Fuzzing

Fuzzing

Appsec

EvoMaster

EvoMaster is an AI-driven tool that automatically generates system-level test cases for web APIs and enterprise applications using evolutionary algorithms and dynamic program analysis.

0

+7

ffufai

An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.

0

Automation

Python

Reconnaissance

Vulnerability Scanning

ffufai

An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.

0

+7

FDsploit

A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.

0

FDsploit

A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.

0

+7

IntruderPayloads

A collection of payloads and methodologies for web pentesting.

0

IntruderPayloads

A collection of payloads and methodologies for web pentesting.

0

+2

Burp-LFI-tests

A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.

0

Burp-LFI-tests

A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.

0

+7

qsfuzz

qsfuzz is a rule-based fuzzing tool for testing query string parameters in web applications to identify security vulnerabilities.

0

Rule Based

Penetration Testing

qsfuzz

qsfuzz is a rule-based fuzzing tool for testing query string parameters in web applications to identify security vulnerabilities.

0

+6

XSStrike

A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.

0

XSStrike

A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.

0

+1

BlackWidow

BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.

0

Python

BlackWidow

BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.

0

Python

+7

fuzz.txt

A GitHub repository for fuzzing and testing file formats

0

fuzz.txt

A GitHub repository for fuzzing and testing file formats

0

DOMdig

DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.

0

DOMdig

DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.

0

+6

Razzer

A Kernel fuzzer focusing on race bugs

0

Razzer

A Kernel fuzzer focusing on race bugs

0

vaf

A cross-platform web fuzzer written in Nim

0

vaf

A cross-platform web fuzzer written in Nim

0

Filebuster

A fast and flexible web fuzzer for identifying vulnerabilities in web applications

0

Filebuster

A fast and flexible web fuzzer for identifying vulnerabilities in web applications

0

+1

ParamPamPam

ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.

0

Web App Security

ParamPamPam

ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.

0

Web App Security

Sql Injection

+7

OneFuzz

OneFuzz is a self-hosted Fuzzing-As-A-Service platform developed by Microsoft that enables continuous developer-driven security testing through automated fuzzing capabilities.

0

Microsoft

OneFuzz

OneFuzz is a self-hosted Fuzzing-As-A-Service platform developed by Microsoft that enables continuous developer-driven security testing through automated fuzzing capabilities.

0

+4

SecLists

SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.

0

SecLists

SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.

0

+7

Crashwalk

A Go-based crash analysis tool that processes and reproduces crash files from fuzzing tools like AFL with multiple debugging engines and output formats.

0

Crashwalk

A Go-based crash analysis tool that processes and reproduces crash files from fuzzing tools like AFL with multiple debugging engines and output formats.

0

+4

AndroFuzz

A simple file format fuzzer for Android that can fuzz multiple readers at once

0

AndroFuzz

A simple file format fuzzer for Android that can fuzz multiple readers at once

0

FuzzDB

FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.

0

FuzzDB

FuzzDB is an open-source dictionary of attack patterns and predictable resource locations for dynamic application security testing and vulnerability discovery.

0

Penetration Testing

+7

App-Ray

App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.

0

Vulnerability Analysis

App-Ray

App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.

0

+6

Boofuzz

Boofuzz is a network protocol fuzzing tool that aims to fuzz everything

0

Boofuzz

Boofuzz is a network protocol fuzzing tool that aims to fuzz everything

0

Android port of Radamsa

An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.

0

Cross Platform

Android port of Radamsa

An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.

0

+6

Project Zero iPhone Messaging Tools

A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.

0

Vulnerability Research

Iphone

Offensive Security

Project Zero iPhone Messaging Tools

A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.

0

+6

ffuf

Fast web fuzzer written in Go

0

ffuf

Fast web fuzzer written in Go

0

+2

WSSiP

A WebSocket Manipulation Proxy with a user interface to capture, intercept, and send custom messages for WebSocket and Socket.IO communications.

0

WSSiP

A WebSocket Manipulation Proxy with a user interface to capture, intercept, and send custom messages for WebSocket and Socket.IO communications.

0

+2

ICSFuzz

PLC-side fuzzing tool for uncovering vulnerabilities in ICS control applications.

0

ICSFuzz

PLC-side fuzzing tool for uncovering vulnerabilities in ICS control applications.

0

Xss-Sql-Fuzz

A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz

0

Xss-Sql-Fuzz

A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz

0

+2

Offensive Docker

An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.

0

Offensive Docker

An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.

0

+5

Honggfuzz

A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.

0

Multi Threaded

Vulnerability Research

Security Tool

Honggfuzz

A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.

0