rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update render script and Makefile

Browse Source
This commit is contained in:
Jonas Zeunert
2024-04-22 21:54:39 +02:00
parent 2d63fe63cd
commit 4d0cd768f7
10975 changed files with 47095 additions and 4031084 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
terminal/fuzzing
View File

@@ -1,7 +1,8 @@
 Awesome Fuzzing !Awesome (https://awesome.re/badge.svg) (https://awesome.re)
 Awesome Fuzzing !Awesome (https://awesome.re/badge.svg) (https://awesome.re)
▐ Fuzzing (https://en.wikipedia.org/wiki/Fuzzing) or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The 
▐ program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs. 
▐ Fuzzing (https://en.wikipedia.org/wiki/Fuzzing) or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a 
▐ computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs 
▐ that take structured inputs. 
A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.
@@ -57,14 +58,16 @@
- PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary, 2019 (https://people.cs.kuleuven.be/~stijn.volckaert/papers/2019_NDSS_PeriScope.pdf)
- REDQUEEN: Fuzzing with Input-to-State Correspondence, 2019 (https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2018/12/17/NDSS19-Redqueen.pdf)
- Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing, 2019 (https://www.cs.ucr.edu/~heng/pubs/digfuzz_ndss19.pdf)
- Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications, 2019 (https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_08-4_Zhang_paper.pdf)
- Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications, 2019 
(https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_08-4_Zhang_paper.pdf)
- INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing, 2018 (https://www.ndss-symposium.org/wp-content/uploads/2018/07/bar2018_14_Hsu_paper.pdf)
- IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing, 2018 (http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_01A-1_Chen_paper.pdf)
- What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, 2018 (http://s3.eurecom.fr/docs/ndss18_muench.pdf)
- Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing, 2018 (https://lifeasageek.github.io/papers/han:meds.pdf)
- Vuzzer: Application-aware evolutionary fuzzing, 2017 (https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/vuzzer-application-aware-evolutionary-fuzzing/)
- DELTA: A Security Assessment Framework for Software-Defined Networks, 2017 (https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss201702A-1LeePaper.pdf)
- Driller: Augmenting Fuzzing Through Selective Symbolic Execution, 2016 (https://cancer.shtech.org/wiki/uploads/2016---NDSS---driller-augmenting-fuzzing-through-selective-symbolic-execution.pdf)
- Driller: Augmenting Fuzzing Through Selective Symbolic Execution, 2016 
(https://cancer.shtech.org/wiki/uploads/2016---NDSS---driller-augmenting-fuzzing-through-selective-symbolic-execution.pdf)
- Automated Whitebox Fuzz Testing, 2008 (https://www.ndss-symposium.org/wp-content/uploads/2017/09/Automated-Whitebox-Fuzz-Testing-paper-Patrice-Godefroid.pdf)
@@ -114,7 +117,8 @@
- SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel, 2022 (https://www.usenix.org/system/files/sec22-zou.pdf)
- Morphuzz: Bending (Input) Space to Fuzz Virtual Devices, 2022 (https://www.usenix.org/system/files/sec22-bulekov.pdf)
- Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing, 2021 (https://www.usenix.org/conference/usenixsecurity21/presentation/nagy)
- ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications, 2021 (https://www.usenix.org/conference/usenixsecurity21/presentation/tychalas)
- ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications, 2021 
(https://www.usenix.org/conference/usenixsecurity21/presentation/tychalas)
- Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing, 2021 (https://www.usenix.org/conference/usenixsecurity21/presentation/aafer)
- Constraint-guided Directed Greybox Fuzzing, 2021 (https://www.usenix.org/conference/usenixsecurity21/presentation/lee-gwangmu)
- Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types, 2021 (https://www.usenix.org/conference/usenixsecurity21/presentation/schumilo)
@@ -172,7 +176,8 @@
- IMF: Inferred Model-based Fuzzer, 2017 (http://daramg.gift/paper/han-ccs2017.pdf)
- SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits, 2017 (https://www.informatics.indiana.edu/xw7/papers/p2139-you.pdf)
- AFL-based Fuzzing for Java with Kelinci, 2017 (https://dl.acm.org/citation.cfm?id=3138820)
- Designing New Operating Primitives to Improve Fuzzing Performance, 2017 (http://iisp.gatech.edu/sites/default/files/images/designing_new_operating_primitives_to_improve_fuzzing_performance_vt.pdf)
- Designing New Operating Primitives to Improve Fuzzing Performance, 2017 
(http://iisp.gatech.edu/sites/default/files/images/designing_new_operating_primitives_to_improve_fuzzing_performance_vt.pdf)
- Directed Greybox Fuzzing, 2017 (https://dl.acm.org/citation.cfm?id=3134020)
- SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities, 2017 (https://arxiv.org/pdf/1708.08437.pdf)
- DIFUZE: Interface Aware Fuzzing for Kernel Drivers, 2017 (https://acmccs.github.io/papers/p2123-corinaA.pdf)
@@ -215,24 +220,26 @@
Tools
Information about the various open source tools you can use to leverage fuzz testing. The items in this section have been organized and classified based on the standards set by the https://fuzzing-survey.org/ 
website. Although there are currently more than 35 categories, we have selected the most relevant ones to provide efficient information. Additionally, items that are outdated and deprecated have been excluded, 
and only those that are currently usable are listed.
Information about the various open source tools you can use to leverage fuzz testing. The items in this section have been organized and classified based on the standards set by the 
https://fuzzing-survey.org/ website. Although there are currently more than 35 categories, we have selected the most relevant ones to provide efficient information. Additionally, items that 
are outdated and deprecated have been excluded, and only those that are currently usable are listed.
File
- AFL++ (https://github.com/AFLplusplus/AFLplusplus) - AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.
- Angora (https://github.com/AngoraFuzzer/Angora) - Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic 
execution.
- AFL++ (https://github.com/AFLplusplus/AFLplusplus) - AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module 
support, etc.
- Angora (https://github.com/AngoraFuzzer/Angora) - Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints 
without symbolic execution.
Kernel
Network
API
- IvySyn (https://gitlab.com/brown-ssl/ivysyn) - IvySyn is a fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks.
- MINER (https://github.com/puppet-meteor/MINER) - MINER is a REST API fuzzer that utilizes three data-driven designs working together to guide the sequence generation, improve the request generation quality, 
and capture the unique errors caused by incorrect parameter usage.
- MINER (https://github.com/puppet-meteor/MINER) - MINER is a REST API fuzzer that utilizes three data-driven designs working together to guide the sequence generation, improve the request 
generation quality, and capture the unique errors caused by incorrect parameter usage.
- RestTestGen (https://github.com/SeUniVr/RestTestGen) - RestTestGen is a robust tool and framework designed for automated black-box testing of RESTful web APIs.
- GraphFuzz (https://github.com/ForAllSecure/GraphFuzz) - GraphFuzz is an experimental framework for building structure-aware, library API fuzzers.
- Minerva (https://github.com/ChijinZ/Minerva) - Minerva is a browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case.
- FANS (https://github.com/iromise/fans) - FANS is a fuzzing tool for fuzzing Android native system services. It contains four components: interface collector, interface model extractor, dependency inferer, and 
fuzzer engine.
- Minerva (https://github.com/ChijinZ/Minerva) - Minerva is a browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test 
case.
- FANS (https://github.com/iromise/fans) - FANS is a fuzzing tool for fuzzing Android native system services. It contains four components: interface collector, interface model extractor, 
dependency inferer, and fuzzer engine.
JavaScript
Firmware
Hypervisor
@@ -244,8 +251,8 @@
Lib
Web
- TEFuzz (https://github.com/seclab-fudan/TEFuzz/) - TEFuzz is a tailored fuzzing-based framework to facilitate the detection and exploitation of template escape bugs.
- Witcher (https://github.com/sefcom/Witcher) - Witcher is a web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL injection 
vulnerabilities.
- Witcher (https://github.com/sefcom/Witcher) - Witcher is a web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL
injection vulnerabilities.
- CorbFuzz (https://github.com/shouc/corbfuzz) - CorbFuzz is a state-aware fuzzer for generating as much reponses from a web application as possible without need of setting up database, etc.
DOM
Argument