Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Fuzzing/Fuzz testing

Fuzzing or fuzz testing is an automated software black box testing technique that evaluates the program’s reaction to providing invalid, unexpected, or random data as inputs to a computer program.

https://github.com/google/oss-fuzz

OSS-Fuzz - continuous fuzzing for open source software.

fuzz-testing fuzzing oss-fuzz security stability vulnerabilities

Last synced: 29 Oct 2024

https://google.github.io/oss-fuzz/

OSS-Fuzz - continuous fuzzing for open source software.

fuzz-testing fuzzing oss-fuzz security stability vulnerabilities

Last synced: 03 Aug 2024

https://github.com/foundry-rs/foundry

Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.

blockchain dapp dapptools eth ethereum evm framework fuzzing mainnet-fork rust seth solidity testing tooling

Last synced: 28 Oct 2024

https://github.com/thekingofduck/fuzzdicts

Web Pentesting Fuzz 字典,一个就够了。

directory fuzz-testing fuzzer fuzzing paramter password pentesting username wfuzz

Last synced: 15 Oct 2024

https://github.com/hypothesisworks/hypothesis

Hypothesis is a powerful, flexible, and easy to use library for property-based testing.

fuzzing property-based-testing python testing

Last synced: 28 Oct 2024

https://github.com/HypothesisWorks/hypothesis

Hypothesis is a powerful, flexible, and easy to use library for property-based testing.

fuzzing property-based-testing python testing

Last synced: 29 Oct 2024

https://github.com/TheKingOfDuck/fuzzDicts

Web Pentesting Fuzz 字典,一个就够了。

directory fuzz-testing fuzzer fuzzing paramter password pentesting username wfuzz

Last synced: 01 Aug 2024

https://github.com/six2dez/reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty dns fuzzing hacking nuclei osint penetration-testing pentest pentest-tool pentesting recon reconnaissance scanner security security-tools subdomain vulnerabilities

Last synced: 31 Oct 2024

https://github.com/google/clusterfuzz

Scalable fuzzing infrastructure.

fuzzing security stability vulnerabilities

Last synced: 29 Oct 2024

https://google.github.io/clusterfuzz/

Scalable fuzzing infrastructure.

fuzzing security stability vulnerabilities

Last synced: 03 Aug 2024

https://github.com/AFLplusplus/AFLplusplus

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

afl afl-compiler afl-fuzz afl-fuzzer afl-gcc fuzz-testing fuzzer fuzzer-afl fuzzing instrumentation qemu security testing unicorn-emulator unicorn-mode

Last synced: 03 Nov 2024

https://github.com/google/syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer

fuzz-testing fuzzer fuzzing kernel linux security security-tools security-vulnerability testing

Last synced: 15 Oct 2024

https://github.com/aflplusplus/aflplusplus

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

afl afl-compiler afl-fuzz afl-fuzzer afl-gcc fuzz-testing fuzzer fuzzer-afl fuzzing instrumentation qemu security testing unicorn-emulator unicorn-mode

Last synced: 29 Oct 2024

https://github.com/elceef/dnstwist

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

dns domains fuzzing homoglyph homograph-attack idn osint phishing scanner threat-hunting threat-intelligence typosquatting

Last synced: 29 Oct 2024

https://github.com/dvyukov/Go-fuzz

Randomized testing for Go

fuzzing go testing

Last synced: 24 Oct 2024

https://github.com/dvyukov/go-fuzz

Randomized testing for Go

fuzzing go testing

Last synced: 28 Oct 2024

https://github.com/dubzzz/fast-check

Property based testing framework for JavaScript (like QuickCheck) written in TypeScript

faker fuzzing generative-testing property-based-testing quickcheck tdd testing typescript unit-testing

Last synced: 28 Oct 2024

https://github.com/1N3/IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

attack bugbounty burpsuite burpsuite-engagement burpsuite-intruder fuzz fuzz-lists fuzzing injection intruder payloads sql-injection

Last synced: 24 Oct 2024

https://github.com/1n3/intruderpayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

attack bugbounty burpsuite burpsuite-engagement burpsuite-intruder fuzz fuzz-lists fuzzing injection intruder payloads sql-injection

Last synced: 14 Oct 2024

https://github.com/antonio-morales/Fuzzing101

An step by step fuzzing tutorial. A GitHub Security Lab initiative

afl afl-fuzz bug-hunting bugbounty education fuzz-testing fuzzer fuzzilli fuzzing hacking security testing vulnerabilities

Last synced: 02 Nov 2024

https://github.com/google/honggfuzz

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

c fuzzing security

Last synced: 27 Oct 2024

https://github.com/rtcatc/packer-fuzzer

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

cybersecurity fuzzing hacking python3 scanner webpack

Last synced: 15 Oct 2024

https://github.com/rtcatc/Packer-Fuzzer

Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.

cybersecurity fuzzing hacking python3 scanner webpack

Last synced: 01 Aug 2024

https://github.com/devanshbatham/ParamSpider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

bugbounty content-discovery fuzzing osint parameter parameter-finder urls-parameters

Last synced: 03 Nov 2024

https://github.com/devanshbatham/paramspider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

bugbounty content-discovery fuzzing osint parameter parameter-finder urls-parameters

Last synced: 15 Oct 2024

https://github.com/antonio-morales/fuzzing101

An step by step fuzzing tutorial. A GitHub Security Lab initiative

afl afl-fuzz bug-hunting bugbounty education fuzz-testing fuzzer fuzzilli fuzzing hacking security testing vulnerabilities

Last synced: 15 Oct 2024

https://github.com/asatarin/testing-distributed-systems

Curated list of resources on testing distributed systems

distributed-systems fault-injection fuzzing jepsen jepsen-tests testing

Last synced: 15 Oct 2024

https://github.com/googleprojectzero/winafl

A fork of AFL for fuzzing Windows binaries

afl fuzzing security

Last synced: 15 Oct 2024

https://github.com/gh0stkey/web-fuzzing-box

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

bugbounty fuzz fuzzing hacking penetration-testing pentesting

Last synced: 15 Oct 2024

https://github.com/gh0stkey/Web-Fuzzing-Box

Web Fuzzing Box - Web 模糊测试字典与一些Payloads

bugbounty fuzz fuzzing hacking penetration-testing pentesting

Last synced: 04 Aug 2024

https://github.com/jtpereyda/boofuzz

A fork and successor of the Sulley Fuzzing Framework

fuzzing python security

Last synced: 14 Oct 2024

https://github.com/AFLplusplus/LibAFL

Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...

afl afl-fuzz aflplusplus binary-only coverage-guided frida fuzzing fuzzing-framework libafl rust

Last synced: 01 Nov 2024

https://github.com/0xsobky/hackvault

A container repository for my public web hacks!

exploit fuzzing payloads pentesting reconnaissance regex tracking web-security xss

Last synced: 14 Oct 2024

https://github.com/0xSobky/HackVault

A container repository for my public web hacks!

exploit fuzzing payloads pentesting reconnaissance regex tracking web-security xss

Last synced: 25 Oct 2024

https://github.com/insightglacier/dictionary-of-pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi

Last synced: 14 Oct 2024

https://github.com/aflplusplus/libafl

Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...

afl afl-fuzz aflplusplus binary-only coverage-guided frida fuzzing fuzzing-framework libafl rust

Last synced: 15 Oct 2024

https://github.com/insightglacier/Dictionary-Of-Pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi

Last synced: 04 Aug 2024

https://github.com/p0dalirius/coercer

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

authentication automatic call coerce fuzzing ntlm privilege-escalation rpc

Last synced: 15 Oct 2024

https://github.com/p0dalirius/Coercer

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

authentication automatic call coerce fuzzing ntlm privilege-escalation rpc

Last synced: 03 Aug 2024

https://github.com/rust-fuzz/afl.rs

🐇 Fuzzing Rust code with American Fuzzy Lop

afl fuzz-testing fuzzing rust

Last synced: 14 Oct 2024

https://github.com/evilc0deooo/pentesterspecialdict

构建并优化高效的渗透测试字典集合,以提升网络安全从业人员的测试效率和效果。

blast boom burp dictionary fuzz fuzzing

Last synced: 14 Oct 2024

https://github.com/evilc0deooo/pentest-fuzz-dict

构建并优化高效的渗透测试字典集合,以提升网络安全从业人员的测试效率和效果。

blast boom burp dictionary fuzz fuzzing

Last synced: 26 Aug 2024

https://github.com/rust-fuzz/cargo-fuzz

Command line helpers for fuzzing

cargo fuzz-testing fuzzing rust

Last synced: 29 Oct 2024

https://github.com/cn0xroot/rfsec-toolkit

RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.无线通信协议相关的工具集,可借助SDR硬件+相关工具对无线通信进行研究。Collect with ♥ by HackSmith

bladerf communication fuzzing gnuradio hackrf hardware iot limesdr radio sdr usrp wireless

Last synced: 14 Oct 2024

https://github.com/cn0xroot/RFSec-ToolKit

RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.无线通信协议相关的工具集,可借助SDR硬件+相关工具对无线通信进行研究。Collect with ♥ by HackSmith

bladerf communication fuzzing gnuradio hackrf hardware iot limesdr radio sdr usrp wireless

Last synced: 01 Nov 2024

https://github.com/microsoft/coyote

Coyote is a library and tool for testing concurrent C# code and deterministically reproducing bugs.

coyote dotnet fuzzing software-reliability systematic-testing testing testing-tools

Last synced: 15 Oct 2024

https://github.com/veo/vscan

开源、轻量、快速、跨平台 的网站漏洞扫描工具,帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)

0day brute fingerprint fuzzing portscan redteam security

Last synced: 15 Oct 2024

https://github.com/sqlancer/sqlancer

Automated testing to find logic and performance bugs in database systems

cockroachdb dbms dbms-testing fuzzing mariadb mysql postgresql sql sqlite testing tidb

Last synced: 11 Oct 2024

https://github.com/marin-m/pbtk

A toolset for reverse engineering and fuzzing Protobuf-based apps

decompiler fuzzing protobuf python reverse-engineering

Last synced: 29 Oct 2024

https://github.com/0vercl0k/wtf

wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).

bochs bochscpu code-coverage fuzz-testing fuzzer fuzzing kvm-api security snapshot-fuzzer testing winhv

Last synced: 15 Oct 2024

https://github.com/m3n0sd0n4ld/goofuzz

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

bash-script bugbounty discovery fuzzing google-dorks hacking information-disclosure infosec osint penetration-testing pentesting recon reconnaissance red-team subdomain

Last synced: 15 Oct 2024

https://github.com/m3n0sd0n4ld/GooFuzz

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

bash-script bugbounty discovery fuzzing google-dorks hacking information-disclosure infosec osint penetration-testing pentesting recon reconnaissance red-team subdomain

Last synced: 01 Aug 2024

https://github.com/0xricksanchez/paper_collection

Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read

directed-fuzzing embedded exploitation fuzzing fuzzing-binaries guided-fuzzing hybrid-fuzzing iot kernel linux linux-kernel mitigations paper rca root-cause sanitizer vulnerability-detection

Last synced: 14 Oct 2024

https://github.com/mykter/afl-training

Exercises to learn how to fuzz with American Fuzzy Lop

afl fuzzing training workshop

Last synced: 29 Oct 2024

https://github.com/google/fuzzbench

FuzzBench - Fuzzer benchmarking as a service.

benchmark-framework benchmarking evaluation fuzzing security

Last synced: 15 Oct 2024

https://google.github.io/fuzzbench/

FuzzBench - Fuzzer benchmarking as a service.

benchmark-framework benchmarking evaluation fuzzing security

Last synced: 02 Nov 2024

https://github.com/CodeIntelligenceTesting/jazzer

Coverage-guided, in-process fuzzing for the JVM

clojure fuzzer fuzzing java jni jvm kotlin security

Last synced: 05 Nov 2024

https://github.com/pschanely/CrossHair

An analysis tool for Python that blurs the line between testing and type systems.

concolic-execution contracts dynamic-analysis fuzzing hacktoberfest python static-analysis symbolic-execution testing testing-framework type-systems z3

Last synced: 29 Oct 2024

https://github.com/codeintelligencetesting/jazzer

Coverage-guided, in-process fuzzing for the JVM

clojure fuzzer fuzzing java jni jvm kotlin security

Last synced: 12 Oct 2024

https://github.com/tandasat/Hypervisor-101-in-Rust

The materials of "Hypervisor 101 in Rust", a one-day long course, to quickly learn hardware-assisted virtualization technology and its application for high-performance fuzzing on Intel/AMD processors.

fuzzing hypervisor rust uefi

Last synced: 01 Aug 2024

https://github.com/googleprojectzero/halfempty

A fast, parallel test case minimization tool.

bisection fuzzing security testcase-reducer

Last synced: 29 Oct 2024

https://github.com/AngoraFuzzer/Angora

Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

afl data-flow-analysis fuzzer fuzzing security symbolic-execution taint-analysis

Last synced: 26 Sep 2024

https://github.com/angorafuzzer/angora

Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

afl data-flow-analysis fuzzer fuzzing security symbolic-execution taint-analysis

Last synced: 03 Nov 2024

https://github.com/ayoubfathi/leaky-paths

A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

appsec axiom bugbounty dirbuster dirsearch ffuf fuzzing hacktoberfest meg nuclei penetration-testing pentest recon redteam redteaming security security-tools subfinder wayback-machine wordlist

Last synced: 04 Aug 2024

https://github.com/0xacb/recollapse

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

fuzzing hacking-tools normalization regex waf-bypass

Last synced: 03 Aug 2024

https://github.com/trailofbits/deepstate

A unit test-like interface for fuzzing and symbolic execution

fuzzing property-based-testing symbolic-execution testing-framework testing-tools unit-testing

Last synced: 03 Nov 2024

https://github.com/netzob/netzob

Netzob: Protocol Reverse Engineering, Modeling and Fuzzing

automata fuzzing network protocols python reverse-engineering traffic-generation zoby

Last synced: 03 Nov 2024

https://github.com/FirmWire/FirmWire

FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares

baseband emulation fuzzing introspection mediatek qemu samsung

Last synced: 04 Aug 2024

https://github.com/StarCrossPortal/scalpel

scalpel是一款命令行漏洞扫描工具,支持深度参数注入,拥有一个强大的数据解析和变异算法,可以将常见的数据格式(json, xml, form等)解析为树结构,然后根据poc中的规则,对树进行变异,包括对叶子节点和树结构 的变异。变异完成之后,将树结构还原为原始的数据格式。

cve exploits fuzzing poc scanner vulnerabilities vulnerability

Last synced: 04 Aug 2024

https://github.com/caringcaribou/caringcaribou

A friendly car security exploration tool for the CAN bus

can-bus ecu fuzzing python security-scanner security-testing xcp

Last synced: 03 Nov 2024

https://github.com/CaringCaribou/caringcaribou

A friendly car security exploration tool for the CAN bus

can-bus ecu fuzzing python security-scanner security-testing xcp

Last synced: 03 Aug 2024

https://github.com/google/oss-fuzz-gen

LLM powered fuzzing via OSS-Fuzz.

ai fuzzing llm security

Last synced: 26 Sep 2024

https://github.com/rohanpadhye/jqf

JQF + Zest: Coverage-guided semantic fuzzing for Java.

afl coverage-guided-fuzzing fuzzing junit property-based-testing quickcheck

Last synced: 01 Nov 2024

https://github.com/rohanpadhye/JQF

JQF + Zest: Coverage-guided semantic fuzzing for Java.

afl coverage-guided-fuzzing fuzzing junit property-based-testing quickcheck

Last synced: 25 Oct 2024

https://github.com/hardik05/Damn_Vulnerable_C_Program

An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.

afl dynamorio fuzzing honggfuzz jackalope libafl libfuzzer security tinyinst vulnerabilities vulnerability winafl

Last synced: 04 Aug 2024

https://github.com/sslab-gatech/qsym

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

binary concolic-execution fuzzing hybrid-fuzzing

Last synced: 03 Nov 2024

https://github.com/IntelLabs/kAFL

A fuzzer for full VM kernel/driver targets

firmware fuzzing grimoire intel kernel kvm qemu redqueen research security validation

Last synced: 04 Aug 2024

https://github.com/fuzzitdev/jsfuzz

coverage guided fuzz testing for javascript

fuzz-testing fuzzer fuzzing javascript testing

Last synced: 31 Oct 2024

https://github.com/stablecoder/cmake-scripts

Easy-to-add enhancements for any C/C++ CMake project. Including AFL fuzzing, code-coverage, Thread/Address/Leak/Address/Undefined sanitizer instrumentation, compilation of GLSL shaders and more.

clang clang-format clang-tidy cmake cmake-format code-coverage coverage coverage-information cppcheck dependency-graph doxygen fuzzing gcc llvm sanitizer sanitizers target-instrumentation test-coverage

Last synced: 14 Oct 2024

https://github.com/Battelle/afl-unicorn

afl-unicorn lets you fuzz any piece of binary that can be emulated by Unicorn Engine.

afl afl-fuzz fuzzing reverse-engineering vulnerability-research

Last synced: 03 Nov 2024

https://github.com/fuzzland/ityfuzz

Blazing Fast Bytecode-Level Hybrid Fuzzer for Smart Contracts

aptos blockchain concolic-execution ethereum evm fuzzing move smart-contracts solidity sui

Last synced: 01 Aug 2024

https://github.com/flyingmutant/rapid

Rapid is a modern Go property-based testing library

fuzzing golang property-based-testing property-testing quickcheck testing

Last synced: 30 Oct 2024

https://github.com/andreafioraldi/frida-fuzzer

This experimetal fuzzer is meant to be used for API in-memory fuzzing.

afl api frida fuzzing

Last synced: 30 Oct 2024

https://github.com/google/graphicsfuzz

A testing framework for automatically finding and simplifying bugs in graphics shader compilers.

fuzzing glsl opengl spirv vulkan

Last synced: 03 Nov 2024

https://github.com/StableCoder/cmake-scripts

Easy-to-add enhancements for any C/C++ CMake project. Including AFL fuzzing, code-coverage, Thread/Address/Leak/Address/Undefined sanitizer instrumentation, compilation of GLSL shaders and more.

clang clang-format clang-tidy cmake cmake-format code-coverage coverage coverage-information cppcheck dependency-graph doxygen fuzzing gcc llvm sanitizer sanitizers target-instrumentation test-coverage

Last synced: 04 Aug 2024

https://github.com/r1cksec/cheatsheets

Collection of knowledge about information security

active-directory bash cheatsheets fuzzing linux pentest powershell redteam snippets windows

Last synced: 01 Aug 2024

https://github.com/ex0dus-0x/fuzzable

Framework for Automating Fuzzable Target Discovery with Static Analysis.

binary-analysis fuzzing reverse-engineering security security-tools static-analysis

Last synced: 26 Sep 2024

https://github.com/mozillasecurity/dharma

Generation-based, context-free grammar fuzzer. Refer to https://github.com/posidron/dharma for a maintained version.

context-free fuzzer fuzzing generation grammar python random

Last synced: 03 Nov 2024