Tag Archive | "fuzzing"


08 January 2013 | 1,252 views

CERT Failure Observation Engine (FOE) – Mutational Fuzzing Tool

The CERT Failure Observation Engine (FOE) is a software testing tool that finds defects in applications that run on the Windows platform. FOE performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases that cause crashes.) The [...]

Continue Reading


07 June 2012 | 1,559 views

CERT Triage Tools – Vulnerability Impact Assessment Tool

The CERT Triage Tools can be used to assist software vendors and analysts in identifying the impact of defects discovered through techniques such as fuzz testing and prioritizing their remediation in the software development process. The CERT Triage Tools include a GNU Debugger (GDB) extension called “exploitable” that classifies Linux application bugs by severity and [...]

Continue Reading


08 May 2012 | 1,776 views

Basic Fuzzing Framework (BFF) From CERT – Linux & Mac OSX Fuzzer Tool

The CERT Basic Fuzzing Framework (BFF) is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. BFF performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases [...]

Continue Reading


16 March 2012 | 5,353 views

backfuzz – Multi-Protocol Fuzzing Toolkit (Supports HTTP/FTP/IMAP etc)

backfuzz is a fuzzing tool for different protocols (FTP, HTTP, IMAP, etc) but also has no-protocol plug-ins (Example: File Fuzzer). The general idea is that this script has several functions already predefined in the file “functions.py”, so whoever wants to write their own plugin’s (for another protocol) you can do so in a few lines [...]

Continue Reading


24 March 2011 | 8,972 views

CAT – Web Application Security Test & Assessment Tool

CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available [...]

Continue Reading


05 January 2011 | 10,047 views

cross_fuzz – A Cross-Document DOM Binding Fuzzer

cross_fuzz is an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market – many of said bugs exploitable – and it is still finding more. The fuzzer owes much of its efficiency to dynamically generating extremely long-winding sequences of DOM operations across [...]

Continue Reading


29 December 2010 | 9,430 views

IOCTL Fuzzer v1.2 – Fuzzing Tool For Windows Kernel Drivers

IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them. The fuzzer’s own driver hooks NtDeviceIoControlFile in order to take control of all IOCTL requests throughout the system. While processing IOCTLs, the fuzzer will spoof those IOCTLs conforming to conditions specified in [...]

Continue Reading


16 December 2010 | 10,728 views

Honggfuzz – Simple Command Line Software Fuzzing Tool

Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace() API/POSIX signal interface to detect and log crashes. Basically it’s a simple, easy to use via command-line interface, providing nice analysis of software crashes in a simple form of [...]

Continue Reading


05 August 2010 | 7,153 views

Peach Fuzzing Platform – Smarfuzzer For Generation & Mutation Based Fuzzing

Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing. There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this [...]

Continue Reading


28 July 2010 | 11,442 views

FuzzDiff – Tool For Fuzzing and Crash Analysis

FuzzDiff is a simple tool to help make crash analysis during file format fuzzing a bit easier. I’m sure many people have written similar tools for their own purposes, but I haven’t seen any that are publicly available. Hopefully at least one person finds it useful. When provided with a fuzzed file, a corresponding original [...]

Continue Reading


Popular Tags

computer-security · darknet · exploits · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · Information-Security · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·