Top 23 Fuzzing Open-Source Projects

• Awesome-Hacking

  12 77,002 0.0

  A collection of various awesome lists for hackers, pentesters and security researchers

  

Project mention: Cyber Security iPhone Application Idea | /r/iOSDevelopment | 2023-07-03

8. Security Knowledge Base: - Utilize resources like The-book-of-secret-knowledge (e.g., https://github.com/trimstray/the-book-of-secret-knowledge) and Awesome-Hacking (e.g., https://github.com/Hack-with-Github/Awesome-Hacking) to build a knowledge base. - Extract relevant security information and create a structured knowledge base within SecurIoT. - Implement functionality to query and retrieve security information from the knowledge base. - Thoroughly test the knowledge base integration, ensuring accurate retrieval of security knowledge.

• dirsearch

  12 11,213 7.9 Python

  Web path scanner

Project mention: Looking for some help with this Python package | /r/learnpython | 2023-08-19

I am new to Python. With the help of several users (thanks u/Diapolo10 and u/shiftybyte)I've been able to install Python and the dirsearch package. Dirsearch (https://github.com/maurosoria/dirsearch) allows for checking website paths with a wordlist. For example, I have a wordlist file with words like "dog", "cat", "bird", etc and I want to check the validity of those words as extensions on a website. Something like "example.com/bird", "example.com/cat", etc. I have a test wordlist in the same directory as dirsearch, but I am confused on how to proceed with the commands. I want to have it check my wordlist as extensions on the example.com website and then save output on if the webpath is valid or not. Just need a little bit of help.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• oss-fuzz

  31 9,879 9.9 Shell

  OSS-Fuzz - continuous fuzzing for open source software.

  

Project mention: Xz: Disable ifunc to fix Issue 60259 | news.ycombinator.com | 2024-03-29

• sled

  37 7,736 2.4 Rust

  the champagne of beta embedded databases

Project mention: SableDb – a key/value store that uses RocksDB and Redis API (written in Rust) | news.ycombinator.com | 2024-04-04

a few times, seems interesting. The author's also built a lot of other cool concurrency primitives for Rust as well.

[0] https://github.com/spacejam/sled

• foundry

  39 7,530 9.9 Rust

  Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.

  

Project mention: I need to buy goETH | /r/ethdev | 2023-05-07

• hypothesis

  20 7,254 9.9 Python

  Hypothesis is a powerful, flexible, and easy to use library for property-based testing.

  

Project mention: Hypothesis | news.ycombinator.com | 2024-02-01

• reconftw

  3 5,231 9.3 Shell

  reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Project mention: Automated recognition frameworks? | /r/bugbounty | 2023-06-23

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• clusterfuzz

  3 5,200 9.8 Python

  Scalable fuzzing infrastructure.

  

Project mention: Fuzzing Ladybird with tools from Google Project Zero | news.ycombinator.com | 2024-03-16

https://github.com/google/clusterfuzz

At least Chromium has integrated multiple different fuzzers into their regular development workflow and found lots of bugs even before going public.

• syzkaller

  7 5,116 0.0 Go

  syzkaller is an unsupervised coverage-guided kernel fuzzer

  

Project mention: Automated Unit Test Improvement Using Large Language Models at Meta | news.ycombinator.com | 2024-02-17

https://arxiv.org/abs/2402.09171 :

> This paper describes Meta's TestGen-LLM tool, which uses LLMs to automatically improve existing human-written tests. TestGen-LLM verifies that its generated test classes successfully clear a set of filters that assure measurable improvement over the original test suite, thereby eliminating problems due to LLM hallucination. [...] We believe this is the first report on industrial scale deployment of LLM-generated code backed by such assurances of code improvement.

Coverage-guided unit test improvement might [with LLMs] be efficient too.

https://github.com/topics/coverage-guided-fuzzing :

- e.g. Google/syzkaller is a coverage-guided syscall fuzzer: https://github.com/google/syzkaller

- Gitlab CI supports coverage-guided fuzzing: https://docs.gitlab.com/ee/user/application_security/coverag...

- oss-fuzz, osv

Additional ways to improve tests:

Hypothesis and pynguin generate tests from type annotations.

There are various tools to generate type annotations for Python code;

> pytype (Google) [1], PyAnnotate (Dropbox) [2], and MonkeyType (Instagram) [3] all do dynamic / runtime PEP-484 type annotation type inference [4] to generate type annotations. https://news.ycombinator.com/item?id=39139198

icontract-hypothesis generates tests from icontract DbC Design by Contract type, value, and invariance constraints specified as precondition and postcondition @decorators:

• Awesome-Fuzzing

  2 5,064 1.9

  A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

• go-fuzz

  10 4,704 5.2 Go

  Randomized testing for Go

Project mention: Fuzzing in Go | /r/golang | 2023-06-10

I used this method successfully for my qjson package . It accepts as input a human readable json. It detected a condition I forgot to check in a few minutes. I used the go fuzzer go-fuzz from Dmitry Vyukov. Check the impressive list of trophies at the end of the README. These are bugs found by the fuzzer.

• AFLplusplus

  16 4,620 9.6 C

  The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

  

Project mention: Decoding C/C++ Compilation Process: From Source Code to Binary | /r/cpp | 2023-06-08

It could be cool to see some explanation of CFG representations or GIMPLE/LLVM here. GCC/Clang can print those out as text, or just compile to that code and not go lower if you ask them to. There are some interesting things you can do with bytecode, like Rellic, AFL++, or optview2. It seems a bit reductive imo to go straight from high-level code to disassembly without at all examining any layers in between. Especially if we use something like Polygeist or CIR.

• dnstwist

  23 4,508 7.8 Python

  Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Project mention: Have I Been Squatted? | news.ycombinator.com | 2023-11-27

• fast-check

  21 4,099 9.8 TypeScript

  Property based testing framework for JavaScript (like QuickCheck) written in TypeScript

Project mention: The 5 principles of Unit Testing | dev.to | 2023-09-14

Libraries like JSVerify or Fast-Check offer essential tools to facilitate property-based testing.

• IntruderPayloads

  2 3,526 1.8 BlitzBasic

  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

• Raccoon

  4 2,993 0.0 Python

  A high performance offensive security tool for reconnaissance and vulnerability scanning

• honggfuzz

  5 2,974 7.1 C

  Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

  

• awesome-api-security

  5 2,720 6.5

  A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Project mention: FLaNK Stack Weekly for 27 November 2023 | dev.to | 2023-11-27

• testing-distributed-systems

  1 2,386 7.3 HTML

  Curated list of resources on testing distributed systems

Project mention: Testing Distributed Systems | news.ycombinator.com | 2023-06-13

• OneListForAll

  1 2,332 5.6 Shell

  Rockyou for web fuzzing

• Fuzzing101

  5 2,269 0.0

  An step by step fuzzing tutorial. A GitHub Security Lab initiative

Project mention: Gaining kernel code execution on an MTE-enabled Pixel 8 | news.ycombinator.com | 2024-03-18

This work comes from GitHub's Security Lab https://securitylab.github.com/

• FuzzingPaper

  1 2,242 8.0

  Recent Fuzzing Paper

• winafl

  2 2,234 5.5 C

  A fork of AFL for fuzzing Windows binaries

  

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Fuzzing related posts

• Xz: Disable ifunc to fix Issue 60259
  1 project | news.ycombinator.com | 29 Mar 2024
• Ask HN: Any Good Fuzzer for gRPC?
  3 projects | news.ycombinator.com | 21 Mar 2024
• Gaining kernel code execution on an MTE-enabled Pixel 8
  4 projects | news.ycombinator.com | 18 Mar 2024
• Fuzzing Ladybird with tools from Google Project Zero
  2 projects | news.ycombinator.com | 16 Mar 2024
• CS 6120: Advanced Compilers: The Self-Guided Online Course
  1 project | news.ycombinator.com | 3 Mar 2024
• Automated Unit Test Improvement Using Large Language Models at Meta
  6 projects | news.ycombinator.com | 17 Feb 2024
• Hypothesis
  1 project | news.ycombinator.com | 1 Feb 2024
• A note from our sponsor - SaaSHub
  www.saashub.com | 23 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com