Displaying 1 to 20 from 22 results

syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

  •    Go

syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website

  •    Python

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. This software is released under the GNU General Public License v3.0. See LICENSE.md for details.

afl-utils - Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization

  •    Python

As of June, 6th 2018 this project moved to Gitlab that's why this repository is archived and thus read-only until it is entirely removed from Github. Repository removal is scheduled for September, 15th 2018. Please report issues and request your merges through the new project home. All further discussion - even for existing issues - will take place there.

clusterfuzz-tools - Bugs are inevitable. Suffering is optional.

  •    Python

The tools supports various tasks (e.g. reproduce a crash locally) needed by ClusterFuzz's users.Currently, it supports reproducing a crash locally. In the future, it will support uploading a fuzzer, tailing fuzzer log, and uploading a testcase.




fuzzer - a mutating fuzzer for testing

  •    Javascript

A fuzzer for testing. This implements mutation fuzzing, in which an expect input is mutated (changed) many times in order to trigger unexpected behavior or crashes.Generate a mutated version of an object. This does not modify the object directly, but returns a modified copy. This mutation will increment and decrement numbers, randomize arrays, remove properties, and more.

checkers - Property-based testing for JavaScript via ClojureScript's test.check

  •    Javascript

Property-based testing for JavaScript via ClojureScript's test.check. test.check is a Clojure property-based testing tool inspired by QuickCheck. The core idea of test.check is that instead of enumerating expected input and output for unit tests, you write properties about your function that should hold true for all inputs. This lets you write concise, powerful tests.

node-radamsa - A simple, synchronous, pipe to Radamsa tool from your nodejs programs.

  •    Javascript

A synchronous pipe to Radamsa tool from your nodejs programs. The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.


gray_hat_csharp_code - This repository contains full code examples from the book Gray Hat C#

  •    CSharp

This repository contains fully-fleshed out code examples from the book Gray Hat C#. In this book, a wide variety of security oriented tools and libraries will be written using the C# programming language, allowing for cross-platform automation of the most crucial aspects of a security engineer's roles in a modern organization. Many of the topics will also be highly useful for hobbyists and security enthusiasts who are looking to gain more experience with common security concepts and tools with real world examples for both offensive and defensive purposes. We cover a broad slice of concepts a modern security engineer must be familiar with, starting with a brief introduction to the C# language. After the introduction, we focus on fuzzing web application vulnerabilities and writing exploits for them. This is followed by C# payloads for pentesters to use for remote command execution and persistence. Then, we move onto security tool automation using true APIs, not just calling programs from the system shell. Finally, we focus on reverse engineering and forensics in the final chapters.

echidna - Ethereum fuzz testing framework

  •    Haskell

More seriously, it's a Haskell library designed for fuzzing/property based testing of EVM code. Currently it is quite alpha, and the API isn't guaranteed to be functional, let alone stable. It supports relatively sophisticated grammar-based fuzzing campaigns to falsify a variety of predicates. stack is highly recommended to install echidna. If you are a particularly opinionated experienced Haskell user, cabal or hpack should work, but they are neither officially supported nor tested.

js-fuzz - An AFL-inspired genetic fuzz tester for JavaScript

  •    TypeScript

js-fuzz is an American Fuzzy Lop-inspired fuzz tester for JavaScript code. It provides coverage-driven analysis and minimization while being fast and extraordinarily simple to use. In the above example, we asked to increase the priority of strings that can be parsed as plain JSON, since we want more of that sort of thing in order to test against JSON5. You can also return Promises from the fuzz function, or take a callback.

fuzzball - Scala fuzzer

  •    Python

Scala fuzzer. ~44 bugs found in Dotty so far and many more are still unreported. Powered by a two-layer LSTM (400 units) network trained only for a couple hours. High temperature (≫ 1.0) - lots of random noise, most samples will be syntactically incorrect. Low temperature (≈ 0.0) - little noise, most samples will be syntactically correct.

fuzzcat - Fuzzing web services in style with nodejs

  •    Javascript

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

curl-fuzzer - Quality assurance testing for the curl project

  •    C++

Code and corpora for curl and libcurl fuzzing. Great! Run ./mainline.sh. It will download you a fresh copy of curl, compile it with clang, install it to a temporary directory, then compile the fuzzer against curl. It'll also run the regression testcases.

NtCall64 - Windows NT x64 syscall fuzzer

  •    C

This program based on NtCall by Peter Kosyh. It isn't advanced version and its purpose - port NtCall functionality for x64 Windows NT 6+. When used without parameters NtCall64 will start fuzzing services in KiServiceTable (sometimes referenced as SSDT).

vmmfuzzer - A hypervisor or virtual machine monitor (VMM) fuzzer.

  •    C

A hypervisor or virtual machine monitor (VMM) fuzzer. See CONTRIBUTING.md.

honggfuzz-rs - Fuzz your Rust code with Google-developped Honggfuzz !

  •    Rust

Honggfuzz is a security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based).