Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
5eabcb34e63989ed4f5642d912c8641cae186311d69337401092b6d50f806e3a
DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
dc08b1efa2acdffd376cece72189cb8862611ee023be690fd9a155d4b30878b6
FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.
64a2478b6758505b56ea79a765292e926f190b7255790d538d7a95e688fd16bb
Simple Fuzzer is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
7fcf7aee05ab2a2049ef8d39184286e639df7b34f15f5b6e43a24ec87d86dc8a
Spiderpig is a PDF fuzzing utility written in python.
eb4561c3095ec8870ccb83e8a9d8b30853581c6d9f25f9ca1d5c4ef9db399fda
This fuzzing tool is called the Full Automated Column Finder for SQL Injection.
bfbe4a7195685d5454916ac4e95631f9b811f07162b4f4639b8b87e080458a5c
CGIFuzz is a python script for scanning 592 CGI paths on a given target.
177ed70a172eb1bc8a2d15a737d3f66e18b2b99936371119b4e6c2d041c701c8
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
4b155cf351dd40779ed2072e91577f2f88a44dcb2107b9f16f9f9db217bf3779
Browser Fuzzer 3 (bf3) is a comprehensive web browser fuzzer that fuzzes CSS, DOM, HTML and JavaScript.
ab072a52f4342b6af64d4ce2b1a3e18aae40f2dd2bcb3ddffb4cd1711e4150d1
2^6 TCP control bit fuzzer (no ECN or CWR).
acfc236162c8e9847ca2d395fb48be29cbbc9dc349fb97ccdf40724996d73882
DeepToad is a tool for computing fuzzy hashes from files. DeepToad can generate signatures, clusterize files and/or directories and compare them. It's inspired in the very good tool ssdeep and, in fact, both projects are very similar. The complete project is written in pure python and is distributed under the LGPL license.
195b3d4c57d15a6fee7b7136f3351f12f13fb9a8144df5002b92a4485043bd1a
This small perl script is a generic random remote fuzzer.
f4bddba1bc5967ea0646d047d5e4b798651d79d68b89137957542fd3a0fcb94b
This is the ICMPv4/IP fuzzer prototype code.
35272cf0bbd351d1c3768a01705b36f56401acf729c58cd4d80efa24fbe4308b
4f is the file format fuzzing framework.
008ec7e8c205931119fd3a3bc5f03ef58d628982adc30a9530caaae62cf58313
Fuzzgrind is a fully automatic fuzzing tool, generating test files with the purpose of discovering new execution paths likely to trigger bugs and potentially vulnerabilities. It is based on the concept of symbolic execution. Thus, the tool starts from a file considered valid by the software under test, and analyses the execution path to extract any constraints tied to branch instructions followed by this software. By resolving constraints one by one, Fuzzgrind will alter the valid file to explore possible new branches of the software under test, in order to discover new vulnerabilities.
1647ac2ac494e2a8033936f8ac52d252a482907419e181e11a74a9df3fc61c22
Asterisk UDP IAX protocol fuzzing utility.
38cb2e5ced48810f3028ffd78c79418cf6e9221460e97e695f38258c47928e40
darkTouch is a fuzzer that attempts to fingerprint the structure of a website. Written in Python.
86a99f55e9fc32eee675bdba41eff23d4356b6004f52b1c0b400498cbd083d37
Hzzp is a HTTP compliant client and server fuzzer. Hzzp's main features include HTTP response and request fuzzing, authentication fuzzing, query parameter fuzzing, and automatic or manual exploit generation.
7407b05d1cf6bb1faff9f84cb8b6c90807c711fc7d4cb78481ca10533173aeea
Simple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
e244dc374f84c63b7a6cfac17c78eed576e3b6cb4d0a536d0a32bb866d67896b
SQL fuzzing tool that will find all table names, column names for specified table, mysql version, username of mysql, database, perform load_file() on sites vulnerable to SQL injection.
04567fd7758525a5ed5dcfa916d706b33ffcb6470163b2634fac2e099cbeb3bf
fzem is a MUA (mail user agent) fuzzer that fuzzes MAIL/MIME email headers as well as how clients handle SMTP, POP and IMAP responses.
599f60cea508535311603dca6768627d03bd9bcd767d3a2b1e4e869a9ece418a
SQL Fuzzer version 1.0 that is written in Python. Yes, another one.
a256fb6b24c4beebaa2c4be61642c4ed8d7c9cd5a7ca09a09243505f152f00e3
Browser Fuzzer 2 (bf2) is a comprehensive web browser fuzzer that fuzzes CSS, DOM, HTML and JavaScript.
9c0853e1720bef8ed4d5727782ddb76c3ffde6981e51439d0fe5e1c930239e27
JPEGfuzr is a perl implementation of fuzzing JPEG metadata through the Image::MetaData::JPEGextension. It supports 40 metadata tags and fuzzes all, one by one, using the fuzz data supplied.
86cb09fe538e1caa7760c78fd8bf3239fd3c35e7f10d1b9fc656c06987ee2ac6
VNCrush is a VNC server fuzzing utility.
8eb9127ad1376a76157468f0e39b8c0356bd8b9858a0403259920b3f5a8af4e3