Sulley
Sulley is a sophisticated fuzzing framework designed for seamless automation and unattended operation. With robust data generation capabilities, it meticulously monitors network interactions and the health of targets. Sulley efficiently detects, categorizes faults, and enables parallel fuzzing, significantly enhancing testing speed while allowing vulnerability researchers to focus on other critical tasks.
Top Sulley Alternatives
StackScan
Unlock deep insights into website technologies with StackScan, tracking 50,000+ tools (450+ technology categories to explore).
Google OSS-Fuzz
OSS-Fuzz provides continuous fuzz testing for open source software, effectively revealing programming errors with significant security implications, such as buffer overflows. By leveraging advanced fuzzing techniques and scalable execution, it has successfully identified over 10,000 vulnerabilities across various programming languages, enhancing the security and stability of countless projects.
syzkaller
Syzkaller is an advanced unsupervised coverage-guided kernel fuzzer designed to enhance system security by identifying vulnerabilities across various operating systems, including Linux, FreeBSD, and Windows. It efficiently reproduces kernel crashes using multiple virtual machines, facilitating systematic debugging and minimizing the original offending program, thereby improving system robustness.
Honggfuzz
Honggfuzz is an advanced, security-focused software fuzzer that utilizes evolutionary, feedback-driven techniques based on code coverage. It operates efficiently in multi-process and multi-threaded environments, optimizing CPU core usage. With rapid persistent fuzzing capabilities, it has successfully identified critical vulnerabilities, including significant issues in OpenSSL, while also detecting overlooked signals from crashes.
Tayt
Tayt serves as an advanced fuzzer for StarkNet smart contracts, allowing users to analyze contract behavior through rigorous testing. It generates transaction sequences and evaluates properties, highlighting any violations with clear call sequences and emitted events. This tool enhances contract deployment safety by revealing potential vulnerabilities effectively.
hevm
hevm is a specialized fuzz testing tool designed for the Ethereum Virtual Machine (EVM), facilitating symbolic execution, unit testing, and smart contract debugging. It allows users to interactively debug contracts while displaying Solidity source, execute arbitrary EVM code, and perform extensive exploration of execution paths to identify assertion violations efficiently.
american fuzzy lop
This security-oriented fuzzer utilizes advanced compile-time instrumentation and genetic algorithms to identify novel test cases that expose new states in binaries. By generating compact, effective data corpora, it enhances the testing of complex applications like image parsers and compression libraries, ensuring robust performance with minimal configuration.
go-fuzz
Go-fuzz is a sophisticated coverage-guided fuzzing tool designed for testing Go packages, particularly those handling complex text and binary inputs. It excels in identifying vulnerabilities in systems that process data from untrusted sources. With recent support for Go Modules, it incorporates randomized input generation to enhance code robustness efficiently.
ToothPicker
ToothPicker is a specialized in-process fuzzer designed for iOS, targeting the Bluetooth daemon bluetoothd and various Bluetooth protocols. Built on FRIDA, it provides adaptability across platforms. The tool includes an over-the-air fuzzer for Apple's MagicPairing protocol and a script for verifying identified crashes, facilitating effective Bluetooth security analysis.
FuzzDB
FuzzDB serves as a crucial toolkit for enhancing application security through dynamic testing. It offers an extensive array of attack patterns and payloads tailored for fault injection, including vulnerabilities like SQL and NoSQL injections, XSS, and authentication bypasses. Additionally, it provides regex patterns to analyze predictable server responses, facilitating efficient resource discovery and risk assessment.
Radamsa
Radamsa serves as an advanced test case generator designed for robustness testing, effectively evaluating how programs handle malformed or malicious inputs. By transforming valid data samples into varied outputs, Radamsa has successfully identified numerous critical bugs. Its scriptable nature and ease of setup make it an invaluable tool for testers seeking to uncover unexpected behaviors in software.
Fuzzbuzz
Fuzzbuzz enhances the fuzz testing experience by seamlessly integrating into a developer's existing workflow. It automates the execution of fuzz tests within CI/CD pipelines, promptly notifying teams of critical bugs through various channels. As changes are made, Fuzzbuzz builds and instruments the code, ensuring continuous protection against regressions.
OWASP WSFuzzer
OWASP WSFuzzer is a robust fuzz testing tool designed to uncover software implementation bugs through automated injection of malformed data. By simulating unexpected inputs, it identifies vulnerabilities, such as buffer overflows and DoS attacks. This tool enhances security testing, enabling developers to fortify applications against potential threats effectively.
Fuzzapi
Fuzzapi is an innovative tool designed for REST API penetration testing, leveraging the capabilities of the API_Fuzzer gem to enhance security assessments. This Rails application features a user-friendly interface, simplifying the interaction with the gem. Docker support further streamlines installation, making it accessible for security professionals.
Peach Fuzzer
Peach Fuzzer is an advanced fuzz testing tool that excels in both generation and mutation-based techniques. Utilizing Peach Pit files, users can define data structures and relationships for targeted fuzzing. Its flexible configuration allows for customized fuzz runs, making it suitable for a wide range of applications, from servers to embedded systems.
Ffuf
Ffuf is a high-performance web fuzzing tool crafted in Go, designed for efficient vulnerability discovery. Users can execute fuzzing operations with customizable inputs and wordlists, making it adaptable for various testing scenarios. Ffuf’s unique features include virtual host discovery and real-time filtering options, enhancing its usability for security professionals.
Company Information
- Company: OpenRCE
- Country: United States
Top Sulley Features
- Fully automated fuzzing framework
- Multiple extensible components
- Simplifies data representation
- Simplifies data transmission
- Monitors target health
- Reverts to known good state
- Detects and categorizes faults
- Parallel fuzzing capabilities
- Automatic fault sequence detection
- Unattended operation for days
- Active maintenance and updates
- Easy integration with Python
- Comprehensive network monitoring
- Records detailed test results
- User-friendly documentation
- Community-driven improvements
- Support for multiple platforms
- Customizable fuzzing strategies
- Efficient resource management
- Real-time fault tracking.