Vulnerability Lab has produced a large amount of cross site scripting payloads that can be used with fuzzers for automated scanning, etc.
a1bef07ff4bd5d4358baf87d3e3c349fThis is a master TFTP fuzzing script that is part of the ftools series of fuzzers.
d3b7780cecd148956c6ef097c75ad678This tool is for fuzzing different protocols such as FTP, HTTP, IMAP, and more. It also has no-protocol plugins like a file fuzzer. Written in Python.
fd27b7de64ad280fd5b1e9098a16c452Simple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
e6a3e9a8269831aa4ef90b9cc1652d4cDotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
3843e851177812d4d3ff4b96ba6b5e4aUniOFuzz is a universal fuzzing tool for browsers, web services, files, programs and network services/ports.
699ae0a5715729e8d320012413fac2fePHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
1e02ee78d2940ef98e05c77caf0939cdPHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
4ddf92ab837e326d0d39b49b2c6d2aa6SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more.
8c91029192323bd09eaf9a421c288fc1rtspFUZZ is a real time streaming protocol server fuzzer. It uses 6 basic crafting techniques OPTIONS,DESCRIBE,SETUP,PLAY,GET_PARAMETER,TEARDOWN,PAUSE etc rtsp commands and 9 advanced crafting techniques to test any target application. It has the ability to fuzz with Metasploit Pattern (pattern_create.rb) which can be helpful for finding the offset.
7d2e1f192b41f4a7b9346514ecd8b0c8PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
392085a25f1f990b947853370d539873FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.
0f7206509ccf1ffe3ceed654642a63b9PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
183aba9079d7a9459d25a61d503d2330Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
678df7f9fbdfb547763940f356d1210aDotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
376c7c7edc5c0cebeae39d11ef744ef0Whitepaper called Intelligent Debugging and In-Memory Fuzzers.
d1955523822000ba769d19f98f4efdeeFuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.
ec3d8e64642e2cc6539902f9ff72fd1fSimple Fuzzer is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
961cbf43f77f9fab65d81ef56d5d01e4Spiderpig is a PDF fuzzing utility written in python.
a9cde005732f2603881d77bcf00757f9Whitepaper called The Sulley Framework: Basics. Sulley is a fuzzer packed with interesting capabilities. Such as packet-capturing, crash reporting and VMware automation.
2436311410fedbb03bcd58089392fe9bThis fuzzing tool is called the Full Automated Column Finder for SQL Injection.
5349576ea420cb949eb0170d11bd05c0CGIFuzz is a python script for scanning 592 CGI paths on a given target.
fdf2b6399579947bd24073f4454cc848zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
6bd0b2dedfd2baa819c5ed1082f2f15aBrowser Fuzzer 3 (bf3) is a comprehensive web browser fuzzer that fuzzes CSS, DOM, HTML and JavaScript.
901fa6e63c9a092053d85b4032b4d8e32^6 TCP control bit fuzzer (no ECN or CWR).
59d4a04e97147571391b2f2ebfe8d7f8
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed