User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Fuzzing

A curated list of awesome Fuzzing(or Fuzz Testing) for software security

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Nov. 29, 2021, 3:06 p.m.

Thank you cpuu & contributors
View Topic on GitHub:
cpuu/awesome-fuzzing

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Books

Talks

The Network and Distributed System Security Symposium (NDSS)

IEEE Symposium on Security and Privacy (IEEE S&P)

USENIX Security

ACM Conference on Computer and Communications Security (ACM CCS)

ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

The others

General-purpose

🌪️ Application fuzzer

357
78
1y 4d
WTFPL

Binary

A fork of AFL for fuzzing Windows binaries

1.79K
449
27d
Apache-2.0

Driller: augmenting AFL with symbolic execution!

710
155
8m
BSD-2-Clause

A Python interface to AFL, allowing for easy injection of testcases and other functionality.

591
132
2y 7m
BSD-2-Clause

Grey-box Concolic Testing on Binary Code

132
14
57d
MIT

Coverage-guided, in-process fuzzing for the JVM

358
30
28d
Apache-2.0

Web, JavaScript

A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine.

581
121
5m
MPL-2.0
93
28
1y 7m
n/a

DOM fuzzer

1.38K
261
61d
Apache-2.0

A JavaScript Engine Fuzzer

1.33K
234
27d
Apache-2.0

Semantics-aware Code Generation for Finding JS engine Vulnerabilities

209
42
2y 20d
MIT

🤖 Repeat tests. Repeat tests. Repeat tests.

94
2
58d
Apache-2.0

Monkey testing library for web apps and Node.js

8.77K
434
97d
MIT

Network protocol

State learner tool for DTLS which uses TLS-Attacker

8
3
10m
MIT
231
37
1y 8m
n/a

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is developed by the Ruhr University Bochum (http://nds.rub.de/), the Paderborn University (https://cs.uni-paderborn.de/syssec/), and the Hackmanit GmbH (http://hackmanit.de/).

613
116
50d
n/a

PROJECT DELTA: SDN SECURITY EVALUATION FRAMEWORK

65
28
5m
n/a

A fork and successor of the Sulley Fuzzing Framework

1.35K
264
28d
GPL-2.0

An automated NFC fuzzing framework for Android devices.

119
23
1y 11d
n/a

SSL and TLS protocol test suite and fuzzer

396
91
33d
GPL-2.0

tumbleRF: a unified fuzzing framework for low-level RF and HW protocol/PHY/MAC analysis

136
19
3y 8m
n/a

Protocol Learning and Stateful Fuzzing

302
69
119d
BSD-3-Clause

SPIKE is a protocol fuzzer creation kit. It provides an API that allows a user to create their own fuzzers for network based protocols using the C++ programming language. The tool defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service to hopefully induce errors. SPIKE was specifically designed to focus on finding exploitable bugs, so it’s an excellent choice for our purposes. SPIKE also includes a simple scripting capability, and within the SPIKE distribution, there are a few command line tools which can act as interpreters to simple text files containing SPIKE primitives.

53
21
4y 8m
n/a

Driver

15
12
2y 11m
n/a

Platform

This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

242
61
1y 5m
n/a

AFL training workshop materials

17
11
3y 112d
n/a