Open-Source Cybersecurity Tools: Fuzzing & Software Assurance

← Back to Open-Source Cybersecurity Tools Hub | Full Open Source Catalog | Main Atlas

This category contains 127 documented tools. It focuses on capabilities used for automated input mutation testing to uncover reliability and security defects. Use this section when building shortlists, comparing operational tradeoffs, and mapping controls to detection/response ownership.

Category Evaluation Checklist

• Coverage depth against your highest-priority threats and compliance obligations.
• Operational overhead for deployment, tuning, and long-term maintenance.
• Signal quality versus analyst workload and false-positive pressure.
• Integration fit with SIEM, ticketing, identity, cloud, and engineering workflows.
• Governance readiness including auditability, ownership clarity, and change control.

Jump by Name

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W

Letter A

This letter section contains 8 tools.

A Review of Machine Learning Applications in Fuzzing, 2019

• Website: https://arxiv.org/abs/1906.11133
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: A Review of Machine Learning Applications in Fuzzing, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

AFL++

• Website: https://github.com/AFLplusplus/AFLplusplus
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: AFL++ is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > File.

Back to Name Jump

AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities, 2022

• Website: https://www.usenix.org/system/files/sec22-krupp.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Analysis of DTLS Implementations Using Protocol State Fuzzing, 2020

• Website: https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Analysis of DTLS Implementations Using Protocol State Fuzzing, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Angora

• Website: https://github.com/AngoraFuzzer/Angora
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Angora is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > File.

Back to Name Jump

Angora: Efficient Fuzzing by Principled Search, 2018

• Website: http://web.cs.ucdavis.edu/~hchen/paper/chen2018angora.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Angora: Efficient Fuzzing by Principled Search, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

AntiFuzz: Impeding Fuzzing Audits of Binary Executables, 2019

• Website: https://www.usenix.org/conference/usenixsecurity19/presentation/guler
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: AntiFuzz: Impeding Fuzzing Audits of Binary Executables, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Atheris

• Website: https://pypi.org/project/atheris/
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Cybersecurity Blue Team

What it does: Atheris is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Coverage-guided Python fuzzing engine based off of libFuzzer that supports fuzzing of Python code but also native extensions written for CPython.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > DevSecOps > Fuzzing.

Back to Name Jump

Letter B

This letter section contains 3 tools.

BEACON : Directed Grey-Box Fuzzing with Provable Path Pruning, 2022

• Website: https://qingkaishi.github.io/public_pdfs/SP22.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: BEACON : Directed Grey-Box Fuzzing with Provable Path Pruning, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing, 2022

• Website: https://www.usenix.org/system/files/sec22-garbelini.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing, 2021

• Website: https://www.usenix.org/conference/usenixsecurity21/presentation/nagy
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter C

This letter section contains 6 tools.

CollAFL: Path Sensitive Fuzzing, 2018

• Website: http://chao.100871.net/papers/oakland18.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: CollAFL: Path Sensitive Fuzzing, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Complementing Model Learning with Mutation-Based Fuzzing, 2016

• Website: https://arxiv.org/abs/1611.02429
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Complementing Model Learning with Mutation-Based Fuzzing, 2016 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

Constraint-guided Directed Greybox Fuzzing, 2021

• Website: https://www.usenix.org/conference/usenixsecurity21/presentation/lee-gwangmu
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Constraint-guided Directed Greybox Fuzzing, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

CorbFuzz

• Website: https://github.com/shouc/corbfuzz
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: CorbFuzz is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: CorbFuzz is a state-aware fuzzer for generating as much reponses from a web application as possible without need of setting up database, etc.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > Web.

Back to Name Jump

Coverage-based Greybox Fuzzing as Markov Chain, 2016

• Website: https://ieeexplore.ieee.org/abstract/document/8233151
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Coverage-based Greybox Fuzzing as Markov Chain, 2016 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Coverage-Guided Fuzzing for Deep Neural Networks, 2018

• Website: https://arxiv.org/abs/1809.01266
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Coverage-Guided Fuzzing for Deep Neural Networks, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

Letter D

This letter section contains 9 tools.

Deep Reinforcement Fuzzing, 2018

• Website: https://arxiv.org/abs/1801.04589
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Deep Reinforcement Fuzzing, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

Designing New Operating Primitives to Improve Fuzzing Performance, 2017

• Website: http://iisp.gatech.edu/sites/default/files/images/designing_new_operating_primitives_to_improve_fuzzing_performance_vt.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Designing New Operating Primitives to Improve Fuzzing Performance, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

DIFUZE: Interface Aware Fuzzing for Kernel Drivers, 2017

• Website: https://acmccs.github.io/papers/p2123-corinaA.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: DIFUZE: Interface Aware Fuzzing for Kernel Drivers, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

DifuzzRTL

• Website: https://github.com/compsec-snu/difuzz-rtl
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: DifuzzRTL is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: DifuzzRTL is a differential fuzz testing approach for CPU verification.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > CPU.

Back to Name Jump

DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs, 2021

• Website: https://lifeasageek.github.io/papers/jaewon-difuzzrtl.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

DLFuzz: Differential Fuzzing Testing of Deep Learning Systems, 2018

• Website: https://arxiv.org/abs/1808.09413
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: DLFuzz: Differential Fuzzing Testing of Deep Learning Systems, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

Dowsing for overflows: a guided fuzzer to find buffer boundary violations, 2013

• Website: http://enigma.usenix.org/sites/default/files/sec13_proceedings_interior.pdf#page=57
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Dowsing for overflows: a guided fuzzer to find buffer boundary violations, 2013 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds, 2022

• Website: https://www.usenix.org/system/files/sec22-shen-zekun.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing, 2022

• Website: https://chungkim.io/doc/ccs22-drivefuzz.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Letter E

This letter section contains 6 tools.

EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit, 2020

• Website: https://www.usenix.org/conference/usenixsecurity20/presentation/yue
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Effective File Format Fuzzing

• Website: https://youtu.be/qTTwqFRD1H8
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Effective File Format Fuzzing is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: , Black Hat Europe 2016.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Talks.

Back to Name Jump

Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis, 2022

• Website: https://arxiv.org/pdf/2203.12064.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

eFuzz: A Fuzzer for DLMS/COSEM Electricity Meters, 2016

• Website: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.817.5616&rep=rep1&type=pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: eFuzz: A Fuzzer for DLMS/COSEM Electricity Meters, 2016 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

EnFuzz: From Ensemble Learning to Ensemble Fuzzing, 2018

• Website: https://arxiv.org/abs/1807.00182
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: EnFuzz: From Ensemble Learning to Ensemble Fuzzing, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

Evaluating Fuzz Testing, 2018

• Website: http://www.cs.umd.edu/~mwh/papers/fuzzeval.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Evaluating Fuzz Testing, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Letter F

This letter section contains 22 tools.

Faster Fuzzing: Reinitialization with Deep Neural Models, 2017

• Website: https://arxiv.org/abs/1711.02807
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Faster Fuzzing: Reinitialization with Deep Neural Models, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing, 2022

• Website: https://www.usenix.org/system/files/sec22-zhang-zenong.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Fluffy

• Website: https://github.com/snuspl/fluffy
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fluffy is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Fluffy is a multi-transaction differential fuzzer for finding consensus bugs in Ethereum.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > Blockchain.

Back to Name Jump

FREEDOM: Engineering a State-of-the-Art DOM Fuzzer, 2020

• Website: https://gts3.org/assets/papers/2020/xu:freedom.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: FREEDOM: Engineering a State-of-the-Art DOM Fuzzer, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing, 2019

• Website: https://www.computer.org/csdl/proceedings-article/sp/2019/666000b122/19skgbGVFEQ
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Fuzz on the Beach: Fuzzing Solana Smart Contracts, 2023

• Website: https://arxiv.org/pdf/2309.03006.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzz on the Beach: Fuzzing Solana Smart Contracts, 2023 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

FuzzBench

• Website: https://google.github.io/fuzzbench/
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Cybersecurity Blue Team

What it does: FuzzBench is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Free service that evaluates fuzzers on a wide variety of real-world benchmarks, at Google scale.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > DevSecOps > Fuzzing.

Back to Name Jump

FuzzGen: Automatic Fuzzer Generation, 2020

• Website: https://www.usenix.org/conference/usenixsecurity20/presentation/ispoglou
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: FuzzGen: Automatic Fuzzer Generation, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning, 2020

• Website: https://www.usenix.org/conference/usenixsecurity20/presentation/zong
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Fuzzification: Anti-Fuzzing Techniques, 2019

• Website: https://www.usenix.org/conference/usenixsecurity19/presentation/jung
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzification: Anti-Fuzzing Techniques, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection, 2020

• Website: https://www.usenix.org/conference/usenixsecurity20/presentation/jiang
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Fuzzing File Systems via Two-Dimensional Input Space Exploration, 2019

• Website: https://www.computer.org/csdl/proceedings-article/sp/2019/666000a594/19skfLYOpaw
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzing File Systems via Two-Dimensional Input Space Exploration, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Fuzzing for Software Security Testing and Quality Assurance, 2nd Edition

• Website: https://www.amazon.com/Fuzzing-Software-Security-Testing-Assurance/dp/1608078507/
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzing for Software Security Testing and Quality Assurance, 2nd Edition is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: (2018).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Books.

Back to Name Jump

Fuzzing Hardware Like Software, 2022

• Website: https://www.usenix.org/system/files/sec22-trippel.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzing Hardware Like Software, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Fuzzing JavaScript Engines with Aspect-preserving Mutation, 2020

• Website: https://jakkdu.github.io/pubs/2020/park:die.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzing JavaScript Engines with Aspect-preserving Mutation, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Fuzzing Labs - Patrick Ventuzelo

• Website: https://www.youtube.com/channel/UCGD1Qt2jgnFRjrfAITGdNfQ
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzing Labs - Patrick Ventuzelo is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: , Youtube.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Talks.

Back to Name Jump

Fuzzing with Code Fragments, 2012

• Website: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final73.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzing with Code Fragments, 2012 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Fuzzing-101

• Website: https://github.com/antonio-morales/Fuzzing101
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzing-101 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Books.

Back to Name Jump

Fuzzle: Making a Puzzle for Fuzzers, 2022

• Website: https://softsec.kaist.ac.kr/~sangkilc/papers/lee-ase22.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzle: Making a Puzzle for Fuzzers, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > The others.

Back to Name Jump

FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing, 2022

• Website: https://www.usenix.org/system/files/sec22-kim.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks, 2022

• Website: https://github.com/purseclab/fuzzusb/blob/main/paper/fuzzusb.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing, 2022

• Website: https://www.usenix.org/system/files/sec22-scharnowski.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter G

This letter section contains 2 tools.

Greybox Fuzzing of Distributed Systems, 2023

• Website: https://arxiv.org/pdf/2305.02601.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Greybox Fuzzing of Distributed Systems, 2023 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

GREYONE: Data Flow Sensitive Fuzzing, 2020

• Website: https://www.usenix.org/conference/usenixsecurity20/presentation/gan
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: GREYONE: Data Flow Sensitive Fuzzing, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter H

This letter section contains 5 tools.

Hardware Support to Improve Fuzzing Performance and Precision, 2021

• Website: https://gts3.org/assets/papers/2021/ding:snap.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Hardware Support to Improve Fuzzing Performance and Precision, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Hawkeye: Towards a Desired Directed Grey-box Fuzzer, 2018

• Website: https://chenbihuan.github.io/paper/ccs18-chen-hawkeye.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Hawkeye: Towards a Desired Directed Grey-box Fuzzer, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Hopper: Interpretative Fuzzing for Libraries, 2023

• Website: https://arxiv.org/pdf/2309.03496.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Hopper: Interpretative Fuzzing for Libraries, 2023 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Hybrid fuzz testing: Discovering software bugs via fuzzing and symbolic execution, 2012

• Website: https://pdfs.semanticscholar.org/488a/b1e313f5109153f2c74e3b5d86d41e9b4b71.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Hybrid fuzz testing: Discovering software bugs via fuzzing and symbolic execution, 2012 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > The others.

Back to Name Jump

HyperFuzzer: An Efficient Hybrid Fuzzer For Virtual CPUs, 2021

• Website: https://www.microsoft.com/en-us/research/uploads/prod/2021/09/hyperfuzzer-ccs21.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: HyperFuzzer: An Efficient Hybrid Fuzzer For Virtual CPUs, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Letter I

This letter section contains 3 tools.

Ifuzzer: An evolutionary interpreter fuzzer using genetic programming, 2016

• Website: https://www.cs.vu.nl/~herbertb/download/papers/ifuzzer-esorics16.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Ifuzzer: An evolutionary interpreter fuzzer using genetic programming, 2016 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > The others.

Back to Name Jump

IJON: Exploring Deep State Spaces via Fuzzing, 2020

• Website: https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2020/02/27/IJON-Oakland20.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: IJON: Exploring Deep State Spaces via Fuzzing, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

IMF: Inferred Model-based Fuzzer, 2017

• Website: http://daramg.gift/paper/han-ccs2017.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: IMF: Inferred Model-based Fuzzer, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Letter J

This letter section contains 2 tools.

Jigsaw: Efficient and Scalable Path Constraints Fuzzing, 2022

• Website: https://www.cs.ucr.edu/~csong/oakland22-jigsaw.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Jigsaw: Efficient and Scalable Path Constraints Fuzzing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

JIT-Picking: Differential Fuzzing of JavaScript Engines, 2022

• Website: https://publications.cispa.saarland/3773/1/2022-CCS-JIT-Fuzzing.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: JIT-Picking: Differential Fuzzing of JavaScript Engines, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Letter K

This letter section contains 2 tools.

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017

• Website: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/schumilo
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Krace: Data Race Fuzzing for Kernel File Systems, 2020

• Website: https://www.cc.gatech.edu/~mxu80/pubs/xu:krace.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Krace: Data Race Fuzzing for Kernel File Systems, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Letter L

This letter section contains 3 tools.

Learn&Fuzz: Machine Learning for Input Fuzzing, 2017

• Website: https://arxiv.org/abs/1701.07232
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Learn&Fuzz: Machine Learning for Input Fuzzing, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

Learning to Fuzz from Symbolic Execution with Application to Smart Contracts, 2019

• Website: https://files.sri.inf.ethz.ch/website/papers/ccs19-ilf.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Learning to Fuzz from Symbolic Execution with Application to Smart Contracts, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

LibAFL: A Framework to Build Modular and Reusable Fuzzers, 2022

• Website: https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: LibAFL: A Framework to Build Modular and Reusable Fuzzers, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Letter M

This letter section contains 9 tools.

Matryoshka: fuzzing deeply nested branches, 2019

• Website: https://web.cs.ucdavis.edu/~hchen/paper/chen2019matryoshka.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Matryoshka: fuzzing deeply nested branches, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

MC^2: Rigorous and Efficient Directed Greybox Fuzzing, 2022

• Website: https://arxiv.org/pdf/2208.14530.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: MC^2: Rigorous and Efficient Directed Greybox Fuzzing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing, 2020

• Website: https://arxiv.org/abs/2002.08568
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

MoonLight: Effective Fuzzing with Near-Optimal Corpus Distillation, 2019

• Website: https://arxiv.org/abs/1905.13055
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: MoonLight: Effective Fuzzing with Near-Optimal Corpus Distillation, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation, 2018

• Website: https://www.usenix.org/conference/usenixsecurity18/presentation/pailoor
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

MorFuzz

• Website: https://github.com/sycuricon/MorFuzz
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: MorFuzz is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: MorFuzz is a generic RISC-V processor fuzzing framework that can efficiently detect software triggerable functional bugs.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > CPU.

Back to Name Jump

Morphuzz: Bending (Input) Space to Fuzz Virtual Devices, 2022

• Website: https://www.usenix.org/system/files/sec22-bulekov.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Morphuzz: Bending (Input) Space to Fuzz Virtual Devices, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

MTF-Storm:a high performance fuzzer for Modbus/TCP, 2018

• Website: https://doi.org/10.1109/ETFA.2018.8502600
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: MTF-Storm:a high performance fuzzer for Modbus/TCP, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > The others.

Back to Name Jump

MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference, 2022

• Website: https://www.usenix.org/system/files/sec22-myung.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter N

This letter section contains 6 tools.

NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic, 2023

• Website: https://secsys.fudan.edu.cn/_upload/article/files/56/ed/788960544d56a38258aca7d3c8b5/216e599a-d6f6-4308-aa0b-ef45166a8431.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic, 2023 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

NEUZZ: Efficient Fuzzing with Neural Program Learning, 2018

• Website: https://arxiv.org/abs/1807.05620
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: NEUZZ: Efficient Fuzzing with Neural Program Learning, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

NEUZZ: Efficient Fuzzing with Neural Program Smoothing, 2019

• Website: https://www.computer.org/csdl/proceedings-article/sp/2019/666000a900/19skg5XghG0
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: NEUZZ: Efficient Fuzzing with Neural Program Smoothing, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Not all bytes are equal: Neural byte sieve for fuzzing, 2017

• Website: https://arxiv.org/abs/1711.04596
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Not all bytes are equal: Neural byte sieve for fuzzing, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis, 2021

• Website: https://softsec.kaist.ac.kr/~jschoi/data/oakland2021.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types, 2021

• Website: https://www.usenix.org/conference/usenixsecurity21/presentation/schumilo
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter O

This letter section contains 5 tools.

One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation, 2021

• Website: https://huhong789.github.io/papers/polyglot-oakland2021.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

OneFuzz

• Website: https://github.com/microsoft/onefuzz
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Cybersecurity Blue Team

What it does: OneFuzz is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Self-hosted Fuzzing-as-a-Service (FaaS) platform.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > DevSecOps > Fuzzing.

Back to Name Jump

Open Source Fuzzing Tools, 1st Edition

• Website: https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950/
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Open Source Fuzzing Tools, 1st Edition is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: (2007).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Books.

Back to Name Jump

Optimizing Seed Selection for Fuzzing, 2014

• Website: https://softsec.kaist.ac.kr/~sangkilc/papers/rebert-usenixsec14.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Optimizing Seed Selection for Fuzzing, 2014 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

OSS-Fuzz - Google's continuous fuzzing service for open source software, 2017

• Website: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/serebryany
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: OSS-Fuzz - Google's continuous fuzzing service for open source software, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter P

This letter section contains 6 tools.

Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction, 2020

• Website: https://qingkaishi.github.io/public_pdfs/SP2020.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

ParmeSan: Sanitizer-guided Greybox Fuzzing, 2020

• Website: https://www.usenix.org/conference/usenixsecurity20/presentation/osterlund
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: ParmeSan: Sanitizer-guided Greybox Fuzzing, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

PATA: Fuzzing with Path Aware Taint Analysis, 2022

• Website: http://www.wingtecher.com/themes/WingTecherResearch/assets/papers/sp22.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: PATA: Fuzzing with Path Aware Taint Analysis, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Profile-Driven System Optimizations for Accelerated Greybox Fuzzing, 2023

• Website: https://users.cs.utah.edu/~snagy/papers/23CCS.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Profile-Driven System Optimizations for Accelerated Greybox Fuzzing, 2023 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Program-Adaptive Mutational Fuzzing, 2015

• Website: https://softsec.kaist.ac.kr/~sangkilc/papers/cha-oakland15.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Program-Adaptive Mutational Fuzzing, 2015 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Protocol State Fuzzing of TLS Implementations, 2015

• Website: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/de-ruiter
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Protocol State Fuzzing of TLS Implementations, 2015 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter Q

This letter section contains 1 tools.

QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing, 2018

• Website: https://www.usenix.org/conference/usenixsecurity18/presentation/yun
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter R

This letter section contains 3 tools.

Razzer: Finding Kernel Race Bugs through Fuzzing, 2019

• Website: https://www.computer.org/csdl/proceedings-article/sp/2019/666000a296/19skfwZLirm
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Razzer: Finding Kernel Race Bugs through Fuzzing, 2019 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Regression Greybox Fuzzing, 2021

• Website: https://mboehme.github.io/paper/CCS21.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Regression Greybox Fuzzing, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization, 2020

• Website: https://www.semanticscholar.org/paper/RetroWrite%3A-Statically-Instrumenting-COTS-Binaries-Dinesh-Burow/845cafb153b0e4b9943c6d9b6a7e42c14845a0d6
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Letter S

This letter section contains 16 tools.

Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing, 2021

• Website: https://people.cs.vt.edu/snagy2/papers/21CCS.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Scheduling Black-box Mutational Fuzzing, 2013

• Website: https://softsec.kaist.ac.kr/~sangkilc/papers/woo-ccs13.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Scheduling Black-box Mutational Fuzzing, 2013 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits, 2017

• Website: https://www.informatics.indiana.edu/xw7/papers/p2139-you.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

SFuzz: Slice-based Fuzzing for Real-Time Operating Systems, 2022

• Website: https://huhong789.github.io/papers/chen:sfuzz.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: SFuzz: Slice-based Fuzzing for Real-Time Operating Systems, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing, 2022

• Website: https://www.usenix.org/system/files/sec22-cloosters.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Skyfire: Data-Driven Seed Generation for Fuzzing, 2017

• Website: https://www.ieee-security.org/TC/SP2017/papers/42.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Skyfire: Data-Driven Seed Generation for Fuzzing, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities, 2017

• Website: https://arxiv.org/pdf/1708.08437.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities, 2017 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

SoFi: Reflection-Augmented Fuzzing for JavaScript Engines, 2021

• Website: https://dl.acm.org/doi/pdf/10.1145/3460120.3484823
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: SoFi: Reflection-Augmented Fuzzing for JavaScript Engines, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities, 2022

• Website: https://compsec.snu.ac.kr/papers/jaewon-specdoctor.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

SpecFuzz

• Website: https://github.com/tudinfse/SpecFuzz
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: SpecFuzz is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: SpecFuzz is a tool to enable fuzzing for Spectre vulnerabilities.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > CPU.

Back to Name Jump

SpecFuzz: Bringing Spectre-type vulnerabilities to the surface, 2020

• Website: https://www.usenix.org/conference/usenixsecurity20/presentation/oleksenko
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: SpecFuzz: Bringing Spectre-type vulnerabilities to the surface, 2020 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Squirrel

• Website: https://github.com/s3team/Squirrel
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Squirrel is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Squirrel is a fuzzer for database managment systems (DBMSs).

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > DBMS.

Back to Name Jump

Stateful Greybox Fuzzing, 2022

• Website: https://www.usenix.org/system/files/sec22-ba.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Stateful Greybox Fuzzing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing, 2022

• Website: https://www.usenix.org/system/files/sec22-zhao-bodong.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting, 2021

• Website: https://www.cs.purdue.edu/homes/zhan3299/res/SP21b.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

Systematic Fuzzing and Testing of TLS Libraries, 2016

• Website: https://www.nds.rub.de/media/nds/veroeffentlichungen/2016/10/19/tls-attacker-ccs16.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Systematic Fuzzing and Testing of TLS Libraries, 2016 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Letter T

This letter section contains 7 tools.

T-Fuzz: fuzzing by program transformation, 2018

• Website: https://nebelwelt.net/publications/files/18Oakland.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: T-Fuzz: fuzzing by program transformation, 2018 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > IEEE Symposium on Security and Privacy (IEEE S&P).

Back to Name Jump

T-Reqs: HTTP Request Smuggling with Differential Fuzzing, 2021

• Website: https://bahruz.me/papers/ccs2021treqs.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: T-Reqs: HTTP Request Smuggling with Differential Fuzzing, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Taming compiler fuzzers, 2013

• Website: https://www.cs.utah.edu/~regehr/papers/pldi13.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Taming compiler fuzzers, 2013 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

TEFuzz

• Website: https://github.com/seclab-fudan/TEFuzz/
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: TEFuzz is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: TEFuzz is a tailored fuzzing-based framework to facilitate the detection and exploitation of template escape bugs.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > Web.

Back to Name Jump

The Art, Science, and Engineering of Fuzzing: A Survey

• Website: https://ieeexplore.ieee.org/document/8863940
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: The Art, Science, and Engineering of Fuzzing: A Survey is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: (2019) -.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Books.

Back to Name Jump

TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities, 2022

• Website: https://www.usenix.org/system/files/sec22-kande.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities, 2022 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Transynther

• Website: https://github.com/vernamlab/Medusa
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Transynther is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Transynther automatically generates and tests building blocks for Meltdown attacks with various faults and microcode assists.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > CPU.

Back to Name Jump

Letter U

This letter section contains 1 tools.

UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers, 2021

• Website: https://www.usenix.org/conference/usenixsecurity21/presentation/li-yuwei
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter V

This letter section contains 1 tools.

V-SHUTTLE: Scalable and Semantics-Aware Hypervisor Fuzzing, 2021

• Website: https://nesa.zju.edu.cn/download/ppt/pgn_slides_V-SHUTTLE.pdf
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: V-SHUTTLE: Scalable and Semantics-Aware Hypervisor Fuzzing, 2021 is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ACM Conference on Computer and Communications Security (ACM CCS).

Back to Name Jump

Letter W

This letter section contains 1 tools.

Witcher

• Website: https://github.com/sefcom/Witcher
• Model: Open Source
• Category: Fuzzing & Software Assurance
• Source Lists: Awesome Fuzzing

What it does: Witcher is used in fuzzing & software assurance programs to support automated input mutation testing to uncover reliability and security defects. Source summaries describe it as: Witcher is a web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL injection vulnerabilities.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Tools > Web.

Back to Name Jump