778 Open source projects that are alternatives of or similar to Honggfuzz Rs

OSS-Fuzz - continuous fuzzing for open source software.

Patches to afl to fix bugs or add enhancements

Command line tool for testing CRLF injection on a list of domains.

This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

Bugs are inevitable. Suffering is optional.

The Art, Science, and Engineering of Fuzzing: A Survey

My Material for the HITB presentation

run AFL with dynamorio

run AFL with pintool

Awesome Python Security resources 🕶🐍🔐

A user-friendly fuzzing and crash triage tool for Windows

Randomly mutate JSON, XML, HTML forms, text and binary data for fuzz testing

Awesome Java Security Resources 🕶☕🔐

A high performance offensive security tool for reconnaissance and vulnerability scanning

Python script to decode common encoded PowerShell scripts

Seeding fuzzers with symbolic execution

Google Protocol Buffers message generator

Open source application to instantly remediate common security issues through the use of AWS Config

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Find cloud assets that no one wants exposed 🔎 ☁️

Ansible role to apply a security baseline. Systemd edition.

A ZigBee hacking toolkit by Bishop Fox

Collecting & Hunting for IOCs with gusto and style

Constraint solver based on coverage-guided fuzzing

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

FudgeC2 - a command and control framework designed for team collaboration and post-exploitation activities.

Domain-Specific Fuzzing with Waypoints

An open source fuzzing framework for fun.

Reverse shell generator written in Python 3.

Fuzzinator Random Testing Framework

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

UNIC: Unicode and Internationalization Crates for Rust

A Go implementation of dirsearch.

🚀 Automatic crate publishing done right

Android library to reveal or obfuscate strings and assets at runtime

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A Virtual environment for Pentesting IoT Devices

Bash script to audit and fix macOS Catalina (10.15.x) security settings

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

Some of the best web shells that you might need!

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

Logger in Rust for pretty colors and text in the terminal. Aiming for a relatively simple API

NebulousAD automated credential auditing tool.

Semantics-aware Code Generation for Finding JS engine Vulnerabilities

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Exein core for Linux based firmware

The request.bin of DNS request

Fuzzing and Data Manipulation Framework (for GNU/Linux)

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

Light NodeJS rate limiting and response delaying using Redis - including Express middleware.

Endpoint detection & Malware analysis software

A backend-agnostic extension for file uploads in HTTP libraries for Rust

Tool made to automate tasks of pentesting.

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Hashcat web interface

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Patch-level verification for Bundler