Best Application Development Software for Linux - Page 24

x
View:
Open Source Commercial

Compare the Top Application Development Software for Linux as of October 2025 - Page 24

Sort By:
Application Development Linux Clear Filters
  • 1
    LibFuzzer

    LibFuzzer

    LLVM Project

    LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine. LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the library via a specific fuzzing entry point (or target function); the fuzzer then tracks which areas of the code are reached, and generates mutations on the corpus of input data in order to maximize the code coverage. The code coverage information for libFuzzer is provided by LLVM’s SanitizerCoverage instrumentation. LibFuzzer is still fully supported in that important bugs will get fixed. The first step in using libFuzzer on a library is to implement a fuzz target, a function that accepts an array of bytes and does something interesting with these bytes using the API under test. Note that this fuzz target does not depend on libFuzzer in any way so it is possible and even desirable to use it with other fuzzing engines like AFL and/or Radamsa.
    Starting Price: Free
    View Software
  • 2
    american fuzzy lop
    American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor or resource-intensive testing regimes down the road. Compared to other instrumented fuzzers, afl-fuzz is designed to be practical, it has a modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases, say, common image parsing or file compression libraries. It's an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets.
    Starting Price: Free
    View Software
  • 3
    Honggfuzz
    Honggfuzz is a security-oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW-based). It’s multi-process and multi-threaded, there’s no need to run multiple copies of your fuzzer, as Honggfuzz can unlock the potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. It’s blazingly fast when the persistent fuzzing mode is used. A simple/empty LLVMFuzzerTestOneInput function can be tested with up to 1mo iteration per second on a relatively modern CPU. Has a solid track record of uncovered security bugs, the only (to date) vulnerability in OpenSSL with the critical score mark was discovered by Honggfuzz. As opposed to other fuzzers, it will discover and report hijacked/ignored signals from crashes (intercepted and potentially hidden by a fuzzed program).
    Starting Price: Free
    View Software
  • 4
    Boofuzz

    Boofuzz

    Boofuzz

    Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, Boofuzz aims for extensibility. Like Sulley, Boofuzzincorporates all the critical elements of a fuzzer like easy and quick data generation, instrumentation and failure detection, target reset after failure, and recording of test data. Much easier install experience and support for arbitrary communications mediums. Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast. Better recording of test data, consistent, thorough, and clear. Test result CSV export and extensible instrumentation/failure detection. Boofuzz installs as a Python library used to build fuzzer scripts. It is strongly recommended to set up Boofuzz in a virtual environment.
    Starting Price: Free
    View Software
  • 5
    Ffuf

    Ffuf

    Ffuf

    Ffuf is a fast web fuzzer written in Go. You can also practice your Ffuf scans against a live host with different lessons and use cases either locally by using the Docker container or against the live-hosted version. Provides virtual host discovery (without DNS records). In order to tell Ffuf about different inputs to test out, a wordlist is needed. You can supply one or more wordlists on the command line, and in case you wish (or are using multiple wordlists) you can choose a custom keyword for them. You can supply Ffuf with multiple wordlists (remember to configure a custom keyword for them though). The first word of the first wordlist is tested against all the words from the second wordlist before moving along to test the second word in the first wordlist against all the words in the second wordlist. In short, all of the different combinations are tried out. There are quite a few different ways to customize the request.
    Starting Price: Free
    View Software
  • 6
    afl-unicorn

    afl-unicorn

    Battelle

    afl-unicorn lets you fuzz any piece of binary that can be emulated by Unicorn Engine. If you can emulate the code you’re interested in using the Unicorn Engine, you can fuzz it with afl-unicorn. Unicorn Mode works by implementing the block-edge instrumentation that AFL’s QEMU mode normally does into Unicorn Engine. Basically, AFL will use block coverage information from any emulated code snippet to drive its input generation. The whole idea revolves around the proper construction of a Unicorn-based test harness. The Unicorn-based test harness loads the target code, sets up the initial state, and loads in data mutated by AFL from disk. The test harness then emulates the target binary code, and if it detects that a crash or error occurred it throws a signal. AFL will do all its normal stuff, but it’s actually fuzzing the emulated target binary code. Only tested on Ubuntu 16.04 LTS, but it should work smoothly with any OS capable of running both AFL and Unicorn.
    Starting Price: Free
    View Software
  • 7
    Fuzzbuzz

    Fuzzbuzz

    Fuzzbuzz

    The Fuzzbuzz workflow is very similar to other CI/CD testing workflows. However, unlike other testing workflows, fuzz testing requires multiple jobs to run simultaneously, which results in a few extra steps. Fuzzbuzz is a fuzz testing platform. We make it trivial for developers to add fuzz tests to their code and run them in CI/CD, helping them catch critical bugs and vulnerabilities before they hit production. Fuzzbuzz completely integrates into your environment, following you from the terminal to CI/CD. Write a fuzz test in your environment and use your own IDE, terminal, or build tools. Push to CI/CD and Fuzzbuzz will automatically start running your fuzz tests against your latest code changes. Get notified when bugs are found through Slack, GitHub, or email. Catch regressions as new changes are automatically tested and compared to previous runs. Code is built and instrumented by Fuzzbuzz as soon as a change is detected.
    Starting Price: Free
    View Software
  • 8
    BFuzz

    BFuzz

    RootUp

    BFuzz is an input-based fuzzer tool that takes HTML as an input, opens up your browser with a new instance, and passes multiple test cases generated by domato which is present in the recurve folder of BFuzz, more over BFuzz is an automation that performs the same task repeatedly and it doesn't mangle any test cases. Running BFuzz will ask for the option of whether to fuzz Chrome or Firefox, however, this will open Firefox from recurve and create the logs on the terminal. BFuzz is a small script that enables you to open the browser and run test cases. The test cases in recurve are generated by the domato generator and contain the main script. It contains additional helper code for DOM fuzzing.
    Starting Price: Free
    View Software
  • 9
    Sulley

    Sulley

    OpenRCE

    Sulley is a fuzzing engine and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and instrumentation. A pure-Python fully automated and unattended fuzzing framework. Sulley not only has impressive data generation but has taken this a step further and includes many other important aspects a modern fuzzer should provide. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a known good state using multiple methods. Sulley detects, tracks, and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases triggers faults.
    Starting Price: Free
    View Software
  • 10
    Radamsa

    Radamsa

    Aki Helin

    Radamsa is a test case generator for robustness testing or fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs from them. The main selling points of Radamsa are that it has already found a slew of bugs in programs that actually matter, it is easily scriptable, and, easy to get up and running. Fuzzing is one of the techniques to find unexpected behavior in programs. The idea is simply to subject the program to various kinds of inputs and see what happens. There are two parts to this process: getting the various kinds of inputs and how to see what happens. Radamsa is a solution to the first part, and the second part is typically a short shell script. Testers usually have a more or less vague idea of what should not happen, and they try to find out if this is so.
    Starting Price: Free
    View Software
  • 11
    APIFuzzer
    APIFuzzer reads your API description and step-by-step fuzzes the fields to validate if your application can cope with the fuzzed parameters, and it does not require coding. Parse API definition from a local file or remote URL. JSON and YAML file format support. All HTTP methods are supported. Fuzzing of the request body, query string, path parameter, and request header is supported. Relies on random mutations and supports CI integration. Generate JUnit XML test report format. Send a request to an alternative URL. Support HTTP basic auth from the configuration. Save the report of the failed test in JSON format into the pre-configured folder.
    Starting Price: Free
    View Software
  • 12
    Jazzer

    Jazzer

    Code Intelligence

    Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. You can use Docker to try out Jazzer's autofuzz mode, which automatically generates arguments to a given Java function and reports unexpected exceptions and detected security issues. You can also use GitHub release archives to run a standalone Jazzer binary that starts its own JVM configured for fuzzing.
    Starting Price: Free
    View Software
  • 13
    FuzzDB

    FuzzDB

    FuzzDB

    FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. FuzzDB contains comprehensive lists of attack payload primitives for fault injection testing. These patterns, categorized by the attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, HTTP header crlf injections, SQL injection, NoSQL injection, and more. For example, FuzzDB catalogs 56 patterns that can potentially be interpreted as a null byte and contains lists of commonly used methods and name-value pairs that trigger debug modes.
    Starting Price: Free
    View Software
  • 14
    Google ClusterFuzz
    ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features to seamlessly integrate fuzzing into a software project’s development process. Fully automatic bug filing, triage, and closing for various issue trackers. Supports multiple coverages guided fuzzing engines for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase. Support for black-box fuzzing, test case minimization, and regression finding through bisection.
    Starting Price: Free
    View Software
  • 15
    go-fuzz

    go-fuzz

    dvyukov

    Go-fuzz is a coverage-guided fuzzing solution for testing Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary) and is especially useful for hardening systems that parse inputs from potentially malicious users (anything accepted over a network). go-fuzz has recently added preliminary support for fuzzing Go Modules. If you encounter a problem with modules, please file an issue with details. Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase the priority of the given input during subsequent fuzzing if the input must not be added to the corpus even if it gives new coverage, and 0 otherwise; other values are reserved for future use. The fuzz function must be in a package that go-fuzz can import. This means the code you want to test can't be in package main. Fuzzing internal packages is supported, however.
    Starting Price: Free
    View Software
  • 16
    Atheris

    Atheris

    Google

    Atheris is a coverage-guided Python fuzzing engine. It supports fuzzing of Python code, but also native extensions written for CPython. Atheris is based on libFuzzer. When fuzzing native code, Atheris can be used to catch extra bugs. Atheris supports Linux (32- and 64-bit) and Mac OS X, with Python versions 3.6-3.10. It comes with a built-in libFuzzer, which is fine for fuzzing Python code. If you plan to fuzz native extensions, you may need to build from source to ensure the libFuzzer version in Atheris matches your Clang version. Atheris relies on libFuzzer, which is distributed with Clang. Apple Clang doesn't come with libFuzzer, so you'll need to install a new version of LLVM. Atheris is based on a coverage-guided mutation-based fuzzer (LibFuzzer). This has the advantage of not requiring any grammar definition for generating inputs, making its setup easier. The disadvantage is that it will be harder for the fuzzer to generate inputs for code that parses complex data types.
    Starting Price: Free
    View Software
  • 17
    Fuzzapi

    Fuzzapi

    Fuzzapi

    Fuzzapi is a tool used for REST API pentesting and uses API Fuzzer and provides UI solutions for gem.
    Starting Price: Free
    View Software
  • 18
    API Fuzzer

    API Fuzzer

    Fuzzapi

    API Fuzzer allows to fuzz-request attributes using common pentesting techniques and lists vulnerabilities. API Fuzzer gem accepts an API request as input and returns vulnerabilities possible in the API. Cross-site scripting vulnerability, SQL injection, blind SQL injection, XML external entity vulnerability, IDOR, API rate limiting, open redirect vulnerabilities, information disclosure flaws, info leakage through headers, and cross-site request forgery vulnerability.
    Starting Price: Free
    View Software
  • 19
    Wapiti

    Wapiti

    Wapiti

    Wapiti is a web application vulnerability scanner. Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed web app, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms, and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Search for potentially dangerous files on the server. Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart forms and can inject payloads in filenames (upload). Warnings are raised when an anomaly is found (for example 500 errors and timeouts). Wapiti is able to make the difference between permanent and reflected XSS vulnerabilities. Generates vulnerability reports in various formats (HTML, XML, JSON, TXT, CSV).
    Starting Price: Free
    View Software
  • 20
    Echidna

    Echidna

    Crytic

    Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases. Generates inputs tailored to your actual code. Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Interactive terminal UI, text-only or JSON output. Automatic test case minimization for quick triage. Seamless integration into the development workflow. Maximum gas usage reporting of the fuzzing campaign. Support for a complex contract initialization with Etheno and Truffle.
    Starting Price: Free
    View Software
  • 21
    syzkaller
    syzkaller is an unsupervised coverage-guided kernel fuzzer. Supports FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, and Windows. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Once syzkaller detects a kernel crash in one of the VMs, it will automatically start the process of reproducing this crash. By default, it will use 4 VMs to reproduce the crash and then minimize the program that caused it. This may stop the fuzzing, since all of the VMs might be busy reproducing detected crashes. The process of reproducing one crash may take from a few minutes up to an hour depending on whether the crash is easily reproducible or non-reproducible at all.
    Starting Price: Free
    View Software
  • 22
    Pynt

    Pynt

    Pynt

    Pynt is an innovative API Security Testing platform exposing verified API threats through simulated attacks. We help hundreds of companies such as Telefonica, Sage, Halodoc, and more, to continuously monitor, classify and attack poorly secured APIs, before hackers do. Pynt's leverages an integrated shift-left approach, and unique hack technology using home-grown attack scenarios, to detect real threats, discover APIs, suggest fixes to verified vulnerabilities, thereby eliminating the API attack surface risk. Thousands of companies rely on Pynt to secure the no. 1 attack surface - APIs, as part of their AppSec strategy.
    Starting Price: $1888/month
    View Software
  • 23
    Workflow Engine
    Embeddable .NET library for running workflows in .NET applications with integrated HTML5 graphical workflow designer. Designer allows you to easily create interactive workflows of any complexity, there’s no need to draft them programmatically. Workflow Engine is a backbone solution for business process management (BPM) which makes it feasible to automate the workflow design by using low-code visual builders. It is based on the .NET framework and JavaScript libraries. Workflow Engine enables workflow processing and correct integration by providing a graphic designer to create process workflow schemes and at the same time, this software component facilitates the management, execution, and visualization of workflow processes. Integration with solutions based on other technologies or databases is roughly the same and should not entail any difficulties. Workflow Engine offers its users all the components necessary to implement workflows of any complexity.
    Starting Price: $499 one-time payment
    View Software
  • 24
    Yii

    Yii

    Yii PHP framework

    Yii is a fast, secure, and efficient PHP framework. Flexible yet pragmatic, works right out of the box, and has reasonable defaults. While Yii can virtually eliminate most repetitive coding tasks, you are responsible for the real creative work. This often starts with designing the whole system to be built, in terms of some database schema. The best way to do this is by using migrations. Yii gives you the maximum functionality by adding the least possible overhead. Sane defaults and built-in tools help you write solid and secure code. Write more code in less time with simple, yet powerful APIs and code generation. Yii is a generic web programming framework, meaning that it can be used for developing all kinds of web applications using PHP. Because of its component-based architecture and sophisticated caching support, it is especially suitable for developing large-scale applications such as portals, forums, content management systems (CMS), ecommerce projects, RESTful services, etc.
    Starting Price: Free
    View Software
  • 25
    Phalcon

    Phalcon

    Phalcon

    A full-stack PHP framework delivered as a C-extension. Its innovative architecture makes Phalcon the fastest PHP framework ever built. Developers do not need to know C to use Phalcon. Its functionality is exposed as PHP classes and interfaces under the Phalcon namespace, ready to be used. Zephir/C extensions are loaded together with PHP one time on the web server's daemon start process. Classes and functions provided by the extension are ready to use for any application. The code is compiled and isn't interpreted because it's already compiled to a specific platform and processor. Thanks to its low-level architecture and optimizations Phalcon provides the lowest overhead for MVC-based applications. Build single and multi-module applications with ease and pleasure. Using the file structure, scheme, and patterns you already know. Writing REST servers and applications has never been easier, with no boilerplate, and simple services that fit in one file.
    Starting Price: Free
    View Software
  • 26
    Swoole

    Swoole

    Swoole

    Powering the next-generation microservices and applications. Build high-performance, scalable, concurrent TCP, UDP, Unix Socket, HTTP, GRPC services with PHP and easy-to-use coroutine, fibers API. Write your next scalable async application with PHP coroutines and fibers. Compared with other async programming frameworks or software such as Nginx, Tornado, and Node.js, Swoole is a complete async solution that has built-in support for async programming via fibers/coroutines, a range of multi-threaded I/O modules (HTTP server, GRPC, process pools) and support for popular PHP clients like PDO for MySQL, Redis, and CURL. You can use sync or async, coroutine, or fiber API to write the applications or create thousands of lightweight fibers within one Linux process. Swoole enhances the efficiency of your PHP applications and brings you out of the traditional stateless model, enabling you to focus on the development of innovative products at a high scale.
    Starting Price: Free
    View Software
  • 27
    FuelPHP

    FuelPHP

    FuelPHP

    The Fuel PHP framework is a fast, simple, and flexible PHP 5.4+ framework, born from the best ideas of other frameworks, with a fresh start. It was born out of the frustrations people have with the currently available frameworks and developed with support from a community of developers. FuelPHP is extremely portable, works on almost any server, and prides itself on clean syntax. FuelPHP is an MVC (Model View Controller) framework that was designed from the ground up to have full support for HMVC as part of its architecture. But we didn't stop there, we also added ViewModels (also known as presentation models) into the mix which gives you the option to add a powerful layer between the controller and the view. FuelPHP also supports a more router-based approach where you might route directly to a closure which deals with the input URI, making the closure the controller and giving it control of further execution.
    Starting Price: Free
    View Software
  • 28
    PHPixie

    PHPixie

    PHPixie

    PHPixie is easy to learn and does not rely on automatic; you will always be in charge of what's happening. Designed for speed since first release and proven by independent benchmarks. Built using components that can be used without the framework. Linear execution flow, no static code, and low coupling. Reuse and share your code via Composer as self-contained bundles. Never find yourself in an event hell ever again as event use is avoided. Database components support working with MongoDB out of the box. Designed from scratch according to SOLID principles and industry standards. PHPixie started as a micro framework and has gradually grown to be one of the most popular full-stack PHP frameworks while retaining its high performance. This is in part because of the strict architecture that avoids common pitfalls such as reliance on static methods, global scope, singletons, and other antipatterns, thus also ensuring that the code is easy to read, debug, extend, and test.
    Starting Price: Free
    View Software
  • 29
    Fat-Free Framework

    Fat-Free Framework

    Fat-Free Framework

    Speed up your development process. F3 is lightweight, easy-to-use, and fast. Most of all, it doesn't get in your way. It has a gentle learning curve so you save money on training expenses. Whether you're a novice or an expert PHP programmer, F3 will get you up and running in no time. No unnecessary and painstaking installation procedures and no complex configuration are required. A powerful yet easy-to-use PHP micro-framework designed to help you build dynamic and robust web applications. Full-featured toolkit, super lightweight code base with just ~90kb, and easy to learn. Take advantage of the built-in features. Develop apps that really rock. F3 gives you a solid foundation, a mature code base, and a no-nonsense approach to writing web applications. Under the hood is an easy-to-use web development tool kit, high-performance URL routing, a multi-protocol cache engine, built-in code highlighting, and support for multilingual i18n applications.
    Starting Price: Free
    View Software
  • 30
    Pop PHP Framework

    Pop PHP Framework

    Pop PHP Framework

    Pop PHP is an open source, object-oriented PHP framework with humble beginnings dating back to 2009, where it started as a small library of components. The focus of Pop is to provide a robust set of lightweight tools to assist developers with rapid application development. With a relatively small learning curve, Pop aims to help developers in getting the features they need into their applications so they can be up and running quickly. The Pop PHP Framework contains a group of core components and an additional 30+ components that serve as a toolkit for rapid application development. The framework itself has a base set of core components as well as numerous other additional components to facilitate many of the common features needed for a PHP application. The goal is so that anyone from a novice developer to an advanced programmer can install and start using the Pop PHP Framework quickly and effectively.
    Starting Price: Free
    View Software

Related Categories