PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
add28806781ecf08f8b6dd125cf3fe1ef7b0857f91e72062ae1768273680e1feHonggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
5eabcb34e63989ed4f5642d912c8641cae186311d69337401092b6d50f806e3aDotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
dc08b1efa2acdffd376cece72189cb8862611ee023be690fd9a155d4b30878b6Whitepaper called Intelligent Debugging and In-Memory Fuzzers.
cfc1b0b99e77a91f3c6b2cd9dcbb873fb94901080b19135447424e67b0a48446FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.
64a2478b6758505b56ea79a765292e926f190b7255790d538d7a95e688fd16bbSimple Fuzzer is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
7fcf7aee05ab2a2049ef8d39184286e639df7b34f15f5b6e43a24ec87d86dc8aSpiderpig is a PDF fuzzing utility written in python.
eb4561c3095ec8870ccb83e8a9d8b30853581c6d9f25f9ca1d5c4ef9db399fdaWhitepaper called The Sulley Framework: Basics. Sulley is a fuzzer packed with interesting capabilities. Such as packet-capturing, crash reporting and VMware automation.
027210bf2196cc9ddb0cea7a535eb45f2d6fa84b497ec17b8d7e1a746a961a42This fuzzing tool is called the Full Automated Column Finder for SQL Injection.
bfbe4a7195685d5454916ac4e95631f9b811f07162b4f4639b8b87e080458a5cCGIFuzz is a python script for scanning 592 CGI paths on a given target.
177ed70a172eb1bc8a2d15a737d3f66e18b2b99936371119b4e6c2d041c701c8zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
4b155cf351dd40779ed2072e91577f2f88a44dcb2107b9f16f9f9db217bf3779Browser Fuzzer 3 (bf3) is a comprehensive web browser fuzzer that fuzzes CSS, DOM, HTML and JavaScript.
ab072a52f4342b6af64d4ce2b1a3e18aae40f2dd2bcb3ddffb4cd1711e4150d12^6 TCP control bit fuzzer (no ECN or CWR).
acfc236162c8e9847ca2d395fb48be29cbbc9dc349fb97ccdf40724996d73882DeepToad is a tool for computing fuzzy hashes from files. DeepToad can generate signatures, clusterize files and/or directories and compare them. It's inspired in the very good tool ssdeep and, in fact, both projects are very similar. The complete project is written in pure python and is distributed under the LGPL license.
195b3d4c57d15a6fee7b7136f3351f12f13fb9a8144df5002b92a4485043bd1aThis small perl script is a generic random remote fuzzer.
f4bddba1bc5967ea0646d047d5e4b798651d79d68b89137957542fd3a0fcb94bThis is the ICMPv4/IP fuzzer prototype code.
35272cf0bbd351d1c3768a01705b36f56401acf729c58cd4d80efa24fbe4308buwss is a web security scanner and used for testing security holes in web applications. It can act as a fuzzer whose objective is to probe the application with various crafted attack strings. uwss is built upon a modular concept.
f5889f915e9116c5d6e219bc6ac51f19112545db98937dc7898dbe14386f49374f is the file format fuzzing framework.
008ec7e8c205931119fd3a3bc5f03ef58d628982adc30a9530caaae62cf58313uwss is a web security scanner and used for testing security holes in web applications. It can act as a fuzzer whose objective is to probe the application with various crafted attack strings. uwss is built upon a modular concept.
13057a6d9a4ce6617d07316cf3ac864b76984cb10985c54168293dbc49851d8aFuzzgrind is a fully automatic fuzzing tool, generating test files with the purpose of discovering new execution paths likely to trigger bugs and potentially vulnerabilities. It is based on the concept of symbolic execution. Thus, the tool starts from a file considered valid by the software under test, and analyses the execution path to extract any constraints tied to branch instructions followed by this software. By resolving constraints one by one, Fuzzgrind will alter the valid file to explore possible new branches of the software under test, in order to discover new vulnerabilities.
1647ac2ac494e2a8033936f8ac52d252a482907419e181e11a74a9df3fc61c22Asterisk UDP IAX protocol fuzzing utility.
38cb2e5ced48810f3028ffd78c79418cf6e9221460e97e695f38258c47928e40darkTouch is a fuzzer that attempts to fingerprint the structure of a website. Written in Python.
86a99f55e9fc32eee675bdba41eff23d4356b6004f52b1c0b400498cbd083d37Hzzp is a HTTP compliant client and server fuzzer. Hzzp's main features include HTTP response and request fuzzing, authentication fuzzing, query parameter fuzzing, and automatic or manual exploit generation.
7407b05d1cf6bb1faff9f84cb8b6c90807c711fc7d4cb78481ca10533173aeeaSimple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
e244dc374f84c63b7a6cfac17c78eed576e3b6cb4d0a536d0a32bb866d67896bSQL fuzzing tool that will find all table names, column names for specified table, mysql version, username of mysql, database, perform load_file() on sites vulnerable to SQL injection.
04567fd7758525a5ed5dcfa916d706b33ffcb6470163b2634fac2e099cbeb3bf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed