Skip to content

Resources About Fuzzing, For Multiple Platforms And All Popular Fuzzers. 500+ Open Source Tools Sorted By Star Count, 800+ Blog Posts Sorted By Publish Time.

Notifications You must be signed in to change notification settings

alphaSeclab/fuzzing-stuff

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 

Repository files navigation

所有收集类项目:

  • 收集的所有开源工具: sec-tool-list: 超过21K, 包括Markdown和Json两种格式
  • 安全资源收集类的 Repo: 1000+各类安全资源收集的Github Repo
  • 全平台逆向资源:
    • Windows平台安全: PE/DLL/DLL-Injection/Dll-Hijack/Dll-Load/UAC-Bypass/Sysmon/AppLocker/ETW/WSL/.NET/Process-Injection/Code-Injection/DEP/Kernel/...
    • Linux安全: ELF/...
    • macOS/iXxx安全: Mach-O/越狱/LLDB/XCode/...
    • Android安全: HotFix/XPosed/Pack/Unpack/Emulator/Obfuscate
    • 知名工具: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/...
  • 攻击性网络安全资源: 漏洞/渗透/物联网安全/数据渗透/Metasploit/BurpSuite/KaliLinux/C&C/OWASP/免杀/CobaltStrike/侦查/OSINT/社工/密码/凭证/威胁狩猎/Payload/WifiHacking/无线攻击/后渗透/提权/UAC绕过/...
  • 网络相关的安全资源:
    • 网络通信: 代理/SS/V2ray/GFW/反向代理/隧道/VPN/Tor/I2P/...
    • 网络攻击: 中间人/PortKnocking/...
    • 网络分析: 嗅探/协议分析/网络可视化/网络分析/网络诊断等
  • 开源远控和恶意远控分析报告: 开源远控工具: Windows/Linux/macOS/Android; 远控类恶意恶意代码的分析报告等
  • Webshell工具和分析/使用文章: Webshell资源收集, 包括150个Github项目, 200个左右文章
  • 取证相关工具和文章: 近300个取开源取证工具,近600与取证相关文章
  • 蜜罐资源: 250+个开源蜜罐工具,350+与蜜罐相关文章
  • Burp Suite资源: 400+个开源Burp插件,500+与Burp相关文章

Fuzzing

目录

平台


Windows

Hyper-V

工具

文章

工具

  • [170星][3m] [C++] mxmssh/manul Manul is a coverage-guided parallel fuzzer for open-source and blackbox binaries on Windows, Linux and MacOS
  • [160星][10d] [C] hfiref0x/ntcall64 Windows NT x64 syscall fuzzer
  • [141星][3y] [C] koutto/ioctlbf Windows Kernel Drivers fuzzer
  • [101星][2m] [C++] trailofbits/sienna-locomotive A user-friendly fuzzing and crash triage tool for Windows
  • [96星][2y] [Py] sogeti-esec-lab/rpcforge Windows RPC Python fuzzer
  • [88星][1y] [C++] nccgroup/dibf Windows NT ioctl bruteforcer and modular fuzzer
  • [77星][3y] [Py] carlosgprado/brundlefuzz BrundleFuzz is a distributed fuzzer for Windows and Linux using dynamic binary instrumentation.
  • [63星][1y] [C] ioactive/fuzzndis A Fuzzer for Windows NDIS Drivers OID Handlers
  • [50星][6y] [Py] debasishm89/iofuzz A mutation based user mode (ring3) dumb in-memory Windows Kernel (IOCTL) Fuzzer/Logger. This script attach it self to any given process and hooks DeviceIoControl!Kernel32 API and try to log or fuzz all I/O Control code I/O Buffer pointer, I/O buffer length that process sends to any Kernel driver.
  • [48星][7y] [C++] cr4sh/msfontsfuzz OpenType font file format fuzzer for Windows
  • [47星][3y] silvermoonsecurity/security-misc # Full overview of current vulnerability, exploit , fuzz, mitigation of current major Operation System(Windows, macOS, Linux, Android,iOS and so forath) and popular applicaiton
  • [38星][2y] [Py] walkerfuz/pydbgeng a python wrapper of debug engines on windows, linux or osx, it's only aim to auto fuzzing.
  • [13星][2y] [C] leonwxqian/windows-defender-nscript-loader A exe loader that can load NScript evaluation engine of Windows Defender/Microsft Security Essential. You can fuzz NScript by using this. Project was based on Tavis Ormandy(taviso)'s "Porting Windows Dynamic Link Libraries to Linux" (

文章


Linux

工具

  • [247星][9m] [C++] ucsb-seclab/difuze 针对 Linux 内核驱动的 Fuzzer
  • [153星][10m] [Py] k0retux/fuddly Fuzzing/数据操纵(Data Manipulation)框架
  • [92星][3y] [Hack] oracle/kernel-fuzzing Fuzzers for the Linux kernel
  • [70星][7y] [JS] qburst/penq PenQ is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
  • [66星][6y] [JS] owasp/appsec-browser-bundle The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
  • [10星][6y] zsenda/stebb STeBB (Security Testing Browser Bundle ) is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
  • [8星][7y] [C] rgbkrk/iknowthis fuzz testing framework for Linux system calls

文章


VxWorks

工具

  • [13星][4y] [Py] yformaggio/vxfuzz Some VxWorks fuzzing examples using Cisco-Kitty and WDBDbg framework

文章


Android

工具

文章


iOS

工具

文章

目标


USB

工具

文章


Web

XSS

工具

  • [95星][1y] [HTML] nytrorst/xssfuzzer XSS Fuzzer is a tool which generates XSS payloads based on user-defined vectors and fuzzing lists.
  • [38星][4y] [C#] cweb/unicode-hax A library to assist in security-testing Unicode enabled applications during fuzzing, XSS, SQLi, etc.
  • [38星][7y] [Py] matthewdfuller/intellifuzz-xss An adaptive, intelligent XSS fuzzer that learns how the response is reflected and carefully crafts an XSS payload to match
  • [26星][5y] [Go] rverton/xssmap (DOM-)XSS fuzzer based on phantomjs and go.
  • [24星][1y] [Py] jiangsir404/xss-sql-fuzz burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
  • [23星][4y] [Py] immunio/immunio-xss-fuzzer Immunio's XSS Fuzzer tool
  • [22星][3y] [PHP] 0x584a/fuzzxssphp PHP版本的反射型xss扫描,支持GET,POST
  • [1星][16d] [C#] naivenom/ariadna Fuzzer simple para encontrar vulnerabilidades sql y xss

文章

工具

  • [394星][3m] [C] coolervoid/0d1n Web security tool to make fuzzing at HTTP/S, Beta
  • [343星][1y] [Py] joxeankoret/nightmare 分布式模糊测试套件,具有Web管理功能
  • [182星][5m] [Rust] phra/rustbuster A Comprehensive Web Fuzzer and Content Discovery Tool
  • [148星][3m] [Perl] henshin/filebuster An extremely fast and flexible web fuzzer
  • [111星][10m] l3m0n/webfuzzattack web模糊测试 - 将漏洞可能性放大
  • [94星][1y] [Py] andresriancho/websocket-fuzzer HTML5 WebSocket message fuzzer
  • [92星][2m] [C] jonathanmetzman/wasm-fuzzing-demo Demos of and walkthroughs on in-browser fuzzing using WebAssembly
  • [61星][1y] [Py] graniet/operative-framework-hd operative framework HD is the digital investigation framework, you can interact with websites, email address, company, people, ip address, vulnerability fuzzing ... interact with basic/graphical view and export with XML, JSON, use database management...
  • [58星][9m] [HTML] leonwxqian/lucky-js-fuzz A web page based fuzzer that generates random JS statements then fuzz in the web-browser.
  • [55星][3y] [Py] mseclab/burp-pyjfuzz Burp Suite plugin which implement PyJFuzz for fuzzing web application.
  • [53星][2y] [JS] danigargu/urlfuzz Another web fuzzer written in NodeJS
  • [51星][5m] [CSS] mobsf/capfuzz CapFuzz - capture, fuzz & intercept web traffic.
  • [37星][3m] [Py] mak-/scanomaly This is a web application fuzzer scanner - the goal was CLI flexibility and rapid prototyping
  • [22星][1m] [Py] z3pp/zfuzz Simple python web fuzzer
  • [19星][2y] [JS] mozillasecurity/framboise Framboise is a fuzzer for in-depth testing of WebAPIs.
  • [17星][2m] [Py] avalz/waf-a-mole A guided mutation-based fuzzer for ML-based Web Application Firewalls
  • [16星][2y] [CSS] sweetchipsw/sweetmon_legacy 'SWEETMON' is a fuzzer monitoring service based python3 + django. User can check their fuzzers and crashes on the web. It can reduce repetitive work for fuzz testers. This is a legacy sweetmon. The new sweetmon is now being developed
  • [6星][1y] [Py] mattjegan/wtfuzz A pip-installable tool used for checking the existence of different types of web resources
  • [5星][2y] [Py] phplaber/yawf 一个基于 OWASP 开源的 Web 漏洞模糊测试工具
  • [4星][2y] [Java] huvuqu/fuzz18plus Advance of fuzzing for Web pentest. Based on Burp extension, send HTTP request template out to Python fuzzer.
  • [3星][1y] [Py] yuxiaokui/hackerone Fuzz website
  • [2星][2y] yehgdotnet/jhijack A Java Hijacking tool for web application session security assessment. A simple Java Fuzzer that can mainly be used for numeric session hijacking and parameter enumeration. Demonstration video is also available.
  • [1星][7m] [C] postrequest/cbuster Web server directory and file fuzzer

文章


内核

工具

文章


浏览器

工具

文章


网络

工具

  • [318星][28d] [Py] cisco-talos/mutiny-fuzzer a network fuzzer that operates by replaying PCAPs through a mutational fuzzer.
  • [243星][1y] [Py] hgascon/pulsar 具有自动学习、模拟协议功能的网络 fuzzer
  • [235星][5m] [C] dongdongshe/neuzz neural network assisted fuzzer
  • [221星][29d] [Py] nccgroup/fuzzowski the Network Protocol Fuzzer that we will want to use.
  • [197星][2m] [C] denandz/fuzzotron A TCP/UDP based network daemon fuzzer
  • [172星][1y] [Py] niloofarkheirkhah/nili 网络扫描工具,中间人,协议逆向工程和 Fuzzing
  • [147星][1y] [Py] brain-research/tensorfuzz A library for performing coverage guided fuzzing of neural networks
  • [74星][1y] [Py] dobin/ffw A fuzzing framework for network servers
  • [65星][3y] [Py] plantdaddy/fuzzap A python script for obfuscating wireless networks
  • [57星][3y] [C] hbowden/nextgen A Genetic File, Syscall and Network Fuzzer.
  • [50星][6y] [Py] isecpartners/rtspfuzzer RTSP network protocol fuzzer
  • [44星][1y] [Perl] wireghoul/doona Network based protocol fuzzer
  • [35星][5m] [Py] amossys/fragscapy Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.
  • [20星][4m] [Py] m-zakeri/iust_deep_fuzz A file format fuzzer base on deep neural networks.
  • [15星][2m] [C++] vitaliy-grigoriev/protocol-analyzer Fuzz testing framework for network protocols.
  • [5星][2y] [Shell] foospidy/fuzzcat Rudimentary network protocol fuzzer using bash, netcat, and other tools.
  • [1星][2m] [Py] ins1gn1a/woollymammoth Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad character identifier, shellcode carver, and a vanilla EIP exploiter

文章


Burp

工具

文章


PDF


JavaScript

工具

文章

知名工具


AFL

WinAFL

工具

文章

TriforceAFL

工具

文章

KAFL

工具

  • [412星][2y] [Py] rub-syssec/kafl Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

aflsmart

工具

文章

工具

文章


libFuzzer

工具

文章


dharma

工具

文章


Peach

工具

文章


SPIKE

工具

  • [25星][3y] [C] guilhermeferreira/spikepp SPIKE is a protocol fuzzer creation kit. It provides an API that allows a user to create their own fuzzers for network based protocols using the C++ programming language. The tool defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service …

文章


driller

工具

  • [548星][3m] [Py] shellphish/driller augmenting AFL with symbolic execution!
  • [66星][3y] [C] shellphish/driller-afl A version of AFL tailored for Driller's use in analyzing CGC binaries.
  • [13星][1y] [Py] cxm95/ida_wrapper An IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.

syzkaller

工具

  • [2748星][7d] [Go] google/syzkaller 一个unsupervised、以 coverage 为导向的Linux 系统调用fuzzer

文章


clusterfuzz

工具

文章


OSS-Fuzz

工具

  • [4941星][7d] [C] google/oss-fuzz 对开源软件进行持续性fuzzing
  • [23星][2y] [Shell] aflgo/oss-fuzz OSS-Fuzz - integrated with AFLGo for Patch Testing

文章


IFuzzer

工具


CodeAlchemist

工具

文章


HongFuzz

工具

  • [1760星][15d] [C] google/honggfuzz Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based)
  • [165星][6m] [Rust] rust-fuzz/honggfuzz-rs Fuzz your Rust code with Google-developed Honggfuzz !

文章


Echidna

工具

  • [396星][8d] [Haskell] crytic/echidna Ethereum fuzz testing framework

文章


Applepie

工具

文章


autoPwn

工具

  • [154星][9y] [Shell] spiderlabs/jboss-autopwn A JBoss script for obtaining remote shell access
  • [122星][1y] [Shell] mi-al/wifi-autopwner script to automate searching and auditing Wi-Fi networks with weak security
  • [97星][2y] [Py] danmcinerney/msf-autopwn Autoexploitation of some of the most common vulnerabilities in wild
  • [89星][1y] [Shell] rpranshu/autopwn A simple bash based metasploit automation tool!
  • [84星][1m] [Ruby] hahwul/metasploit-autopwn db_autopwn plugin of metasploit
  • [77星][1m] [Py] bannsec/autopwn Automate repetitive tasks for fuzzing
  • [26星][2y] [Py] danmcinerney/smb-autopwn Discovers and exploits hosts vulnerable to MS08-067/MS17-010
  • [23星][5y] [Py] vnik5287/wpa-autopwn WPA/WPA2 autopwn script that parses captured handshakes and sends them to the Crackq
  • [11星][5y] [Shell] christianpapathanasiou/jboss-autopwn JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security

文章


go-fuzz

工具

文章


SSRFmap

工具

文章


Sulley

boofuzz

工具

文章

工具

  • [1125星][12m] [Py] openrce/sulley A pure-python fully automated and unattended fuzzing framework.

文章


radamsa

工具

文章


Ffuf

工具

  • [1337星][19d] [Go] ffuf/ffuf Fast web fuzzer written in Go

文章


domato

工具

文章


fuzzdb

工具

  • [788星][22d] [HTML] tennc/fuzzdb 一个fuzzdb扩展库
  • [227星][2y] [Py] euphrat1ca/fuzzdb-collect 集合github平台上的安全行业从业者自研开源扫描器的仓库,包括子域名枚举、数据库漏洞扫描、弱口令或信息泄漏扫描、端口扫描、指纹识别以及其他大型扫描器或模块化扫描器
  • [102星][4y] yoojinl/fuzzdb Use
  • [81星][2y] [PHP] nixawk/fuzzdb Web Fuzzing Discovery and Attack Pattern Database
  • [27星][5y] [HTML] infosec-au/fuzzdb Automatically exported from code.google.com/p/fuzzdb

文章


fuzzbunch

工具

文章


angora

工具

文章


wfuzz

工具

文章


PBTK

工具

  • [603星][1m] [Py] marin-m/pbtk A toolset for reverse engineering and fuzzing Protobuf-based apps

文章


grinder

工具

文章


Sandsifter

工具

文章


deepstate

工具

  • [501星][7d] [Py] trailofbits/deepstate A unit test-like interface for fuzzing and symbolic execution
  • [5星][3m] [C] agroce/testfs DeepState testing for TestFS, a user level toy file system that is similar to ext3
  • [4星][8m] [C++] agroce/testleveldb DeepState testing for levelDB
  • [2星][8m] [C] agroce/rb_tree_demo DeepState version of code accompanying a blog post about fuzzing a red-black tree implementation:
  • [0星][27d] [C++] trailofbits/deepstate-test-suite Automated continuous testing integration using DeepState

文章


trinity

工具

文章


netzob

工具

  • [484星][4m] [Py] netzob/netzob 通信协议逆向、建模和模糊测试

文章

其他


书籍

书籍

  • [350星][13d] [Jupyter Notebook] uds-se/fuzzingbook The Book "Generating Software Tests"

字典

工具

工具


收集


新添加


其他

文章


新添加


arxiv_cscr


Youtube

贡献

内容为系统自动导出, 有任何问题请提issue

About

Resources About Fuzzing, For Multiple Platforms And All Popular Fuzzers. 500+ Open Source Tools Sorted By Star Count, 800+ Blog Posts Sorted By Publish Time.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published