Difference between revisions of "Fuzzing"
Jump to navigation
Jump to search
m (→Tools) |
m |
||
(8 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
** http://www.hacksafe.com.au/blog/category/fuzz-testing/ |
** http://www.hacksafe.com.au/blog/category/fuzz-testing/ |
||
** http://lcamtuf.coredump.cx/ |
** http://lcamtuf.coredump.cx/ |
||
+ | ** http://www.krakowlabs.com/lof.html |
||
⚫ | |||
+ | ** https://www.peerlyst.com/posts/resource-open-source-fuzzers-list |
||
+ | * [http://lcamtuf.coredump.cx/afl/ American Fuzzy Lop] |
||
⚫ | |||
* [http://sourceforge.net/projects/jbrofuzz JBroFuzz] |
* [http://sourceforge.net/projects/jbrofuzz JBroFuzz] |
||
* [http://www.digitaldwarf.be/products.html Digital Dwarf products] |
* [http://www.digitaldwarf.be/products.html Digital Dwarf products] |
||
Line 13: | Line 16: | ||
* [http://www.ee.oulu.fi/research/ouspg/protos/ PROTOS] - Security Testing of Protocol Implementations |
* [http://www.ee.oulu.fi/research/ouspg/protos/ PROTOS] - Security Testing of Protocol Implementations |
||
* [http://www.immunitysec.com/resources-freesoftware.shtml SPIKE & Sharefuzz] |
* [http://www.immunitysec.com/resources-freesoftware.shtml SPIKE & Sharefuzz] |
||
+ | * [http://aconole.brad-x.com/programs/sfuzz.html sfuzz] |
||
* As Debian packages: |
* As Debian packages: |
||
** [http://fuzz.sourceforge.net/ fuzz] - stress-test programs by giving them random input |
** [http://fuzz.sourceforge.net/ fuzz] - stress-test programs by giving them random input |
||
Line 23: | Line 27: | ||
** [http://www.secdev.org/projects/scapy/ python-scapy] - Packet generator/sniffer and network scanner/discovery |
** [http://www.secdev.org/projects/scapy/ python-scapy] - Packet generator/sniffer and network scanner/discovery |
||
** [http://www.immunitysec.com/resources-freesoftware.shtml spikeproxy] - Web application security testing proxy |
** [http://www.immunitysec.com/resources-freesoftware.shtml spikeproxy] - Web application security testing proxy |
||
+ | ** [http://www.dwheeler.com/flawfinder/ flawfinder] - examines source code and looks for security weaknesses |
||
+ | ** [http://fusil.hachoir.org/trac/wiki/ fusil] - Fuzzing program to test applications |
||
+ | ** inguma - Open source penetration testing toolkit |
||
+ | ** wapiti - Web application vulnerability scanner |
||
+ | * EMV |
||
+ | ** https://labs.mwrinfosecurity.com/system/assets/1137/original/MWR_InfoSecurity_POS_Fuzzer_v1_summary.pdf |
Latest revision as of 10:41, 28 March 2016
This is a first attempt to collect data on free software fuzzing tools.
Tools
- List of
- American Fuzzy Lop
- The Art Of Fuzzing and http://www.theartoffuzzing.com
- JBroFuzz
- Digital Dwarf products
- PeachFuzz
- IP Stack Integrity Checker
- PROTOS - Security Testing of Protocol Implementations
- SPIKE & Sharefuzz
- sfuzz
- As Debian packages:
- Debian packages, not sure if they automate fuzzing but they can be useful
- bfbtester - Brute Force Binary Tester
- irpas - Internetwork Routing Protocol Attack Suite
- mozilla-livehttpheaders - Adds information about the HTTP headers to Iceweasel and Iceape
- netsed - The network packet altering stream editor
- python-scapy - Packet generator/sniffer and network scanner/discovery
- spikeproxy - Web application security testing proxy
- flawfinder - examines source code and looks for security weaknesses
- fusil - Fuzzing program to test applications
- inguma - Open source penetration testing toolkit
- wapiti - Web application vulnerability scanner
- EMV