A collection of open source fuzzing tools
3rd-party lists
Browser
- google/domato - DOM fuzzer
- blastxiang/lucky-js-fuzz - A web page based fuzzer that generates random JS statements then fuzz in the web-browser
- attekett/NodeFuzz - a fuzzer harness for web browsers and browser like applications
- stephenfewer/grinder - a system to automate the fuzzing of web browsers and the management of a large number of crashes
- RootUp/BFuzz - Fuzzing Browsers
Network
- denandz/fuzzotron - A TCP/UDP based network daemon fuzzer
- sogeti-esec-lab/RPCForge - Windows RPC Python fuzzer
- Cisco-Talos/mutiny-fuzzer - a network fuzzer that operates by replaying PCAPs through a mutational fuzzer
- andresriancho/websocket-fuzzer - Simple HTML5 WebSocket fuzzer
Kernel
- koutto/ioctlbf - Windows Kernel Drivers fuzzer
- mwrlabs/OSXFuzz - macOS Kernel Fuzzer
- mwrlabs/KernelFuzzer - Cross Platform Kernel Fuzzer Framework
- ucsb-seclab/difuze - Fuzzer for Linux Kernel Drivers
- google/syzkaller - an unsupervised, coverage-guided kernel fuzzer
- TriforceLinuxSyscallFuzzer - A linux system call fuzzer using TriforceAFL
- Cr4sh/ioctlfuzzer - a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them
- hfiref0x/NtCall64 - Windows NT x64 syscall fuzzer
Static analyzer
Symbolic execution
- julieeen/kleefl - Seeding fuzzers with symbolic execution
- KLEE Symbolic Execution Engine
- RUB-SysSec/syntia - Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
- dwrensha/seer - symbolic execution engine for Rust
- palkeo - Symbolic execution tool and vulnerability scanner for the Ethereum Virtual Machine
Java
Dotnet
- jakobbotsch/Fuzzlyn - Fuzzer for the .NET toolchains
- debasishm89/dotNetFuzz - A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript
Golang
ActiveX
Uncategorized
- mxmssh/drAFL - AFL + DynamoRIO = fuzzing binaries with no source code on Linux
- google/graphicsfuzz - A testing framework for automatically finding and simplifying bugs in graphics shader compilers
- IOActive/XDiFF - Extended Differential Fuzzing Framework
- renatahodovan/fuzzinator - Fuzzinator Random Testing Framework
- google/honggfuzz - Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based)
- AFL - american fuzzy lop
- nccgroup/TriforceAFL - AFL/QEMU fuzzing with full-system emulation
- llvm - libFuzzer – a library for coverage-guided fuzz testing
- dekimir/RamFuzz - Combining Unit Tests, Fuzzing, and AI
- google/oss-fuzz - continuous fuzzing of open source software
- aoh/radamsa - a general-purpose fuzzer
- MozillaSecurity/peach - a fuzzing framework which uses a DSL for building fuzzers and an observer based architecture to execute and monitor them
- Windows IPC Fuzzing Tools
- x41sec/x41-smartcard-fuzzing - X41 Smartcard Fuzzer
- google/BrokenType - TrueType and OpenType font fuzzing toolset
- mathiasbynens/small - Smallest possible syntactically valid files of different types
- AngoraFuzzer/Angora - a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution
- gamozolabs/applepie - A hypervisor for fuzzing built with WHVP and Bochs
- Dongdongshe/neuzz - neural network assisted fuzzer