Sloth is a fuzzing setup that makes use of libFuzzer and QEMU’s user-mode emulation (qemu/linux-user) on x86_64/aarch64 host to emulate aarch64 Android libraries to fuzz the target Android native library.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data pa
Tavor (Sindarin for woodpecker) is a framework for easily implementing and using fuzzing and delta-debugging. Its EBNF-like notation allows you to define file formats, protocols, and other structured data without the nee
Materials of "Modern fuzzing of C/C++ Projects" workshop.
The first version of the workshop had been presented at ZeroNights'16 security conference.
2-3 hours of your time
OSS-Fuzz - Continuous Fuzzing for Open Source Software
Status: Beta. We are preparing the project for public release soon.
FAQ | Ideal Fuzzing Integration | New Project Guide | Reproducing Bugs | Projects | Projects Issue T
RamFuzz: Combining Unit Tests, Fuzzing, and AI
RamFuzz is a fuzzer for individual method parameters in unit tests. A unit test can use RamFuzz to generate random parameter values for methods under test. The values are logged, and
install python dependencies (setup.sh ) and you are good to go.
GDB Server for android : get it from @ wget https://people.mozilla.org/~nchen/jimdb/jimdb-arm-linux_x64.tar.bz2 Credits to @ https://wiki.mozilla.org/Mob
pbtk - Reverse engineering Protobuf apps
Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structu
Nili is a Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing.
Python - Python Programming Language
Scapy - Interactive Packet Manipulation Program
FExM simplifies basic fuzzing pipelines. As result of years of practical fuzz testing, it provides a best effort approach able to get running quickly and finding bugs in most applications. Given its fully automated
QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
Tested on Ubuntu 14.04 64bit and 16.04 64bit
# disable ptrace_scope for PIN
$ echo 0|sudo tee /proc/sys/
Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn't work you can try this tool. Additionally, you might want to try Manul that supports blackbox bina
applepie, a hypervisor implementation for Bochs
Hello! Welcome to applepie! This is a tool designed for fuzzing, introspection, and finding bugs! This is a hypervisor using the Windows Hypervisor Platform API present in recent ve
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.
Google uses ClusterFuzz to fuzz the Chrome Browser and as the fuzzing backend for OSS-Fuzz.
Project OneFuzz enables continuous developer-driven fuzzing to proactively harden software prior to release. With a single command, which can be baked into CICD, developers can launch fuzz jobs from a few virtual machines to thousands of cores.
Openwifi is an open-source WiFi protocol stack based on SDR that is fully compatible with Linux mac80211. It's driver takes advantage of the Linux kernel's supports (mac80211, cfg80211) for WiFi high MAC, so it can provide an interface to the application layer like a common WiFi USB dongle.