Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/minimaxir/big-list-of-naughty-strings

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
https://github.com/minimaxir/big-list-of-naughty-strings

Last synced: 13 days ago
JSON representation

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Host: GitHub
URL: https://github.com/minimaxir/big-list-of-naughty-strings
Owner: minimaxir
License: mit
Created: 2015-08-08T20:57:20.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2024-04-18T03:26:59.000Z (about 1 month ago)
Last Synced: 2024-05-03T00:38:25.655Z (20 days ago)
Language: Python
Size: 322 KB
Stars: 45,861
Watchers: 856
Forks: 2,131
Open Issues: 100
Metadata Files:
- Readme: README.md
- License: LICENSE

Lists

links - Big List of Naughty Strings
awesome-falsehood - Big List of Naughty Strings - A huge corpus of strings which have a high probability of causing issues when used as user-input data. A must have set of practical edge-cases to test your software against. (Internationalization)
lists - big-list-of-naughty-strings - input data. (Technical)
awesome-security-collection - **34045**星
awesome-csirt - Big List of Naughty Strings
awesome-testing - Naughty Strings - This is the famous list of Naughty Strings. If you're doing some field validation, look no further for inspiration. (Suggested Awesome Lists / Must Read)
collection - big-list-of-naughty-strings - input data. (Technical)
bookmarks - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Climbing / Chess :chess_pawn:)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 43616 | (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 45909 | (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - input data. (Python)
awesome-github-repos - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesomelist - big-list-of-naughty-strings - input data. (Technical / [email protected])
awesome-repositories - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-repositories - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-starred - big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-repositories - minimaxir/big-list-of-naughty-strings - input data. (Tools)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 43616 | (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 44106 | (Python)
awesome-stars - big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 37983 | (Python)
awesome-five23 - big-list-of-naughty-strings - input data. | minimaxir | 38551 | (Python)
awesome-react-testing - Naughty Strings
my-awesome - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
my-awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
my-awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
fucking-lists - big-list-of-naughty-strings - input data. (Technical)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
my-awesome-github-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 45909 | (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 41229 | (Python)
awesome-stars-by-sandeep - big-list-of-naughty-strings - input data. | minimaxir | 43616 | (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 44022 | (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-csirt - Big List of Naughty Strings
awesome-lists-Definative-Lists - big-list-of-naughty-strings - input data. (Technical)
my-awesome-starred - big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
my-awesome - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
my-awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-cyber-security - **34045**星
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 35546 | (Python)
my-awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
starred-awesome - big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 45906 | (Python)
my-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-fr - big-list-of-naughty-string
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 45909 | (Python)
awesome-rainmana - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 45909 | (Python)
awesome-cli-tui-software - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (<a name="data"></a>data)
awesome-hacking-lists - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - `★45905` The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
Awesome-List - Big list of naughty strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (📦 Modules/Packages / Testing)
awesome-hacking-lists - big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 45909 | (Python)
awesome-hacking-lists - big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python (1887))
awesome - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-cyber-security - **33516**星
my-awesome-stars - minimaxir/big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (Python)
awesome-stars - big-list-of-naughty-strings - input data. | minimaxir | 45908 | (Python)

README

# Big List of Naughty Strings
The Big List of Naughty Strings is an evolving list of strings which have a high probability of causing issues when used as user-input data. This is intended for use in helping both automated and manual QA testing; useful for whenever your QA engineer [walks into a bar](http://www.sempf.net/post/On-Testing1).

## Why Test Naughty Strings?

Even multi-billion dollar companies with huge amounts of automated testing can't find every bad input. For example, look at what happens when you try to Tweet a [zero-width space](https://en.wikipedia.org/wiki/Zero-width_space) (U+200B) on Twitter:

![](http://i.imgur.com/HyDg2eV.gif)

Although this is not a malicious error, and typical users aren't Tweeting weird unicode, an "internal server error" for unexpected input is never a positive experience for the user, and may in fact be a symptom of deeper string-validation issues. The Big List of Naughty Strings is intended to help reveal such issues.

## Usage

`blns.txt` consists of newline-delimited strings and comments which are preceded with `#`. The comments divide the strings into sections for easy manual reading and copy/pasting into input forms. For those who want to access the strings programmatically, a `blns.json` file is provided containing an array with all the comments stripped out (the `scripts` folder contains a Python script used to generate the `blns.json`).

## Contributions

Feel free to send a pull request to add more strings, or additional sections. However, please do not send pull requests with very-long strings (255+ characters), as that makes the list much more difficult to view.

Likewise, please do not send pull requests which compromise *manual usability of the file*. This includes the [EICAR test string](https://en.wikipedia.org/wiki/EICAR_test_file), which can cause the file to be flagged by antivirus scanners, and files which alter the encoding of `blns.txt`. Also, do not send a null character (U+0000) string, as it [changes the file format on GitHub to binary](http://stackoverflow.com/a/19723302) and renders it unreadable in pull requests. Finally, when adding or removing a string please update all files when you perform a pull request.

## Disclaimer

The Big List of Naughty Strings is intended to be used *for software you own and manage*. Some of the Naughty Strings can indicate security vulnerabilities, and as a result using such strings with third-party software may be a crime. The maintainer is not responsible for any negative actions that result from the use of the list.

Additionally, the Big List of Naughty Strings is not a fully-comprehensive substitute for formal security/penetration testing for your service.

## Library / Packages

Various implementations of the Big List of Naughty Strings have made it to various package managers. Those are maintained by outside parties, but can be found here:

| Library | Link |
| ------- | ---- |
| Node | https://www.npmjs.com/package/blns |
| Node | https://www.npmjs.com/package/big-list-of-naughty-strings |
| .NET | https://github.com/SimonCropp/NaughtyStrings |
| PHP | https://github.com/mattsparks/blns-php |
| C++ | https://github.com/eliabieri/blnscpp |

Please open a PR to list others.

## Maintainer/Creator

Max Woolf ([@minimaxir](https://twitter.com/minimaxir))

## Social Media Discussions

* June 10, 2015 [Hacker News]: [Show HN: Big List of Naughty Strings for testing user-input data](https://news.ycombinator.com/item?id=10035008)
* August 17, 2015 [Reddit]: [Big list of naughty strings.](https://www.reddit.com/r/programming/comments/3hdxqx/big_list_of_naughty_strings/)
* February 9, 2016 [Reddit]: [Big List of Naughty Strings](https://www.reddit.com/r/webdev/comments/44wc5b/big_list_of_naughty_strings/)
* January 15, 2017 [Hacker News]: [Naughty Strings: A list of strings likely to cause issues as user-input data](https://news.ycombinator.com/item?id=13406119)
* January 16, 2017 [Reddit]: [Naughty Strings: A list of strings likely to cause issues as user-input data](https://www.reddit.com/r/programming/comments/5o9inb/naughty_strings_a_list_of_strings_likely_to_cause/)
* November 16, 2018 [Hacker News]: [Big List of Naughty Strings](https://news.ycombinator.com/item?id=18466787)
* November 16, 2018 [Reddit]: [Naughty Strings - A list of strings which have a high probability of causing issues when used as user-input data](https://www.reddit.com/r/programming/comments/9xla2j/naughty_strings_a_list_of_strings_which_have_a/)

## License

MIT