Displaying 1 to 20 from 58 results

syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

  •    Go

syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

oss-fuzz - OSS-Fuzz - continuous fuzzing of open source software

  •    Shell

Status: Beta. We are now accepting applications from widely-used open source projects.Create New Issue for questions or feedback about OSS-Fuzz.

honggfuzz - Security oriented fuzzer with powerful analysis options

  •    C

A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for more data on the usage.The examples directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the OpenSSL library and in the Apache web server.




Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers

  •    

A collection of awesome lists for hackers, pentesters & security researchers. Follow Hack with GitHub on your favorite social media to get daily updates on interesting GitHub repositories related to Security.

IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

  •    PHP

A collection of Burpsuite Intruder payloads and fuzz lists and pentesting methodology. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

hypothesis - Hypothesis is a powerful, flexible, and easy to use library for property-based testing.

  •    Python

Hypothesis is family of testing libraries which let you write tests parametrized by a source of examples. A Hypothesis implementation then generates simple and comprehensible examples that make your tests fail. This simplifies writing your tests and makes them more powerful at the same time, by letting software automate the boring bits and do them to a higher standard than a human would, freeing you to focus on the higher level test logic. This sort of testing is often called "property-based testing", and the most widely known implementation of the concept is the Haskell library QuickCheck, but Hypothesis differs significantly from QuickCheck and is designed to fit idiomatically and easily into existing styles of testing that you are used to, with absolutely no familiarity with Haskell or functional programming needed.

Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning

  •    Python

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.


Clusterfuzz - All your bug are belong to us

  •    Python

ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

RFSec-ToolKit - RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.

  •    

RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools which are from the github platform,and Hacking Tutorial from youtube、blog post, including SDR、2G GSM、3G 、4G LTE 、5G、NFC&RFID、ZigBee and so on. RTL2832U:RTL-SDR is a very cheap software defined radio that uses a DVB-T TV tuner dongle based on the RTL2832U chipset.

afl.rs - 🐇 Fuzzing Rust code with american-fuzzy-lop

  •    C

Fuzz testing is a software testing technique used to find security and stability issues by providing pseudo-random data as input to the software. American fuzzy lop is a popular, effective, and modern fuzz testing tool. This library, afl.rs, allows one to run AFL on code written in the Rust programming language. Documentation can be found in the Rust Fuzz Book.

grinder - Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes

  •    Ruby

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information (such as call stacks with symbol information as well as logging information which can be used to generate reproducible test cases at a later stage). A Grinder Server provides a central location to collate crashes and, through a web interface, allows multiple users to login and manage all the crashes being generated by all of the Grinder Nodes. A Grinder Node requires a 32/64 bit Windows system and Ruby 2.0 (Ruby 1.9 is also supported but you wont be able to fuzz 64bit targets).

testing-distributed-systems - Curated list of resources on testing distributed systems

  •    HTML

List of resources on testing distributed systems curated by Andrey Satarin (@asatarin). Colin Scott shares his viewpoint from academia on testing distributed systems, specifically regression testing for correctness and performance bugs.

Arjun - Arjun is a python script for finding hidden GET & POST parameters.

  •    Python

Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce. This work is licensed under a Creative Commons Attribution 4.0 International License.

PHP Vulnerability Hunter

  •    

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications.

MungeTLS - inspect/modify TLS 1.0, 1.1, and 1.2 traffic

  •    

A minimal TLS server implementation with a plugin system for manipulating and monitoring every stage of the TLS handshake and application data.

0d1n - Web security tool to make fuzzing at HTTP/S, Beta

  •    C

===== 0d1n is a tool for automating customized attacks against web applications. *other functions...

afl-utils - Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization

  •    Python

As of June, 6th 2018 this project moved to Gitlab that's why this repository is archived and thus read-only until it is entirely removed from Github. Repository removal is scheduled for September, 15th 2018. Please report issues and request your merges through the new project home. All further discussion - even for existing issues - will take place there.

cargo-fuzz - Command line helpers for fuzzing

  •    Rust

Note: libFuzzer needs LLVM sanitizer support, so this is only works on x86-64 Linux and x86-64 macOS for now. This also needs a nightly since it uses some unstable command-line flags. You'll also need a C++ compiler with C++11 support. This crate is currently under some churn -- in case stuff isn't working, please reinstall it (cargo install cargo-fuzz -f). Rerunning cargo fuzz init after moving your fuzz folder and updating this crate may get you a better generated fuzz/Cargo.toml. Expect this to settle down soon.

clusterfuzz-tools - Bugs are inevitable. Suffering is optional.

  •    Python

The tools supports various tasks (e.g. reproduce a crash locally) needed by ClusterFuzz's users.Currently, it supports reproducing a crash locally. In the future, it will support uploading a fuzzer, tailing fuzzer log, and uploading a testcase.