Difference between revisions of "Fuzzing"

Revision as of 11:45, 10 March 2009

This is a first attempt to collect data on free software fuzzing tools.

List of
The Art Of Fuzzing and http://www.theartoffuzzing.com
JBroFuzz
Digital Dwarf products
PeachFuzz
IP Stack Integrity Checker
PROTOS - Security Testing of Protocol Implementations
SPIKE & Sharefuzz
sfuzz
As Debian packages:
- fuzz - stress-test programs by giving them random input
- zzuf - transparent application input fuzzer
Debian packages, not sure if they automate fuzzing but they can be useful
- bfbtester - Brute Force Binary Tester
- irpas - Internetwork Routing Protocol Attack Suite
- mozilla-livehttpheaders - Adds information about the HTTP headers to Iceweasel and Iceape
- netsed - The network packet altering stream editor
- python-scapy - Packet generator/sniffer and network scanner/discovery
- spikeproxy - Web application security testing proxy
- flawfinder - examines source code and looks for security weaknesses
- fusil - Fuzzing program to test applications

@@ Line 6: / Line 6: @@
 ** http://www.hacksafe.com.au/blog/category/fuzz-testing/
 ** http://lcamtuf.coredump.cx/
+** http://www.krakowlabs.com/lof.html
 * [http://sourceforge.net/projects/taof/ The Art Of Fuzzing] and http://www.theartoffuzzing.com
 * [http://sourceforge.net/projects/jbrofuzz JBroFuzz]
@@ Line 13: / Line 14: @@
 * [http://www.ee.oulu.fi/research/ouspg/protos/ PROTOS] - Security Testing of Protocol Implementations
 * [http://www.immunitysec.com/resources-freesoftware.shtml SPIKE & Sharefuzz]
+* [http://aconole.brad-x.com/programs/sfuzz.html sfuzz]
 * As Debian packages:
 ** [http://fuzz.sourceforge.net/ fuzz] - stress-test programs by giving them random input