Search Results for "fuzzer"

honggfuzz is a general-purpose, high-performance fuzzer that mixes coverage feedback with practical crash triage to uncover memory-safety and logic bugs. It supports multiple fuzzing modes—stdin, file, and networking—so targets can be exercised the same way they run in production. Instrumentation via compiler hooks or hardware/perf counters guides mutations toward previously unseen edges, while persistent mode keeps the target process alive to amortize startup costs.

SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans....

Filebuster is an extremely fast and flexible web fuzzer designed for content discovery. Written in Perl, it utilizes efficient HTTP handling to quickly identify hidden files and directories on web servers, aiding in security assessments.

The Fuzzer Test Suite is a collection of real-world, bug-rich targets used to evaluate and compare fuzzers under controlled conditions. Rather than synthetic micro-benchmarks, it packages build scripts, corpora, and known-crash oracles so fuzzer authors can measure time-to-crash, coverage growth, and stability. Each target is configured to integrate with common sanitizers, ensuring memory safety bugs surface with precise diagnostics.

ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. ...

DotDotPwn is a flexible and intelligent fuzzer designed to discover directory traversal vulnerabilities in various software, including HTTP, FTP, and TFTP servers, as well as web platforms like CMSs and ERPs. It supports multiple protocols and can be used in scripting environments.​

Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and other