Alternatives to LibFuzzer
Compare LibFuzzer alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to LibFuzzer in 2024. Compare features, ratings, user reviews, pricing, and more from LibFuzzer competitors and alternatives in order to make an informed decision for your business.
-
1
Atheris
Google
Atheris is a coverage-guided Python fuzzing engine. It supports fuzzing of Python code, but also native extensions written for CPython. Atheris is based on libFuzzer. When fuzzing native code, Atheris can be used to catch extra bugs. Atheris supports Linux (32- and 64-bit) and Mac OS X, with Python versions 3.6-3.10. It comes with a built-in libFuzzer, which is fine for fuzzing Python code. If you plan to fuzz native extensions, you may need to build from source to ensure the libFuzzer version in Atheris matches your Clang version. Atheris relies on libFuzzer, which is distributed with Clang. Apple Clang doesn't come with libFuzzer, so you'll need to install a new version of LLVM. Atheris is based on a coverage-guided mutation-based fuzzer (LibFuzzer). This has the advantage of not requiring any grammar definition for generating inputs, making its setup easier. The disadvantage is that it will be harder for the fuzzer to generate inputs for code that parses complex data types.Starting Price: Free -
2
Jazzer
Code Intelligence
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. You can use Docker to try out Jazzer's autofuzz mode, which automatically generates arguments to a given Java function and reports unexpected exceptions and detected security issues. You can also use GitHub release archives to run a standalone Jazzer binary that starts its own JVM configured for fuzzing.Starting Price: Free -
3
afl-unicorn
Battelle
afl-unicorn lets you fuzz any piece of binary that can be emulated by Unicorn Engine. If you can emulate the code you’re interested in using the Unicorn Engine, you can fuzz it with afl-unicorn. Unicorn Mode works by implementing the block-edge instrumentation that AFL’s QEMU mode normally does into Unicorn Engine. Basically, AFL will use block coverage information from any emulated code snippet to drive its input generation. The whole idea revolves around the proper construction of a Unicorn-based test harness. The Unicorn-based test harness loads the target code, sets up the initial state, and loads in data mutated by AFL from disk. The test harness then emulates the target binary code, and if it detects that a crash or error occurred it throws a signal. AFL will do all its normal stuff, but it’s actually fuzzing the emulated target binary code. Only tested on Ubuntu 16.04 LTS, but it should work smoothly with any OS capable of running both AFL and Unicorn.Starting Price: Free -
4
go-fuzz
dvyukov
Go-fuzz is a coverage-guided fuzzing solution for testing Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary) and is especially useful for hardening systems that parse inputs from potentially malicious users (anything accepted over a network). go-fuzz has recently added preliminary support for fuzzing Go Modules. If you encounter a problem with modules, please file an issue with details. Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase the priority of the given input during subsequent fuzzing if the input must not be added to the corpus even if it gives new coverage, and 0 otherwise; other values are reserved for future use. The fuzz function must be in a package that go-fuzz can import. This means the code you want to test can't be in package main. Fuzzing internal packages is supported, however.Starting Price: Free -
5
Honggfuzz
Google
Honggfuzz is a security-oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW-based). It’s multi-process and multi-threaded, there’s no need to run multiple copies of your fuzzer, as Honggfuzz can unlock the potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. It’s blazingly fast when the persistent fuzzing mode is used. A simple/empty LLVMFuzzerTestOneInput function can be tested with up to 1mo iteration per second on a relatively modern CPU. Has a solid track record of uncovered security bugs, the only (to date) vulnerability in OpenSSL with the critical score mark was discovered by Honggfuzz. As opposed to other fuzzers, it will discover and report hijacked/ignored signals from crashes (intercepted and potentially hidden by a fuzzed program).Starting Price: Free -
6
american fuzzy lop
Google
American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor or resource-intensive testing regimes down the road. Compared to other instrumented fuzzers, afl-fuzz is designed to be practical, it has a modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases, say, common image parsing or file compression libraries. It's an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets.Starting Price: Free -
7
ToothPicker
Secure Mobile Networking Lab
ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically target iOS's Bluetooth daemon and to analyze various Bluetooth protocols on iOS. As it is built using FRIDA, it can be adapted to target any platform that runs FRIDA. This repository also includes an over-the-air fuzzer with an exemplary implementation to fuzz Apple's MagicPairing protocol using InternalBlue. Additionally, it contains the ReplayCrashFile script that can be used to verify crashes the in-process fuzzer has found. This is a very simple fuzzer that only flips bits and bytes of inactive connections. No coverage, no injection, but nice as a demo and stateful. Runs just with Python and Frida, no modules or installation are required. ToothPicker is built on the codebase of frizzer. It is recommended to set up a virtual Python environment for frizzer. Starting from the iPhone XR/Xs, PAC has been introduced.Starting Price: Free -
8
Awesome Fuzzing
secfigo
Awesome Fuzzing is a list of fuzzing resources including books, courses, both free and paid, videos, tools, tutorials, and vulnerable applications to practice in order to learn fuzzing and initial phases of exploit development like root cause analysis. Courses/training videos on fuzzing, videos talking about fuzzing techniques, tools, and best practices. Conference talks and tutorials, blogs, tools that help in fuzzing applications, and fuzzers that help in fuzzing applications that use network-based protocols like HTTP, SSH, SMTP, etc. Search and pick the exploits, that have respective apps available for download, and reproduce the exploit by using the fuzzer of your choice. Set of tests for fuzzing engines. Includes different well-known bugs. A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.Starting Price: Free -
9
Peach Fuzzer
Peach Tech
Peach is a SmartFuzzer that is capable of performing both generation and mutation-based fuzzing. Peach requires the creation of Peach Pit files that define the structure, type information, and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run including selecting a data transport (publisher), logging interface, etc. Peach has been under active development since 2004 and is in its third major version. Fuzzing continues to be the fastest way to find security issues and test for bugs. Effective hardware fuzzing with Peach will introduce students to the fundamentals of device fuzzing. Peach was designed to fuzz any type of data consumer from servers to embedded devices. Researchers, corporations, and governments already use Peach to find vulnerabilities in hardware. This course will focus on using Peach to target embedded devices and collect information from the device in the event of a crash.Starting Price: Free -
10
Echidna
Crytic
Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases. Generates inputs tailored to your actual code. Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Interactive terminal UI, text-only or JSON output. Automatic test case minimization for quick triage. Seamless integration into the development workflow. Maximum gas usage reporting of the fuzzing campaign. Support for a complex contract initialization with Etheno and Truffle.Starting Price: Free -
11
Google ClusterFuzz
Google
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features to seamlessly integrate fuzzing into a software project’s development process. Fully automatic bug filing, triage, and closing for various issue trackers. Supports multiple coverages guided fuzzing engines for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase. Support for black-box fuzzing, test case minimization, and regression finding through bisection.Starting Price: Free -
12
ClusterFuzz
Google
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features to seamlessly integrate fuzzing into a software project’s development process. Fully automatic bug filing, triage, and closing for various issue trackers. Supports multiple coverages guided fuzzing engines for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase. Support for black-box fuzzing, test case minimization, and regression finding through bisection. -
13
Sulley
OpenRCE
Sulley is a fuzzing engine and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and instrumentation. A pure-Python fully automated and unattended fuzzing framework. Sulley not only has impressive data generation but has taken this a step further and includes many other important aspects a modern fuzzer should provide. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a known good state using multiple methods. Sulley detects, tracks, and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases triggers faults.Starting Price: Free -
14
Boofuzz
Boofuzz
Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, Boofuzz aims for extensibility. Like Sulley, Boofuzzincorporates all the critical elements of a fuzzer like easy and quick data generation, instrumentation and failure detection, target reset after failure, and recording of test data. Much easier install experience and support for arbitrary communications mediums. Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast. Better recording of test data, consistent, thorough, and clear. Test result CSV export and extensible instrumentation/failure detection. Boofuzz installs as a Python library used to build fuzzer scripts. It is strongly recommended to set up Boofuzz in a virtual environment.Starting Price: Free -
15
Google OSS-Fuzz
Google
OSS-Fuzz offers continuous fuzzing for open source software. Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community. OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. Projects that do not qualify for OSS-Fuzz can run their own instances of ClusterFuzz or ClusterFuzzLite. Currently, OSS-Fuzz supports C/C++, Rust, Go, Python, and Java/JVM code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.Starting Price: Free -
16
Code Intelligence
Code Intelligence
Our platform uses various security techniques, including coverage-guided and feedback-based fuzz testing, to automatically generate millions of test cases that trigger hard-to-find bugs deep within your application. This white-box approach protects against edge cases and speeds up development. Advanced fuzzing engines generate inputs that maximize code coverage. Powerful bug detectors check for errors during code execution. Uncover true vulnerabilities only. Get the input and stack trace as proof, so you can reliably reproduce errors every time. AI white-box testing uses data from all previous test runs to continuously learn the inner-workings of your application, triggering security-critical bugs with increasingly high precision. -
17
Defensics
Synopsys
Defensics is a comprehensive, versatile, automated black box fuzzer that enables organizations to efficiently and effectively discover and remediate security weaknesses in software. Identify defects and zero-day vulnerabilities in services and protocols. The generational fuzzer takes an intelligent, targeted approach to negative testing. Advanced file and protocol template fuzzers enable users to build their own test cases. The SDK allows expert users to use the Defensics framework to develop their own test cases. Defensics is a black box fuzzer, meaning it doesn’t require source code to run. With Defensics, users can secure their cyber supply chain to ensure the interoperability, robustness, quality, and security of software and devices before introducing them into IT or lab environments. Properly executed fuzzing techniques can provide a low-cost, efficient means of finding vulnerabilities, covering more code paths and value iterations than a manual analysis can perform. -
18
BFuzz
RootUp
BFuzz is an input-based fuzzer tool that takes HTML as an input, opens up your browser with a new instance, and passes multiple test cases generated by domato which is present in the recurve folder of BFuzz, more over BFuzz is an automation that performs the same task repeatedly and it doesn't mangle any test cases. Running BFuzz will ask for the option of whether to fuzz Chrome or Firefox, however, this will open Firefox from recurve and create the logs on the terminal. BFuzz is a small script that enables you to open the browser and run test cases. The test cases in recurve are generated by the domato generator and contain the main script. It contains additional helper code for DOM fuzzing.Starting Price: Free -
19
BlackArch Fuzzer
BlackArch
BlackArch is a Linux pentesting distribution based on ArchLinux. BlackArch Fuzzer provides packages that use the fuzz testing principle. -
20
Solidity Fuzzing Boilerplate
patrickd
Solidity Fuzzing Boilerplate is a template repository intended to ease fuzzing components of Solidity projects, especially libraries. Write tests once and run them with both Echidna and Foundry's fuzzing. Fuzz components that use incompatible Solidity versions by deploying those into a Ganache instance via Etheno. Use HEVM's FFI cheat code to generate complex fuzzing inputs or to compare outputs with non-EVM executables while doing differential fuzzing. Publish your fuzzing experiments without worrying about licensing by extending the shell script to download specific files. Turn off FFI if you don't intend to make use of shell commands from your Solidity contracts. Note that FFI is slow and should only be used as a workaround. It can be useful for testing against things that are difficult to implement within Solidity and already exist in other languages. Before executing tests of a project that has FFI enabled, be sure to check what commands are actually being executed.Starting Price: Free -
21
syzkaller
Google
syzkaller is an unsupervised coverage-guided kernel fuzzer. Supports FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, and Windows. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Once syzkaller detects a kernel crash in one of the VMs, it will automatically start the process of reproducing this crash. By default, it will use 4 VMs to reproduce the crash and then minimize the program that caused it. This may stop the fuzzing, since all of the VMs might be busy reproducing detected crashes. The process of reproducing one crash may take from a few minutes up to an hour depending on whether the crash is easily reproducible or non-reproducible at all.Starting Price: Free -
22
Mayhem
ForAllSecure
Advanced fuzzing solution that combines guided fuzzing with symbolic execution, a patented technology from CMU. Mayhem is an advanced fuzz testing solution that dramatically reduces manual testing efforts with autonomous defect detection and validation. Deliver safe, secure, reliable software with less time, cost, and effort. Mayhem’s unique advantage is in its ability to acquire intelligence of its targets over time. As Mayhem’s knowledge grows, it deepens its analysis and maximizes its code coverage. All reported vulnerabilities are exploitable, confirmed risks. Mayhem guides remediation efforts with in-depth system level information, such as backtraces, memory logs, and register state, expediting issue diagnosis and fixes. Mayhem utilizes target feedback to custom generate test cases on the fly -- meaning no manual test case generation required. Mayhem offers access to all of its test cases to make regression testing effortless and continuous. -
23
Synopsys Fuzzing Test Suite
Synopsys
Defensics is a comprehensive, versatile, automated black box fuzzer that enables organizations to efficiently and effectively discover and remediate security weaknesses in software. The generational fuzzer takes an intelligent, targeted approach to negative testing. Advanced file and protocol template fuzzers enable users to build their own test cases. The SDK allows expert users to use the Defensics framework to develop their own test cases. Defensics is a black box fuzzer, meaning it doesn’t require source code to run. With Defensics, users can secure their cyber supply chain to ensure the interoperability, robustness, quality, and security of software and devices before introducing them into IT or lab environments. Defensics fits nearly any development workflow, whether in a traditional SDL or CI environment. Its API and data export capabilities also enable it to integrate with surrounding technologies, making it a true plug-and-play fuzzer. -
24
Radamsa
Aki Helin
Radamsa is a test case generator for robustness testing or fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs from them. The main selling points of Radamsa are that it has already found a slew of bugs in programs that actually matter, it is easily scriptable, and, easy to get up and running. Fuzzing is one of the techniques to find unexpected behavior in programs. The idea is simply to subject the program to various kinds of inputs and see what happens. There are two parts to this process: getting the various kinds of inputs and how to see what happens. Radamsa is a solution to the first part, and the second part is typically a short shell script. Testers usually have a more or less vague idea of what should not happen, and they try to find out if this is so.Starting Price: Free -
25
API Fuzzer
Fuzzapi
API Fuzzer allows to fuzz-request attributes using common pentesting techniques and lists vulnerabilities. API Fuzzer gem accepts an API request as input and returns vulnerabilities possible in the API. Cross-site scripting vulnerability, SQL injection, blind SQL injection, XML external entity vulnerability, IDOR, API rate limiting, open redirect vulnerabilities, information disclosure flaws, info leakage through headers, and cross-site request forgery vulnerability.Starting Price: Free -
26
APIFuzzer
PyPI
APIFuzzer reads your API description and step-by-step fuzzes the fields to validate if your application can cope with the fuzzed parameters, and it does not require coding. Parse API definition from a local file or remote URL. JSON and YAML file format support. All HTTP methods are supported. Fuzzing of the request body, query string, path parameter, and request header is supported. Relies on random mutations and supports CI integration. Generate JUnit XML test report format. Send a request to an alternative URL. Support HTTP basic auth from the configuration. Save the report of the failed test in JSON format into the pre-configured folder.Starting Price: Free -
27
CI Fuzz
Code Intelligence
CI Fuzz ensures robust and secure code with test coverage up to 100%. Use CI Fuzz from the command line or in the IDE of choice to generate thousands of test cases automatically. CI Fuzz analyzes code as it runs, just like a unit test, but with AI support to efficiently cover all paths through the code. Uncover real bugs in real-time and say goodbye to theoretical issues and false positives. Find real issues with all the information needed to quickly reproduce and fix them. Test your code with maximum code coverage and automatically detect typical security-relevant bugs like injections and remote code executions automatically in one go. Get fully covered to deliver the highest quality software. Conduct real-time code analysis with CI Fuzz. Take unit tests to the next level. It employs AI for comprehensive code path coverage and the automatic generation of thousands of test cases. Maximize pipeline performance that doesn't compromise software integrity.Starting Price: €30 per month -
28
Fuzzbuzz
Fuzzbuzz
The Fuzzbuzz workflow is very similar to other CI/CD testing workflows. However, unlike other testing workflows, fuzz testing requires multiple jobs to run simultaneously, which results in a few extra steps. Fuzzbuzz is a fuzz testing platform. We make it trivial for developers to add fuzz tests to their code and run them in CI/CD, helping them catch critical bugs and vulnerabilities before they hit production. Fuzzbuzz completely integrates into your environment, following you from the terminal to CI/CD. Write a fuzz test in your environment and use your own IDE, terminal, or build tools. Push to CI/CD and Fuzzbuzz will automatically start running your fuzz tests against your latest code changes. Get notified when bugs are found through Slack, GitHub, or email. Catch regressions as new changes are automatically tested and compared to previous runs. Code is built and instrumented by Fuzzbuzz as soon as a change is detected.Starting Price: Free -
29
OWASP WSFuzzer
OWASP
Fuzz testing or fuzzing is a software testing technique, that basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion. Let’s consider an integer in a program, which stores the result of a user’s choice between 3 questions. When the user picks one, the choice will be 0, 1, or 2, which makes three practical cases. Integers are stored as a static size variable. If the default switch case hasn’t been implemented securely, the program may crash and lead to “classical” security issues. Fuzzing is the art of automatic bug finding, and its role is to find software implementation faults and identify them if possible. A fuzzer is a program that automatically injects semi-random data into a program/stack and detects bugs. The data-generation part is made of generators, and vulnerability identification relies on debugging tools. Generators usually use combinations of static fuzzing vectors. -
30
beSTORM
Beyond Security (Fortra)
Discover code weaknesses and certify the security strength of any product without access to source code. Test any protocol or hardware with beSTORM, even those used in IoT, process control, CANbus compatible automotive and aerospace. Realtime fuzzing, doesn’t need access to the source code, no cases to download. One platform, one GUI to learn, with over 250+ prebuilt protocol testing modules and the ability to add custom and proprietary ones. Find the security weaknesses before deployment that are most often discovered by external actors after release. Certify vendor components and your own applications in your own testing center. Self-learning software module and propriety software testing. Customization and scalability for any business sizes up or down. Automatically generate and deliver near-infinite attack vectors and document any product failures. Record every pass/fail and hand engineering the exact command that produced each fail.Starting Price: $50,000.00/one-time -
31
FuzzDB
FuzzDB
FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. FuzzDB contains comprehensive lists of attack payload primitives for fault injection testing. These patterns, categorized by the attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, HTTP header crlf injections, SQL injection, NoSQL injection, and more. For example, FuzzDB catalogs 56 patterns that can potentially be interpreted as a null byte and contains lists of commonly used methods and name-value pairs that trigger debug modes.Starting Price: Free -
32
Fuzzing Project
Fuzzing Project
Fuzzing is a powerful strategy to find bugs in software. The idea is quite simple, which is to generate a large number of randomly malformed inputs for the software to parse and see what happens. If the program crashes then something is likely wrong. While fuzzing is a well-known strategy, it is surprisingly easy to find bugs, often with security implications, in widely used software. Memory access errors are the errors most likely to be exposed when fuzzing software that is written in C/C++. While they differ in the details, the core problem is often the same, the software reads or writes to the wrong memory locations. A modern Linux or BSD system ships a large number of basic tools that do some kind of file displaying and parsing. In their current state, most of these tools are not suitable for untrusted inputs. On the other hand, we have powerful tools these days that allow us to find and analyze these bugs.Starting Price: Free -
33
Tayt
Crytic
Tayt is a StarkNet smart contract fuzzer. We recommend using a Python virtual environment. When starting you will see the properties to be checked and the external functions used to generate a sequence of transactions. Eventually, if a property is violated a call sequence will be presented with the order of functions to be called, the respective arguments passed, the caller address, and the events emitted. With Tayt, you can test a contract that deploys other contracts.Starting Price: Free -
34
Wapiti
Wapiti
Wapiti is a web application vulnerability scanner. Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed web app, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms, and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Search for potentially dangerous files on the server. Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart forms and can inject payloads in filenames (upload). Warnings are raised when an anomaly is found (for example 500 errors and timeouts). Wapiti is able to make the difference between permanent and reflected XSS vulnerabilities. Generates vulnerability reports in various formats (HTML, XML, JSON, TXT, CSV).Starting Price: Free -
35
Ffuf
Ffuf
Ffuf is a fast web fuzzer written in Go. You can also practice your Ffuf scans against a live host with different lessons and use cases either locally by using the Docker container or against the live-hosted version. Provides virtual host discovery (without DNS records). In order to tell Ffuf about different inputs to test out, a wordlist is needed. You can supply one or more wordlists on the command line, and in case you wish (or are using multiple wordlists) you can choose a custom keyword for them. You can supply Ffuf with multiple wordlists (remember to configure a custom keyword for them though). The first word of the first wordlist is tested against all the words from the second wordlist before moving along to test the second word in the first wordlist against all the words in the second wordlist. In short, all of the different combinations are tried out. There are quite a few different ways to customize the request.Starting Price: Free -
36
Mayhem Code Security
Mayhem
Thousands of autonomously generated tests run every minute to pinpoint vulnerabilities and guide rapid remediation. Mayhem takes the guesswork out of untested code by autonomously generating test suites that produce actionable results. No need to recompile the code, since Mayhem works with dockerized images. Self-learning ML continually runs thousands of tests per second probing for crashes and defects, so developers can focus on features. Continuous testing runs in the background to surface new defects and increase code coverage. Mayhem delivers a copy/paste reproduction and backtrace for every defect, then prioritizes them based on your risk. See all the results, duplicated and prioritized by what you need to fix now. Mayhem fits into your existing build pipeline and development tools, putting actionable results at your developers' fingertips. No matter what language or tools your team uses. -
37
hevm
DappHub
The hevm project is an implementation of the Ethereum Virtual Machine (EVM) made specifically for symbolic execution, unit testing, and debugging of smart contracts. It is developed by DappHub and integrates especially well with the DappHub tool suite. The hevm command line program can symbolically execute smart contracts, run unit tests, interactively debug contracts while showing the Solidity source, or run arbitrary EVM code. Computations can be performed using a local state set up in a testing harness or fetched on demand from live networks using RPC calls. Run a symbolic execution against the given parameters, searching for assertion violations. One can also specialize specific arguments to a function signature while leaving others abstract. hevm uses an eager approach for symbolic execution, meaning that it will first attempt to explore all branches of the program.Starting Price: Free -
38
Fuzzapi
Fuzzapi
Fuzzapi is a tool used for REST API pentesting and uses API Fuzzer and provides UI solutions for gem.Starting Price: Free -
39
Wfuzz
Wfuzz
Wfuzz provides a framework to automate web application security assessments and could help you secure your web applications by finding and exploiting web application vulnerabilities. You can also run Wfuzz from the official Docker image. Wfuzz is based on the simple concept that it replaces any reference to the fuzz keyword with the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing it to perform complex web security attacks in different web application components such as parameters, authentication, forms, directories/files, headers, etc. Wfuzz’s web application vulnerability scanner is supported by plugins. Wfuzz is a completely modular framework and makes it easy for even the newest Python developers to contribute. Building plugins is simple and takes little more than a few minutes.Starting Price: Free -
40
PortSwigger Burp Suite Professional
PortSwigger
Hands-on security testers need the best tools for the job. Tools you have faith in, and enjoy using all day long. The tools that other professionals trust. Burp Suite Professional is the web security tester's toolkit of choice. Use it to automate repetitive testing tasks, then dig deeper with its expert-designed manual and semi-automated security testing tools. Burp Suite Professional can help you to test for OWASP top 10 vulnerabilities, as well as the very latest hacking techniques. Smart automation works in concert with expert-designed manual tools, to save you time. Optimize your workflow, and do more of what you do best. Burp Scanner can navigate and scan JavaScript-heavy single-page applications (SPAs), scan APIs, and enable the prerecording of complex authentication sequences. A toolkit designed and used by professional testers. Utilize features like the ability to record everything you did on an engagement and a powerful search function to improve efficiency and reliability.Starting Price: $449 per year -
41
Grammatech Proteus
Grammatech
Proteus is an advanced software testing system for automatically finding and fixing vulnerabilities, with no false alarms, aimed at development groups, testing organizations, and cybersecurity teams. It discovers vulnerabilities that could be triggered by potentially malicious files or network inputs, including many common entries in the Common Weakness Enumeration (CWE). The tool supports Windows and Linux native binaries. By integrating and simplifying the use of state-of-the-art tools for binary analysis and transformation, Proteus lowers the costs and increases the efficiency and effectiveness of software testing, reverse engineering, and maintenance. Binary analysis, mutational fuzzing, and symbolic execution without the need for source code, and a professional-grade user interface for result aggregation and presentation. Advanced exploitability reporting and reasoning capability, and deployment in a virtualized environment or on a host system.Starting Price: Free -
42
Etheno
Crytic
Etheno is an Ethereum-testing, JSON RPC multiplexer, analysis tool wrapper, and test integration tool. It eliminates the complexity of setting up analysis tools like Echidna on large, multi-contract projects. If you are a smart contract developer, you should use Etheno to test your contracts. If you are an Ethereum client developer, you should use Etheno to perform differential testing on your implementation. Etheno runs a JSON RPC server that can multiplex calls to one or more clients. API for filtering and modifying JSON RPC calls. Enables differential testing by sending JSON RPC sequences to multiple Ethereum clients. Deploy to and interact with multiple networks at the same time. Integration with test frameworks like Ganache and Truffle. Run a local test network with a single command. Use our prebuilt Docker container to quickly install and try Etheno. Etheno can be used in many different ways and therefore, has numerous command-line argument combinations.Starting Price: Free -
43
ImmuneBytes
ImmuneBytes
Fortify your blockchains with our impeccable audit services for unparalleled security in the decentralized realm. If you're spending sleepless nights worrying about losing funds to hackers, choose from our stack of services, and bid farewell to all your fears. In-depth analysis of the code by industry veterans to detect the vulnerabilities in your smart contract. Our experts secure your blockchain applications by mitigating risks through security design, assessment, audit, and compliance services. Our independent team of prolific penetration testers performs an extensive exercise to detect vulnerabilities and system exploits. We are the torch-bearers of making the space safer for everyone and do it by helping with a complete, systematic analysis to enhance the product's overall security. Recovery of funds is as equally important as a security audit. Have the facility to track user funds with our transaction risk monitoring system and boost users' confidence.Starting Price: Free -
44
Tarpaulin
Tarpaulin
Tarpaulin is a code coverage reporting tool for the cargo build system, named for a waterproof cloth used to cover cargo on a ship. Currently, tarpaulin provides working line coverage and while fairly reliable may still contain minor inaccuracies in the results. A lot of work has been done to get it working on a wide range of projects, but often unique combinations of packages and build features can cause issues so please report anything you find that's wrong. Also, check out our roadmap for planned features. On Linux Tarpaulin's default tracing backend is still Ptrace and will only work on x86 and x64 processors. This can be changed to the llvm coverage instrumentation with engine llvm, for Mac and Windows this is the default collection method. It can also be run in Docker, which is useful for when you don't use Linux but want to run it locally.Starting Price: Free -
45
Wallarm FAST
Wallarm
Automate Security testing in CI/CD. Identify vulnerabilities in apps and APIs with dynamic security testing as fast as your DevOps runs. Automated continuous security enables high-velocity CI/CD. Integrated testing for every code build. Security is guardrails. Unified CI workflows for DevSecOps. Developer friendly. FAST automatically transforms existing functional tests into security tests in CI/CD. A FAST proxy (Docker container) is used to capture requests as baselines. It then creates and runs a multitude of security checks for every build. Use OWASP Top 10 defaults or specify your own testing policies, like types of parameters to test, payloads, or fuzzer settings. Report vulnerabilities and anomalies to the CI pipeline and ticketing system.Starting Price: $25,000 per year -
46
Testwell CTC++
Testwell
Testwell CTC++ is a powerful instrumentation-based code coverage and dynamic analysis tool for C and C++ code. With certain add-on components CTC++ can be used also on C#, Java and Objective-C code. Further, again with certain add-on components, CTC++ can be used to analyse code basically at any embedded target machines, also in very small ones (limited memory, no operating system). CTC++ provides Line Coverage, Statement Coverage, Function Coverage, Decision Coverage, Multicondition Coverage, Modified Condition/Decision Coverage (MC/DC), Condition Coverage. As a dynamic analysis tool, CTC++ shows the execution counters (how many times executed) in the code, i.e. more than a plain executed/not executed information. You can also use CTC++ to measure function execution costs (normally time) and to enable function entry/exit tracing at test time. CTC++ is easy to use.Starting Price: Free -
47
FlowCoder
Omnipacket
FlowCoder is a WYSIWYG programming framework for prototyping, debugging, validation, fuzzing as well as functional, load, and security testing of computer networks. It allows building packets for a variety of network protocols, sending them on the wire, receiving and analyzing incoming network traffic, matching requests with replies, keeping and changing the state and much more. Local execution is the simplest case. All packets sent by FlowCoder originate on a local host. Packets coming back in response are processed there as well. Only FlowCoder IDE components run locally. A flowchart, once created, is shipped for execution to a cloud running multiple instances of the flowchart processor engine. Packets are originated and processed in a cloud. The local user gets back diagnostics and statistical data. Playing MITM in a cloud. Flowchart sees the packets passing between a pair of network end-points, and could modify them at any stack layer. -
48
grcov
grcov
grcov collects and aggregates code coverage information for multiple source files. grcov processes .profraw and .gcda files which can be generated from llvm/clang or gcc. grcov also processes lcov files (for JS coverage) and JaCoCo files (for Java coverage). Linux, macOS and Windows are supported.Starting Price: Free -
49
Klanghelm SDRR
Klanghelm
SDRR was built to satisfy almost all of your saturation desires. It provides a comprehensive set of controls to manipulate the character of the saturation to make it fit exactly. SDRR offers four different main modes, TUBE, DIGI, FUZZ, DESK and reacts dynamically to the input signal. Each mode has its unique crosstalk behavior, which can be switched off or exaggerated. A unique RMS level difference metering mode makes level matching an easy task. SDRR can be different things, a saturation, a compressor, an EQ, a bit-crusher, a subtle stereo widener, or simply add some movement to your tracks with the DRIFT control. Add warmth, depth and character to your tracks with SDRR. Don't forget to check out the free IVGI, which can be seen as the little brother of SDRR. It is based on the DESK mode in SDRR. SDRR is available for macOS and Windows (all included in one single license).Starting Price: €23 one-time payment -
50
BreakingPoint
Keysight Technologies
Enter BreakingPoint. By simulating real-world legitimate traffic, distributed denial of service (DDoS), exploits, malware, and fuzzing, BreakingPoint validates an organization’s security infrastructure, reduces the risk of network degradation by almost 80%, and increases attack readiness by nearly 70%. And with our new TrafficREWIND solution, you'll get even more realistic and high-fidelity validation by adding production network insight into BreakingPoint test traffic configurations. BreakingPoint addresses that by simulating both good and bad traffic to validate and optimize networks under the most realistic conditions. Security infrastructures can also be verified at high-scale, ensuring ease of use, greater agility, and speedy network testing. BreakingPoint validates an organization’s security infrastructure, reduces the risk of network degradation by almost 80%, and increases attack readiness by nearly 70%.