Category Fuzzers

Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.

WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be tested.

Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.

VoIPER is a security toolkit that aims to allow developers and security researchers to easily, extensively and automatically test VoIP devices for security vulnerabilties. It incorporates a fuzzing suite built on the Sulley fuzzing framework, a SIP torturer tool based on RFC 4475 and a variety of auxilliary modules to assist in crash detection and debugging

VoIPER is a security toolkit that aims to allow developers and security researchers to easily, extensively and automatically test VoIP devices for security vulnerabilties. It incorporates a fuzzing suite built on the Sulley fuzzing framework, a SIP torturer tool based on RFC 4475 and a variety of auxilliary modules to assist in crash detection and debugging

VoIPER is a security toolkit that aims to allow developers and security researchers to easily, extensively and automatically test VoIP devices for security vulnerabilties. It incorporates a fuzzing suite built on the Sulley fuzzing framework, a SIP torturer tool based on RFC 4475 and a variety of auxilliary modules to assist in crash detection and debugging

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

wsScanner is a toolkit for Web Services scanning and vulnerability detection

The Metasploit Framework ("Metasploit") is a development platform for
creating security tools and exploits. Version 3.0 contains 177
exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally,
30 auxiliary modules are included that perform a wide range of tasks,
including host discovery, protocol fuzzing, and denial of service testing.

JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.