{"id":37910481,"url":"https://github.com/simcap/fuzzgun","last_synced_at":"2026-01-16T17:19:00.062Z","repository":{"id":57522331,"uuid":"123632334","full_name":"simcap/fuzzgun","owner":"simcap","description":"Blackbox fuzzer that generates invalid, random, unexpected data and exotic format given any string input","archived":false,"fork":false,"pushed_at":"2019-04-20T10:08:34.000Z","size":20,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-05-01T18:35:26.703Z","etag":null,"topics":["fuzz-testing","fuzzing","golang","harness","test-automation","testing-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simcap.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-03-02T21:23:31.000Z","updated_at":"2020-11-03T09:55:34.000Z","dependencies_parsed_at":"2022-09-06T04:00:22.729Z","dependency_job_id":null,"html_url":"https://github.com/simcap/fuzzgun","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/simcap/fuzzgun","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simcap%2Ffuzzgun","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simcap%2Ffuzzgun/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simcap%2Ffuzzgun/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simcap%2Ffuzzgun/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simcap","download_url":"https://codeload.github.com/simcap/fuzzgun/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simcap%2Ffuzzgun/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28480098,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzz-testing","fuzzing","golang","harness","test-automation","testing-tools"],"created_at":"2026-01-16T17:19:00.007Z","updated_at":"2026-01-16T17:19:00.057Z","avatar_url":"https://github.com/simcap.png","language":"Go","readme":"[![Build Status](https://api.travis-ci.org/simcap/fuzzgun.svg?branch=master)](https://travis-ci.org/simcap/fuzzgun)\n[![Go Report Card](https://goreportcard.com/badge/github.com/simcap/fuzzgun)](https://goreportcard.com/report/github.com/simcap/fuzzgun)\n[![GoDoc](https://godoc.org/github.com/simcap/fuzzgun?status.svg)](https://godoc.org/github.com/simcap/fuzzgun)\n\nFuzzgun generates mutated, invalid, random, unexpected data and exotic format from a given input string. \n\nAs a fuzzer Fuzzgun:\n* is black box fuzzer (unaware of internal program structure)\n* is a mutation based and aware of input structure.\n* takes a string layout as its input model\n\nIt can be used by developers, security tester and quality assurance teams alike.\n\n## Usage\n\nFuzzgun only takes a string as input. This string can be anything you want and fuzzgun will try to work its best on it.\n\nOn Internet though, programs ingest structured inputs. So to harness a system the best inputs for fuzzgun will be string examples (or layouts) of what your systems is expecting.\n\n### Library usage\n\nFor full usage, documentation and examples report to the [Godoc](https://godoc.org/github.com/simcap/fuzzgun)\n\n```go\nimport ( \n    \"http\"\n    \"time\"\n    \"github.com/simcap/fuzzgun\"\n)\n\nfunc main() {\n    for mutant := range fuzzgun.FuzzEvery(\"07/08/2018\", 3 * time.Second) {\n        url := fmt.Sprintf(\"http://example.com?date=%s\", mutant)\n        if resp, err := http.Get(url); err != nil {\n            panic(err)\n        } else if resp.StatusCode == 500 {\n            panic(\"ouch\")\n        }\n    }\n}\n```\n\n### CLI usage\n\nIf you have [Golang](https://golang.org/dl/) (\u003e= 1.10) installed, the following will fetch and install the CLI executable:\n```sh\n$ go get -u github.com/simcap/fuzzgun/...\n```\n\nOtherwise grab a [binary for Linux, Windows or Mac](https://github.com/simcap/fuzzgun/releases)\n\nThen to get started run:\n```sh\n$ fuzzgun -h\n\n # start to mutate some stuff\n$ fuzzgun -s bob@mail.net\n$ fuzzgun -s http://example.com\n$ fuzzgun -s 07/12/2016\n```\n\n## How it works\n\nFuzzgun takes as input a string layout. A **layout** is an string example of a structured input. Here is the basic algorithm (of my own cooking, i.e. feedback welcome) that will be applied to the input:\n\n1. _Tokenizing_ separates the input string into either _alpha, numerical or separator_ tokens\n2. _Labelizing_ \n\n    * known types: marks the input after a successful detection of a known type: URL, IP address, Date, e-mail, etc.\n    * known encoding: marks the input after a successful detection of a known encoding: base64, URL encoding, etc.\n\n3. _Grouping_ extracts set of tokens using various stategy: _arrangement_, _shifting_, _separators only_, etc...\n4. _Fuzzing_ mutates the data in parallel given the different groups, labels, encoding, etc.\n5. _Generating_ will finalizes the fuzzed output putting back groups to original input; encoding the result if the input was detected encoded\n\n### Tokenizing \n\nThe input is tokenized into either _alpha, numerical or separator_. For instance \"bob@mail.net\" would output: \"bob\" (alpha), \"@\" (separator), \"mail\" (alpha), \".\" (separator), \"net\" (alpha)\n\n### Labelizing\n\nSince structured input on the internet can easily have known format, fuzzgun will labelizes the input string according to detected format: _ip address, URL, date, unix timestamp_\n\nThis will allows to mutate data according to known issues or valid but exotic formats.\n\nExamples:\n\n* detecting an IP address we can generates output such as: IPv6, IP overflow values, octal/hexadecimal, etc.\n* detecting an e-mail address we can generates *valid yet uncommon* e-mail addresses according to [RFC 5322](https://tools.ietf.org/html/rfc5322)\n\n### Grouping \n\nGrouping allows to isolate array of tokens using various strategy to be fuzzed indenpendently of others.\n\nBasically we extract some tokens to be fuzzed while letting others in their original form. Groups will go through fuzzing and will then be re-arranged with the original string to present the final fuzzed output.\n\nWe can think of the original input string as the main group and the grouping step will basically generates subgroups.\n\nFor instance given the string \"bob@mail.net\", some generated group will be:\n\n```\n# shifting\n[\"bob\"] (group 1), [\"@\"] (group 2), etc. \n[\"bob\", \"@\"] (group 1), [\"@\", \"mail\"] (group 2), etc.\n[\"bob\", \"@\", \"mail\"] (group 1), [\"@\", \"mail\", \"\"] (group 2), etc.\n...\n# separators only\n[\"@\", \".\"]\n```\n\nFor example given \"bob@mail.net\", the simplest group after tokenization could be [\"bob\"]: the group [\"bob\"] will then be mutated to be then re-arranged to \"@mail.net\".\n\n## Notes\n\nIn future versions mutated values should be fed back as input string in fuzzgun itself!","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimcap%2Ffuzzgun","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimcap%2Ffuzzgun","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimcap%2Ffuzzgun/lists"}