what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 26 - 50 of 189

Fuzzer Files

American Fuzzy Lop plus plus 3.0c

Posted Dec 15, 2020

Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site thc.org

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: Dozens of updates and improvements.

tags | tool, fuzzer

systems | unix

SHA-256 | 75a2cd6c9e14d4160defcf4899c6d654eba9ae1aad2b2c850bb165c84ee763bb

Download | Favorite | View

American Fuzzy Lop plus plus 2.68c

Posted Nov 19, 2020

Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site thc.org

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: Added the GSoC excellent afl++ grammar mutator by Shengtuo. A few QOL changes for Apple and its outdated gmake. Various other updates and improvements.

tags | tool, fuzzer

systems | unix

SHA-256 | 862e155c97737770baa26ffedf324a7fa255b757c85b0c9a6f312264f2ca29c5

Download | Favorite | View

ISO-8385 Protocol Fuzzer

Posted Feb 5, 2020

Authored by Fakhir Karim Reda

This python script is a fuzzer for the ISO-8385 financial protocol. It is compatible with sulley and bofuzz and is now part of the official bofuzz release.

tags | tool, protocol, python, fuzzer

SHA-256 | d1cd712ddf8adaf71b93d57c4b8957aa1038bc884f3451a6f085124d3115cc0d

Download | Favorite | View

Maavi Fuzzing Utility

Posted Jan 20, 2020

Authored by Haroon Awan | Site github.com

Maavi is a fuzzing tool that scans for vulnerabilities with obfuscated payloads. Has proxy support, records full history of actions, and has various bells and whistles.

tags | tool, vulnerability, fuzzer

SHA-256 | 83e2d13d1dfbe16a16867f317e1413371ce7f3ad3f71149f9a2e4f61297de7a3

Download | Favorite | View

Ansvif 1.12

Posted Oct 30, 2019

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This is a bugfix release to ansvif. Many things were tweaked and fixed since the last version, but no real functionality has changed.

tags | tool, fuzzer

systems | unix

SHA-256 | b1ab3d738d61d727cce3db2834c74e0d3f9d64dd23f7c1d305ccd92c05839223

Download | Favorite | View

iOS Messaging Tools

Posted Aug 7, 2019

Authored by saelo, Google Security Research, natashenka

This repository contains several tools Project Zero uses to test iPhone messaging. It includes SmsSimulator: an SMS simulator for iPhone, iMessage: tools for sending and dumping iMessage messages, and imapiness: a fuzzer for IMAP clients. See the directory for each tool for further instructions and contact information. This is not an officially supported Google product. These tools were released and presented at BlackHat USA 2019.

tags | tool, telephony, imap, fuzzer

systems | apple, iphone

SHA-256 | fa8f560293640c4759f220069490d2498cf18f75ce1183b3ab8f77dd819585e5

Download | Favorite | View

Ansvif 1.11

Posted Jan 3, 2019

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release has lots of code cleanup, bug fixes, and slight improvements in speed. Some code readability has been improved. This release is known to work on Android 7.1.1 (tested on a Motorola Droid Maxx 2), Ubuntu Linux x86_64, as well as Windows 10 x86_64.

tags | tool, fuzzer

systems | unix

SHA-256 | 037f63c0d88d988078c440d65fcb3f037111f9486171391578f674f2cc68e1c6

Download | Favorite | View

XSS Fuzzer

Posted Nov 28, 2018

Authored by Poyo VL | Site xssfuzzer.com

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.

tags | tool, arbitrary, javascript, fuzzer

SHA-256 | 75dbb38b248d52be321de6e1340065eac23ecbb902931e83075eb886bfa9a0bb

Download | Favorite | View

Ansvif 1.11a

Posted Oct 23, 2018

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This is an initial Android pre-release.

tags | tool, fuzzer

systems | unix

SHA-256 | 7fb1e433412d64fcd2335a3ebe7f66437ef34d5a0d3a1df62e2476f3169244ba

Download | Favorite | View

Ansvif 1.10

Posted Aug 27, 2018

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release comes with lots of bug fixes and a couple new features added to the GTK frontend.

tags | tool, fuzzer

systems | unix

SHA-256 | a45e7858e17f46a83a5612c75c070edff04dda6eab8f0a582f20f2ae5596d1d6

Download | Favorite | View

Building A Simple Proxy Fuzzer For THe MQTT Protocol Using The Polymorph Framework

Posted Apr 24, 2018

Authored by Santiago Hernandez Ramos

Whitepaper that shows how easy you can build a fuzzer for the MQTT protocol by using the Polymorph framework.

tags | paper, protocol, fuzzer

SHA-256 | 08c5ab2ad5f854437afe7515216244845ac796c7dae4ab83db7966b2c5810898

Download | Favorite | View

BadParser 1.6.42218.0

Posted Apr 24, 2018

Authored by John Leitch

BadParser is a vulnerability parser designed to aid in the testing of fuzzers by simulating different kinds of memory corruption issues. Vulnerabilities are simulated by causing write-access violations at specific addresses, which serve as unique identifiers for the different issues. BadParser supports JSON and XML input files, with other file formats planned.

tags | tool, vulnerability, fuzzer

SHA-256 | 367f7dde5a91009874def600cffd3663977c783f792f9dde52d689d05d61d3af

Download | Favorite | View

Ansvif 1.9.1

Posted Apr 19, 2018

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This version is a bugfix release that includes lots of error handling.

tags | tool, fuzzer

systems | unix

SHA-256 | 11210463d7d354962165bf3887b2384b20d757d1e57785e6996cdb17c9a257d9

Download | Favorite | View

Ansvif 1.9

Posted Apr 16, 2018

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes lots of bugfixes and a bunch of new entries in the examples folder.

tags | tool, fuzzer

systems | unix

SHA-256 | 5cadf0ed2373636137cac4f25fb26de7d52672f89c3498a780239f53cb6690bb

Download | Favorite | View

Ansvif 1.8.1.1

Posted Dec 29, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release is for Windows 10 compatibility. Includes an ansvif.exe (with embedded icon this time), and printf.exe for reproducing faults. Also included are the examples to test ansvif on.

tags | tool, fuzzer

systems | unix

SHA-256 | a6465c6ebdc9d2ee488e2f8e4ef6e93e8ae72c06bb4873aee84e3b20039b9f2d

Download | Favorite | View

Ansvif 1.8.1

Posted Oct 26, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: Bug fixes and a new option to let you control if null characters are in the fuzz.

tags | tool, fuzzer

systems | unix

SHA-256 | da5e7c56de700078c640a0eaaa287e9643cb97d56dc08a942a48fbd3fe8700f1

Download | Favorite | View

Fuzzing Font Parsing

Posted Oct 23, 2017

Authored by James Fell

This article presents a cross-platform test harness written in Python that assists the user in searching for vulnerabilities in web browsers, specifically by fuzzing their font parsing functionality. The tool automates the delivery of test cases (font files in this context) into a web browser. The creation of a corpus of mutated TTF font files suitable for use in fuzzing is also covered.

tags | tool, web, vulnerability, python, fuzzer

systems | unix

SHA-256 | c8318c528d7e608b8d2215bee4998862b6f54b96d2c952d42a31f344c81b6f0d

Download | Favorite | View

Ansvif 1.8

Posted Sep 12, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes some touchups to the main ansvif code, better crash detection under linux, as well as a primary new feature: the frontend to ansvif.

tags | tool, fuzzer

systems | unix

SHA-256 | 3802ca4a49b5033554a89567a685f4ee9e22fddddc120125d769fb7317fcfa8e

Download | Favorite | View

Ansvif 1.7

Posted Apr 13, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release marks easier compiling on most modern operating systems including Windows 7, Windows 10, Linux (Redhat and Debian based distros), and OpenBSD. It may compile/work on other operating systems but has not been tested. This is mostly a source code release with lots of code cleanup, and no new features.

tags | tool, fuzzer

systems | unix

SHA-256 | 2c2eb4b44d8649611c833b65e2abf446870ef2d3d44d84e0f9b8e57d41fb1e33

Download | Favorite | View

Ansvif 1.6.2

Posted Feb 25, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release has lots of code cleanup, bug fixes, and includes a -y or -b 0 option for zero buffer size (useful with -A and -B when in use with other fuzzers), and a -K option to keep going after a crash (usually only useful when logging).

tags | tool, fuzzer

systems | unix

SHA-256 | fe07ede744275e79f00a3a21f07bc10a3f99cfcb3d440819651a51f0048d0d2b

Download | Favorite | View

Mobile Security Framework MobSF 0.9.3 Beta

Posted Nov 23, 2016

Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.

tags | tool, web, vulnerability, fuzzer, xxe

systems | cisco, ios

SHA-256 | 700cdd3f3460d4db512a15ccc778012b27d14b9d9019961e561b1b27ac8ed277

Download | Favorite | View

Ansvif 1.6.1

Posted Nov 21, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes a -M option for maximum arguments in the fuzz, as well as algorithmic control of ansvif fuzz testing (so that if it has already tried a particular fuzz it will not try it again, this speeds things up quite a bit).

tags | tool, fuzzer

systems | unix

SHA-256 | 859f9e504580cf957ec756c239cf58ea4940fa4416cab0fa7e4d1ea6024c0f4c

Download | Favorite | View

Ansvif 1.6

Posted Oct 2, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes lots of bug fixes, and better Windows compatibility. Now there is no need for the extra .dll files in the Windows version.

tags | tool, fuzzer

systems | unix

SHA-256 | 19bbf1fdbe1324ff2ced174a8f2d184803feb3b504d30584ac8f333a272bf693

Download | Favorite | View

Ansvif 1.5.2

Posted Jun 21, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes a bunch of bug fixes, and manual pages. No changes to the Windows code.

tags | tool, fuzzer

systems | unix

SHA-256 | 8cbb2942a45529e4a172b71ddae8cca063120b045162d57ff421c2568ebaf477

Download | Favorite | View

Ansvif 1.5.1

Posted Jun 2, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes drafted manpages for ansvif and find_suid, plus binaries rebuilt on Debian Jessie for i386 and amd64. No changes to the Windows release were made.

tags | tool, fuzzer

systems | unix

SHA-256 | 137f4129bf84d136fdaf3188611d5b02c8a2b428fdba539491a493f4dc8dd450

Download | Favorite | View