Search Results for "fuzzing"
Sort By:
Showing 64 open source projects for "fuzzing"
View related business solutions-
Application Monitoring That Won't Slow Your App DownFull APM with errors, performance, logs, and uptime monitoring. 99.999% uptime SLA on the platform itself.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
ClusterFuzz
Scalable fuzzing infrastructure
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs). -
2
Echidna
Ethereum smart contract fuzzer
...Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Curses-based retro UI, text-only or JSON output. -
3
OSS-Fuzz
OSS-Fuzz - continuous fuzzing for open source software
...Fuzz testing is a proven method for uncovering programming errors such as buffer overflows and memory leaks, which can lead to severe security vulnerabilities. By leveraging guided in-process fuzzing, Google has already identified thousands of issues in projects like Chrome, and this initiative extends the same capabilities to the broader open source community. OSS-Fuzz integrates modern fuzzing engines with sanitizers and runs them at scale in a distributed environment, providing automated testing and continuous monitoring. ... -
4
Agentic Security
Agentic LLM Vulnerability Scanner / AI red teaming kit
The open-source Agentic LLM Vulnerability Scanner. -
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
5
syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
...The system integrates tightly with sanitizers such as KASAN, KMSAN, KCSAN, and UBSAN to surface memory safety, concurrency, and undefined behavior issues with actionable reports. A distributed architecture coordinates many fuzzing VMs, collects crash signatures, deduplicates them, and bisects to the first bad commit when possible. syzkaller maintains per-kernel “syz” descriptions so it understands arguments, flags, and resources of thousands of syscalls and ioctls across Linux and other kernels. It also ships sophisticated reproducers and minimization routines so developers get small, deterministic test cases they can run locally to fix bugs quickly. -
6
dnstwist
Detects phishing and lookalike domains using DNS fuzzing techniques
...Security teams can use the tool to discover potential threats where attackers attempt to deceive users with lookalike domains. dnstwist also helps detect phishing activity by comparing web page content and visual similarity between domains using fuzzy hashing and perceptual hashing techniques. By automating DNS fuzzing and analysis, it provides organizations with an additional source of targeted threat intelligence. The tool can output results in structured formats, making it easier to integrate with security workflows or further analyze suspicious domains. -
7
Honggfuzz
Security oriented software fuzzer
honggfuzz is a general-purpose, high-performance fuzzer that mixes coverage feedback with practical crash triage to uncover memory-safety and logic bugs. It supports multiple fuzzing modes—stdin, file, and networking—so targets can be exercised the same way they run in production. Instrumentation via compiler hooks or hardware/perf counters guides mutations toward previously unseen edges, while persistent mode keeps the target process alive to amortize startup costs. The tool integrates tightly with sanitizers and can attach to already running processes, making it convenient for both white-box and black-box fuzzing. ... -
8
GooFuzz
OSINT fuzzing tool using Google dorks to find exposed resources
GooFuzz is an open source security tool designed to perform fuzzing using an OSINT-based approach by leveraging advanced Google search techniques. It is written in Bash and automates the use of Google Dorking queries to discover publicly accessible information related to a target domain. Instead of directly sending requests to the target server, GooFuzz gathers results through search engine indexing, allowing enumeration without leaving traces in the target’s server logs. -
9
SecLists
The Pentester’s Companion
...SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo onto a new testing box and he’ll have access to every type of list he may require. -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
10
FISSURE
The RF and reverse engineering framework for everyone
...It is designed as a practical environment for researchers and operators who need to move from raw spectrum observation to structured investigation without stitching together too many separate utilities by hand. The platform supports workflows related to signal discovery, demodulation, packet inspection, fuzzing, and attack simulation, making it useful for both defensive research and controlled lab testing. Its architecture is oriented toward extensibility, so users can integrate additional hardware, signal-processing components, and protocol-specific modules depending on their needs. -
11
FuzzyAI Fuzzer
A powerful tool for automated LLM fuzzing
FuzzyAI is an open-source fuzzing framework designed to test the security and reliability of large language model applications. The tool automates the process of generating adversarial prompts and input variations to identify vulnerabilities such as jailbreaks, prompt injections, or unsafe model responses. It allows developers and security researchers to systematically evaluate the robustness of LLM-based systems by simulating a wide range of malicious or unexpected inputs. -
12
Raccoon
High-performance reconnaissance and vulnerability scanning tool
...The tool combines multiple scanning techniques into a single workflow, helping users identify potential weaknesses, exposed services, and accessible resources on a target host. Raccoon can perform DNS enumeration, subdomain discovery, and URL fuzzing to uncover hidden endpoints and infrastructure components. It also integrates network scanning capabilities through tools such as Nmap to detect open ports, services, and potential vulnerabilities. By consolidating these reconnaissance tasks into a single command-line interface, Raccoon aims to streamline the early phases of security testing and provide actionable information for further investigation. -
13
OSS-Fuzz Gen
LLM powered fuzzing via OSS-Fuzz
...The goal is pragmatic: shrink the gap between “we should fuzz this” and “we have robust fuzzing running in CI,” especially for understaffed maintainers. -
14
SSRFmap
Automatic SSRF fuzzer and exploitation tool
SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans.... -
15
Atheris
A Coverage-Guided, Native Python Fuzzer
Atheris is a coverage-guided fuzzer for CPython that treats Python as a first-class fuzzing target, enabling rapid discovery of crashes and logic errors in pure-Python code and native extensions. It hooks into Python’s interpreter to collect fine-grained coverage and uses that signal to evolve inputs, pushing programs into previously unexplored code paths. Because many Python libraries are thin wrappers over C/C++ code, Atheris is equally adept at surfacing memory safety issues in extension modules compiled with sanitizers. ... -
16
Jazzer
Coverage-guided, in-process fuzzing for the JVM
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. -
17
libplist
A library to handle Apple Property List format in binary or XML
A small portable C library to handle Apple Property List files in binary, XML, JSON, or OpenStep format. -
18
zlib-ng
zlib replacement with optimizations for "next generation" systems
zlib data compression library for the next-generation systems. Zlib-compatible API with support for dual-linking. Modernized native API based on zlib API for ease of porting. Modern C11 syntax and a clean code layout. Deflate medium and quick algorithms based on Intel’s zlib fork. -
19
sh
A shell parser, formatter, and interpreter with bash support
A shell parser, formatter, and interpreter. Supports POSIX Shell, Bash, and mksh. Requires Go 1.16 or later. To parse shell scripts, inspect them, and print them out, see the syntax examples. For high-level operations like performing shell expansions on strings, see the shell examples. shfmt formats shell programs. See canonical.sh for a quick look at its default style. shfmt formats shell programs. If the only argument is a dash (-) or no arguments are given, standard input will be used. If... -
20
Commando VM
Complete Mandiant Offensive VM (Commando VM)
...It provides an automated installer (PowerShell script) that uses Chocolatey, Boxstarter, and MyGet package feeds to download, install, and configure dozens (100+ / 170+ depending on version) of offensive, fuzzing, enumeration, and exploitation tools. The idea is to spare testers the repetitive work of hand-installing dozens of windows tools, dependencies, and configurations. Commando VM supports customization of its installation profile (you can pick subsets of tools), includes support for WSL/Kali integration, and is intended to be used in a VM to facilitate snapshot recovery and test isolation. -
21
DynamoRIO
Dynamic Instrumentation Tool Platform
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful... -
22
XRAY
XRay for recon, mapping and OSINT gathering from public networks
XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or... -
23
SocketRocket
A conforming Objective-C WebSocket client library
A conforming WebSocket (RFC 6455) client library for iOS, macOS and tvOS. SocketRocket currently conforms to all core ~300 of Autobahn's fuzzing tests (aside from two UTF-8 ones where it is merely non-strict tests 6.4.2 and 6.4.4). SocketRocket is asynchronous and non-blocking. Most of the work is done on a background thread. You can include SocketRocket as a subproject inside of your application if you'd prefer, although we do not recommend this, as it will increase your indexing time significantly. ... -
24
BoringSSL
Mirror of BoringSSL
BoringSSL is a Google-maintained fork of OpenSSL, designed specifically to meet the security, performance, and maintainability needs of Google’s infrastructure and products. While fully open source, BoringSSL is not intended for general public use — it serves as a streamlined, heavily modified SSL/TLS and cryptography library optimized for Google’s internal ecosystem, including Chrome/Chromium, Android, and other Google services. The project prioritizes security, simplicity, and... -
25
Lighthouse Ethereum
Ethereum consensus client in Rust
...You'll need to be familiar with the rules of staking (e.g., rewards, penalties, etc.) and also configuring and managing servers. You'll also need at least 32 ETH! Security-focused. Fuzzing techniques have been continuously applied and several external security reviews have been performed. Built in Rust, a modern language providing unique safety guarantees and excellent performance (comparable to C++). Funded by various organizations, including Sigma Prime, the Ethereum Foundation, ConsenSys, the Decentralization Foundation and private individuals.
