{"id":13539008,"url":"https://github.com/rootup/bfuzz","last_synced_at":"2026-01-28T15:30:46.099Z","repository":{"id":61257786,"uuid":"132633491","full_name":"RootUp/BFuzz","owner":"RootUp","description":"Fuzzing Browsers","archived":false,"fork":false,"pushed_at":"2022-12-05T11:57:55.000Z","size":9174,"stargazers_count":310,"open_issues_count":0,"forks_count":49,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-03-31T04:37:10.100Z","etag":null,"topics":["browsers","domato","fuzzing","fuzzing-framework"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RootUp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-08T16:05:57.000Z","updated_at":"2025-01-09T00:36:57.000Z","dependencies_parsed_at":"2023-01-24T03:30:32.546Z","dependency_job_id":null,"html_url":"https://github.com/RootUp/BFuzz","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/RootUp/BFuzz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootUp%2FBFuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootUp%2FBFuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootUp%2FBFuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootUp%2FBFuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RootUp","download_url":"https://codeload.github.com/RootUp/BFuzz/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootUp%2FBFuzz/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28846337,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T15:15:36.453Z","status":"ssl_error","status_checked_at":"2026-01-28T15:15:13.020Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browsers","domato","fuzzing","fuzzing-framework"],"created_at":"2024-08-01T09:01:18.974Z","updated_at":"2026-01-28T15:30:46.083Z","avatar_url":"https://github.com/RootUp.png","language":"HTML","readme":"# BFuzz\n[![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)\n```\nBFuzz is currently in beta. \n```\n\nBFuzz is an input based fuzzer tool which take `.html` as an input, open's up your browser with a new instance and pass multiple testcases generated by domato which is present in `recurve` folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly it doesn't mangle any testcases.\n\n## Run BFuzz\n\n```\nwarmachine@ftw:~/BFuzz$ ./generate.sh\nwarmachine@ftw:~/BFuzz$ python BFuzz.py \nEnter the browser type:\n 1: Chrome \n 2: Firefox\n\u003e\u003e\n```\nRunning `python BFuzz.py` will ask for option weather to fuzz Chrome or Firefox, however if selected `2` this will open firefox `firefox --new-instance` and randomly open any of the testcase from `recurve` create the logs on the terminal wait for `3 seconds` again it will open firefox and the same process continue so on.\n\nBFuzz is a small `.py` script which enable's to open browser run testcase for `12 seconds` then close wait for `3 seconds` and again follow the same process.\n\n## Domato 🍅\nThe testcase's in `recurve` are generated by [domato](https://github.com/googleprojectzero/domato)\ngenerator.py contains the main script. It uses grammar.py as a library and contains additional helper code for DOM fuzzing.\n\ngrammar.py contains the generation engine that is mostly application-agnostic and can thus be used in other (i.e. non-DOM) generation-based fuzzers. As it can be used as a library, its usage is described in a separate section below.\n\n.txt files contain grammar definitions. There are 3 main files, html.txt, css.txt and js.txt which contain HTML, CSS and JavaScript grammars, respectively. These root grammar files may include content from other files.\n\n## Bug showcase\nEpiphany Web 3.28.1: [CVE-2018-11396](https://bugzilla.gnome.org/show_bug.cgi?id=795740), new [testcase](https://gist.github.com/RootUp/05b623a8169efef9909e764d63ec4408) identified for CVE-2018-11396\u003cbr\u003e\nMozilla Firefox: Stack based buffer overflow bug ID: 1456083 [Went DUPLICATE] \u003cbr\u003e\n\n## View in action\n[Browser Fuzzing via BFuzz](https://youtu.be/I59SkL0ReUM)\n\n## Contribution\n\nPlease feel free to PR.\n\n## ToDo\n\nHandle Exeception, Add banner, Optimize Code, Mangle testcases.\n\n","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["功能"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frootup%2Fbfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frootup%2Fbfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frootup%2Fbfuzz/lists"}