3rd-party lists
- sunglin: 2020 fuzz探索的一点总结与思考
- 一系列用于Fuzzing学习的资源汇总
- bsauce/Some-Papers-About-Fuzzing - 最新顶会fuzz论文分享
- 0xricksanchez/paper_collection - Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
EPUB
Rust
Python
Browser
- freingruber/JavaScript-Raider - JavaScript Fuzzing framework for v8
- google/domato - DOM fuzzer
- blastxiang/lucky-js-fuzz - A web page based fuzzer that generates random JS statements then fuzz in the web-browser
- attekett/NodeFuzz - a fuzzer harness for web browsers and browser like applications
- stephenfewer/grinder - a system to automate the fuzzing of web browsers and the management of a large number of crashes
- RootUp/BFuzz - Fuzzing Browsers
- googleprojectzero/fuzzilli - A JavaScript Engine Fuzzer
- MozillaSecurity/grizzly - A cross-platform browser fuzzing framework
Office
Network
- googleprojectzero/SockFuzzer - a fork of XNU that contains support for fuzzing the network stack in userland on macOS and Linux-based hosts
- denandz/fuzzotron - A TCP/UDP based network daemon fuzzer
- sogeti-esec-lab/RPCForge - Windows RPC Python fuzzer
- Cisco-Talos/mutiny-fuzzer - a network fuzzer that operates by replaying PCAPs through a mutational fuzzer
- andresriancho/websocket-fuzzer - Simple HTML5 WebSocket fuzzer
- nccgroup/wssip - Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa
Android
- ajinabraham/Droid-Application-Fuzz-Framework - Android application fuzzing framework with fuzzers and crash monitor
- m-y-mo/android_nfc_fuzzer - a fuzzer that uses libprotobuf-mutator to fuzz the NFC module on an Android device
iOS
Windows kernel
- waleedassar/SimpleNTSyscallFuzzer - Fuzzer for Windows kernel syscalls
- koutto/ioctlbf - Windows Kernel Drivers fuzzer
- mwrlabs/KernelFuzzer - Cross Platform Kernel Fuzzer Framework
- Cr4sh/ioctlfuzzer - a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them
- mwrlabs/ViridianFuzzer - a kernel driver that make hypercalls, execute CPUID, read/write to MSRs from CPL0
- hfiref0x/NtCall64 - Windows NT x64 syscall fuzzer
- compsec-snu/razzer - A Kernel fuzzer focusing on race bugs
- fgsect/unicorefuzz - Fuzzing the Kernel using AFL Unicorn
- IOActive/FuzzNDIS - A Fuzzer for Windows NDIS Drivers OID Handlers
Linux kernel
- google/ktsan - KernelThreadSanitizer, a fast data race detector for the Linux kernel
- ucsb-seclab/difuze - Fuzzer for Linux Kernel Drivers
- google/syzkaller - an unsupervised, coverage-guided kernel fuzzer
- TriforceLinuxSyscallFuzzer - A linux system call fuzzer using TriforceAFL
- sslab-gatech/janus - Fuzzing File Systems via Two-Dimensional Input Space Exploration
- intel/kernel-fuzzer-for-xen-project - VMI Kernel Fuzzer for Xen Project: VM forking, VMI & AFL integration demo
- 0xricksanchez/fisy-fuzz - This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April
- IntelLabs/kAFL - HW-assisted Feedback Fuzzing for x86 Kernels
- google/kmsan - KernelMemorySanitizer, a detector of uses of uninitialized memory in the Linux kernel
MacOS kernel
- mwrlabs/OSXFuzz - macOS Kernel Fuzzer
- SilverMoonSecurity/PassiveFuzzFrameworkOSX - fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode
Static analyzer
Symbolic execution
- borzacchiello/naaz - Symbolic Execution Engine based on Ghidra's PCode
- trailofbits/maat - an open-source Dynamic Symbolic Execution and Binary Analysis framework. It provides various functionalities such as symbolic execution, taint analysis, constraint solving, binary loading, environment simulation, and leverages Ghidra's sleigh library for assembly lifting
- getsentry/symbolic - Stack trace symbolication library written in Rust
- angr - The next-generation binary analysis platform from UC Santa Barbara's Seclab
- julieeen/kleefl - Seeding fuzzers with symbolic execution
- KLEE Symbolic Execution Engine
- RUB-SysSec/syntia - Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
- dwrensha/seer - symbolic execution engine for Rust
- palkeo - Symbolic execution tool and vulnerability scanner for the Ethereum Virtual Machine
- PLSysSec/haybale - Symbolic execution of LLVM IR with an engine written in Rust
Coverage tools
- gamozolabs/mesos - Binary coverage tool without binary modification for Windows
- googleprojectzero/CompareCoverage - Clang instrumentation module for tracing variable and buffer comparisons in C/C++ and saving the coverage data to .sancov files
Font
- sunglinl/ttffuzz - TTFFuzz 实验版本基于项目 FormatFuzzer 和 TinyAFL 对于 FormatFuzzer 的二次开发,主要支持结构树的解析和结构树生成 ttf 字体 - KCON 2021演讲作品
- googleprojectzero/BrokenType - TrueType and OpenType font fuzzing toolset
WASM
PHP
Java
- Barro/java-afl - Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz
- rohanpadhye/jqf - Coverage-guided semantic fuzzing for Java
Dotnet
- jakobbotsch/Fuzzlyn - Fuzzer for the .NET toolchains
- debasishm89/dotNetFuzz - A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript
Golang
- dvyukov/go-fuzz - Randomized testing for Go
- AdaLogics/go-fuzz-headers - This repository contains various helper functions for go fuzzing. It is mostly used in combination with go-fuzz, but compatibility with fuzzing in the standard library will also be supportet
- Google/gofuzz - Fuzz testing for go
Smart contract
ActiveX
C++
- hgarrereyn/GraphFuzz - GraphFuzz is an experimental framework for building structure-aware, library API fuzzers
- ossf/fuzz-introspector - a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers
AFL
- AFL - american fuzzy lop
- AFLplusplus - afl with community patches
- ivanfratric/winafl - A fork of AFL for fuzzing Windows binaries
- wmliang/pe-afl - combines static binary instrumentation on PE binary and WinAFL
- vanhauser-thc/AFLplusplus - afl 2.53b with community patches, AFLfast power schedules, qemu 3.1 upgrade + laf-intel support, MOpt mutators, InsTrim instrumentation, unicorn_mode and a lot more!
- FGSect/FitM - the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up
- AFLplusplus/cargo-libafl - Fuzz Rust code with LibAFL
- mxmssh/drAFL - AFL + DynamoRIO = fuzzing binaries with no source code on Linux
- linhlhq/TinyAFL - TinyAFL is built on top of AFL and TinyInst - KCON 2021有提到
- aflnet/aflnet - A Greybox Fuzzer for Network Protocols
Uncategorized
- google/centipede - a distributed fuzzing engine. Work-in-progress
- ex0dus-0x/fuzzable - Framework for Automating Fuzzable Target Discovery with Static Analysis. Featured at Black Hat Arsenal USA 2022
- google/silifuzz - Fuzzing CPUs by proxy
- guidovranken/cryptofuzz - Fuzzing cryptographic libraries. Magic bug printer go brrrr
- seal9055/sfuzz - High performance fuzzing using riscv to x86 binary translations and modern fuzzing techniques
- TCA-ISCAS/Cooper - A tool for effective testing the binding layer of scripting languages
- CodeIntelligenceTesting/jazzer - Coverage-guided, in-process fuzzing for the JVM
- fkie-cad/libdesock - A de-socketing library for fuzzing
- occia/apicraft - This prototype is presented in USENIX 2021 as "APICraft: Fuzz Driver Generation for Closed-source SDK Libraries"
- loiclec/fuzzcheck-rs - Modular, structure-aware, and feedback-driven fuzzing engine for Rust functions
- hardik05/Source-and-Fuzzing - 一些阅读源码和Fuzzing 的经验,涵盖黑盒与白盒测试
- wtdcode/fuzzercorn - Bring libfuzzer to Unicorn
- fuzzware-fuzzer/fuzzware - Fuzzware's main repository. Start here to install
- alipay/Owfuzz - a WiFi protocol fuzzing tool
- bahruzjabiyev/t-reqs-http-fuzzer - T-Reqs: A grammar-based HTTP Fuzzer
- google/clusterfuzzlite - Simple continuous fuzzing that runs in CI
- 0vercl0k/fuzzing-ida75 - Repository of the findings found by wtf when fuzzing IDA75
- quarkslab/rewind - Snapshot-based coverage-guided windows kernel fuzzer
- 0vercl0k/wtf - wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows
- parikhakshat/autoharness - A tool that automatically creates fuzzing harnesses based on a library
- HexHive/magma - A ground-truth binary fuzzing benchmark suite based on real programs with real bugs
- ant4g0nist/ManuFuzzer - Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM
- trailofbits/krf - A kernelspace syscall interceptor and randomized faulter
- googleprojectzero/Hyntrospect - a coverage-guided fuzzer targeting Hyper-V emulated devices, in the userland of Hyper-V root partition. Vulnerabilities in that layer coud lead to a guest to root partition escape
- vusec/collabfuzz - A Framework for Collaborative Fuzzing
- taviso/scanlimits - Tool to examine the behaviour of setuid binaries under constrained limits
- uds-se/FormatFuzzer - a framework for high-efficiency, high-quality generation and parsing of binary inputs - KCON 2021有提到
- googleprojectzero/Jackalope - Binary, coverage-guided fuzzer for Windows and macOS
- google/atheris - A Coverage-Guided, Native Python Fuzzer
- microsoft/onefuzz - A self-hosted Fuzzing-As-A-Service platform
- securesystemslab/agamotto - Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints
- nautilus-fuzz/nautilus - A grammar based feedback Fuzzer
- Cisco-Talos/Barbervisor - Intel x86 bare metal hypervisor for researching snapshot fuzzing ideas
- hgascon/pulsar - Protocol Learning and Stateful Fuzzing
- d0c-s4vage/resmack-fuzz-test - an exploration of a feedback-driven fuzzer
- HexHive/FuzzGen - a tool for automatically synthesizing fuzzers for complex libraries in a given environment
- h0mbre/Fuzzing - ptrace + 内存快照实现fuzz
- s3team/Squirrel - a fuzzer that aims at finding memory corruption issues in database managment systems (DBMSs). It is built on AFL.
- googleprojectzero/TinyInst - A lightweight dynamic instrumentation library - KCON 2021有提到
- fgsect/BaseSAFE - Emulation and Feedback Fuzzing of Firmware with Memory Sanitization
- trailofbits/sienna-locomotive - A user-friendly fuzzing and crash triage tool for Windows
- 0xricksanchez/fs-fuzzer - My Material for the HITB presentation
- seemoo-lab/frankenstein - Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging
- google/FuzzBench - Fuzzer benchmarking as a service
- mxmssh/manul - a coverage-guided parallel fuzzer for open-source and blackbox binaries on Windows, Linux and MacOS
- atrosinenko/kbdysch - A collection of user-space Linux kernel specific guided fuzzers based on LKL
- RUB-SysSec/redqueen - Fuzzing with Input-to-State Correspondence
- d0c-s4vage/gramfuzz - a grammar-based fuzzer that lets one define complex grammars to generate text and binary data formats
- RUB-SysSec/antifuzz - Impeding Fuzzing Audits of Binary Executables
- nccgroup/fuzzowski - the Network Protocol Fuzzer that we will want to use
- rk700/uniFuzzer - A fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer
- microsoft/lain - A fuzzer framework built in Rust
- SkyLined/BugId - Detect, analyze and uniquely identify crashes in Windows applications
- google/graphicsfuzz - A testing framework for automatically finding and simplifying bugs in graphics shader compilers
- IOActive/XDiFF - Extended Differential Fuzzing Framework
- renatahodovan/fuzzinator - Fuzzinator Random Testing Framework
- google/honggfuzz - Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based)
- ttdennis/fpicker - fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)
- nccgroup/TriforceAFL - AFL/QEMU fuzzing with full-system emulation
- llvm - libFuzzer – a library for coverage-guided fuzz testing
- dekimir/RamFuzz - Combining Unit Tests, Fuzzing, and AI
- google/oss-fuzz - continuous fuzzing of open source software
- aoh/radamsa - a general-purpose fuzzer - 这个主要是学习他的mutations.scm,比如 decrement a byte by one
- MozillaSecurity/peach - a fuzzing framework which uses a DSL for building fuzzers and an observer based architecture to execute and monitor them
- x41sec/x41-smartcard-fuzzing - X41 Smartcard Fuzzer
- mathiasbynens/small - Smallest possible syntactically valid files of different types
- AngoraFuzzer/Angora - a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution
- gamozolabs/applepie - A hypervisor for fuzzing built with WHVP and Bochs
- Dongdongshe/neuzz - neural network assisted fuzzer
- google/clusterfuzz - a scalable fuzzing infrastructure which finds security and stability issues in software
- Recent Papers Related To Fuzzing
- The Art of Fuzzing
- A example of fuzzing the ceph filesystem
- google/fuzzing - Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
- freebuf: 模糊测试工具WinAFL使用指南
- lcatro/Source-and-Fuzzing - 一些阅读源码和Fuzzing 的经验,涵盖黑盒与白盒测试
- k0keoyo/Some-Kernel-Fuzzing-Paper - Some kernel fuzzing paper about windows and linux