473 Open source projects that are alternatives of or similar to Fuzzit

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

HTML5 WebSocket message fuzzer

Fuzzinator Random Testing Framework

A fuzzer for full VM kernel/driver targets

wooyun public information backup

ANTLR v4 grammar-based test generator

This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.

Academic papers and articles that I read related to web hacking, fuzzing, etc. / 阅读过的Web安全方向、模糊测试方向的一些论文与阅读笔记

web scanner - exploitation - information gathering

Command line tool for testing CRLF injection on a list of domains.

A web crawler (for bug hunting) that gathers more than you can imagine.

Constraint solver based on coverage-guided fuzzing

Potentially dangerous files

Source code for Hacker101.com - a free online web and mobile security class.

A container repository for my public web hacks!

List of real-world threats against endpoint protection software

Automatic SSRF fuzzer and exploitation tool

List of Magento extensions with known security issues.

A Linux Kernel Module that implements a fast snapshot mechanism for fuzzing.

Gem vulnerability checker using rubysec/ruby-advisory-db

A bootrom exploit for MediaTek devices

Rapid is a Go library for property-based testing that supports state machine ("stateful" or "model-based") testing and fully automatic test case minimization ("shrinking")

A Binary Ninja plugin for vulnerability research.

vfuzz

Canadian Furious Beaver is a tool for hijacking IRPs handler in Windows drivers, and facilitating the process of analyzing Windows drivers for vulnerabilities

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

Simple script for generating Malformed QRCodes.

Securify v2.0

🔥 An Exploit framework for Web Vulnerabilities written in Python

Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.

UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities

🛡️ GitHub Action for security audits

Resources About Fuzzing, For Multiple Platforms And All Popular Fuzzers. 500+ Open Source Tools Sorted By Star Count, 800+ Blog Posts Sorted By Publish Time.

Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis

DOM fuzzer

Property based testing framework for JavaScript (like QuickCheck) written in TypeScript

Greenbone Vulnerability Manager

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

PoC exploit for CVE-2016-4622

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

Janus: a state-of-the-art file system fuzzer on Linux

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Reverse Shell as a Service

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Wordpress Vulnerability Scanner

MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.

Reverse-engineering tools and exploits for Samsung's implementation of TrustZone

Vulnerability Database | huntr.dev

Huorong Internet Security vulnerabilities 火绒安全软件漏洞

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

Rockyou for web fuzzing

SlowMist Vulnerability Research Advisories

Original Automated CVE Checking Tool

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list