Track Awesome Fuzzing Updates Daily
A curated list of awesome Fuzzing(or Fuzz Testing) for software security
🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 cpuu/awesome-fuzzing · ⭐ 615 · 🏷️ Security
Jan 05, 2023
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Dec 13, 2022
Papers / The Network and Distributed System Security Symposium (NDSS)
Papers / IEEE Symposium on Security and Privacy (IEEE S&P)
Papers / USENIX Security
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Papers / The others
Nov 02, 2022
Papers / The Network and Distributed System Security Symposium (NDSS)
Jun 19, 2022
Tools / Network protocol
- Scapy (⭐8.3k) - Packet manipulation program & library. Can fuzz any protocol. See the
fuzz
function.
Jan 30, 2022
Tools / Network protocol
- MTF (⭐19) - A Modbus/TCP Fuzzer for testing internetworked industrial systems
Jan 27, 2022
Papers / The others
Tools / Network protocol
- MTF-Storm (⭐3) - A high performance fuzzer for Modbus/TCP.
Jan 26, 2022
Papers / IEEE Symposium on Security and Privacy (IEEE S&P)
Papers / USENIX Security
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Jan 25, 2022
Books
Talks
- Fuzzing Labs - Patrick Ventuzelo, Youtube
Papers / The Network and Distributed System Security Symposium (NDSS)
Tools / Binary
- American Fuzzy Lop plus plus (AFL++) (⭐3.3k) - A superior fork to Google's AFL. more speed, more and better mutations, more and better instrumentation, custom module support, etc. paper
Dec 27, 2021
Tools / General-purpose
- FireCracker (⭐695) - BLST CLI tool takes your HTTP logs, uses them to map your API flows and find risks.
Feb 11, 2021
Tools / Binary
- Jazzer (⭐694) - A coverage-guided, in-process fuzzer for the Java Virtual Machine. It is based on libFuzzer and can be applied directly to compiled applications.
Platform / Driver
- CI Fuzz - A CI/CD-agnostic platform for feedback-based fuzz testing of both native applications and Java web apps.
Oct 12, 2020
Books
- The Fuzzing Book (2019)
Oct 07, 2020
Papers / USENIX Security
- FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning, 2020
Tools / Network protocol
- dtls-fuzzer (⭐20) - A Java tool which performs protocol state fuzzing of DTLS servers.
Jun 10, 2020
Papers / IEEE Symposium on Security and Privacy (IEEE S&P)
Mar 04, 2020
Papers / The Network and Distributed System Security Symposium (NDSS)
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Jan 28, 2020
Papers / The Network and Distributed System Security Symposium (NDSS)
Tools / Network protocol
- DELTA (⭐71) - SDN Security evaluation framework.
Dec 18, 2019
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Aug 12, 2019
Tools / Web, JavaScript
- gremlins.js (⭐8.9k) - gremlins.js is a monkey testing library written in JavaScript.
Jul 31, 2019
Talks
- Effective File Format Fuzzing, Black Hat Europe 2016
- Adventures in Fuzzing, NYU Talk 2018
- Fuzzing with AFL, NDC Conferences 2018
Jul 10, 2019
Books
- The Art, Science, and Engineering of Fuzzing: A Survey (2019) - Actually, this document is a paper, but it contains more important and essential content than any other book.
Papers / IEEE Symposium on Security and Privacy (IEEE S&P)
Papers / USENIX Security
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Tools / Web, JavaScript
- test-each (⭐99) - Repeat tests using different inputs.
Tools / Network protocol
- T-Fuzz (⭐244) - T-Fuzz leverages a coverage guided fuzzer to generate inputs.
Jun 12, 2019
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Tools / Network protocol
- SPIKE (⭐69) - A fuzzer development framework like sulley, a predecessor of sulley.
- PROTOS - Security testing of protocol implementations.
Mar 29, 2019
Tools / Binary
- Eclipser (⭐138) - A binary-based fuzz testing tool that improves upon classic coverage-based fuzzing by leveraging a novel technique called grey-box concolic testing.
Tools / Web, JavaScript
- fuzzilli (⭐1.5k) - A (coverage-)guided Javascript engine fuzzer, written by Samuel Groß.
- CodeAlchemist (⭐225) - JavaScript engine fuzzer, written by KAIST SoftSec Lab.
Feb 27, 2019
Papers / The Network and Distributed System Security Symposium (NDSS)
Papers / The others
Tools / Binary
- shellphish fuzzer (⭐614) - A Python interface to AFL, allowing for easy injection of testcases and other functionality.
Feb 22, 2019
Tools / Binary
- libFuzzer - A library for coverage-guided fuzz testing. Tutorial from Google. (⭐1.3k)
Tools / Web, JavaScript
- jsfunfuzz (⭐604) - JavaScript engine fuzzers.
- IFuzzer (⭐90) - An Evolutionary Interpreter Fuzzer Using Genetic Programming.
- domato (⭐1.5k) - DOM fuzzer from Google Project Zero. Blog Post.
Tools / Network protocol
- TLS-Attacker (⭐684) - A Java-based framework for analyzing TLS libraries.
Platform / Driver
- Peach Fuzzer Platform - An automated security testing platform that prevents zero day attacks by finding vulnerabilities in hardware and software systems.
- Blackhat USA 2018 AFL workshop training materials (⭐19) - From @wrauner at Samsung Research.
Feb 13, 2019
Tools / General-purpose
- radamsa - A general-purpose fuzzer.
- zzuf (⭐401) - A transparent application input fuzzer.
Tools / Binary
- American fuzzy lop - A security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.
- WinAFL (⭐2k) - A fork of AFL for fuzzing Windows binaries.
- Driller (⭐790) - An implementation of the driller paper. This implementation was built on top of AFL with angr being used as a symbolic tracer.
Tools / Network protocol
- boofuzz (⭐1.7k) - Network Protocol Fuzzing for Humans. Documentation is available at http://boofuzz.readthedocs.io/, including nifty quickstart guides.
- LL-Fuzzer (⭐126) - An automated NFC fuzzing framework for Android devices.
- tlsfuzzer (⭐441) - A SSL and TLS protocol test suite and fuzzer.
- TumbleRF (⭐145) - A framework that orchestrates the application of fuzzing techniques to RF systems.
- PULSAR (⭐324) - A method for stateful black-box fuzzing of proprietary network protocols.
Tools / Driver
- Charm (⭐17) - A system solution that facilitates dynamic analysis of device drivers of mobile systems.
Platform / Driver
- certfuzz (⭐252) - It contains the source code for the CMU CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
Jan 25, 2019
Papers / USENIX Security
Oct 30, 2018
Papers / USENIX Security
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Papers / The others
Oct 26, 2018
Books
Papers / USENIX Security
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Papers / The others