{"id":13514655,"url":"https://github.com/secfigo/Awesome-Fuzzing","last_synced_at":"2025-03-31T03:31:05.475Z","repository":{"id":37742805,"uuid":"62374656","full_name":"secfigo/Awesome-Fuzzing","owner":"secfigo","description":"A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.","archived":false,"fork":false,"pushed_at":"2024-04-03T07:04:46.000Z","size":163,"stargazers_count":5124,"open_issues_count":6,"forks_count":809,"subscribers_count":223,"default_branch":"master","last_synced_at":"2024-05-19T23:13:44.780Z","etag":null,"topics":["awesome","awesome-list","fuzzing","fuzzing-framework","secfigo"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secfigo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"Contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2016-07-01T07:44:53.000Z","updated_at":"2024-05-19T05:29:48.000Z","dependencies_parsed_at":"2024-01-13T08:50:15.448Z","dependency_job_id":"a39d1e36-5191-4b35-955f-09456d5ec8e9","html_url":"https://github.com/secfigo/Awesome-Fuzzing","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secfigo%2FAwesome-Fuzzing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secfigo%2FAwesome-Fuzzing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secfigo%2FAwesome-Fuzzing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secfigo%2FAwesome-Fuzzing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secfigo","download_url":"https://codeload.github.com/secfigo/Awesome-Fuzzing/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246385388,"owners_count":20768671,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","fuzzing","fuzzing-framework","secfigo"],"created_at":"2024-08-01T05:00:59.763Z","updated_at":"2025-03-31T03:31:05.446Z","avatar_url":"https://github.com/secfigo.png","language":null,"funding_links":[],"categories":["HarmonyOS","DevSecOps","Softwares","Awesome Repositories","Others","Uncategorized","Resources","Table of Contents","Others (1002)","Other Lists","Fuzzing Background","📘 Valuable Repositories","Infosec resources","Common Lists","In Russian","Here is a collection of hackers, pentesters, security researchers, scripts and more:","Programming/Comp Sci/SE Things"],"sub_categories":["Windows Manager","Fuzzing","Testing","Uncategorized","By Purpose","Awesome Repositories","模糊测试（Fuzzing）","TeX Lists","Talks \u0026 Discussion","ColdFusion","Awesome Lists","Introduction"],"readme":"Welcome to Awesome Fuzzing [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)\n===================\n\nA curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.\n\n### Contents\n- [Books](#books)\n- [Courses](#courses)\n   + [Free](#free)\n   + [Paid](#paid)\n- [Videos](#videos)\n  + [NYU Poly Course videos](#nyu-poly-course-videos)\n  + [Conference talks and tutorials](#conference-talks-and-tutorials)\n- [Tutorials and Blogs](#tutorials-and-blogs)\n- [Tools](#tools)\n  + [Cloud Fuzzers](#cloud-fuzzers)\n  + [File Format Fuzzers](#file-format-fuzzers)\n  + [Network Protocol Fuzzers](#network-protocol-fuzzers)\n  + [Browser Fuzzing](#browser-fuzzing)\n  + [Taint Analysis](#taint-analysis)\n  + [Symbolic Execution SAT and SMT Solvers](#symbolic-execution-sat-and-smt-solvers)\n  + [Essential Tools](#essential-tools)\n- [Vulnerable Applications](#vulnerable-applications)\n- [Anti-Fuzzing](#anti-fuzzing)\n- [Directed-Fuzzing](#directed-fuzzing)\n- [Contributing](#contributing)\n\n\n# Awesome Fuzzing Resources\n\n## Books\n\n*Books on fuzzing*\n- [Fuzzing: Brute Force Vulnerability Discovery](https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119) by Michael Sutton, Adam Greene, Pedram Amini.\n\n- [Fuzzing for Software Security Testing and Quality Assurance ](https://www.amazon.com/Fuzzing-Software-Security-Testing-Assurance/dp/1608078507) by Ari Takanen, Charles Miller, Jared D Demott and Atte Kettunen.\n\n- [Open Source Fuzzing Tools](https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950) by by Gadi Evron and Noam Rathaus.\n\n- [Gray Hat Python](https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921) by Justin Seitz.\n\n- [The Fuzzing Book](https://www.fuzzingbook.org/) by Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, and Christian Holler.\n\n\n\u003e **Note:** Chapter(s) in the following books are dedicated to fuzzing.\n\n\u003e - [The Shellcoder's Handbook: Discovering and Exploiting Security Holes ( Chapter 15 )](https://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X) by Chris Anley, Dave Aitel, David Litchfield and others.\n\n\u003e - [iOS Hacker's Handbook - Chapter 1](https://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123) Charles Miller, Dino DaiZovi, Dion Blazakis, Ralf-Philip Weinmann, and Stefan Esser.\n\n\u003e - [IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler](https://www.amazon.com/IDA-Pro-Book-2nd-ebook/dp/B005EI84TM)\n\n\n## Courses\n\n*Courses/Training videos on fuzzing*\n\n\n### Free\n\n[NYU Poly ( see videos for more )](https://vimeo.com/5236104 ) - Made available freely by Dan Guido.\n\n[Samclass.info ( check projects section and chapter 17 ) ](https://samsclass.info/127/127_F15.shtml) - by Sam.\n\n[Modern Binary Exploitation ( RPISEC ) - Chapter 15 ](https://github.com/RPISEC/MBE) - by RPISEC.\n\n[Offensive Computer Security - Week 6](https://web.archive.org/web/20200414165953/https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) - by W. Owen Redwood and Prof. Xiuwen Liu.\n\n### Paid\n\n[Offensive Security, Cracking The Perimeter ( CTP ) and Advanced Windows Exploitation ( AWE )](https://www.offensive-security.com/information-security-training/)\n\n[SANS 660/760 Advanced Exploit Development for Penetration Testers](https://www.sans.org/course/advanced-exploit-development-penetration-testers)\n\n[Exodus Intelligence - Vulnerability development master class](https://blog.exodusintel.com/2016/05/18/exodus-intelligence-2016-training-course/)\n\n[Ada Logics - Applied Source Code Fuzzing](https://adalogics.com/training-source-fuzz)\n\n[FuzzingLabs Academy (C/C++, Rust, Go fuzzing)](https://academy.fuzzinglabs.com/)\n\n[Signal Labs - Vulnerability Research \u0026 Fuzzing](https://signal-labs.com/trainings/vulnerability-research-fuzzing/)\n\n## Videos\n\n*Videos talking about fuzzing techniques, tools and best practices*\n\n\n### NYU Poly Course videos\n[Fuzzing 101 (Part 1)](https://vimeo.com/5236104) - by Mike Zusman.\n\n[Fuzzing 101 (Part 2)](https://vimeo.com/5237484) - by Mike Zusman.\n\n[Fuzzing 101 (2009)](https://vimeo.com/7574602) - by Mike Zusman.\n\n[Fuzzing - Software Security Course on Coursera](https://www.coursera.org/lecture/software-security/fuzzing-VgyOn) - by University of Maryland.\n\n### Conference talks and tutorials\n\n[Attacking Antivirus Software's Kernel Driver](https://github.com/bee13oy/AV_Kernel_Vulns/tree/master/Zer0Con2017)\n\n[Fuzzing the Windows Kernel - OffensiveCon 2020](https://github.com/yoava333/presentations/blob/master/Fuzzing%20the%20Windows%20Kernel%20-%20OffensiveCon%202020.pdf)\n\n[Youtube Playlist of various fuzzing talks and presentations ](https://www.youtube.com/playlist?list=PLtPrYlwXDImiO_hzK7npBi4eKQQBgygLD) - Lots of good content in these videos.\n\n[Browser bug hunting - Memoirs of a last man standing](https://vimeo.com/109380793) - by Atte Kettunen\n\n[Coverage-based Greybox Fuzzing as Markov Chain](https://www.comp.nus.edu.sg/~mboehme/paper/CCS16.pdf)\n\n[DerbyCon 2016: Fuzzing basics...or how to break software](http://www.irongeek.com/i.php?page=videos/derbycon6/411-fuzzing-basicshow-to-break-software-grid-aka-scott-m)\n\n[Fuzz Theory](https://www.youtube.com/watch?v=5rE8xEg5tXk\u0026list=PLSkhUfcCXvqG6FRTCCxIfoMK6rw3NZvb6) - by Brandon Falk\n\n\n## Tutorials and Blogs\n\n*Tutorials and blogs which explain methodology, techniques and best practices of fuzzing*\n\n[ARMored CoreSight: Towards Efficient Binary-only Fuzzing](https://ricercasecurity.blogspot.com/2021/11/armored-coresight-towards-efficient.html)\n\n[Fuzzing Microsoft's RDP Client using Virtual Channels: Overview \u0026 Methodology](https://thalium.github.io/blog/posts/fuzzing-microsoft-rdp-client-using-virtual-channels/)\n\n[Fuzzing Closed Source PDF Viewers](https://www.gosecure.net/blog/2019/07/30/fuzzing-closed-source-pdf-viewers/)\n\n[Fuzzing Image Parsing in Windows, Part One: Color Profiles](https://www.mandiant.com/resources/fuzzing-image-parsing-in-windows-color-profiles)\n\n[Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory](https://www.mandiant.com/resources/fuzzing-image-parsing-in-windows-uninitialized-memory)\n\n[Fuzzing Image Parsing in Windows, Part Three: RAW and HEIF](https://www.mandiant.com/resources/fuzzing-image-parsing-three)\n\n[Fuzzing the Office Ecosystem](https://research.checkpoint.com/2021/fuzzing-the-office-ecosystem/)\n\n[Effective File Format Fuzzing](https://j00ru.vexillium.org/slides/2016/blackhat.pdf) - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London\n\n[A year of Windows kernel font fuzzing Part-1 the results](https://googleprojectzero.blogspot.com/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html) - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers.\n\n[A year of Windows kernel font fuzzing Part-2 the techniques](https://googleprojectzero.blogspot.com/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html) - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers.\n\n[Interesting bugs and resources at fuzzing project](https://blog.fuzzing-project.org/) - by fuzzing-project.org.\n\n[Fuzzing workflows; a fuzz job from start to finish](https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/) - by @BrandonPrry.\n\n[A gentle introduction to fuzzing C++ code with AFL and libFuzzer](http://jefftrull.github.io/c++/clang/llvm/fuzzing/sanitizer/2015/11/27/fuzzing-with-sanitizers.html) - by Jeff Trull.\n\n[A 15 minute introduction to fuzzing](https://web.archive.org/web/20161129095601/https://www.mwrinfosecurity.com/our-thinking/15-minute-guide-to-fuzzing/) - by folks at MWR Security.\n\n\u003e **Note:** Folks at fuzzing.info has done a great job of collecting some awesome links, I'm not going to duplicate their work. I will add papers missed by them and from 2015 and 2016.\n[Fuzzing Papers](https://fuzzinginfo.wordpress.com/papers/) - by fuzzing.info\n\n[Fuzzing Blogs and Books](https://fuzzinginfo.wordpress.com/resources/) - by fuzzing.info\n\n[Root Cause Analysis of the Crash during Fuzzing](\nhttps://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/) - by Corelan Team.\n\n[Root cause analysis of integer flow](https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/) - by Corelan Team.\n\n[Creating custom peach fuzzer publishers](http://blog.opensecurityresearch.com/2014/01/creating-custom-peach-fuzzer-publishers.html) - by Open Security Research\n\n[7 Things to Consider Before Fuzzing a Large Open Source Project](https://www.linux.com/news/7-things-consider-fuzzing-large-open-source-project/) - by Emily Ratliff.\n\n\n##### From Fuzzing to Exploit:\n[From fuzzing to 0-day](https://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/) - by Harold Rodriguez(@superkojiman).\n\n[From crash to exploit](https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/) - by Corelan Team.\n\n##### Peach Fuzzer related tutorials\n\n[Peach Fuzzer Introductionh](https://peachtech.gitlab.io/peach-fuzzer-community/Introduction.html)\n\n[Fuzzing with Peach Part 1](http://www.flinkd.org/fuzzing-with-peach-part-1/) - by Jason Kratzer of corelan team\n\n[Fuzzing with Peach Part 2](http://www.flinkd.org/fuzzing-with-peach-part-2-fixups-2/) - by Jason Kratzer of corelan team.\n\n[Auto generation of Peach pit files/fuzzers](http://web.archive.org/web/20181003092741/http://doc.netzob.org/en/latest/tutorials/peach.html) - by Frédéric Guihéry, Georges Bossert.\n\n##### AFL Fuzzer related tutorials\n\n[Creating a fuzzing harness for FoxitReader 9.7 ConvertToPDF Function](https://www.signal-labs.com/blog/foxit-97-fuzz)\n\n[50 CVEs in 50 Days: Fuzzing Adobe Reader](https://research.checkpoint.com/2018/50-adobe-cves-in-50-days/)\n\n[Fuzzing sockets, part 1: FTP servers](https://securitylab.github.com/research/fuzzing-sockets-FTP)\n\n[Fuzzing software: common challenges and potential solutions (Part 1) ](https://securitylab.github.com/research/fuzzing-challenges-solutions-1)\n\n[Fuzzing software: advanced tricks (Part 2)](https://securitylab.github.com/research/fuzzing-software-2)\n\n[Fuzzing workflows; a fuzz job from start to finish](https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/) - by @BrandonPrry.\n\n[Fuzzing capstone using AFL persistent mode](https://toastedcornflakes.github.io/articles/fuzzing_capstone_with_afl.html) - by @toasted_flakes\n\n[RAM disks and saving your SSD from AFL Fuzzing](http://cipherdyne.org/blog/2014/12/ram-disks-and-saving-your-ssd-from-afl-fuzzing.html)\n\n[Bug Hunting with American Fuzzy Lop](https://josephg.com/blog/bug-hunting-with-american-fuzzy-lop/)\n\n[Advanced usage of American Fuzzy Lop with real world examples](https://volatileminds.net/2015/07/01/advanced-afl-usage.html)\n\n[Segfaulting Python with afl-fuzz](https://tomforb.es/segfaulting-python-with-afl-fuzz)\n\n[Fuzzing With AFL-Fuzz, a Practical Example ( AFL vs Binutils )](https://www.evilsocket.net/2015/04/30/Fuzzing-with-AFL-Fuzz-a-Practical-Example-AFL-vs-binutils/)\n\n[The Importance of Fuzzing...Emulators?](https://mgba.io/2016/09/13/fuzzing-emulators/)\n\n[How Heartbleed could've been found](https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html)\n\n[Filesystem Fuzzing with American Fuzzy lop](https://events.static.linuxfound.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf)\n\n[Fuzzing Perl/XS modules with AFL](https://medium.com/@dgryski/fuzzing-perl-xs-modules-with-afl-4bfc2335dd90)\n\n[How to fuzz a server with American Fuzzy Lop](https://www.fastly.com/blog/how-fuzz-server-american-fuzzy-lop) - by Jonathan Foote\n\n[Fuzzing with AFL Workshop - a set of challenges on real vulnerabilities](https://github.com/ThalesIgnite/afl-training)\n\n[Fuzzing 101 - PHDays](https://github.com/RootUp/PHDays9)\n\n##### libFuzzer Fuzzer related tutorials\n\n[libFuzzer Tutorial](https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md)\n\n[Hunting for bugs in VirtualBox (First Take)](http://blog.paulch.ru/2020-07-26-hunting-for-bugs-in-virtualbox-first-take.html)\n\n[libFuzzer Workshop: \"Modern fuzzing of C/C++ Projects\"](https://github.com/Dor1s/libfuzzer-workshop)\n\n##### honggfuzz related tutorials\n\n[Fuzzing ImageIO](https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html)\n\n[Double-Free RCE in VLC. A honggfuzz how-to](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/)\n\n##### Spike Fuzzer related tutorials\n\n[Fuzzing with Spike to find overflows](https://null-byte.wonderhowto.com/how-to/hack-like-pro-build-your-own-exploits-part-3-fuzzing-with-spike-find-overflows-0162789/)\n\n[Fuzzing with Spike](https://samsclass.info/127/proj/p18-spike.htm) - by samclass.info\n\n\n##### FOE Fuzzer related tutorials\n\n[Fuzzing with FOE](https://samsclass.info/127/proj/p16-fuzz.htm) - by Samclass.info\n\n\n##### SMT/SAT solver tutorials\n\n[Z3 - A guide](https://www.philipzucker.com/z3-rise4fun/guide.html) - Getting Started with Z3: A Guide\n\n##### Building a Feedback Fuzzer (for educational purposes)\n\n[Building A Feedback Fuzzer](https://blog.fadyothman.com/tag/myfuzzer/) - by @fady_othman\n\n## Tools\n\n*Tools which helps in fuzzing applications*\n\n### Cloud Fuzzers\n\n*Fuzzers which help fuzzing in cloud environments.*\n\n[Cloudfuzzer](https://github.com/ouspg/cloudfuzzer) - Cloud fuzzing framework which makes it possible to easily run automated fuzz-testing in cloud environments.\n\n[ClusterFuzzer](https://google.github.io/clusterfuzz/) - ClusterFuzzer, scalable open source fuzzing infrastructure. It is used by Google for fuzzing Chrome Browser.\n\n[Fuzzit](https://fuzzit.dev) - Fuzzit, Continuous fuzzing as a service platform. Free for open source. used by various open-source projects (systemd, radare2) and close-source projects. To join oss program drop a line at oss@fuzzit.dev\n\n### File Format Fuzzers\n\n*Fuzzers which helps in fuzzing file formats like pdf, mp3, swf etc.,*\n\n[Jackalope](https://github.com/googleprojectzero/Jackalope)\n\n[Rehepapp](https://github.com/FoxHex0ne/Rehepapp)\n\n[Newer version of Rehepapp](https://github.com/FoxHex0ne/Rehepapp)\n\n[pe-afl combines static binary instrumentation on PE binary and WinAFL](https://github.com/wmliang/pe-afl)\n\n[MiniFuzz - Wayback Machine link](https://web.archive.org/web/20140512203517/http://download.microsoft.com/download/D/6/E/D6EDC908-A1D7-4790-AB0B-66A8B35CD931/MiniFuzzSetup.msi) - Basic file format fuzzing tool by Microsoft. (No longer available on Microsoft website).\n\n[BFF from CERT](https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=507974) - Basic Fuzzing Framework for file formats.\n\n[AFL Fuzzer (Linux only)]( http://lcamtuf.coredump.cx/afl/) - American Fuzzy Lop Fuzzer by Michal Zalewski aka lcamtuf\n\n[Win AFL](https://github.com/googleprojectzero/winafl) - A fork of AFL for fuzzing Windows binaries\n\n[Shellphish Fuzzer](https://github.com/shellphish/fuzzer) - A Python interface to AFL, allowing for easy injection of testcases and other functionality.\n\n[TriforceAFL](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/project-triforce-run-afl-on-everything/) - A modified version of AFL that supports fuzzing for applications whose source code not available.\n\n[AFLGo](https://github.com/aflgo/aflgo) - Directed Greybox Fuzzing with AFL, to fuzz targeted locations of a program.\n\n[Peach Fuzzer](https://sourceforge.net/projects/peachfuzz/) - Framework which helps to create custom dumb and smart fuzzers.\n\n[MozPeach](https://github.com/MozillaSecurity/peach) - A fork of peach 2.7 by Mozilla Security.\n\n[Failure Observation Engine (FOE)](https://vuls.cert.org/confluence/display/tools/CERT+FOE+-+Failure+Observation+Engine) - mutational file-based fuzz testing tool for windows applications.\n\n[rmadair](http://rmadair.github.io/fuzzer/) - mutation based file fuzzer that uses PyDBG to monitor for signals of interest.\n\n[honggfuzz](https://github.com/google/honggfuzz) - A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage. Supports GNU/Linux, FreeBSD, Mac OSX and Android.\n\n[zzuf](https://github.com/samhocevar/zzuf) - A transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input.\n\n[radamsa](https://github.com/aoh/radamsa) - A general purpose fuzzer and test case generator.\n\n[binspector](https://github.com/binspector/binspector) - A binary format analysis and fuzzing tool\n\n[grammarinator](https://github.com/renatahodovan/grammarinator) - Fuzzing tool for file formats based on ANTLR v4 grammars (lots of grammars already available from the ANTLR project).\n\n[Sloth](https://github.com/ant4g0nist/sloth) - Sloth 🦥 is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation.\n\n[ManuFuzzer](https://github.com/ant4g0nist/ManuFuzzer) - Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM.\n\n\n### Network Protocol Fuzzers\n\n*Fuzzers which helps in fuzzing applications which use network based protocals like HTTP, SSH, SMTP etc.,*\n\n[Peach Fuzzer](https://sourceforge.net/projects/peachfuzz/) - Framework which helps to create custom dumb and smart fuzzers.\n\n[Sulley](https://github.com/OpenRCE/sulley) -  A fuzzer development and fuzz testing framework consisting of multiple extensible components by Pedram Amini.\n\n[boofuzz](https://github.com/jtpereyda/boofuzz) -  A fork and successor of Sulley framework.\n\n[Spike](http://www.immunitysec.com/downloads/SPIKE2.9.tgz) - A fuzzer development framework like sulley, a predecessor of sulley.\n\n[Metasploit Framework](https://github.com/rapid7/metasploit-framework) - A framework which contains some fuzzing capabilities via Auxiliary modules.\n\n[Nightmare](https://github.com/joxeankoret/nightmare) - A distributed fuzzing testing suite with web administration, supports fuzzing using network protocols.\n\n[rage_fuzzer](https://github.com/deanjerkovich/rage_fuzzer) - A dumb protocol-unaware packet fuzzer/replayer.\n\n[Fuzzotron](https://github.com/denandz/fuzzotron) - A simple network fuzzer supporting TCP, UDP and multithreading.\n\n[Mutiny](https://github.com/Cisco-Talos/mutiny-fuzzer) - The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer.\n\n[Fuzzing For Worms](https://github.com/dobin/ffw) - A fuzzing framework for network servers.\n\n[AFL (w/ networking patch)](https://github.com/jdbirdwell/afl) - An unofficial american fuzzy lop capable of network fuzzing.\n\n[AFLNet](https://github.com/aflnet/aflnet) - A Greybox Fuzzer for Network Protocols (an extention of AFL).\n\n[Pulsar](https://github.com/hgascon/pulsar) - Protocol Learning, Simulation and Stateful Fuzzer.\n\n### Browser Fuzzing\n[BFuzz](https://github.com/RootUp/BFuzz) - An input based, browser fuzzing framework.\n[Fuzzinator](https://github.com/renatahodovan/fuzzinator) - Fuzzinator Random Testing Framework\n[Grizzly](https://github.com/MozillaSecurity/grizzly) - A cross-platform browser fuzzing framework\n\n\n### Misc\n*Other notable fuzzers like Kernel Fuzzers, general purpose fuzzer etc.,*\n\n[Choronzon](https://github.com/CENSUS/choronzon) - An evolutionary knowledge-based fuzzer\n\n[QuickFuzz](https://github.com/CIFASIS/QuickFuzz) - A tool written in Haskell designed for testing un-expected inputs of common file formats on third-party software, taking advantage of off-the-shelf, well known fuzzers.\n\n[gramfuzz](https://github.com/d0c-s4vage/gramfuzz) - A grammar-based fuzzer that lets one define complex grammars to model text and binary data formats\n\n[KernelFuzzer](https://github.com/mwrlabs/KernelFuzzer) - Cross Platform Kernel Fuzzer Framework.\n\n[honggfuzz](http://honggfuzz.com/) - A general-purpose, easy-to-use fuzzer with interesting analysis options.\n\n[Hodor Fuzzer](https://github.com/nccgroup/hodor) - Yet Another general purpose fuzzer.\n\n[libFuzzer](http://llvm.org/docs/LibFuzzer.html) - In-process, coverage-guided, evolutionary fuzzing engine for targets written in C/C++.\n\n[syzkaller](https://github.com/google/syzkaller) - Distributed, unsupervised, coverage-guided Linux syscall fuzzer.\n\n[ansvif](https://oxagast.github.io/ansvif/) - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code.\n\n[Tribble](https://github.com/SatelliteApplicationsCatapult/tribble) - Easy-to-use, coverage-guided JVM fuzzing framework.\n\n[go-fuzz](https://github.com/dvyukov/go-fuzz) - Coverage-guided testing of go packages.\n\n[FExM](https://github.com/fgsect/fexm) - Automated Large-Scale Fuzzing Framework\n\n[Jazzer](https://github.com/CodeIntelligenceTesting/jazzer) - A coverage-guided, in-process fuzzer for the Java Virtual Machine based on libFuzzer.\n\n[cifuzz](https://github.com/CodeIntelligenceTesting/cifuzz) - A command line tool for executing coverage-guided fuzz tests in multiple languages and targets.\n\n[WebGL Fuzzer](https://github.com/ant4g0nist/webgl-fuzzer) - WebGL Fuzzer\n\n[fast-check](https://fast-check.dev/) - A fuzzer tool written in TypeScript and designed to run un-expected inputs against JavaScript code.\n\n### Taint Analysis\n*How user input affects the execution*\n\n[PANDA ( Platform for Architecture-Neutral Dynamic Analysis )](https://github.com/moyix/panda)\n\n[QIRA (QEMU Interactive Runtime Analyser)](http://qira.me/)\n\n[kfetch-toolkit](https://github.com/j00ru/kfetch-toolkit) - Tool to perform advanced logging of memory references performed by operating systems’ kernels\n\n[moflow](https://github.com/vrtadmin/moflow) - A software security framework containing tools for vulnerability, discovery, and triage.\n\n### Symbolic Execution SAT and SMT Solvers\n\n[Z3](https://github.com/Z3Prover/z3) - A theorem prover from Microsoft Research.\n\n[SMT-LIB](http://smtlib.cs.uiowa.edu/) - An international initiative aimed at facilitating research and development in Satisfiability Modulo Theories (SMT)\n\n[Symbolic execution with KLEE: From installation and introduction to bug-finding in open source software](https://adalogics.com/blog/symbolic-execution-with-klee) - A set of four instructional videos introducing KLEE, starting with how to get started with KLEE and ending with a demo that finds memory corruption bugs in real code.\n\n### References\n\nI haven't included some of the legends like AxMan, please refer the following link for more information.\nhttps://www.ee.oulu.fi/research/ouspg/Fuzzers\n\n\n### Essential Tools\n\n*Tools of the trade for exploit developers, reverse engineers*\n\n\n#### Debuggers\n\n\n[Windbg](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools) - The preferred debugger by exploit writers.\n\n[Immunity Debugger](http://debugger.immunityinc.com) - Immunity Debugger by Immunity Sec.\n\n[OllyDbg ](http://www.ollydbg.de/) - The debugger of choice by reverse engineers and exploit writers alike.\n\n[Mona.py ( Plugin for windbg and Immunity dbg )](https://github.com/corelan/mona/) - Awesome tools that makes life easy for exploit developers.\n\n[x64dbg](https://github.com/x64dbg/) - An open-source x64/x32 debugger for windows.\n\n[Evan's Debugger (EDB)](http://codef00.com/projects#debugger) - Front end for gdb.\n\n[GDB - Gnu Debugger](http://www.sourceware.org/gdb/) - The favorite linux debugger.\n\n[PEDA](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.\n\n[Radare2](http://www.radare.org/r/) - Framework for reverse-engineering and analyzing binaries.\n\n\n#### Disassemblers and some more\n\n*Dissemblers, disassembly frameworks etc.,*\n\n\n[IDA Pro](https://www.hex-rays.com/products/ida/index.shtml) - The best disassembler\n\n[binnavi](https://github.com/google/binnavi) - Binary analysis IDE, annotates control flow graphs and call graphs of disassembled code.\n\n[Capstone](https://github.com/aquynh/capstone) - Capstone is a lightweight multi-platform, multi-architecture disassembly framework.\n\n\n#### Others\n\n[ltrace](http://ltrace.org/) - Intercepts library calls\n\n[strace](https://sourceforge.net/projects/strace/) - Intercepts system calls\n\n\n## Vulnerable Applications\n\nExploit-DB - https://www.exploit-db.com\n(search and pick the exploits, which have respective apps available for download, reproduce the exploit by using fuzzer of your choice)\n\nPacketStorm - https://packetstormsecurity.com/files/tags/exploit/\n\n[Fuzzgoat](https://github.com/fuzzstati0n/fuzzgoat) - Vulnerable C program for testing fuzzers.\n\n[vulnserver](https://github.com/stephenbradshaw/vulnserver) - A vulnerable server for testing fuzzers.\n\n\n##### Samples files for seeding during fuzzing:\n\nhttps://files.fuzzing-project.org/\n\n[PDF Test Corpus from Mozilla](https://github.com/mozilla/pdf.js/tree/master/test/pdfs)\n\n[MS Office file format documentation](https://www.microsoft.com/en-us/download/details.aspx?id=14565)\n\n[Fuzzer Test Suite](https://github.com/google/fuzzer-test-suite) - Set of tests for fuzzing engines. Includes different well-known bugs such as Heartbleed, c-ares $100K bug and others.\n\n[Fuzzing Corpus](https://github.com/strongcourage/fuzzing-corpus) - A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.\n\n## Anti Fuzzing\n\n[Introduction to Anti-Fuzzing: A Defence In-Depth Aid](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/january/introduction-to-anti-fuzzing-a-defence-in-depth-aid/)\n\n[Fuzzification: Anti-Fuzzing Techniques](https://www.usenix.org/conference/usenixsecurity19/presentation/jung)\n\n[AntiFuzz: Impeding Fuzzing Audits of Binary Executables](https://www.usenix.org/conference/usenixsecurity19/presentation/guler)\n\n## Directed Fuzzing\n\n[Awesome Directed Fuzzing](https://github.com/strongcourage/awesome-directed-fuzzing): A curated list of awesome directed fuzzing research papers.\n\n## Contributing\n\n[Please refer the guidelines at contributing.md for details](Contributing.md).\n\nThanks to the following folks who made contributions to this project.\n+ [Tim Strazzere](https://twitter.com/timstrazz)\n+ [jksecurity](https://github.com/jksecurity)\n+ [and these awesome people](https://github.com/secfigo/Awesome-Fuzzing/graphs/contributors)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecfigo%2FAwesome-Fuzzing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecfigo%2FAwesome-Fuzzing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecfigo%2FAwesome-Fuzzing/lists"}