Fuzzing: Difference between revisions

This is a first attempt to collect data on free software fuzzing tools.

Tools

• List of
  • http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html
  • http://www.hacksafe.com.au/blog/category/fuzz-testing/
  • http://lcamtuf.coredump.cx/
  • http://www.krakowlabs.com/lof.html
  • https://www.peerlyst.com/posts/resource-open-source-fuzzers-list
• American Fuzzy Lop
• The Art Of Fuzzing and http://www.theartoffuzzing.com
• JBroFuzz
• Digital Dwarf products
• PeachFuzz
• IP Stack Integrity Checker
• PROTOS - Security Testing of Protocol Implementations
• SPIKE & Sharefuzz
• sfuzz
• As Debian packages:
  • fuzz - stress-test programs by giving them random input
  • zzuf - transparent application input fuzzer
• Debian packages, not sure if they automate fuzzing but they can be useful
  • bfbtester - Brute Force Binary Tester
  • irpas - Internetwork Routing Protocol Attack Suite
  • mozilla-livehttpheaders - Adds information about the HTTP headers to Iceweasel and Iceape
  • netsed - The network packet altering stream editor
  • python-scapy - Packet generator/sniffer and network scanner/discovery
  • spikeproxy - Web application security testing proxy
  • flawfinder - examines source code and looks for security weaknesses
  • fusil - Fuzzing program to test applications
  • inguma - Open source penetration testing toolkit
  • wapiti - Web application vulnerability scanner
• EMV
  • https://labs.mwrinfosecurity.com/system/assets/1137/original/MWR_InfoSecurity_POS_Fuzzer_v1_summary.pdf