Skip to content

Latest commit

 

History

History
2498 lines (1740 loc) · 202 KB

Readme_en.md

File metadata and controls

2498 lines (1740 loc) · 202 KB

Other Resource Collection Projects:

Fuzzing

Directory

Platform


Windows

Hyper-V

Tools

Post

Tools

  • [170Star][3m] [C++] mxmssh/manul Manul is a coverage-guided parallel fuzzer for open-source and blackbox binaries on Windows, Linux and MacOS
  • [160Star][10d] [C] hfiref0x/ntcall64 Windows NT x64 syscall fuzzer
  • [141Star][3y] [C] koutto/ioctlbf Windows Kernel Drivers fuzzer
  • [101Star][2m] [C++] trailofbits/sienna-locomotive A user-friendly fuzzing and crash triage tool for Windows
  • [96Star][2y] [Py] sogeti-esec-lab/rpcforge Windows RPC Python fuzzer
  • [88Star][1y] [C++] nccgroup/dibf Windows NT ioctl bruteforcer and modular fuzzer
  • [77Star][3y] [Py] carlosgprado/brundlefuzz BrundleFuzz is a distributed fuzzer for Windows and Linux using dynamic binary instrumentation.
  • [63Star][1y] [C] ioactive/fuzzndis A Fuzzer for Windows NDIS Drivers OID Handlers
  • [50Star][6y] [Py] debasishm89/iofuzz A mutation based user mode (ring3) dumb in-memory Windows Kernel (IOCTL) Fuzzer/Logger. This script attach it self to any given process and hooks DeviceIoControl!Kernel32 API and try to log or fuzz all I/O Control code I/O Buffer pointer, I/O buffer length that process sends to any Kernel driver.
  • [48Star][7y] [C++] cr4sh/msfontsfuzz OpenType font file format fuzzer for Windows
  • [47Star][3y] silvermoonsecurity/security-misc # Full overview of current vulnerability, exploit , fuzz, mitigation of current major Operation System(Windows, macOS, Linux, Android,iOS and so forath) and popular applicaiton
  • [38Star][2y] [Py] walkerfuz/pydbgeng a python wrapper of debug engines on windows, linux or osx, it's only aim to auto fuzzing.
  • [13Star][2y] [C] leonwxqian/windows-defender-nscript-loader A exe loader that can load NScript evaluation engine of Windows Defender/Microsft Security Essential. You can fuzz NScript by using this. Project was based on Tavis Ormandy(taviso)'s "Porting Windows Dynamic Link Libraries to Linux" (

Post


Linux

Tools

  • [247Star][9m] [C++] ucsb-seclab/difuze Fuzzer for Linux Kernel Drivers
  • [153Star][10m] [Py] k0retux/fuddly Fuzzing/数据操纵(Data Manipulation)框架
  • [92Star][3y] [Hack] oracle/kernel-fuzzing Fuzzers for the Linux kernel
  • [70Star][7y] [JS] qburst/penq PenQ is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
  • [66Star][6y] [JS] owasp/appsec-browser-bundle The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
  • [10Star][6y] zsenda/stebb STeBB (Security Testing Browser Bundle ) is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
  • [8Star][7y] [C] rgbkrk/iknowthis fuzz testing framework for Linux system calls

Post


VxWorks

Tools

  • [13Star][4y] [Py] yformaggio/vxfuzz Some VxWorks fuzzing examples using Cisco-Kitty and WDBDbg framework

Post


Android

Tools

Post


iOS

Tools

Post

Specific Target


USB

Tools

Post


Web

XSS

Tools

  • [95Star][1y] [HTML] nytrorst/xssfuzzer XSS Fuzzer is a tool which generates XSS payloads based on user-defined vectors and fuzzing lists.
  • [38Star][4y] [C#] cweb/unicode-hax A library to assist in security-testing Unicode enabled applications during fuzzing, XSS, SQLi, etc.
  • [38Star][7y] [Py] matthewdfuller/intellifuzz-xss An adaptive, intelligent XSS fuzzer that learns how the response is reflected and carefully crafts an XSS payload to match
  • [26Star][5y] [Go] rverton/xssmap (DOM-)XSS fuzzer based on phantomjs and go.
  • [24Star][1y] [Py] jiangsir404/xss-sql-fuzz burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
  • [23Star][4y] [Py] immunio/immunio-xss-fuzzer Immunio's XSS Fuzzer tool
  • [22Star][3y] [PHP] 0x584a/fuzzxssphp PHP版本的反射型xss扫描,支持GET,POST
  • [1Star][16d] [C#] naivenom/ariadna Fuzzer simple para encontrar vulnerabilidades sql y xss

Post

Tools

  • [394Star][3m] [C] coolervoid/0d1n Web security tool to make fuzzing at HTTP/S, Beta
  • [343Star][1y] [Py] joxeankoret/nightmare A distributed fuzzing testing suite with web administration
  • [182Star][5m] [Rust] phra/rustbuster A Comprehensive Web Fuzzer and Content Discovery Tool
  • [148Star][3m] [Perl] henshin/filebuster An extremely fast and flexible web fuzzer
  • [111Star][10m] l3m0n/webfuzzattack web模糊测试 - 将漏洞可能性放大
  • [94Star][1y] [Py] andresriancho/websocket-fuzzer HTML5 WebSocket message fuzzer
  • [92Star][2m] [C] jonathanmetzman/wasm-fuzzing-demo Demos of and walkthroughs on in-browser fuzzing using WebAssembly
  • [61Star][1y] [Py] graniet/operative-framework-hd operative framework HD is the digital investigation framework, you can interact with websites, email address, company, people, ip address, vulnerability fuzzing ... interact with basic/graphical view and export with XML, JSON, use database management...
  • [58Star][9m] [HTML] leonwxqian/lucky-js-fuzz A web page based fuzzer that generates random JS statements then fuzz in the web-browser.
  • [55Star][3y] [Py] mseclab/burp-pyjfuzz Burp Suite plugin which implement PyJFuzz for fuzzing web application.
  • [53Star][2y] [JS] danigargu/urlfuzz Another web fuzzer written in NodeJS
  • [51Star][5m] [CSS] mobsf/capfuzz CapFuzz - capture, fuzz & intercept web traffic.
  • [37Star][3m] [Py] mak-/scanomaly This is a web application fuzzer scanner - the goal was CLI flexibility and rapid prototyping
  • [22Star][1m] [Py] z3pp/zfuzz Simple python web fuzzer
  • [19Star][2y] [JS] mozillasecurity/framboise Framboise is a fuzzer for in-depth testing of WebAPIs.
  • [17Star][2m] [Py] avalz/waf-a-mole A guided mutation-based fuzzer for ML-based Web Application Firewalls
  • [16Star][2y] [CSS] sweetchipsw/sweetmon_legacy 'SWEETMON' is a fuzzer monitoring service based python3 + django. User can check their fuzzers and crashes on the web. It can reduce repetitive work for fuzz testers. This is a legacy sweetmon. The new sweetmon is now being developed
  • [6Star][1y] [Py] mattjegan/wtfuzz A pip-installable tool used for checking the existence of different types of web resources
  • [5Star][2y] [Py] phplaber/yawf 一个基于 OWASP 开源的 Web 漏洞模糊测试工具
  • [4Star][2y] [Java] huvuqu/fuzz18plus Advance of fuzzing for Web pentest. Based on Burp extension, send HTTP request template out to Python fuzzer.
  • [3Star][1y] [Py] yuxiaokui/hackerone Fuzz website
  • [2Star][2y] yehgdotnet/jhijack A Java Hijacking tool for web application session security assessment. A simple Java Fuzzer that can mainly be used for numeric session hijacking and parameter enumeration. Demonstration video is also available.
  • [1Star][7m] [C] postrequest/cbuster Web server directory and file fuzzer

Post


Kernel

Tools

Post


Browser

Tools

Post


Network

Tools

  • [318Star][28d] [Py] cisco-talos/mutiny-fuzzer a network fuzzer that operates by replaying PCAPs through a mutational fuzzer.
  • [243Star][1y] [Py] hgascon/pulsar Protocol Learning and Stateful Fuzzing
  • [235Star][5m] [C] dongdongshe/neuzz neural network assisted fuzzer
  • [221Star][29d] [Py] nccgroup/fuzzowski the Network Protocol Fuzzer that we will want to use.
  • [197Star][2m] [C] denandz/fuzzotron A TCP/UDP based network daemon fuzzer
  • [172Star][1y] [Py] niloofarkheirkhah/nili Nili is a Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing.
  • [147Star][1y] [Py] brain-research/tensorfuzz A library for performing coverage guided fuzzing of neural networks
  • [74Star][1y] [Py] dobin/ffw A fuzzing framework for network servers
  • [65Star][3y] [Py] plantdaddy/fuzzap A python script for obfuscating wireless networks
  • [57Star][3y] [C] hbowden/nextgen A Genetic File, Syscall and Network Fuzzer.
  • [50Star][6y] [Py] isecpartners/rtspfuzzer RTSP network protocol fuzzer
  • [44Star][1y] [Perl] wireghoul/doona Network based protocol fuzzer
  • [35Star][5m] [Py] amossys/fragscapy Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.
  • [20Star][4m] [Py] m-zakeri/iust_deep_fuzz A file format fuzzer base on deep neural networks.
  • [15Star][2m] [C++] vitaliy-grigoriev/protocol-analyzer Fuzz testing framework for network protocols.
  • [5Star][2y] [Shell] foospidy/fuzzcat Rudimentary network protocol fuzzer using bash, netcat, and other tools.
  • [1Star][2m] [Py] ins1gn1a/woollymammoth Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad character identifier, shellcode carver, and a vanilla EIP exploiter

Post


Burp

Tools

Post


PDF


JavaScript

工具

文章

Popular Fuzzer


AFL

WinAFL

Tools

Post

TriforceAFL

Tools

Post

KAFL

Tools

  • [412Star][2y] [Py] rub-syssec/kafl Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

aflsmart

Tools

Post

Tools

Post


libFuzzer

Tools

Post


dharma

Tools

Post


Peach

Tools

Post


SPIKE

Tools

  • [25Star][3y] [C] guilhermeferreira/spikepp SPIKE is a protocol fuzzer creation kit. It provides an API that allows a user to create their own fuzzers for network based protocols using the C++ programming language. The tool defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service …

Post


driller

Tools

  • [548Star][3m] [Py] shellphish/driller augmenting AFL with symbolic execution!
  • [66Star][3y] [C] shellphish/driller-afl A version of AFL tailored for Driller's use in analyzing CGC binaries.
  • [13Star][1y] [Py] cxm95/ida_wrapper An IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.

syzkaller

Tools

  • [2748Star][7d] [Go] google/syzkaller syzkaller is an unsupervised coverage-guided kernel fuzzer

Post


clusterfuzz

Tools

Post


OSS-Fuzz

Tools

  • [4941Star][7d] [C] google/oss-fuzz OSS-Fuzz - continuous fuzzing of open source software.
  • [23Star][2y] [Shell] aflgo/oss-fuzz OSS-Fuzz - integrated with AFLGo for Patch Testing

Post


IFuzzer

Tools


CodeAlchemist

Tools

Post


HongFuzz

Tools

  • [1760Star][15d] [C] google/honggfuzz Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based)
  • [165Star][6m] [Rust] rust-fuzz/honggfuzz-rs Fuzz your Rust code with Google-developed Honggfuzz !

Post


Echidna

Tools

  • [396Star][8d] [Haskell] crytic/echidna Ethereum fuzz testing framework

Post


Applepie

Tools

Post


autoPwn

Tools

  • [154Star][9y] [Shell] spiderlabs/jboss-autopwn A JBoss script for obtaining remote shell access
  • [122Star][1y] [Shell] mi-al/wifi-autopwner script to automate searching and auditing Wi-Fi networks with weak security
  • [97Star][2y] [Py] danmcinerney/msf-autopwn Autoexploitation of some of the most common vulnerabilities in wild
  • [89Star][1y] [Shell] rpranshu/autopwn A simple bash based metasploit automation tool!
  • [84Star][1m] [Ruby] hahwul/metasploit-autopwn db_autopwn plugin of metasploit
  • [77Star][1m] [Py] bannsec/autopwn Automate repetitive tasks for fuzzing
  • [26Star][2y] [Py] danmcinerney/smb-autopwn Discovers and exploits hosts vulnerable to MS08-067/MS17-010
  • [23Star][5y] [Py] vnik5287/wpa-autopwn WPA/WPA2 autopwn script that parses captured handshakes and sends them to the Crackq
  • [11Star][5y] [Shell] christianpapathanasiou/jboss-autopwn JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security

Post


go-fuzz

Tools

  • [3291Star][2m] [Go] dvyukov/go-fuzz a coverage-guided fuzzing solution for testing of Go packages
  • [64Star][5m] [Go] dvyukov/go-fuzz-corpus Corpus for github.com/dvyukov/go-fuzz examples

Post


SSRFmap

Tools

Post


Sulley

boofuzz

Tools

  • [802Star][8d] [Py] jtpereyda/boofuzz A fork and successor of the Sulley Fuzzing Framework

Post

Tools

  • [1125Star][12m] [Py] openrce/sulley A pure-python fully automated and unattended fuzzing framework.

Post


radamsa

Tools

Post


Ffuf

Tools

  • [1337Star][19d] [Go] ffuf/ffuf Fast web fuzzer written in Go

Post


domato

Tools

Post


fuzzdb

Tools

  • [788Star][22d] [HTML] tennc/fuzzdb 一个fuzzdb扩展库
  • [227Star][2y] [Py] euphrat1ca/fuzzdb-collect 集合github平台上的安全行业从业者自研开源扫描器的仓库,包括子域名枚举、数据库漏洞扫描、弱口令或信息泄漏扫描、端口扫描、指纹识别以及其他大型扫描器或模块化扫描器
  • [102Star][4y] yoojinl/fuzzdb Use
  • [81Star][2y] [PHP] nixawk/fuzzdb Web Fuzzing Discovery and Attack Pattern Database
  • [27Star][5y] [HTML] infosec-au/fuzzdb Automatically exported from code.google.com/p/fuzzdb

Post


fuzzbunch

Tools

Post


angora

Tools

Post


wfuzz

Tools

Post


PBTK

Tools

  • [603Star][1m] [Py] marin-m/pbtk A toolset for reverse engineering and fuzzing Protobuf-based apps

Post


grinder

Tools

Post


Sandsifter

Tools

Post


deepstate

Tools

  • [501Star][7d] [Py] trailofbits/deepstate A unit test-like interface for fuzzing and symbolic execution
  • [5Star][3m] [C] agroce/testfs DeepState testing for TestFS, a user level toy file system that is similar to ext3
  • [4Star][8m] [C++] agroce/testleveldb DeepState testing for levelDB
  • [2Star][8m] [C] agroce/rb_tree_demo DeepState version of code accompanying a blog post about fuzzing a red-black tree implementation:
  • [0Star][27d] [C++] trailofbits/deepstate-test-suite Automated continuous testing integration using DeepState

Post


trinity

Tools

Post


netzob

Tools

  • [484Star][4m] [Py] netzob/netzob Protocol Reverse Engineering, Modeling and Fuzzing

Post

Other


Book

书籍

  • [350Star][13d] [Jupyter Notebook] uds-se/fuzzingbook The Book "Generating Software Tests"

Dictionary

Tools

Tools


Collections


Recent Add


Other

Post


Recent Add


arxiv_cscr


Youtube

Contribute

Contents auto exported by Our System, please raise Issue if you have any question.