LibAFL – Advanced Fuzzing Library – Slot Your Fuzzer Together In Rust! Scales Across Cores And Machines. For Windows, Android, MacOS, Linux, No_Std, …

Advanced Fuzzing Library – Slot your own fuzzers together and extend their features using Rust. LibAFL is written and maintained by Andrea Fioraldi [email protected] and Dominik Maier [email protected] Why LibAFL? LibAFL gives you many of the benefits of an off-the-shelf fuzzer, while being completely customizable. Some highlight features currently include: fast: We do everything weRead More

ToothPicker – An In-Process, Coverage-Guided Fuzzer For iOS

ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically targets iOS’s Bluetooth daemon bluetoothd and to analyze various Bluetooth protocols on iOS. As it is built using FRIDA, it can be adapted to target any platform that runs FRIDA. This repository also includes an over-the-air fuzzer with an exemplary implementation toRead More

Fuzzilli – A JavaScript Engine Fuzzer

A (coverage-)guided fuzzer for dynamic language interpreters based on a custom intermediate language (“FuzzIL”) which can be mutated and translated to JavaScript. Usage The basic steps to use this fuzzer are: Download the source code for one of the supported JavaScript engines. See the Targets/ directory for the list of supported JavaScript engines. Apply theRead More

FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) – A Distributed Evolutionary Binary Fuzzer For Pentesters

FLUFFI – A distributed evolutionary binary fuzzer for pentesters. About the project High level overview Getting started Usage HOWTOs Technical Details Contributing to FLUFFI LICENSE Bugs found So far, FLUFFI was almost exclusively used on SIEMENS products and solutions. Bugs found therein will not be published. However, FLUFFI found the following published bugs (please helpRead More

Urlbuster – Powerful Mutable Web Directory Fuzzer To Bruteforce Existing And/Or Hidden Files Or Directories

Powerful web directory fuzzer to locate existing and/or hidden files or directories.Similar to dirb or gobuster, but with a lot of mutation options.Installation pip install urlbuster Features Proxy support Cookie support Basic Auth Digest Auth Retries (for slow servers) Persistent and non-persistent HTTP connection Request methods: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS Custom HTTPRead More

Frida API Fuzzer – This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing

This experimental fuzzer is meant to be used for API in-memory fuzzing.The design is highly inspired and based on AFL/AFL++.ATM the mutator is quite simple, just the AFL’s havoc and splice stages.I tested only the examples under tests/, this is a WIP project but is known to works at least on GNU/Linux x86_64 and AndroidRead More