Search Results for "fuzzing"
Sort By:
Showing 27 open source projects for "fuzzing"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Powerful cloud-based licensing solution designed for fast-growing software businesses.10Duke Enterprise is a cloud-based, scalable and flexible software licensing solution enabling software vendors to easily configure, manage and monetize the licenses they provide to their customers in real-time.
-
1
Echidna
Ethereum smart contract fuzzer
...Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Curses-based retro UI, text-only or JSON output. -
2
Honggfuzz
Security oriented software fuzzer
honggfuzz is a general-purpose, high-performance fuzzer that mixes coverage feedback with practical crash triage to uncover memory-safety and logic bugs. It supports multiple fuzzing modes—stdin, file, and networking—so targets can be exercised the same way they run in production. Instrumentation via compiler hooks or hardware/perf counters guides mutations toward previously unseen edges, while persistent mode keeps the target process alive to amortize startup costs. The tool integrates tightly with sanitizers and can attach to already running processes, making it convenient for both white-box and black-box fuzzing. ... -
3
SecLists
The Pentester’s Companion
...SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo onto a new testing box and he’ll have access to every type of list he may require. -
4
SSRFmap
Automatic SSRF fuzzer and exploitation tool
SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans.... -
Turn more customers into advocates.The platform's advanced capabilities ensure companies get the most out of their referral programs. Leverage custom events, profiles, and attributes to enable dynamic, audience-specific referral experiences. Use first-party data to tailor customer segment messaging, rewards, and engagement strategies. Use our flexible APIs to build management capabilities and consumer experiences–headlessly or hybrid. We have all the tools you need to build scalable, secure, and high-performing referral programs.
-
5
Atheris
A Coverage-Guided, Native Python Fuzzer
Atheris is a coverage-guided fuzzer for CPython that treats Python as a first-class fuzzing target, enabling rapid discovery of crashes and logic errors in pure-Python code and native extensions. It hooks into Python’s interpreter to collect fine-grained coverage and uses that signal to evolve inputs, pushing programs into previously unexplored code paths. Because many Python libraries are thin wrappers over C/C++ code, Atheris is equally adept at surfacing memory safety issues in extension modules compiled with sanitizers. ... -
6
libplist
A library to handle Apple Property List format in binary or XML
A small portable C library to handle Apple Property List files in binary, XML, JSON, or OpenStep format. -
7
zlib-ng
zlib replacement with optimizations for "next generation" systems
zlib data compression library for the next-generation systems. Zlib-compatible API with support for dual-linking. Modernized native API based on zlib API for ease of porting. Modern C11 syntax and a clean code layout. Deflate medium and quick algorithms based on Intel’s zlib fork. -
8
sh
A shell parser, formatter, and interpreter with bash support
A shell parser, formatter, and interpreter. Supports POSIX Shell, Bash, and mksh. Requires Go 1.16 or later. To parse shell scripts, inspect them, and print them out, see the syntax examples. For high-level operations like performing shell expansions on strings, see the shell examples. shfmt formats shell programs. See canonical.sh for a quick look at its default style. shfmt formats shell programs. If the only argument is a dash (-) or no arguments are given, standard input will be used. If... -
9
DynamoRIO
Dynamic Instrumentation Tool Platform
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful... -
HOA SoftwareSimplify HOA management with software that handles everything from financials to communication.
-
10
Lighthouse Ethereum
Ethereum consensus client in Rust
...You'll need to be familiar with the rules of staking (e.g., rewards, penalties, etc.) and also configuring and managing servers. You'll also need at least 32 ETH! Security-focused. Fuzzing techniques have been continuously applied and several external security reviews have been performed. Built in Rust, a modern language providing unique safety guarantees and excellent performance (comparable to C++). Funded by various organizations, including Sigma Prime, the Ethereum Foundation, ConsenSys, the Decentralization Foundation and private individuals. -
11
µWebSockets
Compliant web server for the most demanding of applications
Being meticulously optimized for speed and memory footprint, µWebSockets is fast enough to do encrypted TLS 1.3 messaging quicker than most alternative servers can do even unencrypted, cleartext messaging. Furthermore, we partake in Google's OSS-Fuzz with a ~95% daily fuzzing coverage with no sanitizer issues. LGTM scores us flawless A+ from having zero CodeQL alerts and we compile with pedantic warning levels. µWebSockets is written entirely in C & C++ but has a seamless integration for Node.js backends. This allows for rapid scripting of powerful apps, using widespread competence. We've been fully standards compliant with a perfect Autobahn|Testsuite score since 2016. ... -
12
FuzzBench
FuzzBench - Fuzzer benchmarking as a service
...By running experiments at Google scale, FuzzBench ensures consistent, unbiased, and data-driven evaluations that support academic and industrial fuzzing research. -
13
Fuzzer Test Suite
Set of tests for fuzzing engines
The Fuzzer Test Suite is a collection of real-world, bug-rich targets used to evaluate and compare fuzzers under controlled conditions. Rather than synthetic micro-benchmarks, it packages build scripts, corpora, and known-crash oracles so fuzzer authors can measure time-to-crash, coverage growth, and stability. Each target is configured to integrate with common sanitizers, ensuring memory safety bugs surface with precise diagnostics. The suite standardizes experiment parameters—runtime,... -
14
Big List of Naughty Strings
List of strings which have a high probability of causing issues
The Big List of Naughty Strings is a community-maintained catalog of “gotcha” inputs that commonly break software, from unusual Unicode to SQL and script injection payloads. It exists so developers and QA engineers can easily test edge cases that normal test data would miss, such as zero-width characters, right-to-left marks, emojis, foreign alphabets, and long or malformed strings. By throwing these strings at forms, APIs, databases, and UIs, teams can discover encoding bugs, sanitizer... -
15
gofuzz
Fuzz testing for go
gofuzz is a lightweight fuzzing utility for Go that rapidly generates randomized, edge-case-heavy inputs to populate structs, maps, slices, and scalar fields. It’s engineered to make property tests productive by automatically traversing nested types and supplying varied values, including zero values, extremes, and random strings or byte sequences. Because it respects Go’s type system, it can generate valid shapes for complex generic or composite types with very little setup. -
16
Offensive Web Testing Framework
Offensive Web Testing Framework (OWTF), is a framework
...More efficiently find, verify and combine vulnerabilities. Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions. Perform more tactical/targeted fuzzing on seemingly risky areas. Demonstrate true impact despite the short timeframes we are typically given to test. The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience. OWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives). -
17
ansvif
An advanced cross platform fuzzing framework suited to find code bugs.
ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids... -
18
RND
Random data generator: secure character streams and large files
...Create: • huge files • random character stream • specific character sequence Example uses - generate: • specific number of characters for testing web forms • restricted range character stream • control characters, 'high characters', emojis for fuzzing application input • specific byte sequence • Unicode character range • file overwrites to the exact byte count • custom text strings as content filler • long password strings • specific file size (e.g. 777 bytes, 10 MB, 2 GB) • huge files (x64 version: 4GB+ files) • fast generation rates on x64 version: ~8GB/sec streams with i3 CPUs on Linux • files for zipping / hashing / integrity / transfer / speed tests. ... -
19
Metasploit Framework
Metasploit Framework
Metasploit Framework is a comprehensive penetration-testing and exploit development platform that streamlines the process of discovering, validating, and demonstrating vulnerabilities. It provides a modular architecture—payloads, encoders, exploits, auxiliaries, and post-exploitation modules—so security professionals can piece together complex attack chains or test defensive controls in realistic ways. Built-in features include an exploit database, network scanners, credential harvesters,... -
20
BHS Debian (Hades Update)
BHS debian (testing) jessie/sid
BHS (Debian) New BHS release Based on Debian jessie/sid Kermel 3.12 KDE 4.11 Debian style and look Custom scripts!! Defcon tools!! New wifi scripts Multiarch support Top tools username: root password: BHS note: Don't forget to run the script located on the desktop to install the missing tools,because without to run it the menu will not be functional,if you not see it just download from here in the file section..sorry for the delay the upload stack for 2... -
21
hwk
hwk is a tool used for wireless lan pentests
hwk is an easy-to-use application used to attack and discover wireless networks. It's providing various modes such as authentication/deauthentication flood, beacon and probe response fuzzing. -
22
-
23
WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be teste
-
24
Simple Fuzzer is a simple fuzzing framework which allows rapid development of protocol fuzzers for blackbox testing. It can fuzz across networks using TCP/UDP, IP4/IP6, and can be extended via plugins to perform in-depth fuzzing.
-
25
SpaceMonkey is a Web application auditing tool. It can detect bugs or security flaws without using a knowledge database. It uses fault injection technics ('fuzzing') in order to reveal the flaws (SQL injection, XSS, File inclusion, command execution ).
