Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
About the developer
alphaSeclab
143 Stars 44 Forks 1 Commits 0 Opened issues
Description
Resources About Fuzzing, For Multiple Platforms And All Popular Fuzzers. 500+ Open Source Tools Sorted By Star Count, 800+ Blog Posts Sorted By Publish Time.
[88星][1y] [C++] nccgroup/dibf Windows NT ioctl bruteforcer and modular fuzzer
[77星][3y] [Py] carlosgprado/brundlefuzz BrundleFuzz is a distributed fuzzer for Windows and Linux using dynamic binary instrumentation.
[63星][1y] [C] ioactive/fuzzndis A Fuzzer for Windows NDIS Drivers OID Handlers
[50星][6y] [Py] debasishm89/iofuzz A mutation based user mode (ring3) dumb in-memory Windows Kernel (IOCTL) Fuzzer/Logger. This script attach it self to any given process and hooks DeviceIoControl!Kernel32 API and try to log or fuzz all I/O Control code I/O Buffer pointer, I/O buffer length that process sends to any Kernel driver.
[48星][7y] [C++] cr4sh/msfontsfuzz OpenType font file format fuzzer for Windows
[47星][3y] silvermoonsecurity/security-misc # Full overview of current vulnerability, exploit , fuzz, mitigation of current major Operation System(Windows, macOS, Linux, Android,iOS and so forath) and popular applicaiton
[38星][2y] [Py] walkerfuz/pydbgeng a python wrapper of debug engines on windows, linux or osx, it's only aim to auto fuzzing.
[13星][2y] [C] leonwxqian/windows-defender-nscript-loader A exe loader that can load NScript evaluation engine of Windows Defender/Microsft Security Essential. You can fuzz NScript by using this. Project was based on Tavis Ormandy(taviso)'s "Porting Windows Dynamic Link Libraries to Linux" (
[70星][7y] [JS] qburst/penq PenQ is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
[66星][6y] [JS] owasp/appsec-browser-bundle The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
[10星][6y] zsenda/stebb STeBB (Security Testing Browser Bundle ) is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
[8星][7y] [C] rgbkrk/iknowthis fuzz testing framework for Linux system calls
[95星][1y] [HTML] nytrorst/xssfuzzer XSS Fuzzer is a tool which generates XSS payloads based on user-defined vectors and fuzzing lists.
[38星][4y] [C#] cweb/unicode-hax A library to assist in security-testing Unicode enabled applications during fuzzing, XSS, SQLi, etc.
[38星][7y] [Py] matthewdfuller/intellifuzz-xss An adaptive, intelligent XSS fuzzer that learns how the response is reflected and carefully crafts an XSS payload to match
[26星][5y] [Go] rverton/xssmap (DOM-)XSS fuzzer based on phantomjs and go.
[61星][1y] [Py] graniet/operative-framework-hd operative framework HD is the digital investigation framework, you can interact with websites, email address, company, people, ip address, vulnerability fuzzing ... interact with basic/graphical view and export with XML, JSON, use database management...
[58星][9m] [HTML] leonwxqian/lucky-js-fuzz A web page based fuzzer that generates random JS statements then fuzz in the web-browser.
[55星][3y] [Py] mseclab/burp-pyjfuzz Burp Suite plugin which implement PyJFuzz for fuzzing web application.
[53星][2y] [JS] danigargu/urlfuzz Another web fuzzer written in NodeJS
[17星][2m] [Py] avalz/waf-a-mole A guided mutation-based fuzzer for ML-based Web Application Firewalls
[16星][2y] [CSS] sweetchipsw/sweetmon_legacy 'SWEETMON' is a fuzzer monitoring service based python3 + django. User can check their fuzzers and crashes on the web. It can reduce repetitive work for fuzz testers. This is a legacy sweetmon. The new sweetmon is now being developed
[6星][1y] [Py] mattjegan/wtfuzz A pip-installable tool used for checking the existence of different types of web resources
[5星][2y] [Py] phplaber/yawf 一个基于 OWASP 开源的 Web 漏洞模糊测试工具
[4星][2y] [Java] huvuqu/fuzz18plus Advance of fuzzing for Web pentest. Based on Burp extension, send HTTP request template out to Python fuzzer.
[2星][2y] yehgdotnet/jhijack A Java Hijacking tool for web application session security assessment. A simple Java Fuzzer that can mainly be used for numeric session hijacking and parameter enumeration. Demonstration video is also available.
[44星][1y] [Perl] wireghoul/doona Network based protocol fuzzer
[35星][5m] [Py] amossys/fragscapy Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.
[20星][4m] [Py] m-zakeri/iustdeepfuzz A file format fuzzer base on deep neural networks.
[5星][2y] [Shell] foospidy/fuzzcat Rudimentary network protocol fuzzer using bash, netcat, and other tools.
[1星][2m] [Py] ins1gn1a/woollymammoth Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad character identifier, shellcode carver, and a vanilla EIP exploiter
[208星][4m] [Java] h3xstream/http-script-generator ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
[18星][3m] [Py] mgeeky/burpcontextawarefuzzer BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JSON; XML; GWT; binary) and following encoding-scheme applied originally.
[12星][3y] [Java] portswigger/reissue-request-scripter ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
[183星][8d] microsvuln/awesome-afl A curated list of different AFL forks and AFL inspired fuzzers with detailed equivalent academic papers with AFL-fuzzing tutorials
[177星][2y] [C] mcarpenter/afl DEPRECATED. Will be removed 09/2019. Please see
[282星][10m] [Py] mozillasecurity/peach Peach is a fuzzing framework which uses a DSL for building fuzzers and an observer based architecture to execute and monitor them.
[70星][3y] [C] payatu/emffuzzer Enhanced Meta File Fuzzer based on Peach Fuzzing Framework
[25星][3y] [C] guilhermeferreira/spikepp SPIKE is a protocol fuzzer creation kit. It provides an API that allows a user to create their own fuzzers for network based protocols using the C++ programming language. The tool defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service …
[77星][1m] [Py] bannsec/autopwn Automate repetitive tasks for fuzzing
[26星][2y] [Py] danmcinerney/smb-autopwn Discovers and exploits hosts vulnerable to MS08-067/MS17-010
[23星][5y] [Py] vnik5287/wpa-autopwn WPA/WPA2 autopwn script that parses captured handshakes and sends them to the Crackq
[11星][5y] [Shell] christianpapathanasiou/jboss-autopwn JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security
[536星][2m] [C++] angorafuzzer/angora Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
[2959星][1m] secfigo/awesome-fuzzing A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
[202星][5m] [C++] mc-imperial/jfs an experimental constraint solverdesigned to investigate using coverage guided fuzzing as an incomplete strategyfor solving boolean, BitVector, and floating-point constraints.
[196星][4m] [C#] jakobbotsch/fuzzlyn Fuzzer for the .NET toolchains, developed as a project for the 2018 Language-Based Security course at Aarhus University.
[190星][21d] [Py] certcc/certfuzz This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
[189星][12m] [Haskell] cifasis/quickfuzz An experimental grammar fuzzer in Haskell using QuickCheck
[186星][1y] [Py] hexhive/t-fuzz a fuzzing tool based on program transformation, and a tool that verifies whether crashes found transformed programs are true bugs in the original program or not (coming soon).
[181星][3y] [Ruby] fuzzapi/api-fuzzer API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
[147星][22d] [C] grimm-co/killerbeez A distributed fuzzer which aims to pull in the best technologies, make them play nicely together, and run on multiple O/Ses.
[107星][5y] [C] ioactive/melkorelffuzzer Melkor is a very intuitive and easy-to-use ELF file format fuzzer to find functional and security bugs in ELF parsers.
[107星][4y] [C] rootkitsmm/win32k-fuzzer Fuzz and Detect "Use After Free" vulnerability in win32k.sys ( Heap based )
[105星][5y] [Py] fooying/3102 A domain/ip fuzzing tool for vulnerability mining
[36星][5m] [Py] teebytes/tnt-fuzzer OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.
[35星][2y] [Shell] seanheelan/funserialize Scripts and auxiliary files for fuzzing PHP's unserialize function
[34星][4m] [JS] ronomon/mime Fast, robust, standards-compliant MIME decoder. Ships with extensive tests and fuzz tests.
[33星][4y] cz-nic/dns-fuzzing Repository to store unique seeds for DNS server fuzzing
[33星][2y] [PHP] jhaddix/seclists SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
[33星][2y] [Go] pbnj/s3-fuzzer A concurrent, command-line AWS S3 Fuzzer.
[25星][2m] [Py] mozillasecurity/laniakea Laniakea is a utility for managing instances at various cloud providers and aids in setting up a fuzzing cluster.
[25星][3m] [Py] mozillasecurity/avalanche Avalanche is a document generator which uses context-free grammars to generate randomized outputs for fuzz-testing.
[24星][1m] [C++] curl/curl-fuzzer Quality assurance testing for the curl project
[24星][26d] [Py] yelp/fuzz-lightyear A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
[23星][5y] [C++] certcc/dranzer Dranzer is a tool that enables users to examine effective techniques for fuzz testing ActiveX controls
[23星][7y] [Ruby] nuke99/sqlnuke SQLNuke | Fast Performing MYSQL Injection load_file() Fuzzer
[13星][Elm] janiczek/elm-architecture-test [Elm 0.18] A library for fuzz testing TEA models by simulating user interactions
[13星][3y] [Py] lucaboni92/bluefuzz BlueFuzz is a Bluetooth fuzz tester. The scanner is general purpose, while the pseudo-random data generator is customized for OBDII - Bluetooth car adapter.
[12星][2y] [C] cocoahuke/universalmigparser Extract and generate code based on name and type for mig func/arg/request&reply member etc, ideal helper for creating monitor, tracker, fuzzer etc for Mach Remote Procedure Calls.
[4星][10m] [Py] mozillasecurity/orangfuzz [Deprecated and unmaintained] An experimental UI fuzzer based on the orangutan framework for Firefox OS devices
We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.