fuzz-monkey - Fuzzing tool written in Golang. Insane monkey not included.

  •        6

Fuzz Monkey is a bit like chaos monkey only with more fur and instead of tearing down infrastructure like some kind of crazed baboon in a shoe shop, it carefully and surgically flings its poop at specific http endpoints. It ain't pretty, but it's damn sure fuzzy. or you can simply run the script and it will automatically root around for a file named fuzz-monkey.json.

https://github.com/ChrisCooney/fuzz-monkey

Tags
Implementation
License
Platform

   




Related Projects

Clusterfuzz - All your bug are belong to us

  •    Python

ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

go-fuzz - Randomized testing for Go

  •    Go

Go-fuzz is a coverage-guided fuzzing solution for testing of Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary), and is especially useful for hardening of systems that parse inputs from potentially malicious users (e.g. anything accepted over a network).Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase priority of the given input during subsequent fuzzing (for example, the input is lexically correct and was parsed successfully); -1 if the input must not be added to corpus even if gives new coverage; and 0 otherwise; other values are reserved for future use.

cargo-fuzz - Command line helpers for fuzzing

  •    Rust

Note: libFuzzer needs LLVM sanitizer support, so this is only works on x86-64 Linux and x86-64 macOS for now. This also needs a nightly since it uses some unstable command-line flags. You'll also need a C++ compiler with C++11 support. This crate is currently under some churn -- in case stuff isn't working, please reinstall it (cargo install cargo-fuzz -f). Rerunning cargo fuzz init after moving your fuzz folder and updating this crate may get you a better generated fuzz/Cargo.toml. Expect this to settle down soon.

afl.rs - 🐇 Fuzzing Rust code with american-fuzzy-lop

  •    C

Fuzz testing is a software testing technique used to find security and stability issues by providing pseudo-random data as input to the software. American fuzzy lop is a popular, effective, and modern fuzz testing tool. This library, afl.rs, allows one to run AFL on code written in the Rust programming language. Documentation can be found in the Rust Fuzz Book.

Monkey Fuzz Testing

  •    CSharp

Monkey Fuzz stress tests an applications User Interface. It pretends to be a "monkey" on the keyboard, sending random button press and mouse events to a program. It is developed in C#


oss-fuzz - OSS-Fuzz - continuous fuzzing of open source software

  •    Shell

Status: Beta. We are now accepting applications from widely-used open source projects.Create New Issue for questions or feedback about OSS-Fuzz.

grinder - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes

  •    Ruby

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information (such as call stacks with symbol information as well as logging information which can be used to generate reproducible test cases at a later stage). A Grinder Server provides a central location to collate crashes and, through a web interface, allows multiple users to login and manage all the crashes being generated by all of the Grinder Nodes. A Grinder Node requires a 32/64 bit Windows system and Ruby 2.0 (Ruby 1.9 is also supported but you wont be able to fuzz 64bit targets).

IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

  •    PHP

A collection of Burpsuite Intruder payloads and fuzz lists and pentesting methodology. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

sulley - A pure-python fully automated and unattended fuzzing framework.

  •    Python

Sulley is an actively developed fuzzing engine and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and instrumentation. Sulley is affectionately named after the creature from Monsters Inc., because, well, he is fuzzy. Clearly he's also fearless.

PHP Vulnerability Hunter

  •    

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications.

Simple Fuzzer

  •    C

Simple Fuzzer is a simple fuzzing framework which allows rapid development of protocol fuzzers for blackbox testing. It can fuzz across networks using TCP/UDP, IP4/IP6, and can be extended via plugins to perform in-depth fuzzing.

gremlins.js - Monkey testing library for web apps and Node.js

  •    Javascript

gremlins.js is a monkey testing library written in JavaScript, for Node.js and the browser. Use it to check the robustness of web applications by unleashing a horde of undisciplined gremlins. Billy Peltzer: They're gremlins, Kate, just like Mr. Futterman said.

awesome-chaos-engineering - A curated list of awesome Chaos Engineering resources.

  •    

A curated list of awesome Chaos Engineering resources. Chaos Engineering is the discipline of experimenting on a distributed system in order to build confidence in the system’s capability to withstand turbulent conditions in production. - Principles Of Chaos Engineering website.

syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

  •    Go

syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

afl-utils - Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization

  •    Python

As of June, 6th 2018 this project moved to Gitlab that's why this repository is archived and thus read-only until it is entirely removed from Github. Repository removal is scheduled for September, 15th 2018. Please report issues and request your merges through the new project home. All further discussion - even for existing issues - will take place there.

XDiFF - Extended Differential Fuzzing Framework

  •    Python

The fuzzer uses Python and runs on multiple OSs (Linux, Windows, OS X, and Freebsd). Its main goal is to detect issues based on diffential fuzzing aided with the extended capabilities to increase coverage. Still, it will found common vulnerabilities based on hangs and crashes, allowing to attach a memory debugger to the fuzzing sessions. The tool and the fuzzing process can be susceptible to code execution. Use it at your own risk always inside a VM.

monkey - Infection Monkey - An automated pentest tool

  •    Python

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey uses the following techniques and exploits to propagate to other machines.

kube-monkey - An implementation of Netflix's Chaos Monkey for Kubernetes clusters

  •    Go

kube-monkey is an implementation of Netflix's Chaos Monkey for Kubernetes clusters. It randomly deletes Kubernetes (k8s) pods in the cluster encouraging and validating the development of failure-resilient services. kube-monkey runs at a pre-configured hour (run_hour, defaults to 8am) on weekdays, and builds a schedule of deployments that will face a random Pod death sometime during the same day. The time-range during the day when the random pod Death might occur is configurable and defaults to 10am to 4pm.

Monkey - Monkey is a GitHub third party client for iOS,to show the rank of coders and repositories.

  •    Objective-C

Monkey is a GitHub third party client,Monkey is a program ape. Monkey for GitHub is my first on-line App,open source project.Welcome to download through two-dimensional code.

fuzzer-test-suite - Set of tests for fuzzing engines

  •    C

This is a set of tests (benchmarks) for fuzzing engines (fuzzers).The goal of this project is to have a set of fuzzing benchmarks derived from real-life libraries that have interesting bugs, hard-to-find code paths, or other challenges for bug finding tools.