Fuzzing: Difference between revisions

Content deleted Content added

Inline

Latest revision as of 09:41, 28 March 2016

This is a first attempt to collect data on free software fuzzing tools.

List of
American Fuzzy Lop
The Art Of Fuzzing and http://www.theartoffuzzing.com
JBroFuzz
Digital Dwarf products
PeachFuzz
IP Stack Integrity Checker
PROTOS - Security Testing of Protocol Implementations
SPIKE & Sharefuzz
sfuzz
As Debian packages:
- fuzz - stress-test programs by giving them random input
- zzuf - transparent application input fuzzer
Debian packages, not sure if they automate fuzzing but they can be useful
- bfbtester - Brute Force Binary Tester
- irpas - Internetwork Routing Protocol Attack Suite
- mozilla-livehttpheaders - Adds information about the HTTP headers to Iceweasel and Iceape
- netsed - The network packet altering stream editor
- python-scapy - Packet generator/sniffer and network scanner/discovery
- spikeproxy - Web application security testing proxy
- flawfinder - examines source code and looks for security weaknesses
- fusil - Fuzzing program to test applications
- inguma - Open source penetration testing toolkit
- wapiti - Web application vulnerability scanner
EMV
- https://labs.mwrinfosecurity.com/system/assets/1137/original/MWR_InfoSecurity_POS_Fuzzer_v1_summary.pdf

@@ Line 7: / Line 7: @@
 ** http://lcamtuf.coredump.cx/
 ** http://www.krakowlabs.com/lof.html
+** https://www.peerlyst.com/posts/resource-open-source-fuzzers-list
+* [http://lcamtuf.coredump.cx/afl/ American Fuzzy Lop]
 * [http://sourceforge.net/projects/taof/ The Art Of Fuzzing] and http://www.theartoffuzzing.com
 * [http://sourceforge.net/projects/jbrofuzz JBroFuzz]
@@ Line 29: / Line 31: @@
 ** inguma - Open source penetration testing toolkit
 ** wapiti - Web application vulnerability scanner
+* EMV
+** https://labs.mwrinfosecurity.com/system/assets/1137/original/MWR_InfoSecurity_POS_Fuzzer_v1_summary.pdf