Packages that use the fuzz testing principle, ie "throwing" random inputs at the subject to see what happens.


Tool count: 85

BlackArch fuzzer
Name Version Description Homepage
afl++ 4.21c instrumentation-driven fuzzer for binary format
ajpfuzzer 0.6 A command-line fuzzer for the Apache JServ Protocol (ajp13).
backfuzz 1.b0648de A network protocol fuzzing toolkit.
bfuzz 60.fdaefc0 Input based fuzzer tool for browsers.
boofuzz v0.4.2.r19.g5552d0c
browser-fuzzer 3 Browser Fuzzer 3
bunny 0.93 A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs.
choronzon 4.d702c31 An evolutionary knowledge-based fuzzer.
cirt-fuzzer 1.0 A simple TCP/UDP protocol fuzzer.
conscan 1.2 A blackbox vulnerability scanner for the Concre5 CMS.
cookie-cadger 1.08 An auditing tool for Wi-Fi or wired Ethernet connections.
crlf-injector 9.bd6db06 A python script for testing CRLF injecting issues.
dharma 98.6b1e511 Generation-based, context-free grammar fuzzer.
dizzy 2.0 A Python based fuzzing framework with many features.
domato 127.053714b DOM fuzzer.
doona 145.7a4796c A fork of the Bruteforce Exploit Detector Tool (BED).
easyfuzzer 3.6 A flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independent).
firewalk 5.0 An active reconnaissance network security tool.
flyr 76.4926ecc Block-based software vulnerability fuzzing framework.
frisbeelite 1.2 A GUI-based USB device fuzzer.
ftester 1.0 A tool designed for testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.
ftp-fuzz 1337 The master of all master fuzzing scripts specifically targeted towards FTP server software.
fuddly 569.fd2c4d0 Fuzzing and Data Manipulation Framework (for GNU/Linux).
fusil 1.5 A Python library used to write fuzzing programs.
fuzzball2 0.7 A little fuzzer for TCP and IP options. It sends a bunch of more or less bogus packets to the host of your choice.
fuzzdb 475.5656ab2 Attack and Discovery Pattern Dictionary for Application Fault Injection Testing.
fuzzdiff 1.0 A simple tool designed to help out with crash analysis during fuzz testing. It selectively 'un-fuzzes' portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes.
fuzzowski 41.e39f665 A Network Protocol Fuzzer made by NCCGroup based on Sulley and BooFuzz.
goofuzz 1.2.5.r2.g6ba4cc5 A Bash script that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server.
grammarinator 352.122dfbb A random test generator / fuzzer that creates test cases according to an input ANTLR v4 grammar.
grr 17.791ed5a High-throughput fuzzer and emulator of DECREE binaries.
hexorbase 6 A database application designed for administering and auditing multiple database servers simultaneously from a centralized location. It is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL).
hodor 1.01be107 A general-use fuzzer that can be configured to use known-good input and delimiters in order to fuzz specific locations.
honggfuzz 4109.b4f72b42 A general-purpose fuzzer with simple, command-line interface.
http-fuzz 0.1 A simple http fuzzer.
ifuzz 1.0 A binary file fuzzer with several options.
ikeprober 1.12 Tool crafting IKE initiator packets and allowing many options to be manually set. Useful to find overflows, error conditions and identifiyng vendors
jbrofuzz 2.5 Web application protocol fuzzer that emerged from the needs of penetration testing.
kitty-framework 352.cb07609 Fuzzing framework written in python.
malybuzz 1.0 A Python tool focused in discovering programming faults in network software.
manul 197.f525df9 A coverage-guided parallel fuzzer for open-source and blackbox binaries on Windows, Linux and MacOS.
melkor 1.0 An ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base).
notspikefile 0.1 A Linux based file format fuzzing tool
oat 1.3.1 A toolkit that could be used to audit security within Oracle database servers.
ohrwurm 1.7a1182a A small and simple RTP fuzzer.
oscanner 1.0.6 An Oracle assessment framework developed in Java.
peach 3.0.202 A SmartFuzzer that is capable of performing both generation and mutation based fuzzing.
peach-fuzz 55.404e8ee Simple vulnerability scanning framework.
pentbox 1.8 A security suite that packs security and stability testing oriented tools for networks and systems.
portmanteau 1.0 An experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.
powerfuzzer 1_beta Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and others.
profuzz 9.aa6dded Simple PROFINET fuzzer based on Scapy.
pulsar 55.3c61178 Protocol Learning and Stateful Fuzzing.
pyjfuzz 157.f777067 Python JSON Fuzzer.
radamsa 0.7 General purpose mutation based fuzzer
ratproxy 1.58 A passive web application security assessment tool
s3-fuzzer 4.0a2a6f0 A concurrent, command-line AWS S3 Fuzzer.
samesame 68.a9bcd7b Command line tool to generate crafty homograph strings.
sandsifter 2.8375e61 The x86 processor fuzzer.
sfuzz 200.e1b62bd A simple fuzzer.
sloth-fuzzer 39.9f7f59a A smart file fuzzer.
smtp-fuzz 1.0 Simple smtp fuzzer.
snmp-fuzzer 0.1.1 SNMP fuzzer uses Protos test cases with an entirely new engine written in Perl.
socketfuzz 26.089add2 Simple socket fuzzer.
spiderpig-pdffuzzer 0.1 A javascript pdf fuzzer.
spike-fuzzer 2.9 IMMUNITYsec's fuzzer creation kit in C.
sploitego 153.d9568dc Maltego Penetration Testing Transforms.
sqlbrute 1.0 Brute forces data out of databases using blind SQL injection.
sshfuzz 1.0 A SSH Fuzzing utility written in Perl that uses Net::SSH2.
sulley 1.0.bff0dd1 A pure-python fully automated and unattended fuzzing framework.
taof 0.3.2 A GUI cross-platform Python generic network protocol fuzzer.
tcpcontrol-fuzzer 0.1 2^6 TCP control bit fuzzer (no ECN or CWR).
termineter 210.a802f94 Smart meter testing framework.
tftp-fuzz 1337 Master TFTP fuzzing script as part of the ftools series of fuzzers.
thefuzz 160.b4c2c80 CLI fuzzing tool.
trinity 5192.e7187245 A Linux System call fuzzer.
unifuzzer 5.3385a3b A fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer.
uniofuzz 1337 The universal fuzzing tool for browsers, web services, files, programs and network services/ports
uniscan 6.3 A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.
w3af 1.6.49 Web Application Attack and Audit Framework.
webscarab 20120422.001828 Framework for analysing applications that communicate using the HTTP and HTTPS protocols
webshag 1.10 A multi-threaded, multi-platform web server audit tool.
wfuzz 1155.1b695ee Utility to bruteforce web applications to find their not linked resources.
wsfuzzer 1.9.5 A Python tool written to automate SOAP pentesting of web services.
zzuf 0.15 Transparent application input fuzzer