onefuzz
Yacy
onefuzz | Yacy | |
---|---|---|
4 | 115 | |
2,780 | 3,260 | |
- | 0.9% | |
0.0 | 8.7 | |
6 months ago | about 1 month ago | |
C# | Java | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
onefuzz
- Microsoft OneFuzz to Be Archived
-
Ask HN: What are some worthy non-cryto uses of excess home compute nowadays?
Learning how to is half the fun!
There's a bunch of good tutorials out there on [dumb] fuzzing (presumably where you'll start). One starting point I'd recommend is taking a binary that accepts input from stdin and making some proof-of-concepts with AFL (https://lcamtuf.coredump.cx/afl/).
If you'd rather start from a code/library perspective (and not CLI), I'd recommend libfuzzer (https://github.com/Dor1s/libfuzzer-workshop/).
There's a lot of other fuzzers, techniques, and depth to the field, but I'd recommend inch worming through (speed up as you gain more comfort). The Fuzzing Book is good to help you understand the logic behind techniques and strategies (https://www.fuzzingbook.org/)
As for some management, there's a few decent "monitoring" systems out there; personally I just SSH in and check the fuzzer manually (I leave it running in a tmux pane), but if that's not your cup of tea I've heard good things about OneFuzz (https://github.com/microsoft/onefuzz) and LuckyCat (https://github.com/fkie-cad/LuckyCAT).
Happy to answer any specifics of the sort :)
-
What Is Fuzz Testing?
Microsoft’s OneFuzz is tackling some of these issues
https://github.com/microsoft/onefuzz
The biggest problem with fuzzing when it comes to “developer friendliness” isn’t just how to setup the fuzzer and the fact that you need to often write quite a bit of additional code to support fuzzing but that the results aren’t easily consumable.
Getting a fuzzer to cause a crash or some unhandled exception isn’t particularly difficult understanding the actual implication of such crash is where these tools “fail”.
SAST / DAST tools with all their issues such as false positives and relatively limited coverage at least provide actionable results.
Fuzzing not only requires a much higher understanding of the code itself and of its execution but the results are often useless for many developers.
Basically it doesn’t help you breach the gap between seeing a BSOD or a kernel panic and getting a working zero day.
-
Rnetsecs Q1 2021 Information Security Hiring
To get a taste of our work, a few of the projects our group published recently: * Freta, a project to democratize full system memory forensics with trusted sensorsfor the cloud. * OneFuzz, a self hosted fuzzing as a service platform, used to scale fuzzing for multiple teams within Microsoft including Windows. * RESTler, the first stateful REST api fuzzer * RAFT, a self-hosted API testing orchestration engine, enabling developers to use RESTler and other api scanning & fuzzing tools in their CICD pipelines.
Yacy
- New ways we're tackling spammy, low-quality content on Search
- YaCy, a distributed Web Search Engine, based on a peer-to-peer network
-
New 60% of OpenAI model's responses contain plagiarism
It turns out you can make it all the way to become president of Harvard [1] while ignoring this rule so it is questionable whether it is as set in stone as you make it out to be, at least in certain disciplines.
In a way these models are a perfect mirror of the current academic climate. They plagiarise without remorse, they follow the latest identity-politics diktat to a point and make up 'facts' when needed to reach a desired narrative. Google Gemini is the latest example [2] of where this leads.
Given that it is plausible that models like these will soon be used in educational settings this is a recipe for disaster. The same goes for the trend to replace search engine results with 'interpreted' results in which LLMs take up the same role as Winston in 1984: Winston works in the Ministry of Truth where he alters historical records to fit the needs of the Party.
It is time for a decentralised distributed search engine which limits itself to pure search, something like YaCy [3]. Something to replace Winstonian search engines like Google and Bing (et al.).
[1] https://www.campusreform.org/article/claudine-gay-is-a-dei-h...
[2] https://news.ycombinator.com/item?id=39465255
[3] https://yacy.net/
-
Is Google Getting Worse? A Longitudinal Investigation of SEO Spam in Search [pdf]
> Now I just need some kind of open source search engine to run on it ...
Here you go: https://yacy.net
-
Welcome to mwmbl, the free, open-source and non-profit search engine
I remember https://yacy.net/ but the big problem of this project was java and had not implementations in others languages. I mean it as imagine torrent was only in perl.
-
admarus alternatives - ipfs-search and Yacy
3 projects | 9 Aug 2023
Admarus is similar as Yacy but aims to be distributed where Yacy is federated. Both are made for the web
- Brave Search launches own image and video search
-
Show HN: DiskerNet – Browse the Internet from Your Disk, Now Open Source
You should check out https://yacy.net: a global, P2P web search engine, where each peer can build and share its own index, etc.
-
How do you organize your data?
I also have an instance of Yacy installed, which I use to index the entire system, giving me my own private, internal search engine.
- Ask HN: Best search engine alternatives to Google?
What are some alternatives?
radamsa
Searx - Privacy-respecting metasearch engine
cryptofuzz - Fuzzing cryptographic libraries. Magic bug printer go brrrr.
MeiliSearch - A lightning-fast search API that fits effortlessly into your apps, websites, and workflow
LuckyCAT - A distributed fuzzing management framework
searxng - SearXNG is a free internet metasearch engine which aggregates results from various search services and databases. Users are neither tracked nor profiled.
beacon-fuzz - Differential Fuzzer for Ethereum 2.0
Gigablast - Nov 20 2017 -- A distributed open source search engine and spider/crawler written in C/C++ for Linux on Intel/AMD. From gigablast dot com, which has binaries for download. See the README.md file at the very bottom of this page for instructions.
American Fuzzy Lop - american fuzzy lop - a security-oriented fuzzer
Seeks - Seeks is a decentralized p2p websearch and collaborative tool.
fishnet - Distributed Stockfish analysis for lichess.org
Typesense - Open Source alternative to Algolia + Pinecone and an Easier-to-Use alternative to ElasticSearch ⚡ 🔍 ✨ Fast, typo tolerant, in-memory fuzzy Search Engine for building delightful search experiences