Embark on a journey of knowledge! Take the quiz and earn valuable credits.
Take A QuizChallenge yourself and boost your learning! Start the quiz now to earn credits.
Take A QuizUnlock your potential! Begin the quiz, answer questions, and accumulate credits along the way.
Take A QuizFuzz testing, also known as fuzzing or monkey testing, is a technique used to test SOFTWARE for unknown vulnerabilities. The fuzz testing process is automated by a program known as a fuzzer. This program comes up with a large amount of data to send to the target program as input. If the target program crashes or behaves in an undesirable way, the fuzzer makes a log of the input that caused the error.
Hackers often use fuzzers to look for vulnerabilities in software, probing it for weaknesses they can exploit. Software developers can use a fuzzer to anticipate and defend against those types of attacks.
OriginThe first fuzzer was written in the early 1980s by developer Steve Capps to test for weakness in programs for the Macintosh computer. He called his program "The Monkey," referring to the classic adage of a monkey pressing random keys on a typewriter for an infinite amount of time. The theory is that given enough time, the monkey will eventually write the complete works of Shakespeare. Although this approach to software testing is often called "fuzzing," it is also called "monkey testing" because of Capps' program.
List of fuzzersFuzzing techniques help with software testing, and many fuzzers exist for specific purposes.
The following is a list of fuzzers, most of them being open-source and many still in active development.
Fuzzer Name/URL | Description |
---|---|
Google Sanitizers | A group of FOUR data sanitizers developed at Google, which use fuzzing to detect program errors:
|
afl-fuzz | American Fuzzy Lop, a tool which uses genetic algorithms to test the SECURITY of compiled programs. |
Backfuzz | A protocol fuzzing toolkit. |
BrundleFuzz | A distributed fuzzer for Windows and Linux. |
CERT FOE | Failure Observation Engine, a tool developed by CERT which uses mutational fuzzing to detect vulnerabilities in Windows programs. |
CERTfuzz | The source code of CERT FOE. |
Choronzon | An evolutionary knowledge-based fuzzer. |
Diffy | A tool developed by Twitter to discover vulnerabilities in web services. |
Dizzy | A fuzzing library for Python |
dfuzzer | A fuzzing tool for testing processes that communicate through the D-Bus IPC and RPC mechanism. |
dotdotpwn | A tool to test web applications for path traversal vulnerabilities. |
Dranzer | A fuzz tester for ActiveX controls. |
EMFFuzzer | An Enhanced Metafile fuzz tester. |
Exploitable | An extension for GDB (the GNU debugger) that analyzes Linux executables and classifies their bugs by severity according to known exploits. Originally developed at CERT. |
Go-fuzz | A fuzz tester for Go programs that populates their objects with random values. |
grr | Translates 32-bit binaries to 64-bit, fuzzing them as part of the process. |
honggfuzz | Evolutionary, feedback-driven fuzzer for hardware and software. |
HTTP/2 Fuzzer | A fuzzer for HTTP/2 applications, still available for download but no longer actively developed. |
Hodor | A "slightly more than totally dumb" (brute force) fuzzer. |
iFuzzer | A fuzzer written in Python which uses Mercurial and Valgrind. |
KEMUfuzzer | A fuzzer for virtual machines running on QEMU, VMware, VirtualBox, or BHOCS emulation platforms. |
KernelFuzzer | A fuzzer for kernel system calls. |
LibFuzzer | A library for in-process, evolutionary, coverage-guided fuzz testing. |
Netzob | A fuzzer for reverse-engineering communications protocols. |
Neural Fuzzer | A fuzzer that uses machine learning (neural networks) to perform its testing. |
Nightmare | A distributed fuzzer with web-based administration tools. |
Pathgrind | Path-based dynamic analysis for 32-bit applications. |
Perf-fuzzer | A fuzzer specifically designed to test the perf_event_open() system call in the Linux kernel. |
Pulsar | A fuzzer which "learns" protocols. |
PyJFuzz | A Python JSON fuzzer. |
QuickFuzz | An experimental grammar fuzzer written in Haskell. |
Radamsa | A general-purpose fuzzer. |
Randy | A simple Python fuzzer that generates random input for the tested program. |
sfuzz | Simple fuzz. "Exactly what it sounds like — a simple fuzzer." Included as part of the Kali Linux toolset. |
skipfish | A web application security scanner developed at Google. |
syntribios | An automated fuzz tester for web APIS, written in Python and maintained by the OpenStack Security Group. |
TriforceAFL | A full-system fuzzer that uses QEMU. |
Wapiti | A web application vulnerability scanner. |
Wfuzz | A brute-force fuzzer for web applications. |
zzuf | A deterministic, transparent application input fuzzer that randomly changes bits in a file's input operations. |
The following are fuzzing harnesses, or frameworks, which helps you manage your fuzz testing.
Fuzzing Framework | Description |
---|---|
CERT BFF | The BFF (Basic Fuzzing Framework), developed by CERT, designed to find vulnerabilities in Windows, macOS, and Linux applications. |
FuzzFlow | A fuzzing framework in AngularJS. |
Fuzzinator | A framework for random fuzz testing. |
FuzzLabs | A general-purpose fuzz testing framework. |
Grinder | A fuzz testing automator/framework for testing web browsers. |
Kitty | A fuzz testing framework written in Python. |
ofuzz | A fuzzing framework written in OCaml. |
Nodefuzz | A fuzz testing framework for web browsers, written in nodejs. |
PassiveFuzzFrameworkOSX | A fuzzer for testing vulnerabilities in the macOS kernel. |
Peach Fuzzer | A platform for fuzz testing that can "test virtually any system for unknown vulnerabilities." |
RamFuzz | A fuzzer for testing the individual parameters of object methods. |
Sulley | A "fully-automated and unattended, pure Python" fuzzing framework. |
FunFuzzer | A Python fuzzing harness for JavaScript engines and DOM renderers, by Mozilla. |
Turn Your Knowledge into Earnings.
Ever curious about what any word really means? Dictionary has got them all listed out for you to explore. Simply,Choose a subject/topic and get started on a self-paced learning journey in a world of word meanings and translations.
Write Your Comments or Explanations to Help Others