Sloth - C++
Sloth is a fuzzing setup that makes use of libFuzzer and QEMU’s user-mode emulation (qemu/linux-user) on x86_64/aarch64 host to emulate aarch64 Android libraries to fuzz the target Android native library.
SecLists - PHP
About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data pa
Tavor - Go
Tavor Tavor (Sindarin for woodpecker) is a framework for easily implementing and using fuzzing and delta-debugging. Its EBNF-like notation allows you to define file formats, protocols, and other structured data without the nee
Libfuzzer workshop - C++
libfuzzer-workshop Materials of "Modern fuzzing of C/C++ Projects" workshop. The first version of the workshop had been presented at ZeroNights'16 security conference. Requirements 2-3 hours of your time Linux-b
Oss fuzz
OSS-Fuzz - Continuous Fuzzing for Open Source Software Status: Beta. We are preparing the project for public release soon. FAQ | Ideal Fuzzing Integration | New Project Guide | Reproducing Bugs | Projects | Projects Issue T
RamFuzz - C++
RamFuzz: Combining Unit Tests, Fuzzing, and AI RamFuzz is a fuzzer for individual method parameters in unit tests. A unit test can use RamFuzz to generate random parameter values for methods under test. The values are logged, and
EMFFuzzer - C
EMFFuzzer Enhanced Meta File (Partial EMF+ & EMFSPOOL) Fuzzer based on Peach Fuzzing Framework Author Ashfaq Ansari ashfaq[at]payatu[dot]com @HackSysTeam | Blog | null http://www.payatu
Droid ff - Python
Droid-FF : install python dependencies (setup.sh ) and you are good to go. GDB Server for android : get it from @ wget https://people.mozilla.org/~nchen/jimdb/jimdb-arm-linux_x64.tar.bz2 Credits to @ https://wiki.mozilla.org/Mob
Pbtk - Python
pbtk - Reverse engineering Protobuf apps Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structu
Cdf - Go
CDF is a tool to automatically test the correctness and security of cryptographic software. CDF can detect implementation errors, compliance failures, side-channel leaks, and so on.
Nili - Python
Nili Nili is a Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing. Prerequisites Python - Python Programming Language Scapy - Interactive Packet Manipulation Program Netzob -
Yfuzz - Go
yFuzz yFuzz is a project for running fuzzing jobs at scale with Kubernetes. Since Google open-sourced more of ClusterFuzz this project has been discontinued. Table of Contents yFuzz Table of Contents
Fexm - JavaScript
FuzzExMachina FExM simplifies basic fuzzing pipelines. As result of years of practical fuzz testing, it provides a best effort approach able to get running quickly and finding bugs in most applications. Given its fully automated
Qsym - C++
QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing Environment Tested on Ubuntu 14.04 64bit and 16.04 64bit Installation # disable ptrace_scope for PIN $ echo 0|sudo tee /proc/sys/
DrAFL - C
drAFL Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn't work you can try this tool. Additionally, you might want to try Manul that supports blackbox bina
Applepie - C++
applepie, a hypervisor implementation for Bochs Hello! Welcome to applepie! This is a tool designed for fuzzing, introspection, and finding bugs! This is a hypervisor using the Windows Hypervisor Platform API present in recent ve
Clusterfuzz - Python
ClusterFuzz ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz the Chrome Browser and as the fuzzing backend for OSS-Fuzz. ClusterFuzz prov
Frida fuzzer - JavaScript
This experimetal fuzzer is meant to be used for API in-memory fuzzing on Android.
Propfuzz
propfuzz: Rust tools to combine coverage-guided fuzzing with property-based testing
Hotwax - C
A good introduction to the concept of coverage-guided fuzzing can be found on the AFL repo. Details on the Frida Stalker can be found here (note that these examples are in JavaScript whereas this uses the C API which has little documentation.)
FuZZan - C++
The combination of a fuzzer with ASan is currently the most effective approach to find memory safety violations.
CWFF - Python
CWFF is a tool that creates a special High quality fuzzing/content discovery wordlist for you at the highest speed possible using concurrency
Uafuzz - C
UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities Directed Greybox Fuzzing (DGF) like AFLGo aims to perform stress testing on p
Libxdc - C
libxdc libxdc (eXtremely fast DeCoder) aims to be the best Intel-PT decoding library for fuzzing purposes. It was designed to power various of our bin
Damn Vulnerable C Program - C
What it is? This is a simple C program, i coded to explain common types of vulnerabilities like: integer overflow integer underflow Out of bound Read
Wordlistgen - Go
Generates target specific word lists by searching for endpoints in javascript and appends parameters for Fuzzing with other tools
Onefuzz - Rust
Project OneFuzz enables continuous developer-driven fuzzing to proactively harden software prior to release. With a single command, which can be baked into CICD, developers can launch fuzz jobs from a few virtual machines to thousands of cores.
Fuzzilli4wasm - Swift
A toy fuzzer for wasm fuzzing based on Fuzzilli, which will generate grammatically and semantically correct javascript code containing wasm features for fuzzing.
Fuzzcheck rs - Rust
Structure-aware, in-process, coverage-guided, evolutionary fuzzing engine for Rust functions.
Sqlfuzz - Go
Load random data into SQL tables for testing purposes. The tool can get the layout of the SQL table and fill it up with random data.
Libfuzzer - Nim
Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.
WiFi Protocol Fuzzing Tool - C
Openwifi is an open-source WiFi protocol stack based on SDR that is fully compatible with Linux mac80211. It's driver takes advantage of the Linux kernel's supports (mac80211, cfg80211) for WiFi high MAC, so it can provide an interface to the application layer like a common WiFi USB dongle.
ManuFuzzer - Objective-C++
Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM
Autoharness - Python
A tool that automatically creates fuzzing harnesses based on a library
Nyx - C
USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
Rdpfuzz - C
rdpfuzz Tools for fuzzing RDP. This project contains: DynamoRIO that was modified to be able to attach to running processes. WinAFL that was modified
Bsod kernel fuzzing - C
bsod-kernel-fuzzing This repository contains the implementations described in "BSOD: Binary-only Scalable fuzzing Of device Drivers". The paper and th
Docker fuzz - Dockerfile
README This is an all purpose test container for all things fuzzing/debugging. It has a bunch of tools installed to get you started. List of tools: AF
Libafl quickjs fuzzing - Rust
LibAFL QuickJS Fuzzing Example An example fuzzer about how to fuzz a JS engine combinign Nautilus with Token-level fuzzing. Prepare Make sure to have
Fuzzuf - C++
fuzzuf README(日本語) fuzzuf (fuzzing unification framework) is a fuzzing framework with its own DSL to describe a fuzzing loop by constructing building
FirmWire
FirmWire FirmWire is a full-system baseband firmware emulation platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, a
Fuzzuli - Go
fuzzuli Motivation • Background • Installation • Usage • Running fuzzuli • Tool Page fuzzuli is a url fuzzing tool that aims to find critical backup f
GooFuzz - Shell
GooFuzz - The Power of Google Dorks Credits Author: M3n0sD0n4ld Twitter: @David_Uton Description: GooFuzz is a script written in Bash Scripting that u