Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
ebfb03563564202d26c9314f19b2cbbdf98cdb2c16d21f6628ccf680af7d3db6
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
a5fa82e49c01721f0ae339345780c55d1ae9e42ed6909901a1c688800e5b834c
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
7316d0f0a285a94b48f522cda8e5a4963a67a6b63cbe7e8aaa2dd7ed46a4b9ef
PHP Source Auditor III (or PSA3) was created in order to quickly find vulnerabilities in PHP source code. Written in Perl.
787110a34b85754752472a108a0e65147bfdd6deda7c812bfd88705c49a5740a
The Evolutionary Fuzzing System (EFS) is a fuzzer that attempts to eliminate traditional fuzzer techniques of building a new fuzzer for each protocol by dynamically learning a protocol using code coverage and other feedback mechanisms.
25c9e9a281636d9be7f0216bfa0eb37beca0ff7dc82ae2e3f00832e4c0cb964d
GPF is a fuzzer that provides developers, security researchers, and quality assurance professionals the capability to quickly search for bugs/vulnerabilities in the exposed interface of networked applications. GPF uses captured packet sessions (from libpcap) to construct a protocol description from real traffic. Users can then configure various types of injected faults, manually modify the capture file, and define custom functions to deal with dynamic data.
9597f83a0a3b35e591f9e0d360e8589e6157a42ff347d071a12df55d00355a2d
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
7df5232b8c6004828bcde2ac32d9d75b2b39d4f4bd4c9c56582f739aa62efa58
pff (Php Fuzzing Framework) is a tiny tool that was created with the intention of discovering security and general bugs within Php functions.
4d0f87948f015600b4b1c890ebfef7fe135aa49b4dad26119a4e5a0318cbf177
untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input. It's released under GPL v2 and written in python.
cb9f89dfdf1cce6e76b2946659b685492339efaff809146b7d036304fed2def0
FuzzMan is a simple man page fuzzer that is quite powerful.
b41eb2bbaca1c7754894834de2761da65eb830c1f3a61c8c0c2d0798df220f24
ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.
83cb422e91d20d05afbe49119a394fe82ea883046f73d3a4484f08440e667307
Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.
756d0936668277d0a6e297852e5b8e31741e59e53616005718f5af29870b22fe
OSPF Attack Shell module. This may be useful for writing fuzzers.
9e8e9cbd17a599eed92073f1f097f53fafcc4cf6a2118d7b8cdc29d4ed9f50b4
LLTD (Link Layer Topology Discovery Protocol) Perl module written using the Net::Frame framework. This may be useful for creating fuzzers.
558b4db46f80f7aa432c73fd7951ffc95d6ea0618bc7edf21cf73cf7fb03eea8
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
a16cbe19ea03b93a174d731bf1aba5205e2f4480a7118129eda6b0cb7c7b39bb
JBroFuzz is an OWASP Project that emerged from penetration testing. It deals with fuzzing stateless network protocols such as HTTP, SOAP, XML, LDAP, etc. This version is the source code release.
de302e09f1d8a0aa5d3fa554801d2cc354e65d09cf41bf79b57a9fa465675582
JBroFuzz is an OWASP Project that emerged from penetration testing. It deals with fuzzing stateless network protocols such as HTTP, SOAP, XML, LDAP, etc. This version is the source code release.
2831a13b234e323bfa47bf6adacf11934e18aae6d474ab9f88f7ad32982b3aac
Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.
602cb39c8ea3a3fed659db86b8e125037d32883c0f0f836cb2930f82c109dd9a
JBroFuzz is an OWASP Project that emerged from penetration testing. It deals with fuzzing stateless network protocols such as HTTP, SOAP, XML, LDAP, etc. This version is the source code release.
4b309a26b9455bd3628bc3fc382244a5ae6afd94f1c0901786222e52a00bf81c
JBroFuzz is an OWASP Project that emerged from penetration testing. It deals with fuzzing stateless network protocols such as HTTP, SOAP, XML, LDAP, etc. This version is the Win32 executable release.
ea8587fa5b065c103c9b3672e88019f4dacfd322991eb5a70296e0c6b5566cf7
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
af33c3e95ab78780cc665425a8501f20125bfaafaa42c3a591b2d0d864512fd7
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
98f5d6e5a7a64acc331add2e90596b43b28c32d0427c68c52bbea20a8ac79aae
untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input. It's released under GPL v2 and written in python.
4e6d1c8a2c04fa8b84ff9712946037521667fcfc677d2c11efeaea0732184f3d
Two fuzzers written in Python. One is for PostgreSQL and one is for Informix.
af75ebb6e79ccd3bd1ad92b298d15a7e2ac9de795241f8cfa6b826f5bf9a6938
Oracle Database PL/SQL fuzzing tool.
d4ba0ce4454a94e3b86f4914ee4e6dbc5be062e4b669e80ff3b6fd13d319f285