REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number scenarios and cover every field and header Intelligent: tests are generated based on data types and constraints; each Fuzzer have specific expectations depending on the scenarioRead More
Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server. A full word list is included in the binary, meaning maximum portability and minimal configuration. Aim and fire! Usage Discover URLs on a given web server. version Display scout version. vhost Discover VHOSTs on a given webRead More
pip3 install frelatage Current release : 0.0.7 Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris and PythonFuzz. The main purpose of the project is to take advantage of the best features of these fuzzers andRead More
A proof-of-concept WordPress plugin fuzzer used in the research described in https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html that helped to discover more than 140 vulnerablities in WordPress plugins installed on almost 15 million sites. If you want to continue the research, start with less popular plugins – if a plugin achieved at least 10k active installs between October 2021 andRead More
Litefuzz is meant to serve a purpose: fuzz and triage on all the major platforms, support both CLI/GUI apps, network clients and servers in order to find security-related bugs. It simplifies the process and makes it easy to discover security bugs in many different targets, across platforms, while just making a few honest trade-offs. ItRead More
T-Reqs (Two Requests) is a grammar-based HTTP Fuzzer written as a part of the paper titled “T-Reqs: HTTP Request Smuggling with Differential Fuzzing” which was presented at ACM CCS 2021. BibTeX of the paper: @inproceedings{ccs2021treqs, title={T-Reqs: HTTP Request Smuggling with Differential Fuzzing}, author={Jabiyev, Bahruz and Sprecher, Steven and Onarlioglu, Kaan and Kirda, Engin}, booktitle={Proceedings ofRead More
A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessing the robustness of yourRead More
Advanced Fuzzing Library – Slot your own fuzzers together and extend their features using Rust. LibAFL is written and maintained by Andrea Fioraldi [email protected] and Dominik Maier [email protected] Why LibAFL? LibAFL gives you many of the benefits of an off-the-shelf fuzzer, while being completely customizable. Some highlight features currently include: fast: We do everything weRead More
very advanced fuzzer compiling Install nim from nim-lang.org Run nimble build A vaf.exe file will be created in your directory ready to be used using vaf using vaf is simple, here’s the current help text: Usage: vaf – very advanced fuzzer [options]Options: -h, –help -u, –url=URL choose url, replace area to fuzz with [] -w,Read More
GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL (and all of its forkserver siblings). It allows to fuzz OS kernels like simple applications. Thanks to QEMU, it is multi-platform. One can see GUSTAVE as a AFL forkserver implementation inside QEMU, with fine grain target inspection. What areRead More
