/conf/httpd.conf
+/opt/lampp/logs/access_log
+/opt/lampp/logs/access.log
+/opt/lampp/logs/error_log
+/opt/lampp/logs/error.log
+/opt/xampp/etc/php.ini
+/opt/xampp/logs/access_log
+/opt/xampp/logs/access.log
+/opt/xampp/logs/error_log
+/opt/xampp/logs/error.log
+/opt/bitnami/apache2/logs/access_log
+/opt/bitnami/apache2/logs/error_log
+/var/log/httpd/error_log
+/var/log/httpd/access_log
+/var/log/apache2/error.log
+/var/log/apache2/access.log
+/var/log/httpd-error.log
+/var/log/httpd-access.log
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-Copyright (c) 2010-2017, Adam Muntner`
	`1`	`+Copyright (c) 2010-2019, Adam Muntner`
`2`	`2`	`All rights reserved.`
`3`	`3`
`4`	`4`	`Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:`
-Original file line number
+Diff line change
 ppppp%n
 %@
 %@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@
 +%*
 +%*p
 +%*x
 +%*s
 +%*S
 +%*$*
 +%*$*p
 +%*$*x
 +%*$*s
 +%*$*S