Search Results for "fuzz"
Sort By:
Showing 45 open source projects for "fuzz"
View related business solutions-
Build Agents and Models on One PlatformGemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
-
Stop Storing Third-Party Tokens in Your DatabaseRolling your own OAuth token storage can be a security liability. Token Vault securely stores access and refresh tokens from federated providers and handles exchange and renewal automatically. Connected accounts, refresh exchange, and privileged worker flows included.
-
1
OSS-Fuzz
OSS-Fuzz - continuous fuzzing for open source software
OSS-Fuzz is a large-scale fuzz testing platform developed by Google to improve the security and reliability of widely used open source software. Fuzz testing is a proven method for uncovering programming errors such as buffer overflows and memory leaks, which can lead to severe security vulnerabilities. By leveraging guided in-process fuzzing, Google has already identified thousands of issues in projects like Chrome, and this initiative extends the same capabilities to the broader open source community. ... -
2
ClusterFuzz
Scalable fuzzing infrastructure
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs). Fully automatic bug filing, triage and closing for various issue trackers (e.g. ... -
3
Jazzer
Coverage-guided, in-process fuzzing for the JVM
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. -
4
OSS-Fuzz Gen
LLM powered fuzzing via OSS-Fuzz
OSS-Fuzz-Gen is a companion project that helps automatically create or improve fuzz targets for open-source codebases, aiming to increase coverage in OSS-Fuzz with minimal maintainer effort. It analyses a library’s APIs, examples, and tests to propose harnesses that exercise parsers, decoders, or protocol handlers—precisely the code where fuzzing pays off. -
Stop Cyber Threats with VM-Series Next-Gen Firewall on AzureGain integrated visibility across all traffic in a single pass. Deploy Palo Alto Networks VM-Series to determine application identity and content while automating security policy updates via rich APIs.
-
5
Woke
Woke is a Python-based development and testing framework for Solidity
...A testing framework for Solidity smart contracts with Python-native equivalents of Solidity types and blazing-fast execution. A property-based fuzzer for Solidity smart contracts that allows testers to write their fuzz tests in Python. See examples and documentation for more information. Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts. Woke implements an LSP server for Solidity. The only currently supported communication channel is TCP. -
6
Starknet Foundry
Blazing fast toolkit for developing Starknet contracts
...It is useful for developers who need testing, deployment, transaction handling, chain data access, and contract interaction tools in one workflow. The toolkit supports advanced development needs such as cheatcodes, state forking, fuzz testing, multicall, parallel test execution, and debugging-oriented utilities. Its main value is giving Starknet developers a Foundry-style experience tailored to Cairo and Starknet contract development. -
7
OSV.dev
Open source vulnerability DB and triage service
...This repository contains the full infrastructure code for deploying osv.dev on Google Cloud Platform, including Terraform configurations, APIs, data pipelines, indexers, and background workers for vulnerability ingestion and impact analysis. It also integrates with automated feeds from sources like NVD and OSS-Fuzz, enabling continuous updates and high data accuracy. -
8
Atheris
A Coverage-Guided, Native Python Fuzzer
...Because many Python libraries are thin wrappers over C/C++ code, Atheris is equally adept at surfacing memory safety issues in extension modules compiled with sanitizers. The tool integrates smoothly with Python’s packaging and unit-test ecosystems, so you can wrap existing tests as fuzz targets and keep results understandable. It supports structured input strategies and custom mutators, which is especially helpful for text and data formats common in Python workloads. In practice, Atheris compresses weeks of edge-case brainstorming into hours of automated exploration with actionable, minimized reproductions. -
9
libplist
A library to handle Apple Property List format in binary or XML
A small portable C library to handle Apple Property List files in binary, XML, JSON, or OpenStep format. -
Secure File Transfer for Windows with Cerberus by RedwoodCerberus supports unlimited users and connections on a single IP, with built-in encryption, 2FA, and a browser-based web client — all deployable in under 15 minutes with a 25-day free trial.
-
10
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc. -
11
markdown-rs
CommonMark compliant markdown parser in Rust with ASTs and extensions
markdown-rs is an open-source markdown parser written in Rust. It’s implemented as a state machine (#![no_std] + alloc) that emits concrete tokens, so that every byte is accounted for, with positional info. The API then exposes this information as an AST, which is easier to work with, or it compiles directly to HTML. While most markdown parsers work towards compliancy with CommonMark (or GFM), this project goes further by following how the reference parsers (cmark, cmark-gfm) work, which is... -
12
sqlsmith
A random SQL query generator
SQLSmith is a fuzz testing tool for PostgreSQL that automatically generates random SQL queries to uncover bugs in the query planner and executor. It is widely used by PostgreSQL developers and database vendors to stress-test SQL features and engine behavior under edge-case conditions. SQLSmith helps improve database robustness by revealing unexpected failures. -
13
s2n-quic
An implementation of the IETF QUIC protocol
...It is built with configurability in mind—you can tune congestion control (like CUBIC), pacing, packet size discovery, and other advanced network behaviors. Extensive testing (unit, fuzz, interop) ensures protocol compliance and interoperability with other implementations. Because it is open-source under Apache 2.0, organizations can integrate it into services where low latency, multiple streams, or mobility (connection migration) matter. -
14
FuzzyAI Fuzzer
A powerful tool for automated LLM fuzzing
FuzzyAI is an open-source fuzzing framework designed to test the security and reliability of large language model applications. The tool automates the process of generating adversarial prompts and input variations to identify vulnerabilities such as jailbreaks, prompt injections, or unsafe model responses. It allows developers and security researchers to systematically evaluate the robustness of LLM-based systems by simulating a wide range of malicious or unexpected inputs. The framework can... -
15
XRAY
XRay for recon, mapping and OSINT gathering from public networks
XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. ... -
16
µWebSockets
Compliant web server for the most demanding of applications
Being meticulously optimized for speed and memory footprint, µWebSockets is fast enough to do encrypted TLS 1.3 messaging quicker than most alternative servers can do even unencrypted, cleartext messaging. Furthermore, we partake in Google's OSS-Fuzz with a ~95% daily fuzzing coverage with no sanitizer issues. LGTM scores us flawless A+ from having zero CodeQL alerts and we compile with pedantic warning levels. µWebSockets is written entirely in C & C++ but has a seamless integration for Node.js backends. This allows for rapid scripting of powerful apps, using widespread competence. ... -
17
Fastbot-Android Open Source Handbook
Testing tool for modeling GUI transitions
Fastbot_Android (Fastbot 2.0) is a model-based automated testing tool by ByteDance designed to discover stability or usability issues in Android apps by modeling GUI transitions rather than relying purely on random interactions. It blends machine learning and reinforcement-learning approaches to build a transition graph of UI states and use that model to intelligently explore possible user interactions — aiming to replicate more human-like usage patterns and uncover hidden bugs, crashes, or... -
18
SSRFmap
Automatic SSRF fuzzer and exploitation tool
SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans. Because SSRF often leads to lateral movement or internal network access, SSRFmap is especially useful for red-teamers and pentesters who want to explore chains rather than just the vulnerability surface. ... -
19
LFIMap
Advanced LFI Exploitation Tool
A Advanced LFI Exploitation Tool offer Bypass WAF and Plugins and support Large of LFI Technique and scan customization and user friendly -
20
GraphQLmap
GraphQLmap is a scripting engine to interact with endpoints
...For a pentester, GraphQLmap speeds up discovery and exploitation workflows: you don’t just test known endpoints—you enumerate schema, fuzz fields, and chain queries. It offers a CLI, supports various HTTP methods, custom headers, proxies, and is designed to work with real-world GraphQL deployments. -
21
FuzzBench
FuzzBench - Fuzzer benchmarking as a service
...It provides a standardized, reproducible environment for comparing the performance and effectiveness of different fuzzing algorithms on real-world software targets. FuzzBench integrates with the OSS-Fuzz infrastructure, allowing it to run experiments on authentic open source projects and collect meaningful data on crash discovery rates, code coverage, and bug-finding efficiency. The service includes an easy-to-use API for integrating custom fuzzers and an automated reporting system that generates detailed statistical analyses, comparative graphs, and significance testing. ... -
22
Dapp tools by DappHub
Dapp, Seth, Hevm, and more
Command line tools and smart contract libraries for Ethereum smart contract development. All you need Ethereum development tool. Build, test, fuzz, formally verify, debug & deploy solidity contracts. Ethereum CLI. Query contracts, send transactions, follow logs, slice & dice data. Testing-oriented EVM implementation. Debug, fuzz, or symbolically execute code against local or mainnet state. Sign Ethereum transactions from a local keystore or hardware wallet. dapptools is currently in a stage of clandestine development where support for the casual user may be deprived. ... -
23
Z Word Tools
Write, check, index and diagram Z specifications in Microsoft Word.
Tools to allow Z specifications to be written in Microsoft Word. Includes a unicode font for Z symbols. Provides: WYSIWYG editing fully integrated into Word; Typechecking using fuzz (for Spivey Z) or CZT (for ISO standard Z); Indexing and cross-referencing; Diagrams of specification structure; Conversion from Spivey to Standard Z- also available as a stand-alone program and Java class for non-windows users. See project website for details. -
24
gofuzz
Fuzz testing for go
gofuzz is a lightweight fuzzing utility for Go that rapidly generates randomized, edge-case-heavy inputs to populate structs, maps, slices, and scalar fields. It’s engineered to make property tests productive by automatically traversing nested types and supplying varied values, including zero values, extremes, and random strings or byte sequences. Because it respects Go’s type system, it can generate valid shapes for complex generic or composite types with very little setup. Users can... -
25
Wraith
A responsive screenshot comparison tool
...In the 'component' example config, you can see how we specify a component name, domain path and selector we want to capture. All config options will be placed in a YAML config file. You set the headless browser, diff mode, threshold, fuzz amount and screen widths.
