hevm

hevm

DappHub From United States

hevm is a specialized fuzz testing tool designed for the Ethereum Virtual Machine (EVM), facilitating symbolic execution, unit testing, and smart contract debugging. It allows users to interactively debug contracts while displaying Solidity source, execute arbitrary EVM code, and perform extensive exploration of execution paths to identify assertion violations efficiently.

Top hevm Alternatives

StackScan

StackScan

Unlock deep insights into website technologies with StackScan, tracking 50,000+ tools (450+ technology categories to explore).

StackScan Pte Ltd
go-fuzz

go-fuzz

Go-fuzz is a sophisticated coverage-guided fuzzing tool designed for testing Go packages, particularly those handling complex text and binary inputs. It excels in identifying vulnerabilities in systems that process data from untrusted sources. With recent support for Go Modules, it incorporates randomized input generation to enhance code robustness efficiently.

dvyukov From United States
Honggfuzz

Honggfuzz

Honggfuzz is an advanced, security-focused software fuzzer that utilizes evolutionary, feedback-driven techniques based on code coverage. It operates efficiently in multi-process and multi-threaded environments, optimizing CPU core usage. With rapid persistent fuzzing capabilities, it has successfully identified critical vulnerabilities, including significant issues in OpenSSL, while also detecting overlooked signals from crashes.

Google From United States
FuzzDB

FuzzDB

FuzzDB serves as a crucial toolkit for enhancing application security through dynamic testing. It offers an extensive array of attack patterns and payloads tailored for fault injection, including vulnerabilities like SQL and NoSQL injections, XSS, and authentication bypasses. Additionally, it provides regex patterns to analyze predictable server responses, facilitating efficient resource discovery and risk assessment.

GitHub From United States
Google OSS-Fuzz

Google OSS-Fuzz

OSS-Fuzz provides continuous fuzz testing for open source software, effectively revealing programming errors with significant security implications, such as buffer overflows. By leveraging advanced fuzzing techniques and scalable execution, it has successfully identified over 10,000 vulnerabilities across various programming languages, enhancing the security and stability of countless projects.

Google From United States
Fuzzbuzz

Fuzzbuzz

Fuzzbuzz enhances the fuzz testing experience by seamlessly integrating into a developer's existing workflow. It automates the execution of fuzz tests within CI/CD pipelines, promptly notifying teams of critical bugs through various channels. As changes are made, Fuzzbuzz builds and instruments the code, ensuring continuous protection against regressions.

GitHub From United States
Sulley

Sulley

Sulley is a sophisticated fuzzing framework designed for seamless automation and unattended operation. With robust data generation capabilities, it meticulously monitors network interactions and the health of targets. Sulley efficiently detects, categorizes faults, and enables parallel fuzzing, significantly enhancing testing speed while allowing vulnerability researchers to focus on other critical tasks.

OpenRCE From United States
Fuzzapi

Fuzzapi

Fuzzapi is an innovative tool designed for REST API penetration testing, leveraging the capabilities of the API_Fuzzer gem to enhance security assessments. This Rails application features a user-friendly interface, simplifying the interaction with the gem. Docker support further streamlines installation, making it accessible for security professionals.

GitHub From United States
syzkaller

syzkaller

Syzkaller is an advanced unsupervised coverage-guided kernel fuzzer designed to enhance system security by identifying vulnerabilities across various operating systems, including Linux, FreeBSD, and Windows. It efficiently reproduces kernel crashes using multiple virtual machines, facilitating systematic debugging and minimizing the original offending program, thereby improving system robustness.

Google From United States
Ffuf

Ffuf

Ffuf is a high-performance web fuzzing tool crafted in Go, designed for efficient vulnerability discovery. Users can execute fuzzing operations with customizable inputs and wordlists, making it adaptable for various testing scenarios. Ffuf’s unique features include virtual host discovery and real-time filtering options, enhancing its usability for security professionals.

GitHub From United States
Tayt

Tayt

Tayt serves as an advanced fuzzer for StarkNet smart contracts, allowing users to analyze contract behavior through rigorous testing. It generates transaction sequences and evaluates properties, highlighting any violations with clear call sequences and emitted events. This tool enhances contract deployment safety by revealing potential vulnerabilities effectively.

Crytic From United States
Etheno

Etheno

Etheno serves as an innovative Ethereum testing tool, seamlessly integrating JSON RPC multiplexing and analysis. It simplifies the process of utilizing complex tools like Echidna for large multi-contract projects. Smart contract and Ethereum client developers benefit from its differential testing capabilities, enabling efficient deployment and interaction across multiple networks.

Crytic From United States
american fuzzy lop

american fuzzy lop

This security-oriented fuzzer utilizes advanced compile-time instrumentation and genetic algorithms to identify novel test cases that expose new states in binaries. By generating compact, effective data corpora, it enhances the testing of complex applications like image parsers and compression libraries, ensuring robust performance with minimal configuration.

Google From United States
Echidna

Echidna

Echidna is a sophisticated fuzz testing tool designed specifically for Ethereum smart contracts, utilizing Haskell for property-based testing. It performs grammar-based fuzzing to validate user-defined predicates against contract behaviors, ensuring safety. With modular design, it supports tailored inputs, automatic test minimization, and integration with various development workflows, enhancing bug detection efficiency.

Crytic From United States
ToothPicker

ToothPicker

ToothPicker is a specialized in-process fuzzer designed for iOS, targeting the Bluetooth daemon bluetoothd and various Bluetooth protocols. Built on FRIDA, it provides adaptability across platforms. The tool includes an over-the-air fuzzer for Apple's MagicPairing protocol and a script for verifying identified crashes, facilitating effective Bluetooth security analysis.

Secure Mobile Networking Lab From United States
Solidity Fuzzing Boilerplate

Solidity Fuzzing Boilerplate

Designed for efficiency, the Solidity Fuzzing Boilerplate simplifies the fuzzing of Solidity components, particularly libraries. Users can leverage Echidna and Foundry's fuzzing capabilities, deploy various Solidity versions in Ganache, and utilize HEVM's FFI cheat code for advanced fuzzing strategies, ensuring thorough testing across diverse scenarios.

patrickd From United States

Company Information

  • Company: DappHub
  • Country: United States

Top hevm Features

  • Symbolic execution of smart contracts
  • Unit testing integration
  • Interactive debugging with Solidity
  • Easily fetch live network state
  • Customizable assertion violation checks
  • Counterexample generation for violations
  • Function signature argument specialization
  • Eager exploration of execution branches
  • Git-based state management
  • Arbitrary EVM code execution
  • Flexible timeout configurations
  • Comprehensive cheat codes available
  • Integration with DappHub tool suite
  • Automatic test case generation
  • Supports Solidity unit tests
  • RPC call support for live interactions
  • Enhanced exploration for loop branches
  • Detailed execution path analysis
  • Environment manipulation via cheat codes
  • Compatible with Stack and Cabal.