Monkey Fuzz Testing

  •        127

Monkey Fuzz stress tests an applications User Interface. It pretends to be a "monkey" on the keyboard, sending random button press and mouse events to a program. It is developed in C#



Related Projects

go-fuzz - Randomized testing for Go

Go-fuzz is a coverage-guided fuzzing solution for testing of Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary), and is especially useful for hardening of systems that parse inputs from potentially malicious users (e.g. anything accepted over a network).Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase priority of the given input during subsequent fuzzing (for example, the input is lexically correct and was parsed successfully); -1 if the input must not be added to corpus even if gives new coverage; and 0 otherwise; other values are reserved for future use.

tavor - A generic fuzzing and delta-debugging framework

Tavor (Sindarin for woodpecker) is a framework for easily implementing and using fuzzing and delta-debugging. Its EBNF-like notation allows you to define file formats, protocols, and other structured data without the need to write source code. Tavor relaxes on the definitions of fuzzing and delta-debugging to enable the usage of its algorithms universally for keyword-driven testing, model-based testing, simulating user-behavior and genetic programming. Tavor is also well-suited for researching new methods without reimplementing basic algorithms.We want to test a service which processes an XML structure. The structure can contain groups and items. A group contains other groups or items. An Item consists of an attribute name with an alphanumeric value. The item's value contains a number. This structure sounds simple but allows an enormous variety of possible outcomes. It is therefore hard to test since a tester has to think about every important possibility if the generation of the test data is done manually. Doing this manually is cumbersome and error-prone. Tavor can be used to automate the generation.

fuzz-talk - Example code of my "Automated Testing with go-fuzz" talk

Example code of my "Automated Testing with go-fuzz" talk

cl-fuzz - Fuzz Testing in Common Lisp

Fuzz Testing in Common Lisp

JavaScript-fuzz - generates random values of standard, built-in JavaScript types for fuzz testing

generates random values of standard, built-in JavaScript types for fuzz testing

webfuzz - Javascript and HTML/DOM fuzz testing tool

Javascript and HTML/DOM fuzz testing tool

stormpot-fuzzer - Fuzz- and stress-testing program for Stormpot

Fuzz- and stress-testing program for Stormpot

Hardanger - Web Application Penetration Testing Platform

Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.

toxy - Hackable HTTP proxy for resiliency testing and simulated network conditions

Hackable HTTP proxy to simulate server failure scenarios, resiliency and unexpected network conditions, built for node.js.It was mainly designed for failure resistance testing, when toxy becomes particularly useful in order to cover fault tolerance and resiliency capabilities of a system, especially in disruption-tolerant networks and service-oriented architectures, where toxy may act as MitM proxy among services in order to inject failure.


Fuzz is a tool for testing other software. It does this by bombarding the program being evaluated with random data.

PHP Vulnerability Hunter

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications.

A free penetration testing toolkit

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembl

ALF - Fuzz testing framework for security research

ALF is a framework created for software developers, testers and security researchers for testing their software through fuzzing. This release includes the API for creating a fuzzer and running it locally. Other components include a client/server distribution system for maintaining a fuzzing cloud, and a web-based triage workflow for logging results in external bug trackers.The API includes functions for mutation and generation of testcases, and debugging using WinDBG or GDB.

syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is You can subscribe to it with a google account or by sending an email to

Simple Fuzzer

Simple Fuzzer is a simple fuzzing framework which allows rapid development of protocol fuzzers for blackbox testing. It can fuzz across networks using TCP/UDP, IP4/IP6, and can be extended via plugins to perform in-depth fuzzing.


Sulley is a fuzzer development and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and target monitoring as well. Sulley is affectionately named after the creature from Monsters Inc., because, well, he is fuzzy.

osquery - SQL powered operating system instrumentation, monitoring, and analytics.

osquery is an operating system instrumentation framework for OS X/macOS, Windows, and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive.There are many additional continuous build jobs that perform dynamic and static analysis, test the package build process, rebuild dependencies from source, assure deterministic build on macOS and Linux, fuzz test the virtual tables, and build on several other platforms not included above. Code safety, testing rigor, data integrity, and a friendly development community are our primary goals.

gofuzz - Fuzz testing for go.

gofuzz is a library for populating go objects with random values.See more examples in example_test.go.


Halloween project prank to mischievously grab windows and move them around. Primarily moves windows around, shakes the screen, sends random keyboard and mouse events.