Search Results for "fuzzing"
Sort By:
Showing 51 open source projects for "fuzzing"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Windocks - Docker Oracle and SQL Server ContainersWindocks is a leader in cloud native database DevOps, recognized by Gartner as a Cool Vendor, and as an innovator by Bloor research in Test Data Management. Novartis, DriveTime, American Family Insurance, and other enterprises rely on Windocks for on-demand database environments for development, testing, and DevOps. Windocks software is easily downloaded for evaluation on standard Linux and Windows servers, for use on-premises or cloud, and for data delivery of SQL Server, Oracle, PostgreSQL, and MySQL to Docker containers or conventional database instances.
-
1
ClusterFuzz
Scalable fuzzing infrastructure
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs). -
2
Echidna
Ethereum smart contract fuzzer
...Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Curses-based retro UI, text-only or JSON output. -
3
OSS-Fuzz
OSS-Fuzz - continuous fuzzing for open source software
...Fuzz testing is a proven method for uncovering programming errors such as buffer overflows and memory leaks, which can lead to severe security vulnerabilities. By leveraging guided in-process fuzzing, Google has already identified thousands of issues in projects like Chrome, and this initiative extends the same capabilities to the broader open source community. OSS-Fuzz integrates modern fuzzing engines with sanitizers and runs them at scale in a distributed environment, providing automated testing and continuous monitoring. ... -
4
Agentic Security
Agentic LLM Vulnerability Scanner / AI red teaming kit
The open-source Agentic LLM Vulnerability Scanner. -
The CI/CD Platform built for Mobile DevOpsSave time, money, and developer frustration with fast, flexible, and scalable mobile CI/CD that just works. Whether you swear by native or would rather go cross-platform, we have you covered. From Swift to Objective-C, Java to Kotlin, as well as Xamarin, Cordova, Ionic, React Native, and Flutter: Whatever you choose, we will automatically configure your initial workflows and have you building in minutes.
-
5
Honggfuzz
Security oriented software fuzzer
honggfuzz is a general-purpose, high-performance fuzzer that mixes coverage feedback with practical crash triage to uncover memory-safety and logic bugs. It supports multiple fuzzing modes—stdin, file, and networking—so targets can be exercised the same way they run in production. Instrumentation via compiler hooks or hardware/perf counters guides mutations toward previously unseen edges, while persistent mode keeps the target process alive to amortize startup costs. The tool integrates tightly with sanitizers and can attach to already running processes, making it convenient for both white-box and black-box fuzzing. ... -
6
syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
...The system integrates tightly with sanitizers such as KASAN, KMSAN, KCSAN, and UBSAN to surface memory safety, concurrency, and undefined behavior issues with actionable reports. A distributed architecture coordinates many fuzzing VMs, collects crash signatures, deduplicates them, and bisects to the first bad commit when possible. syzkaller maintains per-kernel “syz” descriptions so it understands arguments, flags, and resources of thousands of syscalls and ioctls across Linux and other kernels. It also ships sophisticated reproducers and minimization routines so developers get small, deterministic test cases they can run locally to fix bugs quickly. -
7
OSS-Fuzz Gen
LLM powered fuzzing via OSS-Fuzz
...The goal is pragmatic: shrink the gap between “we should fuzz this” and “we have robust fuzzing running in CI,” especially for understaffed maintainers. -
8
SecLists
The Pentester’s Companion
...SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo onto a new testing box and he’ll have access to every type of list he may require. -
9
SSRFmap
Automatic SSRF fuzzer and exploitation tool
SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans.... -
Automate Proposals with AI in Microsoft Word.Automate your best practices, processes, and standards to guide your proposal writers, sales teams, and subject experts. And don’t worry, it’s so easy to use they will use it. We would love the opportunity to help you quantify the impact your business can expect from investing in Expedience Software. Click here to request a Return on Investment (ROI) calculation. In this 15-minute session, we will ask 20 simple questions to assess and grade your current proposal quality and scalability. Manual proposal processes are likely costing you far more than you realize. These models waste time and kill the productivity of proposal writers, sales team members, senior staff, and subject experts.
-
10
Atheris
A Coverage-Guided, Native Python Fuzzer
Atheris is a coverage-guided fuzzer for CPython that treats Python as a first-class fuzzing target, enabling rapid discovery of crashes and logic errors in pure-Python code and native extensions. It hooks into Python’s interpreter to collect fine-grained coverage and uses that signal to evolve inputs, pushing programs into previously unexplored code paths. Because many Python libraries are thin wrappers over C/C++ code, Atheris is equally adept at surfacing memory safety issues in extension modules compiled with sanitizers. ... -
11
libplist
A library to handle Apple Property List format in binary or XML
A small portable C library to handle Apple Property List files in binary, XML, JSON, or OpenStep format. -
12
zlib-ng
zlib replacement with optimizations for "next generation" systems
zlib data compression library for the next-generation systems. Zlib-compatible API with support for dual-linking. Modernized native API based on zlib API for ease of porting. Modern C11 syntax and a clean code layout. Deflate medium and quick algorithms based on Intel’s zlib fork. -
13
sh
A shell parser, formatter, and interpreter with bash support
A shell parser, formatter, and interpreter. Supports POSIX Shell, Bash, and mksh. Requires Go 1.16 or later. To parse shell scripts, inspect them, and print them out, see the syntax examples. For high-level operations like performing shell expansions on strings, see the shell examples. shfmt formats shell programs. See canonical.sh for a quick look at its default style. shfmt formats shell programs. If the only argument is a dash (-) or no arguments are given, standard input will be used. If... -
14
XRAY
XRay for recon, mapping and OSINT gathering from public networks
XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or... -
15
Lighthouse Ethereum
Ethereum consensus client in Rust
...You'll need to be familiar with the rules of staking (e.g., rewards, penalties, etc.) and also configuring and managing servers. You'll also need at least 32 ETH! Security-focused. Fuzzing techniques have been continuously applied and several external security reviews have been performed. Built in Rust, a modern language providing unique safety guarantees and excellent performance (comparable to C++). Funded by various organizations, including Sigma Prime, the Ethereum Foundation, ConsenSys, the Decentralization Foundation and private individuals. -
16
DynamoRIO
Dynamic Instrumentation Tool Platform
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful... -
17
BoringSSL
Mirror of BoringSSL
BoringSSL is a Google-maintained fork of OpenSSL, designed specifically to meet the security, performance, and maintainability needs of Google’s infrastructure and products. While fully open source, BoringSSL is not intended for general public use — it serves as a streamlined, heavily modified SSL/TLS and cryptography library optimized for Google’s internal ecosystem, including Chrome/Chromium, Android, and other Google services. The project prioritizes security, simplicity, and... -
18
s2n-quic
An implementation of the IETF QUIC protocol
s2n-quic is AWS’s open-source implementation of the IETF QUIC transport protocol, written in Rust and designed for performance, security, and modern usage. QUIC is a UDP-based, multiplexed, encrypted transport layer that underpins HTTP/3 and addresses issues such as head-of-line blocking and faster handshake times compared to TCP+TLS. This library integrates with AWS’s s2n-tls or rustls for the TLS 1.3 handshake and leverages Rust’s memory and thread safety guarantees to deliver a robust... -
19
µWebSockets
Compliant web server for the most demanding of applications
Being meticulously optimized for speed and memory footprint, µWebSockets is fast enough to do encrypted TLS 1.3 messaging quicker than most alternative servers can do even unencrypted, cleartext messaging. Furthermore, we partake in Google's OSS-Fuzz with a ~95% daily fuzzing coverage with no sanitizer issues. LGTM scores us flawless A+ from having zero CodeQL alerts and we compile with pedantic warning levels. µWebSockets is written entirely in C & C++ but has a seamless integration for Node.js backends. This allows for rapid scripting of powerful apps, using widespread competence. We've been fully standards compliant with a perfect Autobahn|Testsuite score since 2016. ... -
20
ScaNetOS
Entorno funcional para auditoría web y pentesting
ScaNetOS : Entorno de Auditoría Web Automatizada (v1.0) ScaNetOS es una Máquina Virtual en formato .OVA, diseñada para ser una máquina de análisis web y pentesting preconfigurada. Su objetivo es proporcionar un entorno de trabajo rápido y eficiente para pentesters éticos y analistas de seguridad enfocados en la auditoría de aplicaciones web y APIs. El corazón de esta MV es el ScaNet Panel (Script Bash v1.0), un menú centralizado que orquesta herramientas avanzadas y automatiza los... -
21
FuzzBench
FuzzBench - Fuzzer benchmarking as a service
...By running experiments at Google scale, FuzzBench ensures consistent, unbiased, and data-driven evaluations that support academic and industrial fuzzing research. -
22
GraphQLmap
GraphQLmap is a scripting engine to interact with endpoints
GraphQLmap is a Python-based scripting engine designed to interact with GraphQL endpoints for penetration testing purposes. It can connect to a target GraphQL endpoint, dump the schema (if introspection is enabled), query it interactively, and fuzz fields for NoSQL/SQL injection vectors, thereby revealing hidden attack surfaces. GraphQL endpoints represent a relatively newer attack vector compared to REST, and GraphQLmap helps bridge this gap by providing tooling tailored to the GraphQL... -
23
0d1n
Web security tool to make fuzzing at HTTP inputs, made in C
0d1n is a Open Source web application bruteforcer and Fuzzer, its objective is to automate exhaustive tests to search anomalies. At other point view this anomalies can be a vulnerability, These tests can follow web parameters, files, directories, forms and others. -
24
Fuzzer Test Suite
Set of tests for fuzzing engines
The Fuzzer Test Suite is a collection of real-world, bug-rich targets used to evaluate and compare fuzzers under controlled conditions. Rather than synthetic micro-benchmarks, it packages build scripts, corpora, and known-crash oracles so fuzzer authors can measure time-to-crash, coverage growth, and stability. Each target is configured to integrate with common sanitizers, ensuring memory safety bugs surface with precise diagnostics. The suite standardizes experiment parameters—runtime,... -
25
Big List of Naughty Strings
List of strings which have a high probability of causing issues
The Big List of Naughty Strings is a community-maintained catalog of “gotcha” inputs that commonly break software, from unusual Unicode to SQL and script injection payloads. It exists so developers and QA engineers can easily test edge cases that normal test data would miss, such as zero-width characters, right-to-left marks, emojis, foreign alphabets, and long or malformed strings. By throwing these strings at forms, APIs, databases, and UIs, teams can discover encoding bugs, sanitizer...