ProtoBurp++: Elevating Protobuf Security Research

A game-changer in cybersecurity tooling, designed to take Protobuf fuzzing and encoding in Burp Suite to new heights. Dive in to explore its enhanced capabilities and features, setting a new benchmark in security research. This is an updated version of ProtoBurp by Dillon Franke, with enhanced features and capabilities. We called this version ProtoBurp++ to distinguish the tool …

Furlzz – Advanced iOS URL Scheme Fuzzing Made Easy

Furlzz is a small fuzzer written to test out iOS URL schemes. It does so by attaching to the application using Frida and based on the input/seed it mutates the data and tries to open the mutated URL. Furlzz works in-process, meaning you aren’t actually opening the URL using apps such as SpringBoard. furlzz supports …

Fuzzing Forum – Advanced Software Testing

This project aims at hosting tutorials, examples, discussions, research proposals, and other resources related to fuzzing. External contributions are welcome, please see┬áCONTRIBUTING┬áContributing File for more information. The “Fuzzing Forum” is a place where people can find tutorials, examples, discussions, and more, all about the fuzzing method. The project has resources for both beginners and experts on …

Py3webfuzz : A Python3 Module To Assist In Fuzzing Web Applications

Based on pywebfuzz, Py3webfuzz is a Python3 module to assist in the identification of vulnerabilities in web applications, Web Services through brute force, fuzzing and analysis. The module does this by providing common testing values, generators and other utilities that would be helpful when fuzzing web applications, API endpoints and developing web exploits. It has …

CWFF : Custom Wordlists For Fuzzing

CWFF is a tool that creates a special High quality fuzzing/content discovery wordlist for you at the highest speed possible using concurrency and it’s heavily inspired by @tomnomnom‘s Who, What, Where, When, Wordlist #NahamCon2020. Usage CWFF [-h] [–threads] [–github] [–subdomains] [–recursive] [–js-libraries] [–connected-websites] [–juicy-files] [–use-filter-model] [-o] domain Positional Arguments:domain Target website(ofc) Optional Arguments:-h, –help Show …

OSS-Fuzz : Continuous Fuzzing For Open Source Software

In cooperation with the Core Infrastructure Initiative, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has …

Frida-Fuzzer : Experimental Fuzzer Used For API In-Memory Fuzzing

Frida-Fuzzer is a experimental fuzzer is meant to be used for API in-memory fuzzing. The design is highly inspired and based on AFL/AFL++. ATM the mutator is quite simple, just the AFL’s havoc and splice stages. I tested only the examples under tests/, this is a WIP project but is known to works at least …

PBTK : A Toolset For Reverse Engineering & Fuzzing Protobuf-Based Apps

PBTK is a tool that can be used for reverse engineering and fuzzing protobuf based application. Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structures, which is then compiled to code or another kind …

AutoPwn : Automate Repetitive Tasks For Fuzzing

Completely re-writing this right now. Focus will be on interactive Linux apps that only take input from stdin for starters. Attempting to use Shellphish’s Driller and Fuzzer functionality. AutoPwn in it’s current state will do this in limited form. Simply run autoPwn ./binary then select the Start option. Installing Given all the dependency issues here, …