kernel && Universal fuzzy tester

OSS-Fuzz-7.1k stars, Continuous fuzzy testing of open source software , Software that supports multilingual development , Be able to build your own fuzzy test platform , For example, combine Jazzer, High learning cost .

clusterfuzz-4.7k stars, Extensible fuzzy testing framework ,OSS-Fuzz Backend .

syzkaller - 3.9k stars, Distributed 、 Unsupervised 、 Coverage based Linux The system calls the fuzzy test tool

AFL-2.5k stars, You can use QEMU, It is a classic fuzzy tester .

AFL++-2.5k stars, yes AFL Advanced branch of , Faster , More mutation strategies are better .

honggfuzz-2.4k stars, Support for Android 、windows、mac、linux And many other operating systems , Input mode can be through command line or file , You can use QEMU, Multi process 、 Multithreading , Multiple have been found CVE,OSS-Fuzz、go-fuzz Wait to be inspired by it .

Choronzon - 265 stars, Based on genetic knowledge Fuzzer

gramfuzz - 221 stars, Syntax based that can define complex syntax to model document and binary data formats Fuzzer

KernelFuzzer - 424 stars, Cross Platform Kernel Fuzzer frame

QuickFuzz - 192 stars,Haskell Written tools for testing third-party software using common file formats , Make use of the ready-made 、 Well-known Fuzzer

Hodor Fuzzer - 124 stars, It used to be another general fuzzer

radamsa - General test case generator

File format blur tester

Yes pdf、 mp3、 swf And other file formats for fuzzy testing

Win AFL - 83 stars, Ivan Fratic The aim of development is Windows Binary program fuzzing Of AFL Branch version

AFLGo - 344 stars, be based on AFL Build a guiding gray box Fuzzing, Conduct fuzzy testing for specific positions of the program

Shellphish Fuzzer - 598 stars, A manipulation AFL Of Python Interface , You can simply write test cases and other functions

zzuf - 366 stars, A transparent application input fuzzer, File operations can be blocked 、 Change the random bit of program input

binspector - 179 stars, Binary format analysis and fuzzy testing tool

grammarinator - 215 stars, be based on ANTLR v4 Syntax file format fuzzy testing tool （ANTLR The project already has a lot of syntax ）

pe-afl-195 stars, in the light of PE File for static binary instrumentation 、 combination WinAFL Of Fuzzer

MiniFuzz - Microsoft Basic file format of the product fuzzing Tools

BFF from CERT - Basic file format fuzzing frame

AFL Fuzzer (Linux only) - Michal Zalewski aka lcamtuf Developed Fuzzer

TriforceAFL - One AFL A revised version of , Support when the application source code is not available fuzzing

Peach Fuzzer - Help create tradition dumb And small fuzzer Framework

Failure Observation Engine (FOE) - Based on malformed files Windows Program Fuzzing Tools

rmadair - Based on malformed files fuzzer, Use PyDBG To monitor signals of interest

Network protocol fuzzy tester

Yes HTTP, SSH, SMTP Wait for the network protocol to be fuzzy tested

Sulley - 1.3k stars, Michael Sutton Development , Containing multiple extensible components Fuzzer Development and Fuzzing The test framework , No more maintenance , Recommend the following

boofuzz - 1.5k stars, Sulley Successor to the framework

Spike - image sulley Of fuzzer Development framework , yes sulley The forerunner of

Metasploit Framework - 26.3k stars, adopt Auxiliary Module makes it have fuzzing The framework of competence

Nightmare - 362 stars, With a Web Distributed management interface fuzzing test suite , Support network protocol fuzzing

rage_fuzzer - 20 stars, Unknown protocol package fuzzer

Fuzzotron - 355 stars, Support TCP、UDP Simple multiprocess network Fuzzer

Mutiny - 474 stars, By replaying distorted PCAP Packets to the network Fuzzer

Fuzzing For Worms - 103 stars, For web services Fuzzing frame

AFL (w/ networking patch) - 188 stars, For the Internet Fuzzing Unofficial version of AFL

AFLNet - 503 stars, Grey box for network protocol Fuzzer（AFL An extension of ）

Jackalope-684 stars, A distributed , Can be used for windows and macos Binary fuzzy tester .

Peach Fuzzer - Help create tradition dumb And small fuzzer Framework , It used to be Python Compiling ,Peach3 Use C# Rewrote .

Browser blur tester

BFuzz - 283 stars, An input based fuzzy testing framework

WEB Fuzzy Tester

ffuf-6k stars,go The language is written quickly web Fuzzy Tester , But for get、post The data package is fuzzy tested , External mutators can be used , for example ,radamsa, To mutate the seed to generate test cases .

wfuzz-4.2k stars,WFuzz Is a Python Of Web Application security fuzzer tools and libraries , Can be on the path 、 file 、URL Parameters 、POST Request for fuzzy testing .

restler-fuzzer-1.5k stars,RestApi Fuzzy Tester

SSRFmap-1.7k stars, automatic SSRF Fuzzy Tester .

WebScarab- The tool is a fuzzy testing tool Web Apply audit suite

Cloud blur tester

Fuzzy testing tool for fuzzy testing in cloud environment

Cloudfuzzer - 18 stars, Automatically 、 Easy to cloud Fuzzing Framework

Fuzzit - Fuzzit It's a Fuzzing That is, the service platform , By systemd, radare2 Wait for multiple open source \ Closed source projects use

A fuzzy tester for a language

Java

jazzer-489 stars, be based on libFuzzer Coverage guided JVM Software fuzzy tester
Tribble - 16 stars, Easy to use 、 Coverage guided JVM Fuzzy test framework

C/C++

libFuzzer - oriented C/C++ Program 、 Evolutionary fuzzy testing tool based on coverage
ansvif - Used in C/C++ Advanced cross platform fuzzy testing framework for finding vulnerabilities in programs

Go

go-fuzz - 4.3k star, Coverage guided go Package ambiguity test

DOM

domato-1.4k stars,dom Fuzzy Tester

JS

fuzzilli-1.4k stars, js Engine blur tester

Thinking about fuzzy tester

Components of fuzzy tester

Use case generator

Based on variation ： There are seed files , Generate test cases after mutation
Build based ： Know the format of input , Generate test cases within the scope according to the format
You can use radamsa

monitor

Monitor the program under test , Get the... Occupied by the test program cpu、 Memory 、 Whether it collapses
Available pile insertion technology

filter

Some crashes may be caused by network fluctuations , Can filter
Regular

The core part of the

Call the case generator to generate test cases , Transmit the test case by sending or calling the tested program , Receive the results of the monitor , Guide the generation of use cases , Receive the results of the filter , Generate statistics

Results statistics

Count the number of cases sent 、 Number of crashes 、 Running time, etc

Improve

Code coverage Guide

Use branch coverage to guide , Make test cases cover as much code as possible
Available pile insertion technology , Put it in the part of the monitor , Return to the core

Multi process 、 Multithreading

A big problem with fuzzy testing is that the efficiency is too low , It can be alleviated through multiprocessing and multithreading

Distributed

Again , Distributed can also improve efficiency , meanwhile , Distributed on different machines , It saves too much memory and cpu, And it can meet high availability .

visualization

It can be done by web Interface, etc , Display statistics in real time , How many generators are running .

See more about ： Network security - Self study notes

If you like this article, please use your little hand to like it , Collect it , If you have any questions, please comment below , Reprint please indicate the source , With a link to the original , thank you ！ If there is any infringement , Please contact . If you feel you've got something , Voluntary reward , You can choose Alipay 18833895206（ Less than ）, Your support is the driving force for me to keep updating .