Track Awesome Fuzzing Updates Weekly
A curated list of awesome Fuzzing(or Fuzz Testing) for software security
🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 cpuu/awesome-fuzzing · ⭐ 711 · 🏷️ Security
Nov 20 - Nov 26, 2023
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Tools / API
- IvySyn - IvySyn is a fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks.
- MINER (⭐21) - MINER is a REST API fuzzer that utilizes three data-driven designs working together to guide the sequence generation, improve the request generation quality, and capture the unique errors caused by incorrect parameter usage.
- RestTestGen (⭐27) - RestTestGen is a robust tool and framework designed for automated black-box testing of RESTful web APIs.
- GraphFuzz (⭐7) - GraphFuzz is an experimental framework for building structure-aware, library API fuzzers.
- Minerva (⭐25) - Minerva is a browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case.
- FANS (⭐229) - FANS is a fuzzing tool for fuzzing Android native system services. It contains four components: interface collector, interface model extractor, dependency inferer, and fuzzer engine.
Tools / CPU
- DifuzzRTL (⭐59) - DifuzzRTL is a differential fuzz testing approach for CPU verification.
- MorFuzz (⭐10) - MorFuzz is a generic RISC-V processor fuzzing framework that can efficiently detect software triggerable functional bugs.
- SpecFuzz (⭐28) - SpecFuzz is a tool to enable fuzzing for Spectre vulnerabilities
- Transynther (⭐18) - Transynther automatically generates and tests building blocks for Meltdown attacks with various faults and microcode assists.
Tools / Web
- TEFuzz (⭐5) - TEFuzz is a tailored fuzzing-based framework to facilitate the detection and exploitation of template escape bugs.
- Witcher (⭐54) - Witcher is a web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL injection vulnerabilities.
- CorbFuzz (⭐3) - CorbFuzz is a state-aware fuzzer for generating as much reponses from a web application as possible without need of setting up database, etc.
Tools / Blockchain
- Fluffy (⭐44) - Fluffy is a multi-transaction differential fuzzer for finding consensus bugs in Ethereum.
- LOKI (⭐7) - LOKI is a blockchain consensus protocol fuzzing framework that detects the consensus memory related and logic bugs.
Tools / DBMS
- Squirrel (⭐166) - Squirrel is a fuzzer for database managment systems (DBMSs).
Nov 06 - Nov 12, 2023
Tools / File
- AFL++ (⭐4.1k) - AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.
- Angora (⭐882) - Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Jan 02 - Jan 08, 2023
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Dec 12 - Dec 18, 2022
Papers / The Network and Distributed System Security Symposium (NDSS)
Papers / IEEE Symposium on Security and Privacy (IEEE S&P)
Papers / USENIX Security
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Papers / The others
Oct 31 - Nov 06, 2022
Papers / The Network and Distributed System Security Symposium (NDSS)
Jan 24 - Jan 30, 2022
Books
Talks
- Fuzzing Labs - Patrick Ventuzelo, Youtube
Papers / The Network and Distributed System Security Symposium (NDSS)
Papers / IEEE Symposium on Security and Privacy (IEEE S&P)
Papers / USENIX Security
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Papers / The others
Oct 19 - Oct 25, 2020
Books
- The Fuzzing Book (2019)
Oct 12 - Oct 18, 2020
Papers / USENIX Security
- FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning, 2020
Jun 15 - Jun 21, 2020
Papers / IEEE Symposium on Security and Privacy (IEEE S&P)
Mar 09 - Mar 15, 2020
Papers / The Network and Distributed System Security Symposium (NDSS)
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Feb 03 - Feb 09, 2020
Papers / The Network and Distributed System Security Symposium (NDSS)
Dec 23 - Dec 29, 2019
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Aug 05 - Aug 11, 2019
Talks
- Effective File Format Fuzzing, Black Hat Europe 2016
- Adventures in Fuzzing, NYU Talk 2018
- Fuzzing with AFL, NDC Conferences 2018
Jul 15 - Jul 21, 2019
Books
- The Art, Science, and Engineering of Fuzzing: A Survey (2019) - Actually, this document is a paper, but it contains more important and essential content than any other book.
Papers / IEEE Symposium on Security and Privacy (IEEE S&P)
Papers / USENIX Security
Papers / ACM Conference on Computer and Communications Security (ACM CCS)
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Jun 17 - Jun 23, 2019
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Mar 04 - Mar 10, 2019
Papers / The Network and Distributed System Security Symposium (NDSS)
Papers / The others
Jan 28 - Feb 03, 2019
Papers / USENIX Security
Oct 29 - Nov 04, 2018
Papers / USENIX Security
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Papers / The others
Oct 22 - Oct 28, 2018
Books
Papers / USENIX Security
Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
Papers / The others