syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

  •        31

syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is You can subscribe to it with a google account or by sending an email to



Related Projects

IronWASP - Iron Web application Advanced Security testing Platform

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

go-fuzz - Randomized testing for Go

Go-fuzz is a coverage-guided fuzzing solution for testing of Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary), and is especially useful for hardening of systems that parse inputs from potentially malicious users (e.g. anything accepted over a network).Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase priority of the given input during subsequent fuzzing (for example, the input is lexically correct and was parsed successfully); -1 if the input must not be added to corpus even if gives new coverage; and 0 otherwise; other values are reserved for future use.

Watcher: Web security testing tool and passive vulnerability scanner

A Fiddler plugin that passively checks web application's for a variety of security issues. Watcher acts as assistant to the web developer, tester, or security auditor, by quickly identifying real issues and hot-spots that commonly lead to security problems in web apps.

Nogotofail - Network Security Testing Tool

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Wapiti - Web application vulnerability scanner / security auditor

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. It is able to differentiate ponctual and permanent XSS vulnerabilities.

Beef - Browser Exploitation Framework

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.

honggfuzz - Security oriented fuzzer with powerful analysis options

A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for more data on the usage.The examples directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the OpenSSL library and in the Apache web server.

PyLoris - Vulnerability test for DOS attack

PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.

brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications

Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.

SecLists - SecLists is the security tester's companion

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed. This project is maintained by Daniel Miessler and Jason Haddix.

Metasploit Framework - World's most used penetration testing software

Metasploit, helps verify vulnerabilities and manage security assessments. It makes it easy to automate all phases of a penetration test, from choosing the right exploits to streamlining evidence collection and reporting.

oss-fuzz - OSS-Fuzz - continuous fuzzing of open source software

Status: Beta. We are now accepting applications from widely-used open source projects.Create New Issue for questions or feedback about OSS-Fuzz.

Simple Fuzzer

Simple Fuzzer is a simple fuzzing framework which allows rapid development of protocol fuzzers for blackbox testing. It can fuzz across networks using TCP/UDP, IP4/IP6, and can be extended via plugins to perform in-depth fuzzing.

threadfix - ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems

ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts. ThreadFix is developed and maintained by Denim Group, Ltd ( For information about commercial support and other services, contact Denim Group about ThreadFix

PHP Vulnerability Hunter

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications.

OpenVAS - Vulnerability Scanner and Manager

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. It is designed to search for networked devices and computers, discover accessible ports and services, and to test for vulnerabilities on any such ports; plugins allow for further expansion.

Hardanger - Web Application Penetration Testing Platform

Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.

OWASP Joomla Vulnerability Scanner Project

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.

Sqlmap - Automatic SQL injection and database takeover tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

SecurityShepherd - Web and mobile application security training platform

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status.