Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
03aa7a13bfdfe21bdfb285637110b79d655dcbc30dbd9e6d2f05684fd284ab98Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
1117d125c5524973efe272843f61fa5ff8e2598f49a747d199c4984330e5d6f2Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK and IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
215db863dcdeca863fb174fd724d9d0cdd0c4653f30eb69dab71e49afcaeda6cShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.
2c0f6f6b21b511449035e2b2b61b08aee0745f3cdf87d7aafc0923f37045eda2This is a python script that can be used to fuzz PKZip files.
a2bdb33bcb41c294dc85b483289846e5c47e3a42a7557fc3c7123a4a4f56c006The recent release of Firefox 32 fixes another interesting image parsing issue found by afl. Following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with a simple <canvas> + toDataURL() harness that examines all the fuzzer-generated test cases. Depending on a variety of factors, problems like that may leak secrets across web origins, or more prosaically, may help attackers bypass security measures such as ASLR. This code is a proof of concept for versions prior to 32.
7c5c90b2004b180e2ba9b417077aadeb4d76b33775e460d93cce1e056c3e1b29Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melkor is a very intuitive and easy-to-use fuzzer to find functional (and security) bugs in ELF parsers.
dd37ddae34290ee552fdb5daee71e308b3ff192171694e83af256441719509d2This whitepaper discusses the ImmuniWeb Self-Fuzzer Firefox Extension. It is designed to detect cross site scripting and SQL injection vulnerabilities in web applications.
6f6965c6ee77da56e8c4cd79550ce7ac4fc004582bbbf1c3acceb2d70e88bad8xml2 Fuzzer is a fuzzing utility that daemonizes in order to fuzz the client side of a web browser.
6ce1679a18a737f7e82c37dd5a21cc85bfe82165cf1e8c95fb312c29f4e930d0This is a whitepaper titled "Dissecting Blackberry 10 - An Initial Analysis" and discusses the specifics of the Blackberry 10 operating system, fuzzers, dumping the boot sector and other topics.
70558b3c822ba1031b30db6cf2441cda58de528f629f8695f4dd323ea389bd4fThis paper is an introduction to the world of fuzzing by exploring the Sulley Fuzzing Framework.
9482ad49dcf1e85c63ff69f49d2c96af0e9d27589c49349ac1b0a36cd553b59fNowadays, a wide range of techniques can be used to find vulnerabilities and bugs in binaries applications. The aim of this paper is to introduce the main concepts of In-Memory Fuzzing, to summarize its advantages and drawbacks and to present the debugging library which is currently developed by High-Tech Bridge to help building in-memory fuzzers.
d324a8b16399a62d3aa46f85d06bf87acb81b7d880e66e011e3fd504d541f604This simple tool is useful to test a PABX with "allow guest" parameter set to "yes" (in this scenario an anonymous caller could place a call). The aim of the tool is to ring all the sip Terminal Equipment (phones).
6ba2d5b8e6fb19504e9f6dd8fae1bdcbe77e340e3053d3fc58575622138019d5Vulnerability Lab has produced a large amount of cross site scripting payloads that can be used with fuzzers for automated scanning, etc.
71078b2183d9cc07ac1636ddcb7060fb73257b6ebaedff466a4e3c1617e9defcThis is a master TFTP fuzzing script that is part of the ftools series of fuzzers.
755340a7bf126ffa85a75b665f2ab8d8bbce4423a7d9465e50f20688867b3732This tool is for fuzzing different protocols such as FTP, HTTP, IMAP, and more. It also has no-protocol plugins like a file fuzzer. Written in Python.
874583a408997ba23522c16d137b1b132dcb40cc56646b50321f388166592a45Simple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
a65bb4d048c713dd9ecc4b42b98cc124516fd5c1df19deddfc664476aad7caacDotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
7c954b9db834e02e36acbc4ebda32cfec3049f30d94668702004db28f42c7afeUniOFuzz is a universal fuzzing tool for browsers, web services, files, programs and network services/ports.
380fc307bd2912319ae5d082144514b94ae7530562d2f08c5340c2bf28993e12PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
3c0e45c995b45ccd06e3e1921ce42b2dc006e7c50ef41f09e35465397971fecaPHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
9518133a3f1021b40158214497372d472d196b47de6a8109d45d82f46f801c50SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more.
4fd73eaa07d985c2b97468b07640cbf674016b6d676e720e5c0ed70b2df09c64rtspFUZZ is a real time streaming protocol server fuzzer. It uses 6 basic crafting techniques OPTIONS,DESCRIBE,SETUP,PLAY,GET_PARAMETER,TEARDOWN,PAUSE etc rtsp commands and 9 advanced crafting techniques to test any target application. It has the ability to fuzz with Metasploit Pattern (pattern_create.rb) which can be helpful for finding the offset.
b3f05d18dd413771887842b4ada5d866099b1674425ad0bca2f4323f6772668fPHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
ceb5c22d39fc6f90b7e680e8c9287c121c4d955d426bab53fde7a92a6c51c13fFuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.
6d7aeec133b9386bd209b8716b27fc1d4d48ef3178ef969a9eb75f2172ef6eed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed