Collaborate Disseminate
Is it possible to file fuzz and network fuzz client apps written in C# .Net? The reason I ask is I am not a developer, but I am a security analyst and I have been given the task of file fuzzing the products created by my comp… Continue reading Fuzzing client apps
Is it possible to file fuzz and network fuzz client apps written in C# .Net? The reason I ask is I am not a developer, but I am a security analyst and I have been given the task of file fuzzing the products created by my comp… Continue reading Fuzzing client apps
Why is there any silver bullet fuzzing list for SQLi?
I’ve been asking this questing since I started pentesting web apps. If you look at fuzzing lists like SecList, Fuzzdb, IntruderPayloads, OWASP Fuzz Vectors etc. there are… Continue reading SQL injection fuzzing silver bullet
I am looking for a free file fuzzer tool that can fuzz desktop apps.
I contacted Peach Fuzzer and they said Peach is capable of fuzzing Desktop Apps but it is paid.
I came across some fuzzers that need URL as an input and… Continue reading File Fuzzer for Desktop Applications [on hold]
Google’s beta project, OSS-Fuzz, has found 264 vulnerabilities in 47 open-source projects – so is it an idea whose time has come? Continue reading How Big Fuzzing helps find holes in open source projects
In the last five months, Google’s OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects, and it’s ready to integrate even more of them. Fuzzing open source Software flaws can end up creating security vulnerabilities, and undermine the security of the open source foundation of many apps, sites, services, and networked things. Launched in December 2016, OSS-Fuzz aims to provide continuous fuzzing for select core open source software. “OSS-Fuzz’s goal is … More → Continue reading Google found over 1,000 bugs in 47 open source projects
I have a web application I am wanting to fuzz. It consists of a lot of REST webservice gets/puts. I have been considering using Sulley Fuzzing Framework or its successor boofuzz.
Since the jsessionid and/or other authenticat… Continue reading Fuzzing authenticated part of web application
Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be… Continue reading Powerfuzzer – Automated Customizable Web Fuzzer