GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → palekh → fuzzing

palekh / fuzzing

Licence: MIT License
🐰 Tool set for fuzz and stress testing your functions!

Programming Languages

typescript
32286 projects
shell
77523 projects

Labels

testingstress-testingfuzzingstress-testfuzz

Projects that are alternatives of or similar to fuzzing

Intruderpayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+12531.82%)
Mutual labels:  fuzzing, fuzz
fuzzing
Easy fuzzing with go-fuzz
Stars: ✭ 15 (-31.82%)
Mutual labels:  fuzzing, fuzz
UltimateCMSWordlists
📚 An ultimate collection wordlists of the best-known CMS
Stars: ✭ 54 (+145.45%)
Mutual labels:  fuzzing, fuzz
AndroidFuzz
JavaFuzz 4 Android
Stars: ✭ 27 (+22.73%)
Mutual labels:  fuzzing, fuzz
avalanche
Minecraft server stress test tool.
Stars: ✭ 48 (+118.18%)
Mutual labels:  stress-testing, stress-test
Orion-Stress-Tester
A simple, efficient and accurate stress tester, support HTTP, WebSocket and TCP
Stars: ✭ 32 (+45.45%)
Mutual labels:  stress-testing, stress-test
unicorn-fuzzer
expansion of afl-unicorn using c++
Stars: ✭ 25 (+13.64%)
Mutual labels:  fuzzing, fuzz
FuzzImageMagick
Sample files for fuzzing ImageMagick
Stars: ✭ 15 (-31.82%)
Mutual labels:  fuzzing, fuzz
FuSeBMC
FuSeBMC is a novel Energy-Efficient Test Generator that exploits fuzzing and BMC engines to detect security vulnerabilities in real-world C programs.
Stars: ✭ 26 (+18.18%)
Mutual labels:  fuzzing
srcinv
source code audit tool
Stars: ✭ 45 (+104.55%)
Mutual labels:  fuzzing
fuzzuf
Fuzzing Unification Framework
Stars: ✭ 263 (+1095.45%)
Mutual labels:  fuzzing
Kirenenko
Super Fast Concolic Execution Engine based on Source Code Taint Tracing
Stars: ✭ 84 (+281.82%)
Mutual labels:  fuzzing
rust-security
Rust语言安全相关分析
Stars: ✭ 12 (-45.45%)
Mutual labels:  fuzz
healer
Kernel fuzzer inspired by Syzkaller.
Stars: ✭ 194 (+781.82%)
Mutual labels:  fuzzing
toughfuzzer
Tough Fuzzer is an obstacle course for go-fuzz composed of a series of small code samples which encapsulate the most common obstacles to code-coverage the fuzzer will encounter. In each case, the obstacle is insurmountable in a reasonable period of time using random inputs or even coverage-guided mutation.
Stars: ✭ 18 (-18.18%)
Mutual labels:  fuzzing
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+2204.55%)
Mutual labels:  fuzzing
sandsifter
The x86 processor fuzzer
Stars: ✭ 21 (-4.55%)
Mutual labels:  fuzzing
security-study-tutorial
Summary of online learning materials
Stars: ✭ 73 (+231.82%)
Mutual labels:  fuzzing
crypto-corpus
Corpus of crypto formats
Stars: ✭ 12 (-45.45%)
Mutual labels:  fuzzing
emmutaler
A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.
Stars: ✭ 126 (+472.73%)
Mutual labels:  fuzzing
View All Similar Projects ➔

Travis build NPM Package Node.js Package

Fuzzing · 🐰

It is tool to perform fuzz testing. Sometimes it's hard to understand if your function would crash if you pass null or undefined or any unusual value into it. To check that you're doing right you can use this package for stress testing your functions and APIs under different payloads.

Installation

First of all you need to install package like:

npm i fuzzing -SD

Usage

To start fuzzing follow few steps:

  • pick function you want to fuzz
  • select set of input values, which will be used as arguments passed into the function - input presets
  • choose output type if you want to see errors or warnings produced after function execution - output types
import {fuzz} from 'fuzzing';

/**
 * Let's assume that you want to test your perfectly written sum function to find some bugs or unexpected behaviours 
 */
function sum(arr) {
   return arr.reduce((accumulator, item) => accumulator + item, 0);
}

const errors = fuzz(sum) // pick function you want to fuzz
   .numberArray()        // select preset of input values
   .errors();            // choose output type

// print result to see what's going on
console.log(errors);

// it would give you array of executed tests
// showing your input values, test results and stack trace in case of any error
/*
Array [
  Object {
    "description": "SUCCESS: Function returned result is OK and no errors happened",
    "input": Array [
      2.718281828459045,
      3.141592653589793,
      0.6931471805599453,
      2.302585092994046,
      1.4426950408889634,
      0.4342944819032518,
      0.7071067811865476,
      1.4142135623730951,
    ],
    "result": 12.853916621954687,
    "type": "success",
  },
  Object {
    "description": "WARNING: Function returned result might be nullable or dangerous in some way",
    "input": Array [
      undefined,
      undefined,
      undefined,
      undefined,
      undefined,
      undefined,
      undefined,
      undefined,
      undefined,
      undefined,
      undefined,
      undefined,
      undefined,
      13,
    ],
    "result": NaN,
    "type": "warning",
  },
  Object {
    "description": "WARNING: Function returned result might be nullable or dangerous in some way",
    "input": Array [
      0,
      1,
      -1,
      5e-324,
      1.7976931348623157e+308,
      NaN,
      -Infinity,
      Infinity,
    ],
    "result": NaN,
    "type": "warning",
  },
  Object {
    "description": "FAILED: Function execution failed, check error stack trace",
    "error": [TypeError: Cannot read property 'length' of undefined],
    "input": undefined,
    "type": "error",
  },
  Object {
    "description": "FAILED: Function execution failed, check error stack trace",
    "error": [TypeError: Cannot read property 'length' of null],
    "input": null,
    "type": "error",
  },
]
*/

Passing Multiple Parameters

To start fuzzing functions which expects multiple arguments you should import preset const which contains all the presets.

import {fuzz, preset} from 'fuzzing';

function multiply(a, b) {
   return a * b;
}

const warnings = fuzz(multiply)
   .under(preset.number(), preset.number())    // select presets for each function argument
   .errors();
   
console.log(warnings);

Testing API's

The same way you can use fuzzing to call API endpoint with different payloads to test the behavior of your web server.

import {fuzz} from 'fuzzing';

/**
 * For example you want to ping github
 */
function pingGithub(url) {
    return fetch('https://github.io/' + url, { mode: 'no-cors' });
}

const errors = await fuzz(pingGithub)
   .string()
   .errors();

console.log(errors);

// OR

fuzz(pingGithub)
   .string()
   .errors()
   .then(console.log);

Presets of input parameters

Available sets of parameters:

  • boolean - Boolean
  • number - Number
  • string - String
  • object - Object
  • booleanArray - Array of a booleans
  • numberArray - Array of a numbers
  • stringArray - Array of strings
  • objectArray - Array of objects
  • all - All the data sets

Types of output

Available types of output are available as array of result items:

  • successes - for passed tests
  • warnings - for tests resulted with tricky or danger returned value
  • errors - for failed tests
  • all - for all tests

Contribution

Feel free to give a valuable feedback ❤️ Igor Golopolosov

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].