Search Results for "fuzz"
Sort By:
Showing 43 open source projects for "fuzz"
View related business solutions-
Managed MySQL, PostgreSQL, and SQL Databases on Google CloudCloud SQL is a fully managed relational database for MySQL, PostgreSQL, and SQL Server. We handle patching, backups, replication, encryption, and failover—so you can focus on your app. Migrate from on-prem or other clouds with free Database Migration Service. IDC found customers achieved 246% ROI. New customers get $300 in credits plus a 30-day free trial.
-
Build on Google Cloud with $300 in Free CreditStart your next project with $300 in free Google Cloud credit. Spin up VMs, run containers, query exabytes in BigQuery, or build AI apps with Vertex AI and Gemini. Once your credits are used, keep building with 20+ products with free monthly usage, including Compute Engine, Cloud Storage, GKE, and Cloud Run functions. Sign up to start building right away.
-
1
OSS-Fuzz
OSS-Fuzz - continuous fuzzing for open source software
OSS-Fuzz is a large-scale fuzz testing platform developed by Google to improve the security and reliability of widely used open source software. Fuzz testing is a proven method for uncovering programming errors such as buffer overflows and memory leaks, which can lead to severe security vulnerabilities. By leveraging guided in-process fuzzing, Google has already identified thousands of issues in projects like Chrome, and this initiative extends the same capabilities to the broader open source community. ... -
2
OSS-Fuzz Gen
LLM powered fuzzing via OSS-Fuzz
OSS-Fuzz-Gen is a companion project that helps automatically create or improve fuzz targets for open-source codebases, aiming to increase coverage in OSS-Fuzz with minimal maintainer effort. It analyses a library’s APIs, examples, and tests to propose harnesses that exercise parsers, decoders, or protocol handlers—precisely the code where fuzzing pays off. -
3
ClusterFuzz
Scalable fuzzing infrastructure
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs). Fully automatic bug filing, triage and closing for various issue trackers (e.g. ... -
4
Jazzer
Coverage-guided, in-process fuzzing for the JVM
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. -
Build AI Apps with Gemini 3 on Vertex AIVertex AI gives developers access to Gemini 3—Google’s most advanced reasoning and coding model—plus 200+ foundation models including Claude, Llama, and Gemma. Build generative AI apps with Vertex AI Studio, customize with fine-tuning, and deploy to production with enterprise-grade MLOps. New customers get $300 in free credits.
-
5
Woke
Woke is a Python-based development and testing framework for Solidity
...A testing framework for Solidity smart contracts with Python-native equivalents of Solidity types and blazing-fast execution. A property-based fuzzer for Solidity smart contracts that allows testers to write their fuzz tests in Python. See examples and documentation for more information. Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts. Woke implements an LSP server for Solidity. The only currently supported communication channel is TCP. -
6
OSV.dev
Open source vulnerability DB and triage service
...This repository contains the full infrastructure code for deploying osv.dev on Google Cloud Platform, including Terraform configurations, APIs, data pipelines, indexers, and background workers for vulnerability ingestion and impact analysis. It also integrates with automated feeds from sources like NVD and OSS-Fuzz, enabling continuous updates and high data accuracy. -
7
Atheris
A Coverage-Guided, Native Python Fuzzer
...Because many Python libraries are thin wrappers over C/C++ code, Atheris is equally adept at surfacing memory safety issues in extension modules compiled with sanitizers. The tool integrates smoothly with Python’s packaging and unit-test ecosystems, so you can wrap existing tests as fuzz targets and keep results understandable. It supports structured input strategies and custom mutators, which is especially helpful for text and data formats common in Python workloads. In practice, Atheris compresses weeks of edge-case brainstorming into hours of automated exploration with actionable, minimized reproductions. -
8
libplist
A library to handle Apple Property List format in binary or XML
A small portable C library to handle Apple Property List files in binary, XML, JSON, or OpenStep format. -
9
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc. -
Cut Cloud Costs with Google Compute EngineSave on compute costs with Compute Engine. Reduce your batch jobs and workload bill 60-91% with Spot VMs. Compute Engine's committed use offers customers up to 70% savings through sustained use discounts. Plus, you get one free e2-micro VM monthly and $300 credit to start.
-
10
XRAY
XRay for recon, mapping and OSINT gathering from public networks
XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. ... -
11
markdown-rs
CommonMark compliant markdown parser in Rust with ASTs and extensions
markdown-rs is an open-source markdown parser written in Rust. It’s implemented as a state machine (#![no_std] + alloc) that emits concrete tokens, so that every byte is accounted for, with positional info. The API then exposes this information as an AST, which is easier to work with, or it compiles directly to HTML. While most markdown parsers work towards compliancy with CommonMark (or GFM), this project goes further by following how the reference parsers (cmark, cmark-gfm) work, which is... -
12
SSRFmap
Automatic SSRF fuzzer and exploitation tool
SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans. Because SSRF often leads to lateral movement or internal network access, SSRFmap is especially useful for red-teamers and pentesters who want to explore chains rather than just the vulnerability surface. ... -
13
s2n-quic
An implementation of the IETF QUIC protocol
...It is built with configurability in mind—you can tune congestion control (like CUBIC), pacing, packet size discovery, and other advanced network behaviors. Extensive testing (unit, fuzz, interop) ensures protocol compliance and interoperability with other implementations. Because it is open-source under Apache 2.0, organizations can integrate it into services where low latency, multiple streams, or mobility (connection migration) matter. -
14
Fastbot-Android Open Source Handbook
Testing tool for modeling GUI transitions
Fastbot_Android (Fastbot 2.0) is a model-based automated testing tool by ByteDance designed to discover stability or usability issues in Android apps by modeling GUI transitions rather than relying purely on random interactions. It blends machine learning and reinforcement-learning approaches to build a transition graph of UI states and use that model to intelligently explore possible user interactions — aiming to replicate more human-like usage patterns and uncover hidden bugs, crashes, or... -
15
µWebSockets
Compliant web server for the most demanding of applications
Being meticulously optimized for speed and memory footprint, µWebSockets is fast enough to do encrypted TLS 1.3 messaging quicker than most alternative servers can do even unencrypted, cleartext messaging. Furthermore, we partake in Google's OSS-Fuzz with a ~95% daily fuzzing coverage with no sanitizer issues. LGTM scores us flawless A+ from having zero CodeQL alerts and we compile with pedantic warning levels. µWebSockets is written entirely in C & C++ but has a seamless integration for Node.js backends. This allows for rapid scripting of powerful apps, using widespread competence. ... -
16
LFIMap
Advanced LFI Exploitation Tool
A Advanced LFI Exploitation Tool offer Bypass WAF and Plugins and support Large of LFI Technique and scan customization and user friendly -
17
GraphQLmap
GraphQLmap is a scripting engine to interact with endpoints
...For a pentester, GraphQLmap speeds up discovery and exploitation workflows: you don’t just test known endpoints—you enumerate schema, fuzz fields, and chain queries. It offers a CLI, supports various HTTP methods, custom headers, proxies, and is designed to work with real-world GraphQL deployments. -
18
FuzzBench
FuzzBench - Fuzzer benchmarking as a service
...It provides a standardized, reproducible environment for comparing the performance and effectiveness of different fuzzing algorithms on real-world software targets. FuzzBench integrates with the OSS-Fuzz infrastructure, allowing it to run experiments on authentic open source projects and collect meaningful data on crash discovery rates, code coverage, and bug-finding efficiency. The service includes an easy-to-use API for integrating custom fuzzers and an automated reporting system that generates detailed statistical analyses, comparative graphs, and significance testing. ... -
19
sqlsmith
A random SQL query generator
SQLSmith is a fuzz testing tool for PostgreSQL that automatically generates random SQL queries to uncover bugs in the query planner and executor. It is widely used by PostgreSQL developers and database vendors to stress-test SQL features and engine behavior under edge-case conditions. SQLSmith helps improve database robustness by revealing unexpected failures. -
20
Dapp tools by DappHub
Dapp, Seth, Hevm, and more
Command line tools and smart contract libraries for Ethereum smart contract development. All you need Ethereum development tool. Build, test, fuzz, formally verify, debug & deploy solidity contracts. Ethereum CLI. Query contracts, send transactions, follow logs, slice & dice data. Testing-oriented EVM implementation. Debug, fuzz, or symbolically execute code against local or mainnet state. Sign Ethereum transactions from a local keystore or hardware wallet. dapptools is currently in a stage of clandestine development where support for the casual user may be deprived. ... -
21
Z Word Tools
Write, check, index and diagram Z specifications in Microsoft Word.
Tools to allow Z specifications to be written in Microsoft Word. Includes a unicode font for Z symbols. Provides: WYSIWYG editing fully integrated into Word; Typechecking using fuzz (for Spivey Z) or CZT (for ISO standard Z); Indexing and cross-referencing; Diagrams of specification structure; Conversion from Spivey to Standard Z- also available as a stand-alone program and Java class for non-windows users. See project website for details. -
22
gofuzz
Fuzz testing for go
gofuzz is a lightweight fuzzing utility for Go that rapidly generates randomized, edge-case-heavy inputs to populate structs, maps, slices, and scalar fields. It’s engineered to make property tests productive by automatically traversing nested types and supplying varied values, including zero values, extremes, and random strings or byte sequences. Because it respects Go’s type system, it can generate valid shapes for complex generic or composite types with very little setup. Users can... -
23
Wraith
A responsive screenshot comparison tool
...In the 'component' example config, you can see how we specify a component name, domain path and selector we want to capture. All config options will be placed in a YAML config file. You set the headless browser, diff mode, threshold, fuzz amount and screen widths. -
24
ansvif
An advanced cross platform fuzzing framework suited to find code bugs.
ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids... -
25
unityblog
Minimal no fuzz blog, with a neat minimal design
Minimal no fuzz blog, with a neat minimal design Features: comments, tagging, admin add/edit/delete, categories etc. example blog: www.rlogin.dk
