User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Fuzzing

A curated list of awesome Fuzzing(or Fuzz Testing) for software security

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Dec. 2, 2020, 9:06 a.m.

Thank you cpuu & contributors
View Topic on GitHub:
cpuu/awesome-fuzzing

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Books

Talks

The Network and Distributed System Security Symposium (NDSS)

IEEE Symposium on Security and Privacy (IEEE S&P)

USENIX Security

ACM Conference on Computer and Communications Security (ACM CCS)

ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

The others

General-purpose

🌪️ Application fuzzer

331
77
1y 9m
WTFPL

A general-purpose fuzzer.

Binary

A fork of AFL for fuzzing Windows binaries

1.57K
409
14d
Apache-2.0

Driller: augmenting AFL with symbolic execution!

631
143
90d
BSD-2-Clause

A Python interface to AFL, allowing for easy injection of testcases and other functionality.

574
127
1y 7m
BSD-2-Clause

Grey-box Concolic Testing on Binary Code

115
13
39d
MIT

a.k.a. afl-fuzz - Crazy fuzzing tool that automatically discovers bugs given time and minimal example input. [Apache2]

A library for coverage-guided fuzz testing. Tutorial from Google.

Web, JavaScript

A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine.

552
125
2d
MPL-2.0
89
27
7m
n/a

DOM fuzzer

1.27K
246
55d
Apache-2.0

A JavaScript Engine Fuzzer

1.1K
189
22d
Apache-2.0

Semantics-aware Code Generation for Finding JS engine Vulnerabilities

197
37
1y 22d
MIT

🤖 Repeat tests. Repeat tests. Repeat tests.

91
2
10d
Apache-2.0

Monkey testing library for web apps and Node.js

8.52K
417
12d
MIT

Network protocol

State learner tool for DTLS which uses TLS-Attacker

4
0
5m
MIT
204
36
8m
n/a

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is developed by the Ruhr University Bochum (http://nds.rub.de/), the Paderborn University (https://cs.uni-paderborn.de/syssec/), and the Hackmanit GmbH (http://hackmanit.de/).

569
106
28d
n/a

PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK

47
17
63d
n/a

A fork and successor of the Sulley Fuzzing Framework

1.1K
228
12d
GPL-2.0

An automated NFC fuzzing framework for Android devices.

110
23
13d
n/a

SSL and TLS protocol test suite and fuzzer

328
81
12d
GPL-2.0

tumbleRF: a unified fuzzing framework for low-level RF and HW protocol/PHY/MAC analysis

128
17
2y 8m
n/a

Protocol Learning and Stateful Fuzzing

271
58
4m
BSD-3-Clause

SPIKE is a protocol fuzzer creation kit. It provides an API that allows a user to create their own fuzzers for network based protocols using the C++ programming language. The tool defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service to hopefully induce errors. SPIKE was specifically designed to focus on finding exploitable bugs, so it’s an excellent choice for our purposes. SPIKE also includes a simple scripting capability, and within the SPIKE distribution, there are a few command line tools which can act as interpreters to simple text files containing SPIKE primitives.

35
18
3y 8m
n/a

Security testing of protocol implementations.

Driver

14
10
1y 11m
n/a

Platform

This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

230
62
5m
n/a

AFL training workshop materials

16
9
2y 114d
n/a

An automated security testing platform that prevents zero day attacks by finding vulnerabilities in hardware and software systems.