Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
75a2cd6c9e14d4160defcf4899c6d654eba9ae1aad2b2c850bb165c84ee763bb
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
862e155c97737770baa26ffedf324a7fa255b757c85b0c9a6f312264f2ca29c5
This python script is a fuzzer for the ISO-8385 financial protocol. It is compatible with sulley and bofuzz and is now part of the official bofuzz release.
d1cd712ddf8adaf71b93d57c4b8957aa1038bc884f3451a6f085124d3115cc0d
Maavi is a fuzzing tool that scans for vulnerabilities with obfuscated payloads. Has proxy support, records full history of actions, and has various bells and whistles.
83e2d13d1dfbe16a16867f317e1413371ce7f3ad3f71149f9a2e4f61297de7a3
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
b1ab3d738d61d727cce3db2834c74e0d3f9d64dd23f7c1d305ccd92c05839223
This repository contains several tools Project Zero uses to test iPhone messaging. It includes SmsSimulator: an SMS simulator for iPhone, iMessage: tools for sending and dumping iMessage messages, and imapiness: a fuzzer for IMAP clients. See the directory for each tool for further instructions and contact information. This is not an officially supported Google product. These tools were released and presented at BlackHat USA 2019.
fa8f560293640c4759f220069490d2498cf18f75ce1183b3ab8f77dd819585e5
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
037f63c0d88d988078c440d65fcb3f037111f9486171391578f674f2cc68e1c6
XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.
75dbb38b248d52be321de6e1340065eac23ecbb902931e83075eb886bfa9a0bb
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
7fb1e433412d64fcd2335a3ebe7f66437ef34d5a0d3a1df62e2476f3169244ba
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
a45e7858e17f46a83a5612c75c070edff04dda6eab8f0a582f20f2ae5596d1d6
Whitepaper that shows how easy you can build a fuzzer for the MQTT protocol by using the Polymorph framework.
08c5ab2ad5f854437afe7515216244845ac796c7dae4ab83db7966b2c5810898
BadParser is a vulnerability parser designed to aid in the testing of fuzzers by simulating different kinds of memory corruption issues. Vulnerabilities are simulated by causing write-access violations at specific addresses, which serve as unique identifiers for the different issues. BadParser supports JSON and XML input files, with other file formats planned.
367f7dde5a91009874def600cffd3663977c783f792f9dde52d689d05d61d3af
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
11210463d7d354962165bf3887b2384b20d757d1e57785e6996cdb17c9a257d9
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
5cadf0ed2373636137cac4f25fb26de7d52672f89c3498a780239f53cb6690bb
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
a6465c6ebdc9d2ee488e2f8e4ef6e93e8ae72c06bb4873aee84e3b20039b9f2d
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
da5e7c56de700078c640a0eaaa287e9643cb97d56dc08a942a48fbd3fe8700f1
This article presents a cross-platform test harness written in Python that assists the user in searching for vulnerabilities in web browsers, specifically by fuzzing their font parsing functionality. The tool automates the delivery of test cases (font files in this context) into a web browser. The creation of a corpus of mutated TTF font files suitable for use in fuzzing is also covered.
c8318c528d7e608b8d2215bee4998862b6f54b96d2c952d42a31f344c81b6f0d
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
3802ca4a49b5033554a89567a685f4ee9e22fddddc120125d769fb7317fcfa8e
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
2c2eb4b44d8649611c833b65e2abf446870ef2d3d44d84e0f9b8e57d41fb1e33
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
fe07ede744275e79f00a3a21f07bc10a3f99cfcb3d440819651a51f0048d0d2b
Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
700cdd3f3460d4db512a15ccc778012b27d14b9d9019961e561b1b27ac8ed277
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
859f9e504580cf957ec756c239cf58ea4940fa4416cab0fa7e4d1ea6024c0f4c
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
19bbf1fdbe1324ff2ced174a8f2d184803feb3b504d30584ac8f333a272bf693
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
8cbb2942a45529e4a172b71ddae8cca063120b045162d57ff421c2568ebaf477
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
137f4129bf84d136fdaf3188611d5b02c8a2b428fdba539491a493f4dc8dd450