Your first time on this page? Allow me to give some explanations.
A curated list of awesome Fuzzing(or Fuzz Testing) for software security
Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.
Thank you cpuu & contributors
View Topic on GitHub:
Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.
Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.
The Network and Distributed System Security Symposium (NDSS)
IEEE Symposium on Security and Privacy (IEEE S&P)
ACM Conference on Computer and Communications Security (ACM CCS)
ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
🌪️ Application fuzzer
A fork of AFL for fuzzing Windows binaries
Driller: augmenting AFL with symbolic execution!
A Python interface to AFL, allowing for easy injection of testcases and other functionality.
Grey-box Concolic Testing on Binary Code
Coverage-guided, in-process fuzzing for the JVM
a.k.a. afl-fuzz - Crazy fuzzing tool that automatically discovers bugs given time and minimal example input. [Apache2]
Semantics-aware Code Generation for Finding JS engine Vulnerabilities
🤖 Repeat tests. Repeat tests. Repeat tests.
Monkey testing library for web apps and Node.js
State learner tool for DTLS which uses TLS-Attacker
TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is developed by the Ruhr University Bochum (http://nds.rub.de/), the Paderborn University (https://cs.uni-paderborn.de/syssec/), and the Hackmanit GmbH (http://hackmanit.de/).
PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK
A fork and successor of the Sulley Fuzzing Framework
An automated NFC fuzzing framework for Android devices.
SSL and TLS protocol test suite and fuzzer
tumbleRF: a unified fuzzing framework for low-level RF and HW protocol/PHY/MAC analysis
Protocol Learning and Stateful Fuzzing
SPIKE is a protocol fuzzer creation kit. It provides an API that allows a user to create their own fuzzers for network based protocols using the C++ programming language. The tool defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service to hopefully induce errors. SPIKE was specifically designed to focus on finding exploitable bugs, so it’s an excellent choice for our purposes. SPIKE also includes a simple scripting capability, and within the SPIKE distribution, there are a few command line tools which can act as interpreters to simple text files containing SPIKE primitives.
This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
AFL training workshop materials
An automated security testing platform that prevents zero day attacks by finding vulnerabilities in hardware and software systems.