Fuzzing
Fuzz testing (fuzzing) is an automated software testing technique that sends invalid, malformed, or unexpected inputs to a system to discover bugs, crashes, and security vulnerabilities. It has become one of the most effective methods for finding memory corruption, parsing errors, and input validation flaws at scale.
Fuzzing operates on a simple principle: programs that crash on unexpected input likely have exploitable bugs. Modern fuzzers go far beyond random input generation. Coverage-guided fuzzers like AFL++, libFuzzer, and Honggfuzz use code coverage feedback to evolve inputs that explore new code paths, dramatically increasing the chance of finding deep bugs. Grammar-based fuzzers generate structurally valid inputs for complex formats like JSON, XML, HTTP, and custom protocols.
In web application security, fuzzing is used for directory and file discovery, parameter brute-forcing, and finding injection points. Tools like ffuf, wfuzz, and Burp Intruder allow rapid testing of URL paths, query parameters, headers, and form fields against wordlists. API fuzzing tools specifically target REST and GraphQL endpoints with schema-aware mutation strategies.
At the systems level, fuzzing has uncovered thousands of vulnerabilities in browsers, operating system kernels, file format parsers, network protocol implementations, and cryptographic libraries. Google's OSS-Fuzz project alone has found over 10,000 bugs across hundreds of open-source projects.
This page collects fuzzing tools, techniques, research, and guides for both web application and systems-level fuzzing.
| Date Added | Link | Excerpt |
|---|---|---|
| 2026-06-08 NEW 2026 | AI Smart Contract Vulnerability Detection: Web3 Guide beginner 10 min read | Guide summarizing AI smart contract vulnerability detection, emphasizing a layered defense approach. It details how AI methods like deep learning on EVM bytecode, graph neural networks, and LLM auditing models complement traditional static analysis, fuzzing, and formal verification. The guide highlights tools such as Slither, Mythril, and Aderyn, and discusses the practical challenges and trade-offs of integrating AI into Web3 security workflows, noting that while AI improves recall, human review remains crucial for complex logic and access control bugs. |
| 2026-06-08 NEW 2026 | Continuous Offensive Security: The Line We've Been Walking news 12 min read AI | Library for continuous offensive security testing, this resource details the evolution from traditional Dynamic Security Testing (DAST) to AI-driven pentesting. It distinguishes between heuristic-detectable vulnerabilities (like SQL injection) and context-dependent ones (such as BOLA and IDOR) that require human-like reasoning. The library enables automated discovery of context-dependent flaws by analyzing intent, and includes Agent Red Teaming for novel AI-specific attack surfaces like prompt injection and data exfiltration in LLM-integrated applications. → snyk.io |
| 2026-06-08 NEW 2026 | Sparkplug B Protocol Fuzzing with AI Assistance intermediate 9 min read AI | Tool for fuzzing the Sparkplug B protocol, an MQTT-based standard for industrial control systems. This fuzzer systematically targets message types, data types, and field paths, identifying crashes, protocol violations, and state-handling bugs. AI assistance refined the Python implementation, improving coverage, efficiency, and adding CLI functionality for security testing of ICS and SCADA devices. → bishopfox.com |
| 2026-06-08 NEW 2026 | Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529 advanced 13 min read RCE | Writeup details the exploitation of CVE-2024-54529, a type confusion vulnerability in macOS's CoreAudio framework. The author outlines the process of turning a crash into a working exploit, involving complex heap manipulation and control flow hijacking. This includes challenges with CFString objects and the development of custom tools like an object dumper utilizing Ivan Fratric’s TinyInst Hook API, alongside static analysis with IDAPython. The writeup also touches upon the failure of an out-of-bounds read approach due to object size constraints and the discovery of uninitialized memory in the `ngne` object using Guard Malloc with PreScribble. → projectzero.google |
| 2026-06-08 NEW 2026 | On the Effectiveness of Mutational Grammar Fuzzing intermediate 8 min read | Technique analyzing the flaws of mutational grammar fuzzing, particularly how increased coverage doesn't always equate to more bugs and how samples tend to remain highly similar. It highlights issues found in XSLT implementations and JIT engines, suggesting potential improvements by exploring dataflow coverage or combining generative and mutational fuzzing approaches. → projectzero.google |
| 2026-06-08 NEW 2026 | Extending Ruzzy with LibAFL intermediate 7 min read | Library for extending Ruzzy, a coverage-guided fuzzer for Ruby code, with LibAFL. This integration leverages LibAFL's LLVM compatibility layer and addresses challenges like ELF `.preinit_array` section restrictions by utilizing LLVM `ld`, and resolves "No maps available; cannot fuzz!" errors by ensuring proper SanitizerCoverage initialization timing, critical for fuzzing campaigns. → blog.trailofbits.com |
| 2026-06-08 NEW 2026 | Go fuzzing was missing half the toolkit. We forked the toolchain to fix it. intermediate 5 min read | Library, gosentry, is a fork of the Go toolchain that enhances native fuzzing capabilities. It integrates LibAFL, Nautilus for grammar-based fuzzing, and capabilities for structured inputs, integer overflow detection (building on go-panikint), goroutine leak detection (via goleak), data race detection, and timeout detection. Existing Go fuzz harnesses can be used with gosentry without modification, offering improved bug detection and coverage reporting for vulnerabilities like those found in Optimism and Revm. → blog.trailofbits.com |
| 2026-05-25 2026 | Wireshark 4.6.6 Patches Critical ROHC and MACsec Vulnerabilities news | Wireshark version 4.6.6 has been released, addressing critical vulnerabilities in the ROHC and MACsec protocols. These patches are essential for users to protect against potential security risks. The update is now available, and users are strongly encouraged to upgrade to the latest version to ensure their systems are secure. |
| 2026-05-22 2026 | Autonomous fuzzing process under LLM supervision advanced 20 min read | Library for autonomous fuzzing, codenamed fuzzlab, utilizes Large Language Models (LLMs) under strict procedural guidance to automate software security testing. This Python-based system analyzes code, generates test programs, classifies findings, and prepares reports. It has successfully identified vulnerabilities in ModSecurity and Oracle VirtualBox, demonstrating its capability to supervise fuzzing campaigns, adapt to anomalies, and improve test generation without constant human intervention, supporting various AI models through a standardized interface. |
| 2026-05-18 2026 | Claude Mythos found decade-old Firefox bugs that years of fuzzing missed news | Claude Mythos has discovered long-standing Firefox vulnerabilities, some dating back a decade, which eluded years of automated fuzzing. These critical bugs highlight limitations in current security testing methodologies and underscore the persistent challenges in identifying complex software flaws. The specific details of the bugs and their potential impact are not provided in this brief announcement. → msn.com |
| 2026-05-15 2026 | Claude Mythos found decade-old Firefox bugs that years of fuzzing missed news | Claude Mythos has discovered long-standing bugs in Firefox, some present for a decade, which eluded extensive fuzzing efforts. This highlights limitations in automated testing and the value of manual, in-depth security research. The specific number of bugs or their severity was not detailed in the provided content, nor was any bug bounty payout amount mentioned. → msn.com |
| 2026-05-15 2026 | Stopping bugs before they ship: The shift to preventative security beginner | The article discusses a crucial shift in cybersecurity: moving from reactive bug fixing to proactive, preventative security measures. This approach aims to identify and resolve vulnerabilities earlier in the development lifecycle, before software is released to the public. The goal is to minimize the risk of security breaches and their associated costs, ultimately leading to more secure products and services. The emphasis is on integrating security practices throughout the entire development process, rather than treating it as an afterthought. |
| 2026-05-10 2026 | Mozilla Uses AI to Help Discover a Security Vulnerability in Firefox 271 news | Mozilla successfully employed AI to identify a security vulnerability in Firefox 271. This marks a significant step in leveraging artificial intelligence for cybersecurity, enabling more proactive discovery of potential threats. The AI's ability to analyze complex code and identify weaknesses could revolutionize vulnerability assessment and software security. This development highlights the growing importance of AI in protecting digital infrastructure and user data. |
| 2026-05-08 2026 | Mozilla Uses Mythos to Find Hundreds of Flaws news 3 min read | Library using Anthropic's Claude Mythos Preview and custom orchestration identified 271 security bugs in Firefox, including a 15-year-old defect missed by fuzzers. This AI-assisted approach yielded high-signal findings with minimal false positives, suggesting maturing capabilities for vulnerability discovery. The findings raise considerations for disclosure processes and the dual-use potential of such powerful models. → letsdatascience.com |
| 2026-05-08 2026 | Mozilla explains the system that discovered 271 vulnerabilities in Firefox using Claude Mythos Preview. beginner 2 min read | Library for AI-assisted vulnerability discovery, detailing Mozilla's system that leveraged Claude Mythos Preview to identify 271 vulnerabilities in Firefox. This system utilized an agent-based harness atop existing fuzzing infrastructure to pinpoint flaws in areas like JIT, WebAssembly GC, IndexedDB, and XSLT, including a 15-year-old bug in the `<legend>` element and persistent XSLT issues. The AI demonstrated a low false positive rate, with dual LLM verification bolstering developer confidence, and highlighted the effectiveness of existing anti-poisoning measures by identifying blocked AI attack attempts. → gigazine.net |
| 2026-05-07 2026 | AI-based fuzzing targets open-source LLM vulnerabilities advanced 6 min read | Library that utilizes AI-enhanced fuzzing to discover vulnerabilities in open-source projects. This technique has already identified 26 new vulnerabilities, including a critical flaw in OpenSSL, by generating sophisticated and varied test inputs that explore new execution paths and uncover edge cases missed by traditional methods. The library aims to improve code coverage, increase efficiency, and automate vulnerability discovery, though users must be aware of potential drawbacks like false positives and the need for careful validation of AI-generated code. → reversinglabs.com |
| 2026-05-01 2026 | Open-source Models Match Mythos in Bug Finding news 2 min read | Tooling enables open-source models to match Anthropic's Mythos in bug finding by creating orchestration pipelines that run multiple models in harness, providing defense in depth and covering individual model blind spots. This approach replicates Mythos's ability to find both shallow and complex vulnerabilities, offering a cost-effective alternative to proprietary models. Human experts are crucial for orchestrating these ensembles, triaging findings, and validating exploitability, ensuring improved security practices through AI-assisted testing and fuzzing pipelines. → letsdatascience.com |
| 2026-04-29 2026 | Firefox using advanced AI to find fix browser security flaws beginner AI | Firefox is employing advanced AI to proactively identify and address browser security vulnerabilities. This innovative approach aims to streamline the process of finding and patching flaws, enhancing user security. By leveraging AI, Firefox can potentially detect a wider range of issues more efficiently than traditional methods. The goal is to create a more secure browsing experience for all users by staying ahead of potential threats. → msn.com |
| 2026-04-24 2026 | Claude Mythos discovered 271 vulnerabilities in Firefox news Bug Bounty | Security researcher Claude Mythos identified an extensive 271 vulnerabilities within the Firefox browser. The details of these discoveries were shared via a linked article, highlighting a significant security audit conducted by Mythos. No bug bounty payout amount was specified in the provided content. → secnews.gr |
| 2026-04-22 2026 | Jazzer: Coverage-guided, in-process fuzzing for the JVM intermediate 6 min read | Library for coverage-guided, in-process fuzzing of the JVM. Jazzer integrates with JUnit 5.9.0+ and supports Linux, macOS, and Windows platforms. It leverages libFuzzer's instrumentation for mutation-based input generation, allowing developers to write fuzz tests alongside unit tests. Jazzer can run in regression or fuzzing modes, identifying crashes and storing inputs for further analysis. It also includes built-in sanitizers to detect risky behaviors during fuzzing. |
| 2026-04-22 2026 | Fuzzing 100+ open source projects with OSS-Fuzz - lessons learned intermediate 13 min read | Writeup detailing continuous fuzzing efforts on over 100 open-source projects via OSS-Fuzz. This initiative reported 2104 bugs, including 559 security-relevant issues, with 1330 fixed. Notable findings include CVE-2020-28362 in Go-ethereum and contributions to Sudoers and Pidgin, highlighting the impact of sustained vulnerability analysis on critical software components. |
| 2026-04-22 2026 | Large Language Model guided Protocol Fuzzing (NDSS) advanced 2 min read | Tool for LLM-guided protocol fuzzing, ChatAFL leverages pre-trained large language models to extract machine-readable protocol information from natural language specifications. This engine constructs grammars for message types and mutates or predicts message sequences, significantly enhancing state and code coverage compared to state-of-the-art fuzzers like AFLNet and NSFuzz. Experiments on ProFuzzbench demonstrated ChatAFL's effectiveness in discovering previously unknown vulnerabilities in real-world protocol implementations. |
| 2026-04-22 2026 | Detect Go's silent arithmetic bugs with go-panikint intermediate 4 min read | Library for detecting silent integer arithmetic bugs in Go projects. go-panikint modifies the Go compiler to transform integer overflows and truncations into explicit panics, making them detectable by fuzzers. It successfully identified an integer overflow vulnerability in the Cosmos SDK's RPC pagination logic. The library includes mechanisms to filter intentional overflows via source location whitelisting or in-code comments. → blog.trailofbits.com |
| 2026-04-22 2026 | Denial of Fuzzing: Rust in the Windows kernel intermediate 13 min read | Library for fuzzing Windows kernel GDI components, utilizing WinAFL and WinAFL Pet for efficient testing. It details techniques for metafile fuzzing with Enhanced Metafile Format Plus (EMF+) and identifies a denial-of-fuzzing condition triggered by mutations. The library includes methodologies for memory dump analysis using Volatility and MemProcFS, and a client-server approach to capture and store mutated files for faster reproduction of kernel crashes. |
| 2026-04-22 2026 | Bringing Fuzz Testing to Kotlin with kotlinx.fuzz beginner 7 min read | Library for fuzz testing Kotlin applications. Developed by JetBrains Research, this fuzzer, named kotlinx.fuzz, leverages existing Java fuzzers like Jazzer to identify edge cases and uncover hidden vulnerabilities by automatically generating random or invalid inputs for target functions such as `Duration.parseIsoStringOrNull`. It simplifies the fuzzing process, offering improved configuration, execution, and result analysis for Kotlin projects. |
| 2026-04-22 2026 | Advanced binary fuzzing using AFL++-QEMU and libprotobuf advanced 20 min read | Tool for advanced binary-only fuzzing utilizing AFL++-QEMU, focusing on grammar-aware in-memory persistent fuzzing. This practical guide demonstrates step-by-step configuration, including instrumentation tuning for specific code paths and optimizing execution speed, using a case study of a weak X509 parser with a buffer overflow vulnerability in `parse_cert_buf`. It details corpus preparation with `afl-cmin` and `afl-tmin`, and explores AFL++-QEMU features like `AFL_CUSTOM_MUTATOR_LIBRARY` and persistent mode addresses for performance enhancements. |
| 2026-04-22 2026 | deepSURF: Detecting Memory Safety Vulnerabilities in Rust Through Fuzzing LLM-Augmented Harnesses advanced 50 min read | Tool integrating static analysis and LLM-guided fuzzing to detect memory safety vulnerabilities in Rust's unsafe code. deepSURF handles generics by substituting them with custom types and LLM-augmented harnesses for complex API interactions. Evaluation on 27 Rust crates revealed 20 known and 6 previously unknown memory safety bugs, surpassing state-of-the-art tools. → arxiv.org |
| 2026-04-22 2026 | Fixing Security Vulnerabilities with AI in OSS-Fuzz intermediate 41 min read | Library that customizes the AutoCodeRover LLM agent, named CodeRover-S, for autonomously fixing security vulnerabilities detected by OSS-Fuzz. This approach leverages exploit input from fuzzing campaigns to extract dynamic call graph information and augment vulnerability reports. CodeRover-S aims to improve patch generation success rates by incorporating type-based analysis at identified faulty program locations, focusing on dynamic attributes for patch correctness over static code similarity metrics. → arxiv.org |
| 2026-04-22 2026 | A Survey of Network Protocol Fuzzing: Model, Techniques and Directions intermediate 63 min read | Survey of network protocol fuzzing techniques; this paper systematically reviews advancements, proposes a unified process model, and discusses techniques for syntax acquisition, test case generation, execution, monitoring, and feedback utilization. It highlights challenges unique to network protocols, such as statefulness and structured input, and points to promising research directions, referencing vulnerabilities like Heartbleed (CVE-2014-0160) found in software like OpenSSL. → arxiv.org |
| 2026-04-22 2026 | Anthropic AI Finds 271 Vulnerabilities in Firefox news | Anthropic AI Finds 271 Vulnerabilities in Firefox https://ift.tt/61geSjc → letsdatascience.com |
| 2026-04-19 2026 | Generative Fuzzer-Driven Vulnerability Detection in IoT Networks advanced | Generative Fuzzer-Driven Vulnerability Detection in IoT Networks |
| 2026-04-19 2026 | Automating Fuzz Driver Generation for Deep Learning Libraries with LLMs advanced | Automating Fuzz Driver Generation for Deep Learning Libraries with LLMs |
| 2026-04-19 2026 | Fuzz to the Future: Uncovering Occluded Future Vulnerabilities advanced | Fuzz to the Future: Uncovering Occluded Future Vulnerabilities → dl.acm.org |
| 2026-04-19 2026 | EdgeFuzz: A Middleware-Based Security Testing Tool intermediate | EdgeFuzz: A Middleware-Based Security Testing Tool |
| 2026-04-19 2026 | Software Fuzzing: The Cornerstone of Automated Vulnerability Discovery beginner | Software Fuzzing: The Cornerstone of Automated Vulnerability Discovery |
| 2026-04-16 2026 | Fuzzing | Testing Handbook - AppSec Guide beginner 8 min read | Handbook chapter detailing fuzzing as an essential dynamic testing method for uncovering security issues and bugs. It covers starting fuzzing projects quickly, delving into advanced techniques, and selecting appropriate fuzzers. The handbook explains how to write fuzzing harnesses, interpret their outputs, and apply them to real-world C/C++ projects, discussing both blackbox and feedback-driven graybox fuzzing approaches. It also explores mutation-based evolutionary fuzzing, the de facto algorithm, and defines key terminology such as SUT, fuzzer, harness, and corpus. → appsec.guide |
| 2026-04-16 2026 | API Fuzzing for Security Testing: Complete Guide intermediate 7 min read | Library for API fuzzing that automates vulnerability discovery by generating malformed, randomized, or boundary-case inputs to uncover weaknesses like injection attacks, authentication bypasses, and data exposure via error handling. It integrates into CI/CD pipelines, complementing static analysis and manual testing by detecting edge cases and logic flaws missed by traditional methods, significantly improving detection rates and reducing remediation costs. |
| 2026-04-16 2026 | Recent Fuzzing Papers Collection advanced | Recent Fuzzing Papers Collection |
| 2026-04-16 2026 | Awesome-Fuzzing: Curated List of Fuzzing Resources beginner 8 min read | Library collecting curated resources for learning fuzzing and exploit development, including books like "Fuzzing: Brute Force Vulnerability Discovery," courses, videos, tutorials, and vulnerable applications. It lists tools such as American Fuzzy Lop (AFL), Peach Fuzzer, honggfuzz, and Cloudfuzzer, alongside discussions of techniques like directed fuzzing and root cause analysis for vulnerabilities like integer overflows. The library also features resources on browser fuzzing frameworks like BFuzz and Grizzly. |
| 2026-04-16 2026 | KernelGPT: Enhanced Kernel Fuzzing via LLMs advanced 4 min read | Library for enhanced Linux kernel fuzzing using Large Language Models to automate Syzkaller specification generation and refinement. KernelGPT analyzes kernel source code, leverages LLMs for specification creation, and uses feedback for iterative improvement. This approach has successfully identified 24 new kernel bugs, including 11 with assigned CVEs, and many of its generated specifications have been integrated into the official Syzkaller repository. |
| 2026-04-16 2026 | ksmbd: Fuzzing Improvements and Vulnerability Discovery intermediate 9 min read | Library for improving fuzzing and discovering vulnerabilities in `ksmbd`, an SMB server implementation. This resource details techniques for expanding the attack surface by enabling configuration options like durable handles, oplocks, and SMB2 leases, and discusses fuzzer improvements. It specifically mentions patching NTLMv2 authentication, adjusting connection limits, and simulating valid SMB state transitions by parsing responses for TreeIDs and SessionIDs. The library also leverages protocol specifications to build grammars for commands like SMB2 IOCTL requests and explores fuzzing strategies such as focused area fuzzing to target specific code paths like `smb_check_perm_dacl`, which led to the discovery of integer overflows. → blog.doyensec.com |
| 2026-04-16 2026 | AFL++ Fuzzing in Depth intermediate 29 min read | Library for instrumenting and fuzzing source code targets with AFL++. This guide details the three-step process: compiling with special compilers like `afl-clang-lto` or `afl-gcc-fast`, preparing an input corpus, and executing the fuzzing process. It also covers compiler selection based on available versions (LLVM 11+, GCC 5+) and instrumentation options such as `laf-intel`, `redqueen`, and selective instrumentation via `allowlist.txt` or `denylist.txt` to optimize fuzzing efficiency. |
| 2026-04-16 2026 | The Fuzzing Book: Generating Software Tests beginner 6 min read | Library of practical examples and executable code, "The Fuzzing Book" teaches automated software testing techniques. It covers random fuzzing, mutation-based fuzzing, and grammar-based test generation, illustrated with Python code. The resource is suitable for university courses, supplementary material, or as a developer tool, and has been credited with finding over 2,600 bugs in JavaScript interpreters for browsers like Firefox, Chrome, and Edge. |
| 2026-04-16 2026 | Fuzzing101: A Step-by-Step Fuzzing Tutorial beginner 2 min read | Tutorial on fuzzing basics using AFL++ and Ubuntu 20.04 LTS. This resource features ten real-world targets and exercises to help learners discover vulnerabilities in software projects. It explains coverage-guided evolutionary fuzzing techniques, a method employed by popular fuzzers like AFL, libFuzzer, and HonggFuzz. |
| 2026-04-11 2026 | Getting Started with Python Fuzzing Using Atheris beginner 12 min read | Library for fuzz testing Python applications, Atheris, developed by Google, simplifies the process of finding bugs through coverage-guided randomized testing. It allows users to easily create fuzz harnesses for arbitrary Python code, utilizing `FuzzedDataProvider` to generate diverse input types such as strings, integers, and lists. The library integrates seamlessly with targets, reporting crashes like `ZeroDivisionError` when it encounters unexpected inputs, aiding developers in identifying and fixing edge-case vulnerabilities. |
| 2026-04-11 2026 | Unleashing Medusa: Smart Contract Fuzzing intermediate 2 min read | Library for coverage-guided, parallel, and on-chain fuzzing of EVM smart contracts. Medusa v1, built on Geth and written in Go, uses Slither insights for smart mutational value generation and provides enhanced debugging with rich execution traces. It offers an alternative to Echidna, focusing on scalability and maintainability for faster vulnerability discovery in blockchain systems. → blog.trailofbits.com |
| 2026-04-11 2026 | Mastering Boofuzz: From Basics to Advanced beginner 4 min read | Library for stateful and stateless fuzzing, Boofuzz enables robust security testing of network protocols, file formats, and embedded systems. Leveraging Python, it supports custom protocol fuzzing with checksums like CRC32 and IPv4, and allows for multi-stage fuzzing through defined states. It includes built-in crash detection, a web interface for real-time monitoring, and examples for fuzzing HTTP POST requests and authenticated FTP sessions. |
| 2026-04-11 2026 | cargo-fuzz - Testing Handbook beginner 5 min read | Tool for fuzzing Rust projects using Cargo, this handbook details setup and usage. It leverages libFuzzer and can automatically enable sanitizers like AddressSanitizer, which is useful for detecting memory errors in unsafe Rust code. The guide covers writing fuzz tests, initializing projects with `cargo fuzz init`, running fuzz targets with `cargo +nightly fuzz run`, and re-executing specific test cases. It also explores fuzzer options, including disabling sanitizers for performance boosts when not using unsafe Rust, and provides a real-world example fuzzing the `ogg` crate. → appsec.guide |
| 2026-04-11 2026 | LLM-Based Harness Synthesis for Unfuzzed Projects advanced 11 min read | Library for LLM-based fuzzing harness synthesis that automates the creation of OSS-Fuzz and ClusterFuzzLite projects for C/C++ software. It takes a GitHub repository URL as input and generates fuzzing harnesses by first building the project using generalized build heuristics, then extracting program analysis data with Fuzz Introspector, and finally synthesizing harnesses with LLMs based on that data. The process has demonstrated coverage increases and vulnerability discovery in prior work. |
| 2026-04-11 2026 | HyperHook: A Harnessing Framework for Nyx advanced 11 min read | Framework for Nyx-based fuzzers, HyperHook streamlines snapshot fuzzing for user-space applications by managing hypercalls, function hooks, and exception handlers for both Windows and Linux targets. It works by injecting a detour into the target function, initializing communication with the host, registering handlers, setting up an input buffer, and ultimately calling the target function with fuzz input. |
| 2026-04-11 2026 | Practical Jazzer for the Snazzy Fuzzer intermediate 8 min read | Library detailing practical tips for using Jazzer, a coverage-guided, in-process fuzzer for the JVM. It covers advanced techniques for enterprise Java applications, including implementing `fuzzerInitialize` and `fuzzerTearDown` methods for setup and cleanup, utilizing method hooks with reflection to inspect application state and detect vulnerabilities like context escapes, and managing timeouts with fork mode and `-ignore_timeouts`. |
| 2026-04-11 2026 | Jazzer + LibAFL: Java Fuzzing Insights intermediate 6 min read | Library for Java fuzzing, integrating LibAFL with Jazzer. This fork enhances Jazzer by replacing its LibFuzzer backend with LibAFL, incorporating custom implementations for `__sanitizer_cov_trace_cmp8_with_pc`, `__sanitizer_weak_hook_memmem`, `__sanitizer_weak_hook_strstr`, and `__sanitizer_weak_hook_compare_bytes` to improve coverage feedback and comparison analysis, addressing limitations encountered when adapting Jazzer's LibFuzzer fork to LibAFL's architecture. |
| 2026-04-11 2026 | Unlocking Java Fuzzing with Jazzer beginner 16 min read | Library for fuzzing Java applications, Jazzer leverages libFuzzer for coverage-guided, in-process fuzzing on the JVM. It comprises a native Jazzer Driver that interfaces with libFuzzer and a Jazzer Agent for runtime instrumentation within the target JVM. This setup allows Jazzer to utilize libFuzzer's mutation features and feedback mechanisms for identifying vulnerabilities in Java code. |
| 2026-04-11 2026 | LibAFL - Testing Handbook beginner 19 min read | Library for building custom fuzzers, LibAFL offers modular functionality beyond traditional AFL-based fuzzers and libFuzzer. It supports a libFuzzer drop-in replacement for easier integration and also serves as a core Rust library for creating highly customizable fuzzing solutions. Setup involves installing Clang and Rust, and configuring environment variables for specific LLVM versions. LibAFL enhances fuzzing performance with features like `SimpleRestartingEventManager` and `LlmpRestartingEventManager` for effective crash detection and multi-processing. → appsec.guide |
| 2026-04-11 2026 | Fuzzing Rust Using Cargo-libafl intermediate | Fuzzing Rust Using Cargo-libafl |
| 2026-04-11 2026 | LibAFL Tutorial beginner | LibAFL Tutorial |
| 2026-04-11 2026 | G2Fuzz: Grammar-Aware Fuzzing with LLMs advanced 56 min read | Library for grammar-aware fuzzing, G2Fuzz, leverages LLMs to synthesize and mutate Python scripts that generate inputs conforming to complex, non-textual grammars like TIFF images and MP4 audio. It combines LLM-driven "holistic search" for novel input generation with traditional fuzzers like AFL++ for efficient "local search." This hybrid approach significantly enhances code coverage and bug discovery, outperforming tools such as AFL++, Fuzztruction, and FormatFuzzer on benchmarks like UNIFUZZ and FuzzBench, and has discovered bugs including those acknowledged by CVEs. → arxiv.org |
| 2026-04-11 2026 | Bugs That Survive Continuous Fuzzing advanced 15 min read | Library detailing vulnerabilities that persist despite continuous fuzzing in open-source projects like Gstreamer, Poppler, and Exiv2. It highlights issues arising from insufficient code coverage, unmonitored dependencies (e.g., DjVuLibre in Poppler), and neglected encoding logic, demonstrating the ongoing need for human oversight and expertise beyond automated fuzzing initiatives like OSS-Fuzz. → github.blog |
| 2026-04-11 2026 | Fuzzing Web Apps using FFUF: Complete Guide beginner 3 min read | Library for fuzzing web applications using FFUF, covering directory discovery, subdomain enumeration, virtual host fuzzing, multi-layer extension hunting, recursive scanning, authentication testing, and API endpoint discovery. It also details workflow optimizations like rate limiting and Burp Suite integration, while warning against common pitfalls such as unauthorized testing and aggressive scanning. |
| 2026-04-11 2026 | FFUF Mastery: Advanced Web Fuzzing intermediate 12 min read | Library for advanced web fuzzing using FFuf, transforming standard workflows into an optimized offensive security methodology. It details sophisticated response matching techniques, practical attack scenarios leveraging HTTP response characteristics, and provides battle-tested command snippets and visual pipeline examples for immediate implementation in security testing. Techniques include response-pattern differential analysis, multi-vector fuzzing, layered match profiles, calibration for false positive reduction, content discovery with anti-false-positive profiles, and virtual host discovery. |
| 2026-04-11 2026 | Looking for RCE Bugs in the Linux Kernel advanced 50 min read | Library for fuzzing the Linux kernel externally over the network, extending the syzkaller fuzzer to inject network packets via TUN/TAP and collect coverage with KCOV. The article details the integration process, including adding pseudo-syscalls and handling network specifics like checksums and TCP connections, ultimately leading to the discovery of a one-shot RCE in a non-public kernel flavor. |
| 2026-04-11 2026 | Syzkaller Summer: Fixing False Positive Soft Lockups in net/sched advanced 6 min read | Tool detailing Syzkaller's challenges with net/sched fuzzing, specifically addressing false positive soft lockups. The author's research revealed that Syzkaller's network namespace reset was insufficient, leaving residual state that triggered hangs. This led to the creation of the HangBuzz101 CTF challenge and the identification of several vulnerabilities, including CVE-2025-38001 and CVE-2025-38616, some of which were exploitable and contributed to significant bounty payouts. Modifications to the net/sched grammar in Syzlang were implemented to mitigate these false positives. |
| 2026-04-11 2026 | Writing Harnesses - Testing Handbook intermediate 8 min read | Handbook on writing fuzzing harnesses, detailing techniques beyond simple byte arrays. It demonstrates how to derive complex inputs like integers and strings from raw data, using tools such as `FuzzedDataProvider` to handle variable-length consumption and parsing. The handbook also explores interleaved fuzzing, where the initial input byte steers execution through multiple related APIs, and discusses structured fuzzing concepts for improved efficiency, including integrating with formats like protobufs. Examples cover potential vulnerabilities like division by zero and buffer overflows when manipulating input data. → appsec.guide |
| 2026-04-11 2026 | Secrets of Effective Fuzzing Harnesses intermediate 27 min read | Library on writing effective fuzzing harnesses, emphasizing harness scope, avoiding common pitfalls like data reuse and reinterpretation, and embracing best practices such as early input validation with tools like FuzzedDataProvider, output validation, state resetting, and stateless, efficient harness design for C/C++, GO, Python, and Rust. |
| 2026-04-11 2026 | Beginner's Guide to Writing a Fuzzing Harness beginner 11 min read | Library for writing fuzzing harnesses, this guide details connecting fuzzers like AFL++ and Honggfuzz to specific target functions. It covers identifying target functions, implementing resource management (e.g., `xmlFreeTextReader`), and performing validation checks on function return results. The entry emphasizes the iterative nature of fuzzing and the importance of a well-designed harness for maximizing code coverage and enabling targeted testing of complex APIs and non-standard input formats. |
| 2026-04-11 2026 | AFL++ - Testing Handbook intermediate 21 min read | Library detailing the installation and usage of AFL++, a fork of the AFL fuzzer offering enhanced performance and features for C/C++ binaries. It covers multi-core fuzzing, recommended Ubuntu and Docker environments, and compilation modes like LTO, LLVM, and GCC. The guide emphasizes system configuration scripts such as `afl-system-config` and `afl-persistent-config` for optimizing fuzzing performance, while warning against their use on production systems. It also demonstrates compilation commands using wrappers like `afl-clang-lto++` and `afl-clang-fast++`. → appsec.guide |
| 2026-04-11 2026 | AFL++ Tutorials beginner 1 min read | Tutorials covering AFL++ usage are available, including guides on libxml2, blackbox fuzzing with QEMU mode, and fuzzing various protocols like FTP and FreeRDP. Structured data fuzzing techniques for libprotobuf and Superion are also detailed, alongside in-depth explanations of AFL++'s inner workings and video resources for installation and practical application. |
| 2026-04-11 2026 | Fuzzing with AFL++: Exercise 1 (simple_crash) intermediate | Fuzzing with AFL++: Exercise 1 (simple_crash) |
| 2026-04-10 2026 | Fuzzing in Smart City IoT Ecosystems intermediate | Fuzzing in Smart City IoT Ecosystems |
| 2026-04-10 2026 | Multi-target Coverage-based Greybox Fuzzer advanced 56 min read | Library implementing Multi-target Coverage-based Greybox Fuzzing (MTCFuzz) for architectures where operating systems and firmware cooperate. It leverages code coverage from both components within a QEMU virtualization environment to achieve deeper system exploration than single-target fuzzing, addressing issues like those observed with OpenSBI bugs. → arxiv.org |
| 2026-04-10 2026 | A Gentle Introduction to Linux Kernel Fuzzing beginner 10 min read | Tutorial on Linux kernel fuzzing using AFL and KCOV, detailing coverage-guided techniques to discover bugs in the kernel's netlink machinery. It explains how to configure a custom Linux kernel with KCOV enabled and integrate kernel code coverage reporting into AFL, a popular fuzzer by Michał Zalewski, for effective memory corruption bug detection. The tutorial also references prior work with tools like syzkaller. |
| 2026-04-10 2026 | Fuzzing Cheat Sheet: AFL++, libFuzzer, Boofuzz, WinDBG, Ghidra beginner | Fuzzing Cheat Sheet: AFL++, libFuzzer, Boofuzz, WinDBG, Ghidra |
| 2026-04-10 2026 | Fuzzing: What Are the Latest Developments? news | Library covering modern fuzzing advancements, highlighting its evolution into a core assurance technique for embedded, real-time, and safety-critical software. It details how fuzzing complements static analysis, runtime verification, and formal methods for high-integrity systems and explores recent innovations like grammar-based, hybrid, and AI-assisted fuzzing to improve defect detection and robustness. |
| 2026-04-10 2026 | A Survey of Kernel Fuzzing advanced | A Survey of Kernel Fuzzing |
| 2026-04-10 2026 | Step-by-Step Guide to Coverage-Guided Fuzzing with libFuzzer intermediate | Step-by-Step Guide to Coverage-Guided Fuzzing with libFuzzer |
| 2026-04-10 2026 | Fuzzing: Brute Force Vulnerability Discovery - ACM beginner | Fuzzing: Brute Force Vulnerability Discovery - ACM → dl.acm.org |
| 2026-04-10 2026 | Fuzzing Vulnerability Discovery Techniques - ACM intermediate | Fuzzing Vulnerability Discovery Techniques - ACM → dl.acm.org |
| 2026-04-10 2026 | Vulnerability Discovery in ICS Using Fuzzing intermediate 2 min read | Dissertation detailing strategies for fuzzing Industrial Control Systems (ICS). It presents a specialized fuzzing framework for translating PLC languages like Ladder Logic and Structured Text into C/C++, along with a reinforcement learning-driven technique for adaptive input mutation and LLMs for generating functionally diverse test cases. Silent crashes are detected using electromagnetic side-channel analysis, achieving significant improvements in crash detection, coverage, test case reduction, and silent crash identification. |
| 2026-04-10 2026 | A Directed Greybox Fuzzer for Windows Applications advanced 45 min read | Tool for directed greybox fuzzing on Windows applications, WinDGF, addresses challenges in target function localization, GUI bypassing, and fitness metric calculation. It offers two modes: WinDGF_path for deep path exploration and WinDGF_keyblock for focused defect identification. Evaluations against WinAFL and Winnie show significant improvements in unique crash discovery, with WinDGF_keyblock showing up to a 79.48% increase over WinAFL. WinDGF also successfully reproduces 11 known crash points. |
| 2026-04-10 2026 | GRLFuzz: Optimizing Mutation Strategies with Reinforcement Learning advanced | GRLFuzz: Optimizing Mutation Strategies with Reinforcement Learning |
| 2026-04-10 2026 | Fuzzing Vulnerability Discovery Techniques: Survey and Future Directions beginner | Fuzzing Vulnerability Discovery Techniques: Survey and Future Directions |
| 2026-04-10 2026 | Ultimate Guide to Fuzzing and Exploit Development beginner | Library of curated resources for mastering fuzzing and exploit development, including books, courses, video tutorials, tools, and practice labs. This comprehensive collection aids in identifying software vulnerabilities and building foundational ethical hacking skills. It emphasizes leveraging these materials, such as Awesome-Fuzzing, for accelerated learning in cybersecurity. |
| 2026-04-10 2026 | Mastering Fuzzing For Vulnerability Research: A Practical Guide beginner 2 min read | Library for mastering fuzzing techniques, detailing setup with AFL++ and WinAFL, creating fuzzing harnesses, running fuzzers on target binaries, and analyzing crashes with GDB. It covers mitigating common vulnerabilities like stack overflows by replacing functions such as `strcpy` with safer alternatives like `strncpy`, and explores advanced fuzzing with libFuzzer. → undercodetesting.com |
| 2026-04-10 2026 | Revolutionizing Vulnerability Discovery with AI-Powered Fuzzing advanced 4 min read | Library for AI-powered fuzzing, featuring tools like cleverhans and torch-fuzz. This resource details how AI enhances vulnerability discovery by automating test case generation and improving coverage, applicable to complex systems and IoT. It offers a step-by-step guide to setting up an AI fuzzing environment and discusses best practices for effective implementation, drawing parallels to Google's Fuzz Testing and Microsoft's Security Risk Detection. |
| 2026-04-09 2026 | Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook news | Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook https://ift.tt/dPpaVmM |
| 2026-04-06 2026 | Enhancing REST API Fuzzing with Access Policy Violation Detection intermediate 66 min read API Sec | Library for enhancing REST API fuzzing by integrating novel automated oracles. These oracles detect violations of access policies, specifically addressing Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA), alongside traditional attacks like SQL Injection and XSS. The techniques are integrated into EvoMaster, a state-of-the-art REST API fuzzer, and can generate executable test cases in multiple programming languages upon detecting security faults. Experiments demonstrate improved detection of security issues compared to existing methods. → arxiv.org |
| 2026-04-06 2026 | Fuzzing REST APIs in Industry: Necessary Features and Lessons Learned intermediate 76 min read | Tool detailing the integration of the open-source fuzzer EvoMaster into industrial REST API testing at Volkswagen AG. It shares lessons learned and discusses necessary features for academic prototypes to achieve real impact in software engineering, based on evaluations of four APIs and a user study with eleven testing specialists. → arxiv.org |
| 2026-04-03 2026 | MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing advanced 43 min read | Framework MALF integrates multi-agent large language models for intelligent fuzzing of industrial control protocols like Modbus/TCP, S7Comm, and Ethernet/IP. It utilizes Retrieval-Augmented Generation and QLoRA fine-tuning for protocol-aware input generation, optimizing seed selection, mutation strategies, and feedback loops. In real-world ICS environments, MALF identified critical vulnerabilities, including zero-days registered by CNVD, surpassing traditional fuzzing methods with higher test case pass rates and improved exception trigger generation. → arxiv.org |
| 2026-04-03 2026 | Automating App Security with Advanced Fuzz Testing Techniques intermediate 5 min read | Library for automating application security through advanced fuzz testing techniques, uncovering subtle edge-case bugs and zero-day vulnerabilities. It offers detailed explanations of fuzzing's evolution, its effectiveness in finding buffer overflows, memory leaks, and denial-of-service vectors, and how to integrate it into CI/CD pipelines. The resource highlights mutation-based, generation-based, and coverage-guided fuzzing, mentioning tools like AFL++, libFuzzer, and OneFuzz, and discusses its advantages over static analysis and manual testing for proactive vulnerability discovery. |
| 2026-04-03 2026 | Coverage Guided vs Blackbox Fuzzing | ClusterFuzz intermediate 1 min read | Library for fuzzing applications, detailing coverage-guided techniques like those used by libFuzzer and AFL, and blackbox fuzzing. Coverage-guided fuzzing utilizes program instrumentation for informed input mutation to maximize code coverage, ideal for self-contained, deterministic, and fast targets like binary format parsers. Blackbox fuzzing operates without internal knowledge, suitable for large, non-deterministic, or slow targets with complex input formats, such as browser DOM fuzzers. |
| 2026-04-03 2026 | Make Fuzzing First-Class in CI/CD: Coverage-Guided Testing in 2025 intermediate 11 min read | Library for integrating coverage-guided fuzzing into CI/CD pipelines, focusing on tools like libFuzzer and AFL++. It details practical implementation steps, including effective sanitizer usage (ASan, UBSan), corpus management, and efficient crash triage. The library supports C/C++, Rust, and Go, with specific guidance on fuzzing services like HTTP, JSON, and gRPC, aiming to make fuzzing a repeatable and low-friction part of the engineering process, akin to compilers and linters. |
| 2026-04-03 2026 | How to Use Fuzzing in Security Research | Keysight beginner | How to Use Fuzzing in Security Research | Keysight |
| 2026-04-03 2026 | Fuzz Testing: A Beginner's Guide | Better Stack beginner 8 min read | Library for automated testing, fuzzing helps discover vulnerabilities by feeding random inputs to applications, excelling at finding edge cases missed by traditional methods. This guide covers mutation-based vs. generation-based fuzzing, and black-box, white-box, and gray-box approaches. It details common targets like file parsers and network protocols, recommending tools such as AFL and libFuzzer, and demonstrates practical examples of fuzzing file parsers and API endpoints. |
| 2026-04-03 2026 | libFuzzer and AFL++ | ClusterFuzz intermediate 4 min read | Library for configuring coverage-guided fuzzing with libFuzzer and AFL++. Details setting up clang compilers (version 6.0+ recommended, trunk for serious use), building fuzz targets with AddressSanitizer and fuzzing flags like `-fsanitize=fuzzer` or `-fsanitize-coverage=trace-pc-guard`, and integrating with ClusterFuzz. It covers job naming conventions for libFuzzer and AFL, custom build uploads, seed corpus inclusion, and dictionary support for token-based fuzzing enhancements. |
| 2026-04-03 2026 | libFuzzer - A Library for Coverage-Guided Fuzz Testing | LLVM intermediate 19 min read | Library for coverage-guided fuzz testing, libFuzzer is an in-process engine linked with target libraries to mutate inputs and maximize code coverage. It uses LLVM's SanitizerCoverage instrumentation and requires a matching Clang version. Fuzz targets, defined by `LLVMFuzzerTestOneInput`, must be deterministic, fast, and tolerate arbitrary inputs. libFuzzer integrates with AddressSanitizer (ASAN) and UndefinedBehaviorSanitizer (UBSAN) via compilation flags like `-fsanitize=fuzzer,address`. It utilizes a corpus of seed inputs and can merge or minimize corpora. Parallel execution with `-jobs` and `-workers` or the experimental `-fork` mode enhances fuzzing efficiency. |
| 2026-04-03 2026 | AFL - American Fuzzy Lop: A Security-Oriented Fuzzer intermediate 13 min read | Library for security-oriented fuzzing, American Fuzzy Lop (AFL) employs an instrumentation-guided genetic algorithm to identify vulnerabilities. It leverages modified edge coverage to detect program control flow changes and uses an input queue that grows as new states are discovered. AFL supports both compile-time instrumentation for source code availability and experimental binary instrumentation via QEMU user-space emulation for black-box targets. The tool generates a corpus of interesting test cases useful for other testing regimes and offers options for hardening and heap corruption detection. |
| 2026-04-03 2026 | Coverage Guided Fuzzing - Extending Instrumentation to Hunt Down Bugs Faster intermediate 11 min read | Library extending coverage-guided fuzzing instrumentation. This resource details modifying Fuzzilli's instrumentation for JerryScript to incorporate return addresses and symbolization of program counters, enhancing bug hunting beyond simple edge coverage. It leverages Clang's sanitizers, specifically `__sanitizer_cov_trace_pc_guard` and `__builtin_return_address`, to extract richer execution data for more effective vulnerability discovery in complex software. |
| 2025-12-30 2025 | Teycir/BurpAPISecuritySuite: Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage. intermediate 38 min read API Sec Burp GraphQL | Library for comprehensive API security testing within Burp Suite. It consolidates 15 attack types, including BOLA, IDOR, SQL injection, XSS, and GraphQL vulnerabilities, with over 108 payloads and intelligent fuzzing capabilities. The extension offers automated reconnaissance, detects security issues across the OWASP API Top 10, and integrates with external tools like Nuclei, Turbo Intruder, SQLMap, and Dalfox. It features AI integration for payload generation and supports REST, GraphQL, and SOAP APIs. |
| 2025-08-14 2025 | NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open intermediate SQLi | "NucleiFuzzer is an automation tool designed to detect vulnerabilities like XSS, SQLi, SSRF, and Open. It offers powerful capabilities for automated testing and identification of security flaws in web applications." → kitploit.com |
| 2025-08-14 2025 | raminfp/fuzzer-development-with-rust beginner | Library for developing custom fuzzing tools in Rust, covering fundamental concepts like basic, general, seed, targeted, hybrid, generative, in-memory, and disk-based corpuses. It details various mutation strategies including arithmetic, bitmask, and token mutations, alongside feedback-driven approaches such as block, branch, function, loop, path, and statement coverage. This resource enables researchers to build tailored fuzzers for discovering vulnerabilities in open-source and internal codebases. |
| 2025-08-14 2025 | Fuzzing Forum beginner | Library hosting tutorials, examples, and research on fuzzing techniques, covering topics like structure-aware fuzzing with libFuzzer, AFL-based fuzzers, and the OSS-Fuzz continuous fuzzing service. It includes a glossary and details on ClusterFuzz and FuzzBench infrastructure. |
| 2024-12-31 2024 | GitHub - danialhalo/SqliSniper: Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers intermediate 3 min read Python SQLi | Tool for detecting time-based blind SQL injection vulnerabilities specifically within HTTP headers. SqliSniper utilizes multi-threaded scanning to accelerate discovery and incorporates response time analysis to reduce false positives. It supports custom payloads and headers, and can send alerts to Discord webhooks upon successful detection of vulnerabilities. |
| 2024-12-21 2024 | GitHub - Cybersecurity-Ethical-Hacker/xssdynagen: 🪄 XSSDynaGen is a tool designed to analyze URLs with parameters, identify the characters allowed by the server, and generate advanced XSS payloads based on the analysis results. intermediate 6 min read XSS | Library for advanced XSS payload generation that analyzes URLs with parameters to identify server-allowed characters. It leverages AsyncIO and aiohttp for speed, supports custom character sets, and generates payloads using techniques like null bytes, Unicode encoding, and obfuscation. Features include batch processing, proxy support, rate limiting, retry logic, and JSON output, integrating with tools like paramspider and httpx-toolkit. |
| 2024-09-24 2024 | GitHub - raminfp/the-art-of-fuzzing: Application Fuzzing: Tools, Techniques, and Best Practices beginner 2 min read | Library covering application fuzzing, detailing static, dynamic, symbolic, and concolic execution techniques. It provides language-specific guidance for Python, Go, and Rust fuzzing, alongside strategies for Java applications and web technologies. The resource explores tools like `cargo-fuzz` and case studies involving libraries such as Gson and JSoup, offering best practices for integrating fuzzing into development workflows. |
| 2024-08-12 2024 | GitHub - Brum3ns/firefly: Black box fuzzer for web applications beginner 3 min read API Sec | Library for black-box fuzzing of web applications, Firefly utilizes goroutines for performance and offers advanced features like payload tampering, encoding, and request verification to refine results. It supports custom wordlists, filters responses by status codes or line counts, and allows matching specific regex patterns, with options for plaintext or JSON output, and customizable concurrency and delays. |
| 2024-08-03 2024 | Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit advanced 10 min read API Sec | Writeup detailing a technique to bypass the 1,500-byte single-packet attack limit for race conditions by combining IP fragmentation and TCP sequence number reordering. This method allows for the exploitation of vulnerabilities requiring a large number of simultaneous requests, potentially overcoming limitations like HTTP/2's SETTINGS_MAX_CONCURRENT_STREAMS by sending many large TCP packets out-of-order until the final packet with the first sequence number triggers simultaneous processing. |
| 2023-10-05 2023 | How to build custom scanners for web security research automation intermediate 5 min read Burp Recon | Tool for automating web security research, specifically focusing on detecting race conditions and information leaks. This Burp Suite extension leverages techniques like the single-packet attack to probe for anomalies and utilizes "gadgets" such as user request data embedded in JavaScript to identify vulnerabilities like race-infoleak, inspired by research on Cloudbleed and web race conditions. → portswigger.net |
| 2023-10-01 2023 | intrudir/BypassFuzzer intermediate 3 min read | Tool for fuzzing 401/403 endpoints for bypasses, performing checks via headers, path normalization, and verbs. BypassFuzzer outputs response codes and lengths, features a "smart" filter to mute repeated responses, and accepts raw HTTP requests from Burp. It saves successful request/response pairs to a SQLite database for later inspection and supports out-of-band (OOB) interactions. |
| 2023-09-03 2023 | ffuf advanced tricks - ACCEIS intermediate 14 min read API Sec | Library for advanced web application fuzzing, `ffuf` goes beyond simple directory enumeration. It supports injecting wordlists into URLs, GET/POST parameters, and HTTP headers, and can read from STDIN or use external generators like Radamsa. This resource details `ffuf`'s configuration file, enabling persistent settings for colorization, custom headers, proxy usage, and multiple simultaneous wordlists, enhancing its capabilities for penetration testing. |
| 2023-08-11 2023 | [tl;dr sec] #194 - CNAPPGoat KubeFuzz tl;dr sec swag news 6 min read | Library for deploying vulnerable-by-design cloud resources, CNAPPgoat, modularly provisions components across AWS, Azure, and GCP. Fuzzing Kubernetes Admission Controllers is enabled by KubeFuzz, a generative and mutative fuzzer designed to uncover unexpected behavior in complex admission controller setups. → tldrsec.com |
| 2023-05-29 2023 | RepeaterSearch intermediate Burp | Extension that adds a search bar to Burp Suite's Repeater tab, enabling users to find requests and/or responses containing a specific string or regular expression. This functionality helps in quickly locating relevant data within the Repeater history. |
| 2023-04-03 2023 | Download and Installation Scapy 2.4.5. documentation beginner 5 min read Python | Library for network packet manipulation, Scapy offers installation instructions for various platforms including Unix-like systems, macOS, and Windows. It details installation via pip, including options for the development version, and outlines optional dependencies for features like plotting (Matplotlib), 2D graphics (PyX), graphs (Graphviz, ImageMagick), 3D graphics (VPython-Jupyter), WEP decryption and TLS decryption (cryptography), fingerprinting (Nmap), and VOIP (SoX). The documentation also covers building Scapy's offline documentation with Sphinx and generating UML diagrams with pyreverse. |
| 2023-04-03 2023 | Scapy beginner Python | Scapy http://scapy.net/ |
| 2023-04-03 2023 | Usage Scapy 2.4.5. documentation beginner 38 min read Python | Library for crafting, sending, receiving, and dissecting network packets. It features an interactive shell, packet construction with layer stacking and field manipulation, PCAP file reading/writing, graphical dumps, set generation for multiple packet variations, and functions for sending packets at layers 2 and 3 (sendp and send). Scapy also supports multicast with scope identifiers and includes a fuzz() function for randomizing packet fields. |
| 2022-01-16 2022 | How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes intermediate Recon SQLi | How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes |
| 2022-01-10 2022 | Install Nuclei beginner 13 min read Recon | Tool for high-performance vulnerability scanning using YAML-based templates, Nuclei empowers users to create custom detection scenarios that minimize false positives. Supporting multiple protocols like HTTP, DNS, and TCP, it offers ultra-fast parallel processing and integrates with CI/CD pipelines, Jira, and Splunk. Its extensive template library, contributed by security professionals, covers trending vulnerabilities and allows for fine-grained filtering by author, tag, severity, and template ID. |
| 2022-01-10 2022 | Nuclei Templates beginner 1 min read Recon | Library of community-curated templates for the nuclei scanner, enabling the detection of security vulnerabilities in applications. This repository hosts official and user-contributed templates, with comprehensive documentation available for creating custom scans. The project emphasizes community involvement through template contributions, feature requests, and bug reports, fostering collaboration via GitHub discussions and an active Discord server. |
| 2022-01-10 2022 | ffuf - Fuzz Faster U Fool beginner 9 min read Recon | Library for fast web fuzzing, written in Go, that allows users to fuzz URLs, headers, and POST data using the `FUZZ` keyword. It supports features like filtering responses by size or status code, recursive scanning, timeouts per job or for the entire process, and integration with mutators like Radamsa for generating payloads. Installation is available via prebuilt binaries, Homebrew, or Go modules. |
| 2022-01-03 2022 | fuzzDicts beginner | Library of web pentesting fuzzing dictionaries, continuously updated. It includes payloads for RCE, directory traversal, user enumeration with Baidu's top 3000 Chinese surnames, common mobile numbers, and Huawei security product default credentials. The collection also features CentOS and AIX file lists for SSRF, Burp's XSS payloads, user IDs from security circles, and strong/weak password lists. It covers parameter fuzzing, API endpoints, router credentials, and file extensions, recommending tools like Burp Suite and sqlmap. |
| 2022-01-02 2022 | a c program containing vulnerable code for common types of vulnerabilities can be used to show fuzzing concepts. beginner 3 min read RCE | Program containing vulnerable code for common types of vulnerabilities such as integer overflow, out-of-bounds read/write, double free, use-after-free, memory leaks, and stack/heap exhaustion. This C program is designed to be fuzzed using tools like AFL, libafl, libfuzzer, and honggfuzz to demonstrate fuzzing concepts and discover these common vulnerability classes. |
| 2021-11-26 2021 | New differential fuzzing tool reveals novel HTTP request smuggling techniques advanced SSRF | New differential fuzzing tool reveals novel HTTP request smuggling techniques → portswigger.net |
| 2021-11-24 2021 | Fuzzing with Scapy: Introduction to Network Protocol Fuzzing beginner Talks | Fuzzing with Scapy: Introduction to Network Protocol Fuzzing |
Frequently Asked Questions
- What is the difference between dumb and smart fuzzing?
- Dumb fuzzing generates random inputs with no knowledge of the target's expected format. Smart fuzzing uses coverage feedback (coverage-guided) or grammar definitions (grammar-based) to generate inputs that explore new code paths and conform to expected structures. Smart fuzzers like AFL++ and libFuzzer find deeper bugs more efficiently.
- How is web fuzzing different from binary fuzzing?
- Web fuzzing tests HTTP parameters, paths, and headers using wordlists and mutation rules — tools like ffuf and Burp Intruder. Binary fuzzing tests compiled programs by mutating file inputs or network data to trigger crashes — tools like AFL++, libFuzzer, and Honggfuzz. Both aim to find bugs through unexpected inputs but operate at different layers.
- What has fuzzing discovered in the real world?
- Fuzzing has found thousands of critical vulnerabilities. Google's OSS-Fuzz has discovered over 10,000 bugs across hundreds of open-source projects including Chrome, OpenSSL, and the Linux kernel. Heartbleed-class vulnerabilities, parser bugs in image and document formats, and memory corruption in network protocol implementations have all been found through fuzzing.
Weekly AppSec Digest
Get new resources delivered every Monday.