Fuzzing
Fuzzing 101 is a nice guide.
Links
- fluff - Fast web fuzzer written in Go.
- Wfuzz - Web application fuzzer.
- Building Fast Fuzzers (2019)
- How to break everything by fuzz testing (2020) (HN)
- AFLSmart - Smart Greybox Fuzzing.
- Fuzzing Firefox with WebIDL (2020)
- Fuzzit - Helps you integrate Continuous Fuzzing to your C/C++, Java, Go, Rust and Swift projects with your current CI/CD workflow.
- rustbuster - Comprehensive Web Fuzzer and Content Discovery Tool.
- lain - Fuzzer framework built in Rust.
- Fuzzing Raft for Fun and Publication (2015)
- Design Draft: First Class Fuzzing in Go
- FuzzCon - European Online Conference About Fuzzing. (Videos)
- Advanced Fuzzing: Compare shattering (2020)
- The Relevance of Classic Fuzz Testing: Have We Solved This One? (2020)
- OneFuzz - Self-hosted Fuzzing-As-A-Service platform.
- Let’s build a high-performance fuzzer with GPUs (2020) (HN)
- The Fuzzing Book - Tools and Techniques for Generating Software Tests. (Code)
- kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels (2017)
- libxdc (eXtremely fast DeCoder) - Aims to be the best Intel-PT decoding library for fuzzing purposes.
- Nautilus - Coverage guided, grammar based fuzzer.
- Redqueen - Fuzzing with Input-to-State Correspondence.
- REST API Fuzz Testing (RAFT) - Self hosted REST API Fuzzing-As-A-Service platform.
- Hyper-Cube: High-Dimensional Hypervisor Fuzzing (2020)
- Atheris - Coverage-Guided, Native Python Fuzzer.
- FuzzGen - Tool for automatically synthesizing fuzzers for complex libraries in a given environment.
- jdam - Structure-aware JSON fuzzing.
- RESTler - First stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
- FuzzOS (2020) - Operating system which is designed specifically for fuzzing.
- GUSTAVE - Embedded OS kernel fuzzer.
- Jackalope - Customizable, distributed, coverage-guided fuzzer that is able to work with black-box binaries.
- kAFL - Fuzzer for full VM kernel/driver targets.
- Snapandgo - {golang, ptrace, snapshot}-based fuzzer.
- Honggfuzz - Security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. (Web)
- How to Spot Good Fuzzing Research (2018)
- Browser fuzzing at Mozilla (2021) (HN)
- Fuzz me wrong – How QuickCheck destroyed my favorite theory (HN)
- Fuzzing Forum - Tutorials, examples, discussions, research proposals, and other resources related to fuzzing.
- dharma - Generation-based, context-free grammar fuzzer.
- Lessons from Fuzzing a Compiler for a Year (2021)
- SQLfuzz - Simple SQL table fuzzing.
- Tavor - Generic fuzzing and delta-debugging framework.
- What Is Fuzz Testing? (2021) (HN)
- An Empirical Study of OSS-Fuzz Bugs (2021)
- Coverage Guided, Property Based Testing
- Static Mocking vs. Mocking with Fuzz Data (Embedded) (2021)
- Awesome Fuzzing
- LibAFL - Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust.
- ssdeep - Fuzzy hashing API and fuzzy hashing tool.
- Fuzzinator - Random Testing Framework.
- rfuzz - Coverage-directed fuzzing for RTL research platform. (Paper)
- The Use of Likely Invariants as Feedback for Fuzzers
- Random Sampling of Strings from Context-Free Grammar (2021)
- Tough Fuzzer - Obstacle course for go-fuzz composed of a series of small code samples which encapsulate the most common obstacles to code-coverage the fuzzer will encounter.
- gramfuzz - Grammar-based fuzzer that lets one define complex grammars to model text and binary data formats.
- GOFUZZ - Fast web fuzzer which takes in URL as input and test the URL for different set of inputs provided by the user.
- The Challenges of Fuzzing 5G Protocols (2021) (Lobsters)
- Nyx-Net: Network Fuzzing with Incremental Snapshots (2021)
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
- Revizor - Microarchitectural fuzzer. Searches for microarchitectural bugs in CPUs.
- OpenAPI fuzzer - Fuzzing APIs based on OpenAPI specification. (HN)
- FuzzBench - Fuzzer Benchmarking As a Service. (Docs)
- Blacksmith Rowhammer Fuzzer - Crafts novel non-uniform Rowhammer access patterns based on the concepts of frequency, phase, and amplitude.
- Fuzzing - Tool set for fuzz and stress testing your functions.
- Recent Papers Related To Fuzzing
- FormatFuzzer - Framework for high-efficiency, high-quality generation and parsing of binary inputs.
- fuzzuf - Fuzzing Unification Framework.
- BINSEC - Open-source toolset to help improve software security at the binary level.
- bun - Tool for integrating fuzzer-based tests into a conventional CI pipeline.
- Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types (2021)
- Fuzz introspector - Tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.
- Stateful Model-Based Database Fuzzing (2022)
- FirmWire - Full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares.
- Frelatage - Coverage-based Python fuzzing library which can be used to fuzz python code.
- Banana Fuzzer - Modulable, loop based, poc gen, code cov, platform agnostic, race oriented.
- Awesome Grammar Fuzzing
- sfuzz - JIT compiler / Fuzzer.
- Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis (2022) (Code)
- Awesome Directed Fuzzing
- Why fuzzing with emulators is amazing
- Fuzzing 101 - Step by step fuzzing tutorial. A GitHub Security Lab initiative.
- DeepState - Unit test-like interface for fuzzing and symbolic execution.
- Variation of american fuzzy lop for testing compilers
- Centipede - Distributed fuzzing engine.
- Fuzzing rust-minidump for Embarrassment and Crashes - Part 2 (2022) (Lobsters)