DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
3843e851177812d4d3ff4b96ba6b5e4aUniOFuzz is a universal fuzzing tool for browsers, web services, files, programs and network services/ports.
699ae0a5715729e8d320012413fac2fePHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
1e02ee78d2940ef98e05c77caf0939cdPHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
4ddf92ab837e326d0d39b49b2c6d2aa6SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more.
8c91029192323bd09eaf9a421c288fc1rtspFUZZ is a real time streaming protocol server fuzzer. It uses 6 basic crafting techniques OPTIONS,DESCRIBE,SETUP,PLAY,GET_PARAMETER,TEARDOWN,PAUSE etc rtsp commands and 9 advanced crafting techniques to test any target application. It has the ability to fuzz with Metasploit Pattern (pattern_create.rb) which can be helpful for finding the offset.
7d2e1f192b41f4a7b9346514ecd8b0c8PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
392085a25f1f990b947853370d539873FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.
0f7206509ccf1ffe3ceed654642a63b9PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
183aba9079d7a9459d25a61d503d2330Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X.
678df7f9fbdfb547763940f356d1210aDotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
376c7c7edc5c0cebeae39d11ef744ef0FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.
ec3d8e64642e2cc6539902f9ff72fd1fSimple Fuzzer is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
961cbf43f77f9fab65d81ef56d5d01e4Spiderpig is a PDF fuzzing utility written in python.
a9cde005732f2603881d77bcf00757f9This fuzzing tool is called the Full Automated Column Finder for SQL Injection.
5349576ea420cb949eb0170d11bd05c0CGIFuzz is a python script for scanning 592 CGI paths on a given target.
fdf2b6399579947bd24073f4454cc848zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
6bd0b2dedfd2baa819c5ed1082f2f15aBrowser Fuzzer 3 (bf3) is a comprehensive web browser fuzzer that fuzzes CSS, DOM, HTML and JavaScript.
901fa6e63c9a092053d85b4032b4d8e32^6 TCP control bit fuzzer (no ECN or CWR).
59d4a04e97147571391b2f2ebfe8d7f8DeepToad is a tool for computing fuzzy hashes from files. DeepToad can generate signatures, clusterize files and/or directories and compare them. It's inspired in the very good tool ssdeep and, in fact, both projects are very similar. The complete project is written in pure python and is distributed under the LGPL license.
4334037822d2c341c0f288cbe3ba41acThis small perl script is a generic random remote fuzzer.
f8b3252e97cd17efc8addb74d8ad7fc5This is the ICMPv4/IP fuzzer prototype code.
c38b3ad6980012a934bcede7cf3603744f is the file format fuzzing framework.
5c452b9e6ac99f63de77398333d9f88aFuzzgrind is a fully automatic fuzzing tool, generating test files with the purpose of discovering new execution paths likely to trigger bugs and potentially vulnerabilities. It is based on the concept of symbolic execution. Thus, the tool starts from a file considered valid by the software under test, and analyses the execution path to extract any constraints tied to branch instructions followed by this software. By resolving constraints one by one, Fuzzgrind will alter the valid file to explore possible new branches of the software under test, in order to discover new vulnerabilities.
d7562677b43cb10b288830b22bf9c423Asterisk UDP IAX protocol fuzzing utility.
77793f354d130646985bf8e94ebc9240
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed