Exploit the possiblities
Showing 1 - 25 of 123 RSS Feed

Files

Ansvif 1.8.1
Posted Oct 26, 2017
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: Bug fixes and a new option to let you control if null characters are in the fuzz.
tags | tool, fuzzer
systems | unix
MD5 | 958bee7b83ae584ad404b7efaa9635ac
Fuzzing Font Parsing
Posted Oct 23, 2017
Authored by James Fell

This article presents a cross-platform test harness written in Python that assists the user in searching for vulnerabilities in web browsers, specifically by fuzzing their font parsing functionality. The tool automates the delivery of test cases (font files in this context) into a web browser. The creation of a corpus of mutated TTF font files suitable for use in fuzzing is also covered.

tags | tool, web, vulnerability, python, fuzzer
systems | unix
MD5 | 9836d6b3407dbfd2c3fa9eee3efaf3c7
Ansvif 1.8
Posted Sep 12, 2017
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes some touchups to the main ansvif code, better crash detection under linux, as well as a primary new feature: the frontend to ansvif.
tags | tool, fuzzer
systems | unix
MD5 | 1ab718b21b637249541d3d518f0641e9
Ansvif 1.7
Posted Apr 13, 2017
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release marks easier compiling on most modern operating systems including Windows 7, Windows 10, Linux (Redhat and Debian based distros), and OpenBSD. It may compile/work on other operating systems but has not been tested. This is mostly a source code release with lots of code cleanup, and no new features.
tags | tool, fuzzer
systems | unix
MD5 | 477bcf4f4f8b5e2294e46d20f0d9f8d1
Ansvif 1.6.2
Posted Feb 25, 2017
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release has lots of code cleanup, bug fixes, and includes a -y or -b 0 option for zero buffer size (useful with -A and -B when in use with other fuzzers), and a -K option to keep going after a crash (usually only useful when logging).
tags | tool, fuzzer
systems | unix
MD5 | cfa6a5023498f09090cfd480c310b8cd
Mobile Security Framework MobSF 0.9.3 Beta
Posted Nov 23, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer
systems | cisco, ios
MD5 | 0c1d2d101da02097ba466840e0148138
Ansvif 1.6.1
Posted Nov 21, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes a -M option for maximum arguments in the fuzz, as well as algorithmic control of ansvif fuzz testing (so that if it has already tried a particular fuzz it will not try it again, this speeds things up quite a bit).
tags | tool, fuzzer
systems | unix
MD5 | a1a9d5a417b5bbb3a4def98bfad33802
Ansvif 1.6
Posted Oct 2, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes lots of bug fixes, and better Windows compatibility. Now there is no need for the extra .dll files in the Windows version.
tags | tool, fuzzer
systems | unix
MD5 | 78574201a60bed0e73d23ea05e7aa536
Ansvif 1.5.2
Posted Jun 21, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes a bunch of bug fixes, and manual pages. No changes to the Windows code.
tags | tool, fuzzer
systems | unix
MD5 | e15781fd3ff2b6b54ffcf1146ecd200f
Ansvif 1.5.1
Posted Jun 2, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes drafted manpages for ansvif and find_suid, plus binaries rebuilt on Debian Jessie for i386 and amd64. No changes to the Windows release were made.
tags | tool, fuzzer
systems | unix
MD5 | 9d8599991090441a912825ec5a91e7c0
Ansvif 1.5
Posted May 19, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes new ways to crash programs using things like 1, -1, 0, x00 (null), etc. Also included are some minor bug fixes. It also includes binaries for most supported operating systems, Debian/Ubuntu 32 and 64 bit, Windows 10 32 and 64 bit.
tags | tool, fuzzer
systems | unix
MD5 | 07c83eab59174ada29de7b82d096a64f
Mobile Security Framework MobSF 0.9.2 Beta
Posted May 3, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Drag and Drop support, allows upto 8 files in Web GUI. Added Google Enjarify. Added procyon decompiler. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer
systems | cisco, ios
MD5 | f3df40afd37a25833c3786065c2145fd
Ansvif 1.4.2
Posted May 2, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes bug fixes, more crash code detection for Windows, and better overall crash recognition.
tags | tool, fuzzer
systems | unix
MD5 | f1424cb108c0d4a01cd5f49c2993b8af
Ansvif 1.4.1
Posted Apr 26, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes XML output support, the crash detection under Windows has been fixed, and is tested and working in Ubuntu, Windows, and OpenBSD.
tags | tool, fuzzer
systems | unix
MD5 | c77ebf6b44d2c7d120de72faa2765817
Ansvif 1.4
Posted Apr 18, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: Various updates.
tags | tool, fuzzer
systems | unix
MD5 | bd1ec5f8001ded882c1ee5421e5cce84
Ansvif 1.3.4
Posted Apr 2, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes % hex notation for fuzzing things like browsers that accept %41 (A), etc.
tags | tool, fuzzer
systems | unix
MD5 | e807932ecec741401b428e495b254044
Mobile Security Framework MobSF 0.9.1
Posted Mar 16, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK and IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Improved and responsive UI. Dynamic SSL testing. Various other updates and improvements.
tags | tool, web, vulnerability, fuzzer
systems | cisco, ios
MD5 | a8ac951b0e02bb3cc5dd36141d17023c
ShakeIt Grammar Mutation Engine Fuzzer
Posted Nov 30, 2015
Authored by Jeremy Brown

ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.

tags | tool, web, fuzzer
MD5 | 54c861884798451395aeaab5988a76c7
PKZip Fuzzing Tool
Posted Nov 14, 2015
Authored by Andrea Sindoni

This is a python script that can be used to fuzz PKZip files.

tags | python, fuzzer
MD5 | b8ac6b2f63831925b17bb3c3bf59dfbd
Melkor ELF Fuzzer 1.0
Posted Aug 19, 2014
Authored by nitr0us

Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melkor is a very intuitive and easy-to-use fuzzer to find functional (and security) bugs in ELF parsers.

tags | tool, fuzzer
systems | unix
MD5 | 65127ef2da9f89642714886ce78c6f8c
xml2 Fuzzer 1.0
Posted Aug 26, 2013
Authored by x90c

xml2 Fuzzer is a fuzzing utility that daemonizes in order to fuzz the client side of a web browser.

tags | web, fuzzer
MD5 | 1ca43872c1fd3985bebc49cea04c3ac4
TFTP Fuzzer Script
Posted Mar 26, 2012
Authored by TheXero | Site nullsecurity.net

This is a master TFTP fuzzing script that is part of the ftools series of fuzzers.

tags | tool, fuzzer
MD5 | d3b7780cecd148956c6ef097c75ad678
Back To The FUZZ'er Toolkit
Posted Mar 12, 2012
Authored by localh0t

This tool is for fuzzing different protocols such as FTP, HTTP, IMAP, and more. It also has no-protocol plugins like a file fuzzer. Written in Python.

tags | tool, web, imap, protocol, python, fuzzer
systems | unix
MD5 | fd27b7de64ad280fd5b1e9098a16c452
Simple Fuzzing Utility 0.7.0
Posted Mar 4, 2012
Authored by aaron conole | Site aconole.brad-x.com

Simple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.

Changes: Fixed a long standing bug in the memory block replacement code. Added the ability to fuzz via blocks (ala spike/sulley fuzz frameworks). Added the ability to trap crashes via a harness program.
tags | fuzzer
MD5 | e6a3e9a8269831aa4ef90b9cc1652d4c
DotDotPwn - The Directory Traversal Fuzzer 3.0
Posted Feb 11, 2012
Authored by nitr0us, chr1x

DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.

Changes: Multiple new switches and encodings added.
tags | web, vulnerability, protocol, fuzzer
systems | unix
MD5 | 3843e851177812d4d3ff4b96ba6b5e4a
Page 1 of 5
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close