blackmate/categories/fuzzer

afl|2.17b|Security-oriented fuzzer using compile-time instrumentation and genetic algorithms|http://lcamtuf.coredump.cx/afl/
backfuzz|36.8e54ed6|A network protocol fuzzing toolkit.|https://github.com/localh0t/backfuzz
browser-fuzzer|3|Browser Fuzzer 3|http://www.krakowlabs.com/dev.html
bunny|0.93|A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs.|http://code.google.com/p/bunny-the-fuzzer/
burpsuite|1.7.03|An integrated platform for attacking web applications (free edition).|http://portswigger.net/burp/
cirt-fuzzer|1.0|A simple TCP/UDP protocol fuzzer.|http://www.cirt.dk/
conscan|1.2|A blackbox vulnerability scanner for the Concre5 CMS.|http://nullsecurity.net/tools/scanner.html
cookie-cadger|1.08|An auditing tool for Wi-Fi or wired Ethernet connections.|https://cookiecadger.com/
dizzy|0.8.3|A Python based fuzzing framework with many features.|http://www.c0decafe.de/
doona|135.9fa1f8d|A fork of the Bruteforce Exploit Detector Tool (BED).|https://github.com/wireghoul/doona
easyfuzzer|3.6|A flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant).|http://www.mh-sec.de/downloads.html.en
firewalk|5.0|An active reconnaissance network security tool|http://packetfactory.openwall.net/projects/firewalk/
frisbeelite|1.2|A GUI-based USB device fuzzer.|https://github.com/nccgroup/FrisbeeLite
ftester|1.0|A tool designed for testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.|http://www.inversepath.com/ftester.html
ftp-fuzz|1337|The master of all master fuzzing scripts specifically targeted towards FTP server sofware.|http://nullsecurity.net/tools/fuzzer.html
fuddly|273.38468f5|Fuzzing and Data Manipulation Framework (for GNU/Linux).|https://github.com/k0retux/fuddly
fusil|1.5|A Python library used to write fuzzing programs.|http://bitbucket.org/haypo/fusil/wiki/Home
fuzzball2|0.7|A little fuzzer for TCP and IP options. It sends a bunch of more or less bogus packets to the host of your choice.|http://nologin.org/
fuzzdb|279.637a885|Attack and Discovery Pattern Database for Application Fuzz Testing|https://code.google.com/p/fuzzdb/
fuzzdiff|1.0|A simple tool designed to help out with crash analysis during fuzz testing. It selectively 'un-fuzzes' portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes.|http://vsecurity.com/resources/tool
hexorbase|6|A database application designed for administering and auditing multiple database servers simultaneously from a centralized location. It is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL).|https://code.google.com/p/hexorbase/
honggfuzz|0.7|A general-purpose fuzzer with simple, command-line interface.|https://code.google.com/p/honggfuzz/
http-fuzz|0.1|A simple http fuzzer.|none
ikeprober|1.12|Tool crafting IKE initiator packets and allowing many options to be manually set. Useful to find overflows, error conditions and identifiyng vendors|http://ikecrack.sourceforge.net/
jbrofuzz|2.5|Web application protocol fuzzer that emerged from the needs of penetration testing.|http://sourceforge.net/projects/jbrofuzz/
kitty|267.0dd0f69|Fuzzing framework written in python.|https://github.com/cisco-sas/kitty
malybuzz|1.0|A Python tool focused in discovering programming faults in network software.|http://eternal-todo.com/tools/malybuzz-network-fuzzer
melkor|1.0|An ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base).|http://packetstormsecurity.com/files/127924/Melkor-ELF-Fuzzer.0.html
notspikefile|0.1|A Linux based file format fuzzing tool|http://packetstormsecurity.com/files/39627/notSPIKEfile.tgz.html
oat|1.3.1|A toolkit that could be used to audit security within Oracle database servers.|http://www.cqure.net/wp/test/
ohrwurm|0.1|A small and simple RTP fuzzer.|http://mazzoo.de/
oscanner|1.0.6|An Oracle assessment framework developed in Java.|http://www.cqure.net/wp/oscanner/
peach|3.0.202|A SmartFuzzer that is capable of performing both generation and mutation based fuzzing.|http://peachfuzzer.com/
peach-fuzz|52.070773a|Simple vulnerability scanning framework.|https://github.com/Caleb1994/peach
pentbox|1.8|A security suite that packs security and stability testing oriented tools for networks and systems.|http://www.pentbox.net
portmanteau|1.0|An experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.|https://packetstormsecurity.com/files/134230/Portmanteau-Unix-Driver-IOCTL-Security-Tool.html
powerfuzzer|1_beta|Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and others.|http://www.powerfuzzer.com
profuzz|9.aa6dded|Simple PROFINET fuzzer based on Scapy.|https://github.com/HSASec/ProFuzz
pulsar|28.89552de|Protocol Learning and Stateful Fuzzing.|Protocol Learning and Stateful Fuzzing.
radamsa|0.4|General purpose data fuzzer.|https://github.com/aoh/radamsa
ratproxy|1.58|A passive web application security assessment tool|http://code.google.com/p/ratproxy/
sfuzz|0.7.0|A simple fuzzer.|http://aconole.brad-x.com/programs/sfuzz.html
skipfish|2.10b|A fully automated, active web application security reconnaissance tool|http://code.google.com/p/skipfish/
sloth-fuzzer|39.9f7f59a|A smart file fuzzer.|https://github.com/mfontanini/sloth-fuzzer
smtp-fuzz|1.0|Simple smtp fuzzer|none
snmp-fuzzer|0.1.1|SNMP fuzzer uses Protos test cases with an entirely new engine written in Perl.|http://www.arhont.com/en/category/resources/tools-utilities/
spiderpig-pdffuzzer|0.1|A javascript pdf fuzzer|https://code.google.com/p/spiderpig-pdffuzzer/
spike|2.9|IMMUNITYsec's fuzzer creation kit in C|http://www.immunitysec.com/resources-freesoftware.shtml
sploitego|153.d9568dc|Maltego Penetration Testing Transforms.|https://github.com/allfro/sploitego
sqlbrute|1.0|Brute forces data out of databases using blind SQL injection.|http://www.justinclarke.com/archives/2006/03/sqlbrute.html
sulley|1.0.3bce87a|A pure-python fully automated and unattended fuzzing framework.|https://github.com/OpenRCE/sulley/
taof|0.3.2|Taof is a GUI cross-platform Python generic network protocol fuzzer.|http://taof.sf.net
tcpcontrol-fuzzer|0.1|2^6 TCP control bit fuzzer (no ECN or CWR).|https://www.ee.oulu.fi/research/ouspg/tcpcontrol-fuzzer
termineter|0.1.0|Smart meter testing framework|https://code.google.com/p/termineter/
tftp-fuzz|1337|Master TFTP fuzzing script as part of the ftools series of fuzzers.|http://nullsecurity.net/tools/fuzzer.html
trinity|4606.84dc4dd|A Linux System call fuzzer.|http://codemonkey.org.uk/projects/trinity/
uniofuzz|1337|The universal fuzzing tool for browsers, web services, files, programs and network services/ports|http://nullsecurity.net/tools/fuzzer.html
uniscan|6.3|A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.|http://sourceforge.net/projects/uniscan/
w3af|1.6.49|Web Application Attack and Audit Framework.|http://w3af.sourceforge.net/
wapiti|2.3.0|A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections...|http://wapiti.sourceforge.net/
webscarab|20120422.001828|Framework for analysing applications that communicate using the HTTP and HTTPS protocols|http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
webshag|1.10|A multi-threaded, multi-platform web server audit tool.|http://www.scrt.ch/en/attack/downloads/webshag
wfuzz|47.5c1b4ee|Utility to bruteforce web applications to find their not linked resources.|https://github.com/xmendez/wfuzz
wsfuzzer|1.9.5|A Python tool written to automate SOAP pentesting of web services.|https://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
zzuf|0.14|Transparent application input fuzzer.|http://sam.zoy.org/zzuf/
Add files via upload 2016-07-02 17:25:11 +00:00			`afl\|2.17b\|Security-oriented fuzzer using compile-time instrumentation and genetic algorithms\|http://lcamtuf.coredump.cx/afl/`
Add files via upload 2016-06-25 13:58:53 +00:00			`backfuzz\|36.8e54ed6\|A network protocol fuzzing toolkit.\|https://github.com/localh0t/backfuzz`
			`browser-fuzzer\|3\|Browser Fuzzer 3\|http://www.krakowlabs.com/dev.html`
			`bunny\|0.93\|A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs.\|http://code.google.com/p/bunny-the-fuzzer/`
			`burpsuite\|1.7.03\|An integrated platform for attacking web applications (free edition).\|http://portswigger.net/burp/`
			`cirt-fuzzer\|1.0\|A simple TCP/UDP protocol fuzzer.\|http://www.cirt.dk/`
			`conscan\|1.2\|A blackbox vulnerability scanner for the Concre5 CMS.\|http://nullsecurity.net/tools/scanner.html`
			`cookie-cadger\|1.08\|An auditing tool for Wi-Fi or wired Ethernet connections.\|https://cookiecadger.com/`
			`dizzy\|0.8.3\|A Python based fuzzing framework with many features.\|http://www.c0decafe.de/`
			`doona\|135.9fa1f8d\|A fork of the Bruteforce Exploit Detector Tool (BED).\|https://github.com/wireghoul/doona`
			`easyfuzzer\|3.6\|A flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant).\|http://www.mh-sec.de/downloads.html.en`
			`firewalk\|5.0\|An active reconnaissance network security tool\|http://packetfactory.openwall.net/projects/firewalk/`
			`frisbeelite\|1.2\|A GUI-based USB device fuzzer.\|https://github.com/nccgroup/FrisbeeLite`
			`ftester\|1.0\|A tool designed for testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.\|http://www.inversepath.com/ftester.html`
			`ftp-fuzz\|1337\|The master of all master fuzzing scripts specifically targeted towards FTP server sofware.\|http://nullsecurity.net/tools/fuzzer.html`
Add files via upload 2016-07-02 17:25:11 +00:00			`fuddly\|273.38468f5\|Fuzzing and Data Manipulation Framework (for GNU/Linux).\|https://github.com/k0retux/fuddly`
Add files via upload 2016-06-25 13:58:53 +00:00			`fusil\|1.5\|A Python library used to write fuzzing programs.\|http://bitbucket.org/haypo/fusil/wiki/Home`
			`fuzzball2\|0.7\|A little fuzzer for TCP and IP options. It sends a bunch of more or less bogus packets to the host of your choice.\|http://nologin.org/`
			`fuzzdb\|279.637a885\|Attack and Discovery Pattern Database for Application Fuzz Testing\|https://code.google.com/p/fuzzdb/`
			`fuzzdiff\|1.0\|A simple tool designed to help out with crash analysis during fuzz testing. It selectively 'un-fuzzes' portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes.\|http://vsecurity.com/resources/tool`
			`hexorbase\|6\|A database application designed for administering and auditing multiple database servers simultaneously from a centralized location. It is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL).\|https://code.google.com/p/hexorbase/`
			`honggfuzz\|0.7\|A general-purpose fuzzer with simple, command-line interface.\|https://code.google.com/p/honggfuzz/`
			`http-fuzz\|0.1\|A simple http fuzzer.\|none`
			`ikeprober\|1.12\|Tool crafting IKE initiator packets and allowing many options to be manually set. Useful to find overflows, error conditions and identifiyng vendors\|http://ikecrack.sourceforge.net/`
			`jbrofuzz\|2.5\|Web application protocol fuzzer that emerged from the needs of penetration testing.\|http://sourceforge.net/projects/jbrofuzz/`
			`kitty\|267.0dd0f69\|Fuzzing framework written in python.\|https://github.com/cisco-sas/kitty`
			`malybuzz\|1.0\|A Python tool focused in discovering programming faults in network software.\|http://eternal-todo.com/tools/malybuzz-network-fuzzer`
			`melkor\|1.0\|An ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base).\|http://packetstormsecurity.com/files/127924/Melkor-ELF-Fuzzer.0.html`
			`notspikefile\|0.1\|A Linux based file format fuzzing tool\|http://packetstormsecurity.com/files/39627/notSPIKEfile.tgz.html`
			`oat\|1.3.1\|A toolkit that could be used to audit security within Oracle database servers.\|http://www.cqure.net/wp/test/`
			`ohrwurm\|0.1\|A small and simple RTP fuzzer.\|http://mazzoo.de/`
			`oscanner\|1.0.6\|An Oracle assessment framework developed in Java.\|http://www.cqure.net/wp/oscanner/`
			`peach\|3.0.202\|A SmartFuzzer that is capable of performing both generation and mutation based fuzzing.\|http://peachfuzzer.com/`
			`peach-fuzz\|52.070773a\|Simple vulnerability scanning framework.\|https://github.com/Caleb1994/peach`
			`pentbox\|1.8\|A security suite that packs security and stability testing oriented tools for networks and systems.\|http://www.pentbox.net`
			`portmanteau\|1.0\|An experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.\|https://packetstormsecurity.com/files/134230/Portmanteau-Unix-Driver-IOCTL-Security-Tool.html`
			`powerfuzzer\|1_beta\|Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and others.\|http://www.powerfuzzer.com`
			`profuzz\|9.aa6dded\|Simple PROFINET fuzzer based on Scapy.\|https://github.com/HSASec/ProFuzz`
			`pulsar\|28.89552de\|Protocol Learning and Stateful Fuzzing.\|Protocol Learning and Stateful Fuzzing.`
			`radamsa\|0.4\|General purpose data fuzzer.\|https://github.com/aoh/radamsa`
			`ratproxy\|1.58\|A passive web application security assessment tool\|http://code.google.com/p/ratproxy/`
			`sfuzz\|0.7.0\|A simple fuzzer.\|http://aconole.brad-x.com/programs/sfuzz.html`
			`skipfish\|2.10b\|A fully automated, active web application security reconnaissance tool\|http://code.google.com/p/skipfish/`
			`sloth-fuzzer\|39.9f7f59a\|A smart file fuzzer.\|https://github.com/mfontanini/sloth-fuzzer`
			`smtp-fuzz\|1.0\|Simple smtp fuzzer\|none`
			`snmp-fuzzer\|0.1.1\|SNMP fuzzer uses Protos test cases with an entirely new engine written in Perl.\|http://www.arhont.com/en/category/resources/tools-utilities/`
			`spiderpig-pdffuzzer\|0.1\|A javascript pdf fuzzer\|https://code.google.com/p/spiderpig-pdffuzzer/`
			`spike\|2.9\|IMMUNITYsec's fuzzer creation kit in C\|http://www.immunitysec.com/resources-freesoftware.shtml`
			`sploitego\|153.d9568dc\|Maltego Penetration Testing Transforms.\|https://github.com/allfro/sploitego`
			`sqlbrute\|1.0\|Brute forces data out of databases using blind SQL injection.\|http://www.justinclarke.com/archives/2006/03/sqlbrute.html`
			`sulley\|1.0.3bce87a\|A pure-python fully automated and unattended fuzzing framework.\|https://github.com/OpenRCE/sulley/`
			`taof\|0.3.2\|Taof is a GUI cross-platform Python generic network protocol fuzzer.\|http://taof.sf.net`
			`tcpcontrol-fuzzer\|0.1\|2^6 TCP control bit fuzzer (no ECN or CWR).\|https://www.ee.oulu.fi/research/ouspg/tcpcontrol-fuzzer`
			`termineter\|0.1.0\|Smart meter testing framework\|https://code.google.com/p/termineter/`
			`tftp-fuzz\|1337\|Master TFTP fuzzing script as part of the ftools series of fuzzers.\|http://nullsecurity.net/tools/fuzzer.html`
			`trinity\|4606.84dc4dd\|A Linux System call fuzzer.\|http://codemonkey.org.uk/projects/trinity/`
			`uniofuzz\|1337\|The universal fuzzing tool for browsers, web services, files, programs and network services/ports\|http://nullsecurity.net/tools/fuzzer.html`
			`uniscan\|6.3\|A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.\|http://sourceforge.net/projects/uniscan/`
			`w3af\|1.6.49\|Web Application Attack and Audit Framework.\|http://w3af.sourceforge.net/`
			`wapiti\|2.3.0\|A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections...\|http://wapiti.sourceforge.net/`
			`webscarab\|20120422.001828\|Framework for analysing applications that communicate using the HTTP and HTTPS protocols\|http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project`
			`webshag\|1.10\|A multi-threaded, multi-platform web server audit tool.\|http://www.scrt.ch/en/attack/downloads/webshag`
			`wfuzz\|47.5c1b4ee\|Utility to bruteforce web applications to find their not linked resources.\|https://github.com/xmendez/wfuzz`
			`wsfuzzer\|1.9.5\|A Python tool written to automate SOAP pentesting of web services.\|https://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project`
			`zzuf\|0.14\|Transparent application input fuzzer.\|http://sam.zoy.org/zzuf/`