8 Repos
Tools for injecting payloads to test application robustness.
Explore 8 awesome GitHub repositories matching part of an awesome list · Fuzzing. Refine with filters or upvote what's useful.
This tool is a command-line utility designed for automated web resource discovery, fuzzing, and application structure mapping. It functions as a security-focused scanner that identifies hidden files, directories, parameters, and virtual hosts by injecting payloads into HTTP requests. By systematically testing how servers handle various inputs, it assists in mapping the architecture of web applications and uncovering potential security vulnerabilities. The tool distinguishes itself through a highly concurrent engine that manages asynchronous request execution and recursive job orchestration. I
Fast web fuzzer written in Go.
fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-s
Dictionary of attack patterns and injection primitives.
Wfuzz is a web application fuzzing framework that automates the injection of payloads into HTTP requests to discover hidden resources, parameters, and vulnerabilities. It functions as a content discovery scanner, a brute-force tool for credential guessing, and a plugin-based vulnerability scanner, all within a single modular system. The tool distinguishes itself through its plugin-based extensibility, allowing custom Python modules to add new payload sources, output printers, or scanning logic without modifying core code. It supports concurrent request dispatch using thread-based parallelism
Web application fuzzer.
Potentially dangerous files
List of potentially dangerous files.
A JavaScript Engine Fuzzer
JavaScript engine fuzzer.
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
REST API pentesting fuzzer.
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Advanced web fuzzer written in Nim.
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Query string fuzzer for identifying vulnerabilities.