User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Fuzzing

A curated list of awesome Fuzzing(or Fuzz Testing) for software security

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Oct. 28, 2021, 3:11 a.m.

Thank you cpuu & contributors
View Topic on GitHub:
cpuu/awesome-fuzzing

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Books

Talks

The Network and Distributed System Security Symposium (NDSS)

IEEE Symposium on Security and Privacy (IEEE S&P)

USENIX Security

ACM Conference on Computer and Communications Security (ACM CCS)

ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

The others

General-purpose

🌪️ Application fuzzer

335
76
2y 8m
WTFPL

A general-purpose fuzzer.

Binary

A fork of AFL for fuzzing Windows binaries

1.61K
417
8m
Apache-2.0

Driller: augmenting AFL with symbolic execution!

648
148
1y 55d
BSD-2-Clause

A Python interface to AFL, allowing for easy injection of testcases and other functionality.

579
127
2y 6m
BSD-2-Clause

Grey-box Concolic Testing on Binary Code

120
12
9m
MIT

Coverage-guided, in-process fuzzing for the JVM

203
9
7m
Apache-2.0

a.k.a. afl-fuzz - Crazy fuzzing tool that automatically discovers bugs given time and minimal example input. [Apache2]

A library for coverage-guided fuzz testing. Tutorial from Google.

Web, JavaScript

A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine.

559
122
10m
MPL-2.0
89
27
1y 6m
n/a

DOM fuzzer

1.29K
248
9m
Apache-2.0

A JavaScript Engine Fuzzer

1.15K
200
8m
Apache-2.0

Semantics-aware Code Generation for Finding JS engine Vulnerabilities

203
40
1y 11m
MIT

🤖 Repeat tests. Repeat tests. Repeat tests.

92
2
8m
Apache-2.0

Monkey testing library for web apps and Node.js

8.54K
419
11m
MIT

Network protocol

State learner tool for DTLS which uses TLS-Attacker

4
0
1y 4m
MIT
204
36
1y 7m
n/a

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is developed by the Ruhr University Bochum (http://nds.rub.de/), the Paderborn University (https://cs.uni-paderborn.de/syssec/), and the Hackmanit GmbH (http://hackmanit.de/).

576
107
11m
n/a

PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK

55
21
1y 28d
n/a

A fork and successor of the Sulley Fuzzing Framework

1.15K
233
8m
GPL-2.0

An automated NFC fuzzing framework for Android devices.

113
23
11m
n/a

SSL and TLS protocol test suite and fuzzer

331
85
8m
GPL-2.0

tumbleRF: a unified fuzzing framework for low-level RF and HW protocol/PHY/MAC analysis

132
19
3y 7m
n/a

Protocol Learning and Stateful Fuzzing

275
60
9m
BSD-3-Clause

SPIKE is a protocol fuzzer creation kit. It provides an API that allows a user to create their own fuzzers for network based protocols using the C++ programming language. The tool defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service to hopefully induce errors. SPIKE was specifically designed to focus on finding exploitable bugs, so it’s an excellent choice for our purposes. SPIKE also includes a simple scripting capability, and within the SPIKE distribution, there are a few command line tools which can act as interpreters to simple text files containing SPIKE primitives.

35
18
4y 7m
n/a

Security testing of protocol implementations.

Driver

14
10
2y 10m
n/a

Platform

This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

232
61
1y 4m
n/a

AFL training workshop materials

16
10
3y 79d
n/a

An automated security testing platform that prevents zero day attacks by finding vulnerabilities in hardware and software systems.