[50星][6y] [Py] debasishm89/iofuzz A mutation based user mode (ring3) dumb in-memory Windows Kernel (IOCTL) Fuzzer/Logger. This script attach it self to any given process and hooks DeviceIoControl!Kernel32 API and try to log or fuzz all I/O Control code I/O Buffer pointer, I/O buffer length that process sends to any Kernel driver.
[47星][3y] silvermoonsecurity/security-misc # Full overview of current vulnerability, exploit , fuzz, mitigation of current major Operation System(Windows, macOS, Linux, Android,iOS and so forath) and popular applicaiton
[38星][2y] [Py] walkerfuz/pydbgeng a python wrapper of debug engines on windows, linux or osx, it's only aim to auto fuzzing.
[13星][2y] [C] leonwxqian/windows-defender-nscript-loader A exe loader that can load NScript evaluation engine of Windows Defender/Microsft Security Essential. You can fuzz NScript by using this. Project was based on Tavis Ormandy(taviso)'s "Porting Windows Dynamic Link Libraries to Linux" (
[70星][7y] [JS] qburst/penq PenQ is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
[66星][6y] [JS] owasp/appsec-browser-bundle The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
[10星][6y] zsenda/stebb STeBB (Security Testing Browser Bundle ) is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
[61星][1y] [Py] graniet/operative-framework-hd operative framework HD is the digital investigation framework, you can interact with websites, email address, company, people, ip address, vulnerability fuzzing ... interact with basic/graphical view and export with XML, JSON, use database management...
[58星][9m] [HTML] leonwxqian/lucky-js-fuzz A web page based fuzzer that generates random JS statements then fuzz in the web-browser.
[55星][3y] [Py] mseclab/burp-pyjfuzz Burp Suite plugin which implement PyJFuzz for fuzzing web application.
[17星][2m] [Py] avalz/waf-a-mole A guided mutation-based fuzzer for ML-based Web Application Firewalls
[16星][2y] [CSS] sweetchipsw/sweetmon_legacy 'SWEETMON' is a fuzzer monitoring service based python3 + django. User can check their fuzzers and crashes on the web. It can reduce repetitive work for fuzz testers. This is a legacy sweetmon. The new sweetmon is now being developed
[6星][1y] [Py] mattjegan/wtfuzz A pip-installable tool used for checking the existence of different types of web resources
[2星][2y] yehgdotnet/jhijack A Java Hijacking tool for web application session security assessment. A simple Java Fuzzer that can mainly be used for numeric session hijacking and parameter enumeration. Demonstration video is also available.
[35星][5m] [Py] amossys/fragscapy Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.
[5星][2y] [Shell] foospidy/fuzzcat Rudimentary network protocol fuzzer using bash, netcat, and other tools.
[1星][2m] [Py] ins1gn1a/woollymammoth Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad character identifier, shellcode carver, and a vanilla EIP exploiter
[18星][3m] [Py] mgeeky/burpcontextawarefuzzer BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JSON; XML; GWT; binary) and following encoding-scheme applied originally.
[25星][3y] [C] guilhermeferreira/spikepp SPIKE is a protocol fuzzer creation kit. It provides an API that allows a user to create their own fuzzers for network based protocols using the C++ programming language. The tool defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service …
[23星][5y] [Py] vnik5287/wpa-autopwn WPA/WPA2 autopwn script that parses captured handshakes and sends them to the Crackq
[11星][5y] [Shell] christianpapathanasiou/jboss-autopwn JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security
[2959星][1m] secfigo/awesome-fuzzing A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
[202星][5m] [C++] mc-imperial/jfs an experimental constraint solverdesigned to investigate using coverage guided fuzzing as an incomplete strategyfor solving boolean, BitVector, and floating-point constraints.
[196星][4m] [C#] jakobbotsch/fuzzlyn Fuzzer for the .NET toolchains, developed as a project for the 2018 Language-Based Security course at Aarhus University.
[190星][21d] [Py] certcc/certfuzz This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
[189星][12m] [Haskell] cifasis/quickfuzz An experimental grammar fuzzer in Haskell using QuickCheck
[186星][1y] [Py] hexhive/t-fuzz a fuzzing tool based on program transformation, and a tool that verifies whether crashes found transformed programs are true bugs in the original program or not (coming soon).
[181星][3y] [Ruby] fuzzapi/api-fuzzer API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
[33星][2y] [PHP] jhaddix/seclists SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
[33星][2y] [Go] pbnj/s3-fuzzer A concurrent, command-line AWS S3 Fuzzer.
[24星][26d] [Py] yelp/fuzz-lightyear A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
[23星][5y] [C++] certcc/dranzer Dranzer is a tool that enables users to examine effective techniques for fuzz testing ActiveX controls
[23星][7y] [Ruby] nuke99/sqlnuke SQLNuke | Fast Performing MYSQL Injection load_file() Fuzzer
[12星][2y] [C] cocoahuke/universalmigparser Extract and generate code based on name and type for mig func/arg/request&reply member etc, ideal helper for creating monitor, tracker, fuzzer etc for Mach Remote Procedure Calls.