3 Repos
Active testing of application parameters using malformed or unexpected inputs to find injection points.
Distinct from Fuzzing Resources: Existing candidates focus on orchestration or WASM-specific fuzzing rather than web parameter fuzzing.
Explore 3 awesome GitHub repositories matching security & cryptography · Parameter Fuzzing. Refine with filters or upvote what's useful.
Yakit is a comprehensive cybersecurity all-in-one platform designed for security assessments. It integrates a suite of core tools including an HTTP interception proxy for real-time traffic modification, an out-of-band interaction detector for verifying remote command execution via TCP, DNSLog, and ICMP, and a reverse shell manager for controlling remote server connections. The platform is distinguished by its dedicated security scripting environment, which allows for the development and execution of custom logic and plugins using a specialized high-performance language. It further extends fun
Implements active testing of application input fields using malformed data to find injection points.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Uses templates to fuzz parameter values and identify potential injection points.
Wfuzz is a web application fuzzing framework that automates the injection of payloads into HTTP requests to discover hidden resources, parameters, and vulnerabilities. It functions as a content discovery scanner, a brute-force tool for credential guessing, and a plugin-based vulnerability scanner, all within a single modular system. The tool distinguishes itself through its plugin-based extensibility, allowing custom Python modules to add new payload sources, output printers, or scanning logic without modifying core code. It supports concurrent request dispatch using thread-based parallelism
Iterates through payloads for query strings, POST bodies, headers, and cookies to find injection points.