Search Results for "fuzzer"
Sort By:
Showing 53 open source projects for "fuzzer"
View related business solutions-
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
1
FuzzyAI Fuzzer
A powerful tool for automated LLM fuzzing
FuzzyAI is an open-source fuzzing framework designed to test the security and reliability of large language model applications. The tool automates the process of generating adversarial prompts and input variations to identify vulnerabilities such as jailbreaks, prompt injections, or unsafe model responses. It allows developers and security researchers to systematically evaluate the robustness of LLM-based systems by simulating a wide range of malicious or unexpected inputs. The framework can... -
2
Woke
Woke is a Python-based development and testing framework for Solidity
Woke is a Python-based development and testing framework for Solidity. A testing framework for Solidity smart contracts with Python-native equivalents of Solidity types and blazing-fast execution. A property-based fuzzer for Solidity smart contracts that allows testers to write their fuzz tests in Python. See examples and documentation for more information. Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts. Woke implements an LSP server for Solidity. The only currently supported communication channel is TCP. -
3
ClusterFuzz
Scalable fuzzing infrastructure
...Supports multiple coverage guided fuzzing engines (libFuzzer, AFL, AFL++ and Honggfuzz) for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase. -
4
Flipper Zero Unleashed Firmware
Flipper Zero Unleashed Firmware
Flipper Zero Unleashed Firmware. This software is for experimental purposes only and is not meant for any illegal activity/purposes. We do not condone illegal activity and strongly encourage keeping transmissions to legal/valid uses allowed by law. Also, this software is made without any support from Flipper Devices and is in no way related to the official devs. -
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
5
Atheris
A Coverage-Guided, Native Python Fuzzer
Atheris is a coverage-guided fuzzer for CPython that treats Python as a first-class fuzzing target, enabling rapid discovery of crashes and logic errors in pure-Python code and native extensions. It hooks into Python’s interpreter to collect fine-grained coverage and uses that signal to evolve inputs, pushing programs into previously unexplored code paths. Because many Python libraries are thin wrappers over C/C++ code, Atheris is equally adept at surfacing memory safety issues in extension modules compiled with sanitizers. ... -
6
Honggfuzz
Security oriented software fuzzer
honggfuzz is a general-purpose, high-performance fuzzer that mixes coverage feedback with practical crash triage to uncover memory-safety and logic bugs. It supports multiple fuzzing modes—stdin, file, and networking—so targets can be exercised the same way they run in production. Instrumentation via compiler hooks or hardware/perf counters guides mutations toward previously unseen edges, while persistent mode keeps the target process alive to amortize startup costs. -
7
syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
syzkaller is Google’s coverage-guided, feedback-driven kernel fuzzer designed to uncover reliability and security bugs in operating system kernels at scale. It automatically generates, mutates, and minimizes system call programs, then drives them through a specialized executor (syz-executor) to exercise deep kernel paths. The system integrates tightly with sanitizers such as KASAN, KMSAN, KCSAN, and UBSAN to surface memory safety, concurrency, and undefined behavior issues with actionable reports. ... -
8
bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks
bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks. -
9
Jazzer
Coverage-guided, in-process fuzzing for the JVM
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. -
Stop Storing Third-Party Tokens in Your DatabaseRolling your own OAuth token storage can be a security liability. Token Vault securely stores access and refresh tokens from federated providers and handles exchange and renewal automatically. Connected accounts, refresh exchange, and privileged worker flows included.
-
10
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web... -
11
Echidna
Ethereum smart contract fuzzer
Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley) More seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smarts contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in... -
12
SSRFmap
Automatic SSRF fuzzer and exploitation tool
SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans.... -
13
silverbullet config AdsVictory
A modular SilverBullet configuration for authorized password‑audit
This SilverBullet configuration provides a lightweight, scriptable environment to perform controlled security assessments on the AdsVictory platform. It integrates directly into SilverBullet’s notebook interface, allowing you to run password‑cracking simulations, dictionary attacks, and login brute‑force tests – all from within your markdown pages. Important: This tool is intended only for ethical security testing on systems you own or have explicit written permission to test.... -
14
Filebuster
An extremely fast and flexible web fuzzer
Filebuster is an extremely fast and flexible web fuzzer designed for content discovery. Written in Perl, it utilizes efficient HTTP handling to quickly identify hidden files and directories on web servers, aiding in security assessments. -
15
FuzzBench
FuzzBench - Fuzzer benchmarking as a service
FuzzBench is a large-scale, open research platform developed by Google to evaluate and benchmark fuzzers — automated software testing tools that detect vulnerabilities through randomized input generation. It provides a standardized, reproducible environment for comparing the performance and effectiveness of different fuzzing algorithms on real-world software targets. FuzzBench integrates with the OSS-Fuzz infrastructure, allowing it to run experiments on authentic open source projects and... -
16
vaf
Vaf is a cross-platform very advanced and fast web fuzzer
VAF (Vulkan Application Framework) is a framework for developing Vulkan applications in Nim, simplifying the process of working with the Vulkan API. -
17
0d1n
Web security tool to make fuzzing at HTTP inputs, made in C
0d1n is a Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to search anomalies. At other point view this anomalies can be a vulnerability, These tests can follow web parameters, files, directories, forms and others. -
18
Fuzzer Test Suite
Set of tests for fuzzing engines
The Fuzzer Test Suite is a collection of real-world, bug-rich targets used to evaluate and compare fuzzers under controlled conditions. Rather than synthetic micro-benchmarks, it packages build scripts, corpora, and known-crash oracles so fuzzer authors can measure time-to-crash, coverage growth, and stability. Each target is configured to integrate with common sanitizers, ensuring memory safety bugs surface with precise diagnostics. -
19
American Fuzzy Lop
American fuzzy lop - a security-oriented fuzzer
AFL (American Fuzzy Lop) is a widely used graybox fuzzer that discovers bugs by mutating inputs and steering execution using lightweight instrumentation. Instead of random mutations alone, it uses coverage feedback to evolve input corpora, pushing programs into deeper and more interesting code paths. Its workflow emphasizes quick start: point it at a target binary with compile-time instrumentation (or use QEMU-based mode when recompilation isn’t possible), seed it with a small corpus, and let it iterate. ... -
20
BlackWidow
Python web scanner for OSINT gathering and OWASP vulnerability fuzzing
BlackWidow is a Python-based web application scanning tool designed to crawl target websites and collect open-source intelligence (OSINT) while identifying potential security vulnerabilities. It functions as a web spider that systematically explores a site to gather valuable information such as URLs, dynamic parameters, subdomains, email addresses, and phone numbers associated with the target domain. By automatically extracting this data, BlackWidow helps security professionals and... -
21
PHP mini vulnerability suite
Multiple server/webapp vulnerability scanner
github: https://github.com/samedog/phpmvs -
22
ansvif
An advanced cross platform fuzzing framework suited to find code bugs.
ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. ... -
23
SWF Investigator
Adobe SWF Investigator enables full analysis of SWF applications.
...From a dynamic perspective, you can call functions within the SWF, load the SWF in various contexts, communicate via local connections and send messages to Action Message Format (AMF) endpoints. SWF Investigator contains an extensible fuzzer for SWF applications and AMF services, so you can search for common Web application attacks. This toolset also provides a variety of utilities including encoders and decoders for SWF data, as well as a basic AS3 compiler. -
24
DotDotPwn
DotDotPwn - The Directory Traversal Fuzzer
DotDotPwn is a flexible and intelligent fuzzer designed to discover directory traversal vulnerabilities in various software, including HTTP, FTP, and TFTP servers, as well as web platforms like CMSs and ERPs. It supports multiple protocols and can be used in scripting environments. -
25
Peach Fuzzer Community Edition
Cross-platform smart fuzzer
This project has been moved to GitLab at https://gitlab.com/peachtech/peach-fuzzer-community.
