PaiMei is a reverse engineering framework consisting of multiple extensible components. The goal of the framework is to reduce the time from "idea" to prototype to a matter of minutes, instead of days. PaiMei is written entirely in Python and exposes at the highest level a debugger, a graph based binary abstraction and a set of utilities for accomplishing various repetitive tasks. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as: fuzzer assistance, code coverage tracking, data flow tracking and more.
f027a3b0b418697874b0a94638fd5384a09eea2e16778ac1bf21c0ea708b4c9a
clfuzz is a command line argument fuzzer written in Python. It is very useful for auditing setuid binaries for command line overflows.
574e98fdf313a192edc3b21ee06943e44bcb1c39c9325d66467fde982361b938
Mistress in an 'Application Sadism Environment' and can also be called a fuzzer. It is written in Python and was created for probing file formats on the fly and protocols with malformed data, based on pre-defined patterns. It is recommended that the project site be visited for further documentation and use cases.
8f1644949d6e28abd23dcd7e39f1895f3db11b73a3c7f690dd3821b1bf423415
BSS (Bluetooth Stack Smasher) is a L2CAP layer fuzzer designed to assess the security of Bluetooth enabled devices by sending malicious packets.
aaba600425bcd01257183c65b4aa46278664ad27a4f671b325327a8cabb77e48
A simple TCP/UDP protocol Fuzzer version 1.0.
4e540510eb4efa8acdd714de59e8a7dc27c629fdbac85816fe7263e76ed61aeb
Sec-1 has identified an exploitable Buffer Overflow within the HTTP management interface of GFI MailSecurity 8.1. By sending large strings within several areas of the HTTP request (such as a large 'Host' or 'Accept' header) critical portions of memory are overwritten. Verification of this vulnerability can be achieved through the use of a HTTP fuzzer, such as @stake webproxy. Successful exploitation could allow an attacker to gain administrative control of the targeted host.
4300d283bb084186da283e56ddae0e40446b1e8a04f555832a86566d3489b5db
notSPIKEfile is a Linux based file format fuzzing tool. It was designed to automate the launching of applications and detection of exceptions caused by fuzzed files. It operates on an existing valid file and creates fuzzed files. It utilizes ptrace to pick up interesting signals and dump register state.
a2711126e8e8aebe618ca5d104cfa7e7468de6b5e3b1deee14a96dc6200dd065
FileFuzz is a graphical, Windows based file format fuzzing tool. FileFuzz was designed to automate the creation of abnormal file formats and the execution of applications handling these files. FileFuzz also has built in debugging capabilities to detect exceptions resulting from the fuzzed file formats.
5a48c119109eb4bb7ff3b47201cae195735e48aa12255c9ab609f151d6fd7ee7
SPIKEfile is a Linux based file format fuzzing tool, based on SPIKE 2.9. It was designed to automate the launching of applications and detection of exceptions caused by fuzzed files. It uses standard SPIKE scripts to generate files and utilizes ptrace to pick up interesting signals and dump register state.
56cfbaebafdad233b4cdf6e8075cef5dfbee94c35cdf1f519178d47016e00352
Fuzzer that can be used for checking MSN passwords.
521db0a578c99849bb4ff77e2e8ff2bc390250a62b23e6d3745e1d4c6438a370
SNMP fuzzer uses Protos test cases with an entirely new engine written in Perl. It provides efficient methods of determining which test case has caused a fault, offers more testing granularity and a friendlier user interface. Happy vulnerability searching.
6f8e40ebced231abc98ee810fa50e440085cb8daf39fb376e11fd4e3630cfc37
Fuzzer version 1.1 is a multi protocol fuzzing tool written in Python. It can be used to find new SQL injection, format string, buffer overflow, directory traversal, and other vulnerabilities. Written with portability in mind.
ad4a7916cf9cce84ab9c2dce475b0ed875adddeb4bfc8ab1b7d78dbc34a6ed3c
Efuzz is an easy to use Win32 tcp/udp protocol fuzzer which finds unknown buffer overflows in local and remote services. Uses config files to define the range of malformed requests. Includes C source, released under GPL.
83c25ea1e5b3ca8eaa392c20d213c89de0afe7961f65d36d43a2f77976f63a9c
Scratch is an advanced protocol destroyer ("fuzzer") which can routinely find a wide variety of vulnerabilities from a simple packet. scratch does complex parsing of binary files to determine what to fuzz with what data. scratch also comes with a framework for fuzzing binary protocols such as SSL and SMB.
26861096b53a0495f71b6d7d37d347060e88af1e0f19d6cfcce6269219675691
Webscan is a web site fuzzer that checks for remote vulnerabilities such as sql injection, cross site scripting, remote code execution, file disclosure, directory traversal, php includes, shell escapes, and insecure perl open() calls.
eafcdbf028f048e0942fbbf8b91c58bc7470b0555231101283ddfcebf8e7b45f
MielieTool v.1.0 is an easy to use Perl based web application "fuzzer". It supports fuzzing of CGIs in forms and links and supports multiple sites. Requires HTTrack, Lynx, grep, find, and rm.
efe615a070bb52a86f4508d814701ed4d6a3c1ea75ca01531f7e8a5ad1cf4e47