Browsing projects by Tag(s)

Select a tag to browse associated projects and drill deeper into the tag cloud.

Showing page 1 of 3
Compare

zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes from untrusted sources on the Internet). It works by intercepting file and network operations and changing random bits in the program’s ... [More] input. zzuf’s behaviour is deterministic, making it easier to reproduce bugs. [Less]

5.0
 
  0 reviews  |  6 users  |  7,954 lines of code  |  2 current contributors  |  Analyzed 10 days ago
 
 

Fusil project is a fuzzing program. Today, it's specific to Linux command line program, but the code is designed to be used with any project type (remote process, fake HTTP server, fuzz network socket, etc.). New Fusil implementation is now based on multi-agent system instead monolithic architecture.

5.0
 
  0 reviews  |  1 user  |  8,948 lines of code  |  0 current contributors  |  Analyzed about 2 years ago
 
 

An XML fuzzing tool. Xmlfuzzer takes XML Scheme on input and returns valid XML document with random data.

0
 
  0 reviews  |  1 user  |  0 current contributors
 
 

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach ... [More] your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. [Less]

5.0
 
  0 reviews  |  1 user  |  24,886 lines of code  |  1 current contributor  |  Analyzed about 18 hours ago
 
 

Sulley is a fuzzer development and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to ... [More] simplify data transmission and target monitoring as well. Sulley is affectionately named after the creature from Monsters Inc., because, well, he is fuzzy. Modern day fuzzers are, for the most part, solely focus on data generation. Sulley not only has impressive data generation but has taken this a step further and includes many other important aspects a modern fuzzer should provide. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a known good state using multiple methods. Sulley detects, tracks and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases trigger faults. Sulley does all this, and more, automatically and without attendance. [Less]

0
 
  0 reviews  |  0 users  |  5,264 lines of code  |  0 current contributors  |  Analyzed 1 day ago
 
 

SpaceMonkey is a Web application auditing tool. It can detect bugs or security flaws without using a knowledge database. It uses fault injection technics ('fuzzing') in order to reveal the flaws (SQL injection, XSS, File inclusion, command execution ).

0
 
  0 reviews  |  0 users  |  12,596 lines of code  |  0 current contributors  |  Analyzed 3 days ago
 
 

Bunny the FuzzerA closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to ... [More] the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals. Bunny is currently known to support Linux, FreeBSD, OpenBSD, and Cygwin on IA32 and IA64 systems. Quick linksDownload current version (0.93 beta) See detailed documentation [Less]

0
 
  0 reviews  |  0 users  |  3,753 lines of code  |  0 current contributors  |  Analyzed 10 days ago
 
 
Compare

tminA quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. The tool is somewhat related to delta, a more featured general-purpose optimizer - but is meant specifically for dealing with unknown or complex data formats (without the need to ... [More] tokenize and re-serialize testcases), for hands-off detection of security fault conditions, and for easy integration with UI testing harnesses. It is also capable of reducing the complexity of alphabets used on datasets that cannot be further trimmed down in size. Quick linksDownload current version Instruction manual [Less]

0
 
  0 reviews  |  0 users  |  0 current contributors  |  Analyzed 5 days ago
 
 

Fuzzing of WebServices. Features: gui, input definition(per parameter), test case generatiion, filter of results, ...

0
 
  0 reviews  |  0 users  |  0 current contributors
 
 

This Javascript lib basically tries to fry your favorite browsers security. It can be a tool to inspect the browser, used for pentesting the browser or general browser fun. In any case it aims at being a js platform to fry browsers. It includes the following options: DOM inspecter, browser ... [More] crasher, heap sprayer, stack smasher, cookie tamperer, http assaulter,XHR pentester, DOM destroyer, JS fuzzer, DOM fuzzer, same origin violator, DOM mashup tool, protocol fuzzing, et al. [Less]

0
 
  0 reviews  |  0 users  |  0 current contributors  |  Analyzed 6 days ago
 
 
 
 

Creative Commons License Copyright © 2013 Black Duck Software, Inc. and its contributors, Some Rights Reserved. Unless otherwise marked, this work is licensed under a Creative Commons Attribution 3.0 Unported License . Ohloh ® and the Ohloh logo are trademarks of Black Duck Software, Inc. in the United States and/or other jurisdictions. All other trademarks are the property of their respective holders.