#Fuzzing
Showing 60 of 167 repositories tagged #fuzzing, ranked by stars
A collection of various awesome lists for hackers, pentesters and security researchers
Web path scanner
OSS-Fuzz - continuous fuzzing for open source software.
Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
the champagne of beta embedded databases
The property-based testing library for Python
You Know, For WEB Fuzzing !
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
syzkaller is an unsupervised coverage-guided kernel fuzzer
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Scalable fuzzing infrastructure.
Property based testing framework for JavaScript (like QuickCheck) written in TypeScript
Randomized testing for Go
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
An step by step fuzzing tutorial. A GitHub Security Lab initiative
A high performance offensive security tool for reconnaissance and vulnerability scanning
Catch API bugs before your users do
Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
Packer Fuzzer is a fast and efficient scanner for security detection of websites constructed by javascript module bundler such as Webpack.
Rockyou for web fuzzing
Web Fuzzing Box - Web 模糊测试字典与一些Payloads
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
A fork of AFL for fuzzing Windows binaries
A fork and successor of the Sulley Fuzzing Framework
Command line helpers for fuzzing
🐇 Fuzzing Rust code with American Fuzzy Lop
DOM fuzzer
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).
开源、轻量、快速、跨平台 的网站漏洞扫描工具,帮助您快速检测网站安全隐患。功能 端口扫描(port scan) 指纹识别(fingerprint) 漏洞检测(nday check) 智能爆破 (admin brute) 敏感文件扫描(file fuzz)
Asset inventory of over 800 public bug bounty programs.
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
A powerful tool for automated LLM fuzzing. It is designed to help developers and security researchers identify and mitigate potential jailbreaks in their LLM APIs.
LLM powered fuzzing via OSS-Fuzz.
Coverage-guided, in-process fuzzing for the JVM
FuzzBench - Fuzzer benchmarking as a service.
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Blazing Fast Bytecode-Level Hybrid Fuzzer for Smart Contracts
A fast, parallel test case minimization tool.
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Infosec Wordlists and more.
A friendly car security exploration tool for the CAN bus
Rapid is a modern Go property-based testing library
Netzob: Protocol Reverse Engineering, Modeling and Fuzzing
A fuzzer for full VM kernel/driver targets
MCP server for AI-driven security pipelines
The first open-source AI-driven tool for automatically generating system-level test cases (also known as fuzzing) for web/enterprise applications. Currently targeting whitebox and blackbox testing of Web APIs, like REST, GraphQL and RPC (e.g., gRPC and Thrift).
An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.
Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
swiss army knife for hackers
Framework for Automating Fuzzable Target Discovery with Static Analysis.
a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE
ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
Fuzz your Rust code with Google-developed Honggfuzz !
WinAppDbg Debugger
Fuzz Introspector -- introspect, extend and optimise fuzzers
Black box fuzzer for web applications
Fuzzing framework written in python
SIP Security Assessment Framework for VoIP Pentesters. Presented at DEFCON, BlackHat & Offzone.
ANTLR v4 grammar-based test generator