fuzzer
-
Cisco Talos has developed a fuzzer that enables us to test macOS software on commodity hardware. Fuzzer utilizes a snapshot-based fuzzing approach and is based on WhatTheFuzz framework. Support for VM state extraction was implemented and WhatTheFuzz was extended to support the loading of VMWare virtual machine snapshots. Additional tools support symbolizing and code coverage…
-
Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats.
-
By Matt Schwager Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input. In pure Ruby, these bugs may result in unexpected exceptions that could lead to denial of service, and in Ruby C extensions, they…
-
Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main selling points of radamsa are that it has…
-
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
-
SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers. It enhances the security assessment process by rapidly scanning and identifying potential vulnerabilities using multi-threaded, ensuring speed and efficiency. Unlike other scanners, SqliSniper is designed to eliminates false positives through and send alerts upon detection, with the built-in…
-
Firefly Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target. Advantages Changelog v1.3.1 Bugs fixed The scheme option included http even if only https had been specified by the…
-
headerpwn A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers. Install go install github.com/devanshbatham/[email protected] Use headerpwn allows you to test various headers on a target URL and analyze the responses. Here’s how to use the tool: Provide the target URL using the -url flag. Create a file containing the headers you…
-
This library implements a fuzzer for PHP, which can be used to find bugs in libraries (particularly parsing libraries) by feeding them “random” inputs. Feedback from edge coverage instrumentation is used to guide the choice of “random” inputs, such that new code paths are visited. Bug types The fuzzer by default detects three kinds of bugs: Error…