Web Pentesting Fuzz 字典,一个就够了。

OSS-Fuzz - continuous fuzzing for open source software.

syzkaller is an unsupervised coverage-guided kernel fuzzer

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

Monkey testing library for web apps and Node.js

Recent Fuzzing Paper

An step by step fuzzing tutorial. A GitHub Security Lab initiative

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).

A random SQL query generator

一个用于前端加密Fuzz的Burp Suite插件

Command line helpers for fuzzing

🐇 Fuzzing Rust code with American Fuzzy Lop

A curated list of awesome Fuzzing(or Fuzz Testing) for software security

🎯 Directory Payload List

This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

Fuzz Introspector -- introspect, extend and optimise fuzzers

coverage guided fuzz testing for javascript

🏆 Collection of bugs uncovered by fuzzing Rust code

Rust bindings and utilities for LLVM’s libFuzzer