Displaying 1 to 16 from 16 results

toxy - Hackable HTTP proxy for resiliency testing and simulated network conditions

  •    Javascript

Hackable HTTP proxy to simulate server failure scenarios, resiliency and unexpected network conditions, built for node.js.It was mainly designed for failure resistance testing, when toxy becomes particularly useful in order to cover fault tolerance and resiliency capabilities of a system, especially in disruption-tolerant networks and service-oriented architectures, where toxy may act as MitM proxy among services in order to inject failure.

go-fuzz - Randomized testing for Go

  •    Go

Go-fuzz is a coverage-guided fuzzing solution for testing of Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary), and is especially useful for hardening of systems that parse inputs from potentially malicious users (e.g. anything accepted over a network).Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase priority of the given input during subsequent fuzzing (for example, the input is lexically correct and was parsed successfully); -1 if the input must not be added to corpus even if gives new coverage; and 0 otherwise; other values are reserved for future use.

IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

  •    PHP

A collection of Burpsuite Intruder payloads and fuzz lists and pentesting methodology. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

Monkey Fuzz Testing

  •    CSharp

Monkey Fuzz stress tests an applications User Interface. It pretends to be a "monkey" on the keyboard, sending random button press and mouse events to a program. It is developed in C#




PHP Vulnerability Hunter

  •    

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications.

tavor - A generic fuzzing and delta-debugging framework

  •    Go

Tavor (Sindarin for woodpecker) is a framework for easily implementing and using fuzzing and delta-debugging. Its EBNF-like notation allows you to define file formats, protocols, and other structured data without the need to write source code. Tavor relaxes on the definitions of fuzzing and delta-debugging to enable the usage of its algorithms universally for keyword-driven testing, model-based testing, simulating user-behavior and genetic programming. Tavor is also well-suited for researching new methods without reimplementing basic algorithms.We want to test a service which processes an XML structure. The structure can contain groups and items. A group contains other groups or items. An Item consists of an attribute name with an alphanumeric value. The item's value contains a number. This structure sounds simple but allows an enormous variety of possible outcomes. It is therefore hard to test since a tester has to think about every important possibility if the generation of the test data is done manually. Doing this manually is cumbersome and error-prone. Tavor can be used to automate the generation.

checkers - Property-based testing for JavaScript via ClojureScript's test.check

  •    Javascript

Property-based testing for JavaScript via ClojureScript's test.check. test.check is a Clojure property-based testing tool inspired by QuickCheck. The core idea of test.check is that instead of enumerating expected input and output for unit tests, you write properties about your function that should hold true for all inputs. This lets you write concise, powerful tests.

AndroidFuzz - JavaFuzz 4 Android

  •    Java

The code is under GPLv2 unless specified otherwise in the single files.


snodge - Randomly mutate JSON, XML, HTML forms, text and binary data for fuzz testing

  •    Kotlin

A small, extensible Kotlin library to randomly mutate JSON & XML documents, text and binary data. Useful for fuzz testing. See an interactive demonstration.

js-fuzz - An AFL-inspired genetic fuzz tester for JavaScript

  •    TypeScript

js-fuzz is an American Fuzzy Lop-inspired fuzz tester for JavaScript code. It provides coverage-driven analysis and minimization while being fast and extraordinarily simple to use. In the above example, we asked to increase the priority of strings that can be parsed as plain JSON, since we want more of that sort of thing in order to test against JSON5. You can also return Promises from the fuzz function, or take a callback.

cautious-pancake - github generated the repo name for me

  •    Go

cautious-pancake aims to make fuzzing golang packages easier by identifying pure functions. These functions can be easily fuzzed since they only operate on their direct inputs and do not modify global state. The -filter=impure flag will return all functions deemed impure, including the reason for the determination and the -all flag will display information on private functions as well.

fuzzcat - Fuzzing web services in style with nodejs

  •    Javascript

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

honggfuzz-rs - Fuzz your Rust code with Google-developped Honggfuzz !

  •    Rust

Honggfuzz is a security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based).

FuzzImageMagick - Sample files for fuzzing ImageMagick

  •    Python

Full setup for fuzzing ImageMagick. Currently (2016-02-07) covers over 30% of the codebase. ImageMagick creates temporary files while running. If ImageMagick crashes, the temporary files are not cleaned up. To prevent the fuzzing machine's hard disk from filling up, you can create a cron job to run rm /tmp/magick-* every hour. For more discussion about this issue, see this bug report.

fuzzyjs - fuzzyjs is a fuzzy search algorithm in javascript

  •    Javascript

fuzzyjs is a fuzzy search algorithm in javascript. fuzzyjs is licensed under MIT License.