Search Results for "fuzzing"
Sort By:
Showing 56 open source projects for "fuzzing"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Point Of Sale Software for SMBs | BravoBravo is changing the point of sale software game for small business specialty retailers with our easy to use, all in one solution. Say goodbye to working in multiple systems. Say hello to Bravo.
-
1
ClusterFuzz
Scalable fuzzing infrastructure
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs). -
2
Echidna
Ethereum smart contract fuzzer
...Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Curses-based retro UI, text-only or JSON output. -
3
OSS-Fuzz
OSS-Fuzz - continuous fuzzing for open source software
...Fuzz testing is a proven method for uncovering programming errors such as buffer overflows and memory leaks, which can lead to severe security vulnerabilities. By leveraging guided in-process fuzzing, Google has already identified thousands of issues in projects like Chrome, and this initiative extends the same capabilities to the broader open source community. OSS-Fuzz integrates modern fuzzing engines with sanitizers and runs them at scale in a distributed environment, providing automated testing and continuous monitoring. ... -
4
syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
...The system integrates tightly with sanitizers such as KASAN, KMSAN, KCSAN, and UBSAN to surface memory safety, concurrency, and undefined behavior issues with actionable reports. A distributed architecture coordinates many fuzzing VMs, collects crash signatures, deduplicates them, and bisects to the first bad commit when possible. syzkaller maintains per-kernel “syz” descriptions so it understands arguments, flags, and resources of thousands of syscalls and ioctls across Linux and other kernels. It also ships sophisticated reproducers and minimization routines so developers get small, deterministic test cases they can run locally to fix bugs quickly. -
Case Management Software for Human Services AgenciesYour agency’s success is tied to your ability to integrate best practices in everyday caseworker activities. Casework isn't simple, but it can be easier.
-
5
Agentic Security
Agentic LLM Vulnerability Scanner / AI red teaming kit
The open-source Agentic LLM Vulnerability Scanner. -
6
Honggfuzz
Security oriented software fuzzer
honggfuzz is a general-purpose, high-performance fuzzer that mixes coverage feedback with practical crash triage to uncover memory-safety and logic bugs. It supports multiple fuzzing modes—stdin, file, and networking—so targets can be exercised the same way they run in production. Instrumentation via compiler hooks or hardware/perf counters guides mutations toward previously unseen edges, while persistent mode keeps the target process alive to amortize startup costs. The tool integrates tightly with sanitizers and can attach to already running processes, making it convenient for both white-box and black-box fuzzing. ... -
7
OSS-Fuzz Gen
LLM powered fuzzing via OSS-Fuzz
...The goal is pragmatic: shrink the gap between “we should fuzz this” and “we have robust fuzzing running in CI,” especially for understaffed maintainers. -
8
SecLists
The Pentester’s Companion
...SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo onto a new testing box and he’ll have access to every type of list he may require. -
9
SSRFmap
Automatic SSRF fuzzer and exploitation tool
SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans.... -
Composable, Open Source Payments PlatformJuspay's Payments Orchestration Platform offers a comprehensive product suite for businesses, including open-source payment orchestration, global payouts, seamless authentication, payment tokenization, fraud & risk management, end-to-end reconciliation, unified payment analytics & more. The company’s offerings also include end-to-end white label payment gateway solutions & real-time payments infrastructure for banks. These solutions help businesses achieve superior conversion rates, reduce fraud, optimize costs, and deliver seamless customer experiences at scale.
-
10
Atheris
A Coverage-Guided, Native Python Fuzzer
Atheris is a coverage-guided fuzzer for CPython that treats Python as a first-class fuzzing target, enabling rapid discovery of crashes and logic errors in pure-Python code and native extensions. It hooks into Python’s interpreter to collect fine-grained coverage and uses that signal to evolve inputs, pushing programs into previously unexplored code paths. Because many Python libraries are thin wrappers over C/C++ code, Atheris is equally adept at surfacing memory safety issues in extension modules compiled with sanitizers. ... -
11
Jazzer
Coverage-guided, in-process fuzzing for the JVM
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. -
12
libplist
A library to handle Apple Property List format in binary or XML
A small portable C library to handle Apple Property List files in binary, XML, JSON, or OpenStep format. -
13
zlib-ng
zlib replacement with optimizations for "next generation" systems
zlib data compression library for the next-generation systems. Zlib-compatible API with support for dual-linking. Modernized native API based on zlib API for ease of porting. Modern C11 syntax and a clean code layout. Deflate medium and quick algorithms based on Intel’s zlib fork. -
14
sh
A shell parser, formatter, and interpreter with bash support
A shell parser, formatter, and interpreter. Supports POSIX Shell, Bash, and mksh. Requires Go 1.16 or later. To parse shell scripts, inspect them, and print them out, see the syntax examples. For high-level operations like performing shell expansions on strings, see the shell examples. shfmt formats shell programs. See canonical.sh for a quick look at its default style. shfmt formats shell programs. If the only argument is a dash (-) or no arguments are given, standard input will be used. If... -
15
Commando VM
Complete Mandiant Offensive VM (Commando VM)
...It provides an automated installer (PowerShell script) that uses Chocolatey, Boxstarter, and MyGet package feeds to download, install, and configure dozens (100+ / 170+ depending on version) of offensive, fuzzing, enumeration, and exploitation tools. The idea is to spare testers the repetitive work of hand-installing dozens of windows tools, dependencies, and configurations. Commando VM supports customization of its installation profile (you can pick subsets of tools), includes support for WSL/Kali integration, and is intended to be used in a VM to facilitate snapshot recovery and test isolation. -
16
DynamoRIO
Dynamic Instrumentation Tool Platform
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful... -
17
Lighthouse Ethereum
Ethereum consensus client in Rust
...You'll need to be familiar with the rules of staking (e.g., rewards, penalties, etc.) and also configuring and managing servers. You'll also need at least 32 ETH! Security-focused. Fuzzing techniques have been continuously applied and several external security reviews have been performed. Built in Rust, a modern language providing unique safety guarantees and excellent performance (comparable to C++). Funded by various organizations, including Sigma Prime, the Ethereum Foundation, ConsenSys, the Decentralization Foundation and private individuals. -
18
XRAY
XRay for recon, mapping and OSINT gathering from public networks
XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or... -
19
s2n-quic
An implementation of the IETF QUIC protocol
s2n-quic is AWS’s open-source implementation of the IETF QUIC transport protocol, written in Rust and designed for performance, security, and modern usage. QUIC is a UDP-based, multiplexed, encrypted transport layer that underpins HTTP/3 and addresses issues such as head-of-line blocking and faster handshake times compared to TCP+TLS. This library integrates with AWS’s s2n-tls or rustls for the TLS 1.3 handshake and leverages Rust’s memory and thread safety guarantees to deliver a robust... -
20
BoringSSL
Mirror of BoringSSL
BoringSSL is a Google-maintained fork of OpenSSL, designed specifically to meet the security, performance, and maintainability needs of Google’s infrastructure and products. While fully open source, BoringSSL is not intended for general public use — it serves as a streamlined, heavily modified SSL/TLS and cryptography library optimized for Google’s internal ecosystem, including Chrome/Chromium, Android, and other Google services. The project prioritizes security, simplicity, and... -
21
SocketRocket
A conforming Objective-C WebSocket client library
A conforming WebSocket (RFC 6455) client library for iOS, macOS and tvOS. SocketRocket currently conforms to all core ~300 of Autobahn's fuzzing tests (aside from two UTF-8 ones where it is merely non-strict tests 6.4.2 and 6.4.4). SocketRocket is asynchronous and non-blocking. Most of the work is done on a background thread. You can include SocketRocket as a subproject inside of your application if you'd prefer, although we do not recommend this, as it will increase your indexing time significantly. ... -
22
µWebSockets
Compliant web server for the most demanding of applications
Being meticulously optimized for speed and memory footprint, µWebSockets is fast enough to do encrypted TLS 1.3 messaging quicker than most alternative servers can do even unencrypted, cleartext messaging. Furthermore, we partake in Google's OSS-Fuzz with a ~95% daily fuzzing coverage with no sanitizer issues. LGTM scores us flawless A+ from having zero CodeQL alerts and we compile with pedantic warning levels. µWebSockets is written entirely in C & C++ but has a seamless integration for Node.js backends. This allows for rapid scripting of powerful apps, using widespread competence. We've been fully standards compliant with a perfect Autobahn|Testsuite score since 2016. ... -
23
ScaNetOS
Entorno funcional para auditoría web y pentesting
ScaNetOS : Entorno de Auditoría Web Automatizada (v1.0) ScaNetOS es una Máquina Virtual en formato .OVA, diseñada para ser una máquina de análisis web y pentesting preconfigurada. Su objetivo es proporcionar un entorno de trabajo rápido y eficiente para pentesters éticos y analistas de seguridad enfocados en la auditoría de aplicaciones web y APIs. El corazón de esta MV es el ScaNet Panel (Script Bash v1.0), un menú centralizado que orquesta herramientas avanzadas y automatiza los... -
24
FuzzBench
FuzzBench - Fuzzer benchmarking as a service
...By running experiments at Google scale, FuzzBench ensures consistent, unbiased, and data-driven evaluations that support academic and industrial fuzzing research. -
25
GraphQLmap
GraphQLmap is a scripting engine to interact with endpoints
GraphQLmap is a Python-based scripting engine designed to interact with GraphQL endpoints for penetration testing purposes. It can connect to a target GraphQL endpoint, dump the schema (if introspection is enabled), query it interactively, and fuzz fields for NoSQL/SQL injection vectors, thereby revealing hidden attack surfaces. GraphQL endpoints represent a relatively newer attack vector compared to REST, and GraphQLmap helps bridge this gap by providing tooling tailored to the GraphQL...
