Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (including cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering a website and identifying inputs.
4ee9ca809287166d059f03478f84ab9ae3b6ab083adaee34d3b2091de62e924b
Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.
9f7c129e9742196110db2d38a69c5ab53da1ed4bd63f1ab85e877269ac4828fc
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
f80bf14e4e0e2aef70ffee1065caee30c845ca9dae1448701ff20d7f6853e261
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
0a89fdb6912d4dd68ac88c54951e87738294d13562e0d57662fb90974b947710
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
30c7765b960b131246bfe8c25b79d20eae49f282dd0ac3b7e1e293233a446f99
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
914a543d2230a7b8ce134d8bbe1c8ae18cec7be3c49361770ac04eda12cf3e05
SQL fuzzing utility written in Python.
051c055fe00407919e7c1c2ffd3567e5a02d5ed2df101486511d5995ffe39ed8
SQL Injector version 1.0 is a fuzzing utility written in Python.
540c59b543ffe0c33b344577bedcbe77ec179eb7b6441061ffb9c703c0bede59
Cross site scripting fuzzing utility written in Python.
d6635e858fcf89ce62f89cf87e20a31f8c853800d25e2d5039fa428808132e90
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
6fa417edb887bc2a9b30f10caf309c076293186b24d00cd9af098a7243ff02a0
Syslog Fuzzer is a small perl script tool that is useful for testing some attack vectors against syslog servers. It has support for buffer/integer overflows and format string vulnerabilities.
fb34a3d4e18d1e8af3658c6272e7e8976431669d015724f634b37da32a293743
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, files), bruteforce HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/ Password), Fuzzing, etc.
fc1a73ded9af26968df62c865343f4ddfe5300ca020cd32a41ab9f0bb2577adb
PGMfuzz is a fuzzer written for identifying vulnerabilities in PGM option parsing implementations.
b74310aa941f94bcbfee075e203ba145d732c8d357727cc806d9623b94be7d22
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
dae9be447ea202eb4d5eeb0cba317136fe15861630c1562730ff011f8ecb33c7
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
ebfb03563564202d26c9314f19b2cbbdf98cdb2c16d21f6628ccf680af7d3db6
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
a5fa82e49c01721f0ae339345780c55d1ae9e42ed6909901a1c688800e5b834c
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
7316d0f0a285a94b48f522cda8e5a4963a67a6b63cbe7e8aaa2dd7ed46a4b9ef
Whitepaper entitled "Writing a fuzzer using the Fuzzled framework". The paper includes some of the techniques used to dismantle protocols including documentation, observation and static analysis.
85eff0372eb6b927c7f66e8380f04f54c2152fb1202fd191238c82796096ff34
PHP Source Auditor III (or PSA3) was created in order to quickly find vulnerabilities in PHP source code. Written in Perl.
787110a34b85754752472a108a0e65147bfdd6deda7c812bfd88705c49a5740a
The Evolutionary Fuzzing System (EFS) is a fuzzer that attempts to eliminate traditional fuzzer techniques of building a new fuzzer for each protocol by dynamically learning a protocol using code coverage and other feedback mechanisms.
25c9e9a281636d9be7f0216bfa0eb37beca0ff7dc82ae2e3f00832e4c0cb964d
GPF is a fuzzer that provides developers, security researchers, and quality assurance professionals the capability to quickly search for bugs/vulnerabilities in the exposed interface of networked applications. GPF uses captured packet sessions (from libpcap) to construct a protocol description from real traffic. Users can then configure various types of injected faults, manually modify the capture file, and define custom functions to deal with dynamic data.
9597f83a0a3b35e591f9e0d360e8589e6157a42ff347d071a12df55d00355a2d
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
7df5232b8c6004828bcde2ac32d9d75b2b39d4f4bd4c9c56582f739aa62efa58
pff (Php Fuzzing Framework) is a tiny tool that was created with the intention of discovering security and general bugs within Php functions.
4d0f87948f015600b4b1c890ebfef7fe135aa49b4dad26119a4e5a0318cbf177
untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input. It's released under GPL v2 and written in python.
cb9f89dfdf1cce6e76b2946659b685492339efaff809146b7d036304fed2def0
FuzzMan is a simple man page fuzzer that is quite powerful.
b41eb2bbaca1c7754894834de2761da65eb830c1f3a61c8c0c2d0798df220f24