Fuzzing

Fuzzing tool reviews will be made available here. We will just add stuff here, and provide reviews later…

Test tools and suites:

With these you just point and click, and the tests will start.

PROTOS test-suites:

• WAP-WSP
• WAP-WMLC
• HTTP
• LDAP
• SNMP
• SIP
• H.323
• ISAKMP
• DNS
• Archives

Fuzzers from iSEC:

• SOAP, IPC and File

VOIPER:

• SIP

Burp Intruder from PortSwigger:

• Web Fuzzer

Wapiti:

• Web Fuzzer

RFuzz:

• Web Fuzzer

OWASP WSFuzzer:

• Web Fuzzer

Suru Web Proxy by SensePost:

• Web Fuzzer

General purpose fuzzing frameworks:

With these you either record a use-case and fuzz it, or design a protocol model that will be used to generate the tests.

Fuzzers from VDA Labs (Chapter 7 of the book will focus on EFS):

• EFS and GPF

Fuzzers by Immunity:

• SPIKE