RSHatter is a rsh protocol fuzzing utility.
cd5317d98c22f76c74af147ff8128cda02e43c4f02d0aeec39d30e96a104c33e
TagFuzzer is a fuzzing utility that edits tag information for a supplied file. Supports MP3, M4A, M4P, MP4, M4B, 3GP, OGG, and FLAC formats.
6ea8345c7e60081071fe0e6685179fd102ae6f0146579fee5e456e407fd59f99
mpTREY is a MP3 fuzzing utility that manipulates tags. Written in Perl.
3f272c23c44352dd75429216312ed372076351d35fa4762a4869fd1da89d050d
pdfUZZ is a PDF fuzzing utility written in Perl.
99433705cbedf57206587795bf5e5201e013f3738ca7ea8ae2622400592185ab
TFTP daemon fuzzer that uses Net::TFTP.
f0bb5b52d7d08ec8d250d4dc352452c02c79c428856b9235545fcf7730463f97
VoIPER is a VoIP security testing toolkit incorporating several VoIP fuzzers and auxiliary tools to assist the auditor. It can currently generate over 200,000 SIP tests and H.323/IAX modules are in development.
61584b71e6024bab0481eed3fcbb25f14093e26c73b0f33995d9a57693310ece
sshfuzz is a SSH Fuzzing utility written in Perl that uses Net::SSH2.
c187ed921afa0866b2c9f7c49b9b098c6164bf30a9dafdc234149a34126d74a8
Peach is an easily extended fuzzing platform that can fuzz just about anything from file parsers and network protocols to COM objects and SQL stored procedures. Python source version.
ec5a0d5efcdea1e906c416d729f882b54cf8b1648ef8e42fd997fb6879e5b20b
Quick little MySQL fuzzing utility that creates sockets and fuzzers on the fly.
15405e4927cb4b5b834139904c6fa76a7c7a2d33cfddb4d8878f3376b025779e
This is a list of fuzzing vectors used in order to trigger directory traversal vulnerabilities. It is quite a huge list composed using different encodings and bizarre attack patterns reported in several vulnerability advisories.
4ba540799aa51a24dc790a72c68a21a526b853367d539adee6941a805954e2e4
ZfZ stands for Zeroday fuZzer. ZfZ is a network fuzzer that supports many protocols and can do generic fuzzing as well. It is trivial to add protocols to fuzz, just copy and modify the protocols already implemented.
ac192433c3e5acdbbe6c3311cba765940f354fc8bbb6a90f2e29f34e2b6cae95
VoIPER is a VoIP security testing toolkit incorporating several VoIP fuzzers and auxiliary tools to assist the auditor. It can currently generate over 200,000 SIP tests and H.323/IAX modules are in development.
395730c606716956bfb37848a1a3d0f336a82fb23b48d41b02b0a76641209299
Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (including cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering a website and identifying inputs.
4ee9ca809287166d059f03478f84ab9ae3b6ab083adaee34d3b2091de62e924b
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
f80bf14e4e0e2aef70ffee1065caee30c845ca9dae1448701ff20d7f6853e261
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
0a89fdb6912d4dd68ac88c54951e87738294d13562e0d57662fb90974b947710
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
30c7765b960b131246bfe8c25b79d20eae49f282dd0ac3b7e1e293233a446f99
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
914a543d2230a7b8ce134d8bbe1c8ae18cec7be3c49361770ac04eda12cf3e05
SQL fuzzing utility written in Python.
051c055fe00407919e7c1c2ffd3567e5a02d5ed2df101486511d5995ffe39ed8
SQL Injector version 1.0 is a fuzzing utility written in Python.
540c59b543ffe0c33b344577bedcbe77ec179eb7b6441061ffb9c703c0bede59
Cross site scripting fuzzing utility written in Python.
d6635e858fcf89ce62f89cf87e20a31f8c853800d25e2d5039fa428808132e90
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
6fa417edb887bc2a9b30f10caf309c076293186b24d00cd9af098a7243ff02a0
Syslog Fuzzer is a small perl script tool that is useful for testing some attack vectors against syslog servers. It has support for buffer/integer overflows and format string vulnerabilities.
fb34a3d4e18d1e8af3658c6272e7e8976431669d015724f634b37da32a293743
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, files), bruteforce HEADERS, GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/ Password), Fuzzing, etc.
fc1a73ded9af26968df62c865343f4ddfe5300ca020cd32a41ab9f0bb2577adb
PGMfuzz is a fuzzer written for identifying vulnerabilities in PGM option parsing implementations.
b74310aa941f94bcbfee075e203ba145d732c8d357727cc806d9623b94be7d22
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
dae9be447ea202eb4d5eeb0cba317136fe15861630c1562730ff011f8ecb33c7