Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Awesome-Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
https://github.com/secfigo/Awesome-Fuzzing
- Fuzzing: Brute Force Vulnerability Discovery
- Fuzzing for Software Security Testing and Quality Assurance
- Open Source Fuzzing Tools
- Gray Hat Python
- The Fuzzing Book
- The Shellcoder's Handbook: Discovering and Exploiting Security Holes ( Chapter 15 )
- iOS Hacker's Handbook - Chapter 1 - Philip Weinmann, and Stefan Esser.
- IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
- NYU Poly ( see videos for more ) - Made available freely by Dan Guido.
- Samclass.info ( check projects section and chapter 17 ) - by Sam.
- Modern Binary Exploitation ( RPISEC ) - Chapter 15 - by RPISEC.
- Offensive Computer Security - Week 6 - by W. Owen Redwood and Prof. Xiuwen Liu.
- Offensive Security, Cracking The Perimeter ( CTP ) and Advanced Windows Exploitation ( AWE )
- SANS 660/760 Advanced Exploit Development for Penetration Testers
- Exodus Intelligence - Vulnerability development master class
- Ada Logics - Applied Source Code Fuzzing
- FuzzingLabs Academy (C/C++, Rust, Go fuzzing)
- Signal Labs - Vulnerability Research & Fuzzing
- Fuzzing 101 (Part 1) - by Mike Zusman.
- Fuzzing 101 (Part 2) - by Mike Zusman.
- Fuzzing 101 (2009) - by Mike Zusman.
- Fuzzing - Software Security Course on Coursera - by University of Maryland.
- Attacking Antivirus Software's Kernel Driver
- Fuzzing the Windows Kernel - OffensiveCon 2020
- Youtube Playlist of various fuzzing talks and presentations - Lots of good content in these videos.
- Browser bug hunting - Memoirs of a last man standing - by Atte Kettunen
- Coverage-based Greybox Fuzzing as Markov Chain
- DerbyCon 2016: Fuzzing basics...or how to break software
- Fuzz Theory - by Brandon Falk
- ARMored CoreSight: Towards Efficient Binary-only Fuzzing
- Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology
- Fuzzing Closed Source PDF Viewers
- Fuzzing Image Parsing in Windows, Part One: Color Profiles
- Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory
- Fuzzing Image Parsing in Windows, Part Three: RAW and HEIF
- Fuzzing the Office Ecosystem
- Effective File Format Fuzzing - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London
- A year of Windows kernel font fuzzing Part-1 the results - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers.
- A year of Windows kernel font fuzzing Part-2 the techniques - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers.
- Interesting bugs and resources at fuzzing project - by fuzzing-project.org.
- Fuzzing workflows; a fuzz job from start to finish - by @BrandonPrry.
- A gentle introduction to fuzzing C++ code with AFL and libFuzzer - by Jeff Trull.
- A 15 minute introduction to fuzzing - by folks at MWR Security.
- Fuzzing Papers - by fuzzing.info
- Fuzzing Blogs and Books - by fuzzing.info
- Root cause analysis of integer flow - by Corelan Team.
- Creating custom peach fuzzer publishers - by Open Security Research
- 7 Things to Consider Before Fuzzing a Large Open Source Project - by Emily Ratliff.
- From fuzzing to 0-day - by Harold Rodriguez(@superkojiman).
- From crash to exploit - by Corelan Team.
- Peach Fuzzer Introductionh
- Fuzzing with Peach Part 1 - by Jason Kratzer of corelan team
- Fuzzing with Peach Part 2 - by Jason Kratzer of corelan team.
- Auto generation of Peach pit files/fuzzers - by Frédéric Guihéry, Georges Bossert.
- Creating a fuzzing harness for FoxitReader 9.7 ConvertToPDF Function
- 50 CVEs in 50 Days: Fuzzing Adobe Reader
- Fuzzing sockets, part 1: FTP servers
- Fuzzing software: common challenges and potential solutions (Part 1)
- Fuzzing software: advanced tricks (Part 2)
- Fuzzing workflows; a fuzz job from start to finish - by @BrandonPrry.
- Fuzzing capstone using AFL persistent mode - by @toasted_flakes
- RAM disks and saving your SSD from AFL Fuzzing
- Bug Hunting with American Fuzzy Lop
- Advanced usage of American Fuzzy Lop with real world examples
- Segfaulting Python with afl-fuzz
- Fuzzing With AFL-Fuzz, a Practical Example ( AFL vs Binutils )
- The Importance of Fuzzing...Emulators?
- How Heartbleed could've been found
- Filesystem Fuzzing with American Fuzzy lop
- Fuzzing Perl/XS modules with AFL
- How to fuzz a server with American Fuzzy Lop - by Jonathan Foote
- Fuzzing with AFL Workshop - a set of challenges on real vulnerabilities
- Fuzzing 101 - PHDays
- libFuzzer Tutorial
- Hunting for bugs in VirtualBox (First Take)
- libFuzzer Workshop: "Modern fuzzing of C/C++ Projects"
- Fuzzing ImageIO
- Double-Free RCE in VLC. A honggfuzz how-to
- Fuzzing with Spike to find overflows
- Fuzzing with Spike - by samclass.info
- Fuzzing with FOE - by Samclass.info
- Z3 - A guide - Getting Started with Z3: A Guide
- Building A Feedback Fuzzer - by @fady_othman
- Cloudfuzzer - Cloud fuzzing framework which makes it possible to easily run automated fuzz-testing in cloud environments.
- ClusterFuzzer - ClusterFuzzer, scalable open source fuzzing infrastructure. It is used by Google for fuzzing Chrome Browser.
- Fuzzit - Fuzzit, Continuous fuzzing as a service platform. Free for open source. used by various open-source projects (systemd, radare2) and close-source projects. To join oss program drop a line at [email protected]
- Jackalope
- Rehepapp
- Newer version of Rehepapp
- pe-afl combines static binary instrumentation on PE binary and WinAFL
- MiniFuzz - Wayback Machine link - Basic file format fuzzing tool by Microsoft. (No longer available on Microsoft website).
- BFF from CERT - Basic Fuzzing Framework for file formats.
- AFL Fuzzer (Linux only) - American Fuzzy Lop Fuzzer by Michal Zalewski aka lcamtuf
- Win AFL - A fork of AFL for fuzzing Windows binaries
- Shellphish Fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality.
- TriforceAFL - A modified version of AFL that supports fuzzing for applications whose source code not available.
- AFLGo - Directed Greybox Fuzzing with AFL, to fuzz targeted locations of a program.
- Peach Fuzzer - Framework which helps to create custom dumb and smart fuzzers.
- MozPeach - A fork of peach 2.7 by Mozilla Security.
- Failure Observation Engine (FOE) - mutational file-based fuzz testing tool for windows applications.
- rmadair - mutation based file fuzzer that uses PyDBG to monitor for signals of interest.
- honggfuzz - A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage. Supports GNU/Linux, FreeBSD, Mac OSX and Android.
- zzuf - A transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input.
- radamsa - A general purpose fuzzer and test case generator.
- binspector - A binary format analysis and fuzzing tool
- grammarinator - Fuzzing tool for file formats based on ANTLR v4 grammars (lots of grammars already available from the ANTLR project).
- Sloth - Sloth 🦥 is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation.
- ManuFuzzer - Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM.
- Peach Fuzzer - Framework which helps to create custom dumb and smart fuzzers.
- Sulley - A fuzzer development and fuzz testing framework consisting of multiple extensible components by Pedram Amini.
- boofuzz - A fork and successor of Sulley framework.
- Spike - A fuzzer development framework like sulley, a predecessor of sulley.
- Metasploit Framework - A framework which contains some fuzzing capabilities via Auxiliary modules.
- Nightmare - A distributed fuzzing testing suite with web administration, supports fuzzing using network protocols.
- rage_fuzzer - A dumb protocol-unaware packet fuzzer/replayer.
- Fuzzotron - A simple network fuzzer supporting TCP, UDP and multithreading.
- Mutiny - The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer.
- Fuzzing For Worms - A fuzzing framework for network servers.
- AFL (w/ networking patch) - An unofficial american fuzzy lop capable of network fuzzing.
- AFLNet - A Greybox Fuzzer for Network Protocols (an extention of AFL).
- Pulsar - Protocol Learning, Simulation and Stateful Fuzzer.
- BFuzz - An input based, browser fuzzing framework.
- Fuzzinator - Fuzzinator Random Testing Framework
- Grizzly - A cross-platform browser fuzzing framework
- Choronzon - An evolutionary knowledge-based fuzzer
- QuickFuzz - A tool written in Haskell designed for testing un-expected inputs of common file formats on third-party software, taking advantage of off-the-shelf, well known fuzzers.
- gramfuzz - A grammar-based fuzzer that lets one define complex grammars to model text and binary data formats
- KernelFuzzer - Cross Platform Kernel Fuzzer Framework.
- honggfuzz - A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage. Supports GNU/Linux, FreeBSD, Mac OSX and Android.
- Hodor Fuzzer - Yet Another general purpose fuzzer.
- libFuzzer - In-process, coverage-guided, evolutionary fuzzing engine for targets written in C/C++.
- syzkaller - Distributed, unsupervised, coverage-guided Linux syscall fuzzer.
- ansvif - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code.
- Tribble - Easy-to-use, coverage-guided JVM fuzzing framework.
- go-fuzz - Coverage-guided testing of go packages.
- FExM - Automated Large-Scale Fuzzing Framework
- Jazzer - A coverage-guided, in-process fuzzer for the Java Virtual Machine based on libFuzzer.
- cifuzz - A command line tool for executing coverage-guided fuzz tests in multiple languages and targets.
- WebGL Fuzzer - WebGL Fuzzer
- fast-check - A fuzzer tool written in TypeScript and designed to run un-expected inputs against JavaScript code.
- PANDA ( Platform for Architecture-Neutral Dynamic Analysis )
- QIRA (QEMU Interactive Runtime Analyser)
- kfetch-toolkit - Tool to perform advanced logging of memory references performed by operating systems’ kernels
- moflow - A software security framework containing tools for vulnerability, discovery, and triage.
- Z3 - A theorem prover from Microsoft Research.
- SMT-LIB - An international initiative aimed at facilitating research and development in Satisfiability Modulo Theories (SMT)
- Symbolic execution with KLEE: From installation and introduction to bug-finding in open source software - A set of four instructional videos introducing KLEE, starting with how to get started with KLEE and ending with a demo that finds memory corruption bugs in real code.
- Windbg - The preferred debugger by exploit writers.
- Immunity Debugger - Immunity Debugger by Immunity Sec.
- OllyDbg - The debugger of choice by reverse engineers and exploit writers alike.
- Mona.py ( Plugin for windbg and Immunity dbg ) - Awesome tools that makes life easy for exploit developers.
- x64dbg - An open-source x64/x32 debugger for windows.
- Evan's Debugger (EDB) - Front end for gdb.
- GDB - Gnu Debugger - The favorite linux debugger.
- PEDA - Python Exploit Development Assistance for GDB.
- Radare2 - Framework for reverse-engineering and analyzing binaries.
- IDA Pro - The best disassembler
- binnavi - Binary analysis IDE, annotates control flow graphs and call graphs of disassembled code.
- Capstone - Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
- ltrace - Intercepts library calls
- strace - Intercepts system calls
- Fuzzgoat - Vulnerable C program for testing fuzzers.
- vulnserver - A vulnerable server for testing fuzzers.
- PDF Test Corpus from Mozilla
- MS Office file format documentation
- Fuzzer Test Suite - Set of tests for fuzzing engines. Includes different well-known bugs such as Heartbleed, c-ares $100K bug and others.
- Fuzzing Corpus - A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.
- Introduction to Anti-Fuzzing: A Defence In-Depth Aid
- Fuzzification: Anti-Fuzzing Techniques
- AntiFuzz: Impeding Fuzzing Audits of Binary Executables
- Awesome Directed Fuzzing
- Tim Strazzere
- jksecurity
Keywords
fuzzing
23
security
11
fuzzer
8
testing
5
fuzz-testing
5
afl
3
java
3
jvm
2
vulnerability
2
python
2
fuzzing-framework
2
libfuzzer
2
test-automation
2
random-testing
2
bughunting
2
stability
2
workshop
2
protocol-learning
1
networking
1
server
1
network
1
macos
1
llvm-mc
1
apple
1
sloth
1
qemu
1
yfiles
1
android
1
corpus
1
file-format
1
testsuite
1
grammar-based-testing
1
awesome
1
awesome-list
1
antlr4
1
c
1
vulnerabilities
1
paper-list
1
research-paper
1
docker-swarm
1
cloud
1
workshop-materials
1
phdays
1
afl-fuzz
1
ctf
1
training
1
exploitation
1
wargame
1
jni
1
clojure
1