Search Results for "fuzzing"
Sort By:
Showing 37 open source projects for "fuzzing"
View related business solutions-
The #1 Embedded Analytics Solution for SaaS Teams.Qrvey’s comprehensive embedded analytics software enables you to design more customizable analytics experiences for your end users.
-
Software Testing Platform | TesteumTired of bugs and poor UX going unnoticed despite thorough internal testing? Testeum is the SaaS crowdtesting platform that connects mobile and web app creators with carefully selected testers based on your criteria.
-
1
ClusterFuzz
Scalable fuzzing infrastructure
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs). Fully automatic bug filing, triage and closing for various issue trackers (e.g. Monorail, Jira). Supports... -
2
SecLists
The Pentester’s Companion
SecLists is the ultimate security tester’s companion. It is a collection of various types of lists commonly used during security assessments, all in one place. SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo... -
3
Agentic Security
Agentic LLM Vulnerability Scanner / AI red teaming kit
The open-source Agentic LLM Vulnerability Scanner. -
4
sh
A shell parser, formatter, and interpreter with bash support
A shell parser, formatter, and interpreter. Supports POSIX Shell, Bash, and mksh. Requires Go 1.16 or later. To parse shell scripts, inspect them, and print them out, see the syntax examples. For high-level operations like performing shell expansions on strings, see the shell examples. shfmt formats shell programs. See canonical.sh for a quick look at its default style. shfmt formats shell programs. If the only argument is a dash (-) or no arguments are given, standard input will be used. If... -
Red Hat Enterprise Linux on Microsoft AzureRed Hat Enterprise Linux (RHEL) on Microsoft Azure provides a secure, reliable, and flexible foundation for your cloud infrastructure. Red Hat Enterprise Linux on Microsoft Azure is ideal for enterprises seeking to enhance their cloud environment with seamless integration, consistent performance, and comprehensive support.
-
5
Echidna
Ethereum smart contract fuzzer
Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley) More seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smarts contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts... -
6
libplist
A library to handle Apple Property List format in binary or XML
A small portable C library to handle Apple Property List files in binary, XML, JSON, or OpenStep format. -
7
Jazzer
Coverage-guided, in-process fuzzing for the JVM
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. -
8
Lighthouse Ethereum
Ethereum consensus client in Rust
....) and also configuring and managing servers. You'll also need at least 32 ETH! Security-focused. Fuzzing techniques have been continuously applied and several external security reviews have been performed. Built in Rust, a modern language providing unique safety guarantees and excellent performance (comparable to C++). Funded by various organizations, including Sigma Prime, the Ethereum Foundation, ConsenSys, the Decentralization Foundation and private individuals. -
9
µWebSockets
Compliant web server for the most demanding of applications
Being meticulously optimized for speed and memory footprint, µWebSockets is fast enough to do encrypted TLS 1.3 messaging quicker than most alternative servers can do even unencrypted, cleartext messaging. Furthermore, we partake in Google's OSS-Fuzz with a ~95% daily fuzzing coverage with no sanitizer issues. LGTM scores us flawless A+ from having zero CodeQL alerts and we compile with pedantic warning levels. µWebSockets is written entirely in C & C++ but has a seamless integration... -
Start building the next generation of GenAI apps todayMongoDB Atlas is a fully-managed developer data platform built by developers, for developers. With tight integration to Google Cloud services such as Vertex AI and BigQuery, you can accelerate application deployment to stay at the forefront of AI innovation.
-
10
zlib-ng
zlib replacement with optimizations for "next generation" systems
zlib data compression library for the next-generation systems. Zlib-compatible API with support for dual-linking. Modernized native API based on zlib API for ease of porting. Modern C11 syntax and a clean code layout. Deflate medium and quick algorithms based on Intel’s zlib fork. -
11
DynamoRIO
Dynamic Instrumentation Tool Platform
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful... -
12
SocketRocket
A conforming Objective-C WebSocket client library
A conforming WebSocket (RFC 6455) client library for iOS, macOS and tvOS. SocketRocket currently conforms to all core ~300 of Autobahn's fuzzing tests (aside from two UTF-8 ones where it is merely non-strict tests 6.4.2 and 6.4.4). SocketRocket is asynchronous and non-blocking. Most of the work is done on a background thread. You can include SocketRocket as a subproject inside of your application if you'd prefer, although we do not recommend this, as it will increase your indexing time... -
13
0d1n
Web security tool to make fuzzing at HTTP inputs, made in C
0d1n is a Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to search anomalies. At other point view this anomalies can be a vulnerability, These tests can follow web parameters, files, directories, forms and others. -
14
Offensive Web Testing Framework
Offensive Web Testing Framework (OWTF), is a framework
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time to see the big picture and think out of the box. More efficiently find, verify and combine vulnerabilities. Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions. Perform more tactical/targeted fuzzing... -
15
DNWebSocket
WebSocket(RFC-6455) library written using Swift
Object-Oriented, Swift-style WebSocket Library (RFC 6455) for Swift-compatible Platforms. -
16
ansvif
An advanced cross platform fuzzing framework suited to find code bugs.
ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids... -
17
RND
Random data generator: secure character streams and large files
Generate a lot of random junk. Create: • huge files • random character stream • specific character sequence Example uses - generate: • specific number of characters for testing web forms • restricted range character stream • control characters, 'high characters', emojis for fuzzing application input • specific byte sequence • Unicode character range • file overwrites to the exact byte count • custom text strings as content filler • long password strings • specific file... -
18
OWASP Zed Attack Proxy
Find web application vulnerabilities the easy way!
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Note that this project is no longer used for hosting the ZAP downloads. You should download ZAP via https://github.com/zaproxy/zaproxy/wiki/Downloads Please see the homepage for more information about OWASP ZAP -
19
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific... -
20
BHS Debian (Hades Update)
BHS debian (testing) jessie/sid
BHS (Debian) New BHS release Based on Debian jessie/sid Kermel 3.12 KDE 4.11 Debian style and look Custom scripts!! Defcon tools!! New wifi scripts Multiarch support Top tools username: root password: BHS note: Don't forget to run the script located on the desktop to install the missing tools,because without to run it the menu will not be functional,if you not see it just download from here in the file section..sorry for the delay the upload stack for 2... -
21
hwk
hwk is a tool used for wireless lan pentests
hwk is an easy-to-use application used to attack and discover wireless networks. It's providing various modes such as authentication/deauthentication flood, beacon and probe response fuzzing. -
22
-
23
The OWASP JBroFuzz Project is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.
-
24
-
25
WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be teste