IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

  •        1327

A collection of Burpsuite Intruder payloads and fuzz lists and pentesting methodology. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

https://crowdshield.com
https://github.com/1N3/IntruderPayloads

Tags
Implementation
License
Platform

   




Related Projects

go-fuzz - Randomized testing for Go

  •    Go

Go-fuzz is a coverage-guided fuzzing solution for testing of Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary), and is especially useful for hardening of systems that parse inputs from potentially malicious users (e.g. anything accepted over a network).Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase priority of the given input during subsequent fuzzing (for example, the input is lexically correct and was parsed successfully); -1 if the input must not be added to corpus even if gives new coverage; and 0 otherwise; other values are reserved for future use.

cargo-fuzz - Command line helpers for fuzzing

  •    Rust

Note: libFuzzer needs LLVM sanitizer support, so this is only works on x86-64 Linux and x86-64 macOS for now. This also needs a nightly since it uses some unstable command-line flags. You'll also need a C++ compiler with C++11 support. This crate is currently under some churn -- in case stuff isn't working, please reinstall it (cargo install cargo-fuzz -f). Rerunning cargo fuzz init after moving your fuzz folder and updating this crate may get you a better generated fuzz/Cargo.toml. Expect this to settle down soon.

Clusterfuzz - All your bug are belong to us

  •    Python

ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

afl.rs - 🐇 Fuzzing Rust code with american-fuzzy-lop

  •    C

Fuzz testing is a software testing technique used to find security and stability issues by providing pseudo-random data as input to the software. American fuzzy lop is a popular, effective, and modern fuzz testing tool. This library, afl.rs, allows one to run AFL on code written in the Rust programming language. Documentation can be found in the Rust Fuzz Book.

oss-fuzz - OSS-Fuzz - continuous fuzzing of open source software

  •    Shell

Status: Beta. We are now accepting applications from widely-used open source projects.Create New Issue for questions or feedback about OSS-Fuzz.


kernel-fuzzer-for-xen-project - VMI Kernel Fuzzer for Xen Project - VM forking, VMI & AFL integration demo

  •    C

This project is intended to illustrate the harnessing required to fuzz a Linux kernel module using AFL through the Xen VMI API. The tool utilizes Xen VM forks to perform the fuzzing, thus allowing for parallel fuzzing/multiple AFL instances to fuzz at the same time. Coverage guidance for AFL is achieved using Capstone to dynamically disassemble the target code to locate the next control-flow instruction. The instruction is breakpointed and when the breakpoint triggers, MTF is activated to advance the VM ahead, then the processes is repeated again. The tool allows fine-tuning how many control-flow instructions to allow the fuzzing to encounter before terminating. This provides an alternative to timing out the fuzzing process. Hardware requirements: Intel CPU with VT-x and EPT enabled.

grinder - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes

  •    Ruby

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information (such as call stacks with symbol information as well as logging information which can be used to generate reproducible test cases at a later stage). A Grinder Server provides a central location to collate crashes and, through a web interface, allows multiple users to login and manage all the crashes being generated by all of the Grinder Nodes. A Grinder Node requires a 32/64 bit Windows system and Ruby 2.0 (Ruby 1.9 is also supported but you wont be able to fuzz 64bit targets).

clusterfuzzlite - ClusterFuzzLite - Simple continuous fuzzing that runs in CI.

  •    

ClusterFuzzLite is a continuous fuzzing solution that runs as part of Continuous Integration (CI) workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they are committed. ClusterFuzzLite is based on ClusterFuzz.

OneFuzz - A self-hosted Fuzzing-As-A-Service platform

  •    Rust

OneFuzz framework, an open source developer tool to find and fix bugs at scale. Fuzz testing is a highly effective method for increasing the security and reliability of native code—it is the gold standard for finding and removing costly, exploitable security flaws. Traditionally, fuzz testing has been a double-edged sword for developers: mandated by the software-development lifecycle, highly effective in finding actionable flaws, yet very complicated to harness, execute, and extract information from.

PHP Vulnerability Hunter

  •    

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications.

sulley - A pure-python fully automated and unattended fuzzing framework.

  •    Python

Sulley is an actively developed fuzzing engine and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and instrumentation. Sulley is affectionately named after the creature from Monsters Inc., because, well, he is fuzzy. Clearly he's also fearless.

winnie - Winnie is an end-to-end system that makes fuzzing Windows applications easy

  •    C

Winnie-AFL is a fork of WinAFL that supports fuzzing using a fork()-like API. For more details about Winnie, check out the NDSS paper. The fuzzer was tested on Windows 10 x64 1809 17763.973. Any other configurations should be considered as unsupported. Notwithstanding that, it probably still works on most 64-bit Windows 10 systems 1809 and up (but no guarantees). Windows 7 isn't supported because of differences in the CSRSS and subsystem implementation.

Monkey Fuzz Testing

  •    CSharp

Monkey Fuzz stress tests an applications User Interface. It pretends to be a "monkey" on the keyboard, sending random button press and mouse events to a program. It is developed in C#

Simple Fuzzer

  •    C

Simple Fuzzer is a simple fuzzing framework which allows rapid development of protocol fuzzers for blackbox testing. It can fuzz across networks using TCP/UDP, IP4/IP6, and can be extended via plugins to perform in-depth fuzzing.

syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

  •    Go

syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

afl-utils - Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization

  •    Python

As of June, 6th 2018 this project moved to Gitlab that's why this repository is archived and thus read-only until it is entirely removed from Github. Repository removal is scheduled for September, 15th 2018. Please report issues and request your merges through the new project home. All further discussion - even for existing issues - will take place there.

fuzz

  •    

Fuzz is a tool for testing other software. It does this by bombarding the program being evaluated with random data.

XSStrike - XSS Scanner equipped with powerful fuzzing engine & intelligent payload generator

  •    Python

XSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts. Note: XSStrike isn't compatible with Python2 anymore, please use python3 xsstrike to run it. Changelog contains the changes made to XSStrike after the XSStrike v2.0 pre-beta release.

SecLists - SecLists is the security tester's companion

  •    PHP

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed. This project is maintained by Daniel Miessler and Jason Haddix.

Hardanger - Web Application Penetration Testing Platform

  •    

Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.