Alternatives to syzkaller
Compare syzkaller alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to syzkaller in 2026. Compare features, ratings, user reviews, pricing, and more from syzkaller competitors and alternatives in order to make an informed decision for your business.
-
1
Bugfender
Beenario
Remote logger, crash reporter and in-app user feedback Bugfender is a log storage service for application developers. Bugfender collects everything happening in the application, even if it doesn’t crash, in order to reproduce and resolve bugs more effectively and provide better customer support. Bugfender respects your user's privacy, is battery and network efficient and keeps logging even if the device is offline. Track and destroy bugs before users even notice. Bugfender logs all bugs on all devices and sends the results in seconds - enabling you to find and fix bugs before your users even get an error message. Achieve 5-Star Ratings. Bugfender doesn’t just log bugs and crashes. It logs all the information you’ll ever need so you can build a clear picture of your users and earn those crucial five-star ratings. Deliver world-class customer service. Our logging tool enables you to target individual users and provide personalized customer support.Starting Price: €29 per month -
2
ClusterFuzz
Google
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features to seamlessly integrate fuzzing into a software project’s development process. Fully automatic bug filing, triage, and closing for various issue trackers. Supports multiple coverages guided fuzzing engines for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase. Support for black-box fuzzing, test case minimization, and regression finding through bisection. -
3
Google ClusterFuzz
Google
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features to seamlessly integrate fuzzing into a software project’s development process. Fully automatic bug filing, triage, and closing for various issue trackers. Supports multiple coverages guided fuzzing engines for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase. Support for black-box fuzzing, test case minimization, and regression finding through bisection.Starting Price: Free -
4
ToothPicker
Secure Mobile Networking Lab
ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically target iOS's Bluetooth daemon and to analyze various Bluetooth protocols on iOS. As it is built using FRIDA, it can be adapted to target any platform that runs FRIDA. This repository also includes an over-the-air fuzzer with an exemplary implementation to fuzz Apple's MagicPairing protocol using InternalBlue. Additionally, it contains the ReplayCrashFile script that can be used to verify crashes the in-process fuzzer has found. This is a very simple fuzzer that only flips bits and bytes of inactive connections. No coverage, no injection, but nice as a demo and stateful. Runs just with Python and Frida, no modules or installation are required. ToothPicker is built on the codebase of frizzer. It is recommended to set up a virtual Python environment for frizzer. Starting from the iPhone XR/Xs, PAC has been introduced.Starting Price: Free -
5
Awesome Fuzzing
secfigo
Awesome Fuzzing is a list of fuzzing resources including books, courses, both free and paid, videos, tools, tutorials, and vulnerable applications to practice in order to learn fuzzing and initial phases of exploit development like root cause analysis. Courses/training videos on fuzzing, videos talking about fuzzing techniques, tools, and best practices. Conference talks and tutorials, blogs, tools that help in fuzzing applications, and fuzzers that help in fuzzing applications that use network-based protocols like HTTP, SSH, SMTP, etc. Search and pick the exploits, that have respective apps available for download, and reproduce the exploit by using the fuzzer of your choice. Set of tests for fuzzing engines. Includes different well-known bugs. A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.Starting Price: Free -
6
Honggfuzz
Google
Honggfuzz is a security-oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW-based). It’s multi-process and multi-threaded, there’s no need to run multiple copies of your fuzzer, as Honggfuzz can unlock the potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. It’s blazingly fast when the persistent fuzzing mode is used. A simple/empty LLVMFuzzerTestOneInput function can be tested with up to 1mo iteration per second on a relatively modern CPU. Has a solid track record of uncovered security bugs, the only (to date) vulnerability in OpenSSL with the critical score mark was discovered by Honggfuzz. As opposed to other fuzzers, it will discover and report hijacked/ignored signals from crashes (intercepted and potentially hidden by a fuzzed program).Starting Price: Free -
7
Code Intelligence
Code Intelligence
Our platform uses various security techniques, including coverage-guided and feedback-based fuzz testing, to automatically generate millions of test cases that trigger hard-to-find bugs deep within your application. This white-box approach protects against edge cases and speeds up development. Advanced fuzzing engines generate inputs that maximize code coverage. Powerful bug detectors check for errors during code execution. Uncover true vulnerabilities only. Get the input and stack trace as proof, so you can reliably reproduce errors every time. AI white-box testing uses data from all previous test runs to continuously learn the inner-workings of your application, triggering security-critical bugs with increasingly high precision. -
8
Peach Fuzzer
Peach Tech
Peach is a SmartFuzzer that is capable of performing both generation and mutation-based fuzzing. Peach requires the creation of Peach Pit files that define the structure, type information, and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run including selecting a data transport (publisher), logging interface, etc. Peach has been under active development since 2004 and is in its third major version. Fuzzing continues to be the fastest way to find security issues and test for bugs. Effective hardware fuzzing with Peach will introduce students to the fundamentals of device fuzzing. Peach was designed to fuzz any type of data consumer from servers to embedded devices. Researchers, corporations, and governments already use Peach to find vulnerabilities in hardware. This course will focus on using Peach to target embedded devices and collect information from the device in the event of a crash.Starting Price: Free -
9
OWASP WSFuzzer
OWASP
Fuzz testing or fuzzing is a software testing technique, that basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion. Let’s consider an integer in a program, which stores the result of a user’s choice between 3 questions. When the user picks one, the choice will be 0, 1, or 2, which makes three practical cases. Integers are stored as a static size variable. If the default switch case hasn’t been implemented securely, the program may crash and lead to “classical” security issues. Fuzzing is the art of automatic bug finding, and its role is to find software implementation faults and identify them if possible. A fuzzer is a program that automatically injects semi-random data into a program/stack and detects bugs. The data-generation part is made of generators, and vulnerability identification relies on debugging tools. Generators usually use combinations of static fuzzing vectors. -
10
Atheris
Google
Atheris is a coverage-guided Python fuzzing engine. It supports fuzzing of Python code, but also native extensions written for CPython. Atheris is based on libFuzzer. When fuzzing native code, Atheris can be used to catch extra bugs. Atheris supports Linux (32- and 64-bit) and Mac OS X, with Python versions 3.6-3.10. It comes with a built-in libFuzzer, which is fine for fuzzing Python code. If you plan to fuzz native extensions, you may need to build from source to ensure the libFuzzer version in Atheris matches your Clang version. Atheris relies on libFuzzer, which is distributed with Clang. Apple Clang doesn't come with libFuzzer, so you'll need to install a new version of LLVM. Atheris is based on a coverage-guided mutation-based fuzzer (LibFuzzer). This has the advantage of not requiring any grammar definition for generating inputs, making its setup easier. The disadvantage is that it will be harder for the fuzzer to generate inputs for code that parses complex data types.Starting Price: Free -
11
LibFuzzer
LLVM Project
LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine. LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the library via a specific fuzzing entry point (or target function); the fuzzer then tracks which areas of the code are reached, and generates mutations on the corpus of input data in order to maximize the code coverage. The code coverage information for libFuzzer is provided by LLVM’s SanitizerCoverage instrumentation. LibFuzzer is still fully supported in that important bugs will get fixed. The first step in using libFuzzer on a library is to implement a fuzz target, a function that accepts an array of bytes and does something interesting with these bytes using the API under test. Note that this fuzz target does not depend on libFuzzer in any way so it is possible and even desirable to use it with other fuzzing engines like AFL and/or Radamsa.Starting Price: Free -
12
CI Fuzz
Code Intelligence
CI Fuzz ensures robust and secure code with test coverage up to 100%. Use CI Fuzz from the command line or in the IDE of choice to generate thousands of test cases automatically. CI Fuzz analyzes code as it runs, just like a unit test, but with AI support to efficiently cover all paths through the code. Uncover real bugs in real-time and say goodbye to theoretical issues and false positives. Find real issues with all the information needed to quickly reproduce and fix them. Test your code with maximum code coverage and automatically detect typical security-relevant bugs like injections and remote code executions automatically in one go. Get fully covered to deliver the highest quality software. Conduct real-time code analysis with CI Fuzz. Take unit tests to the next level. It employs AI for comprehensive code path coverage and the automatic generation of thousands of test cases. Maximize pipeline performance that doesn't compromise software integrity.Starting Price: €30 per month -
13
Bugsee
Bugsee
See video, network and logs that led to bugs and crashes in live apps. No need to reproduce intermittent bugs. With Bugsee, all the crucial data is always there. All important traces from your app. Now you know what exactly led to unexpected behavior. See the video of all user actions, communication with the backend and system state that led to the problem. Get statistics on similar crashes. See trends broken down by device type, OS version and time. Get the exact filename, method and a line number of the crash. See states of all other threads running at the time of the crash. See all HTTP and HTTPS requests and responses – headers and body – from and to your app. Replay all app’s console logs synchronized to the video and network traffic.Starting Price: $99 per month -
14
Fuzzing Project
Fuzzing Project
Fuzzing is a powerful strategy to find bugs in software. The idea is quite simple, which is to generate a large number of randomly malformed inputs for the software to parse and see what happens. If the program crashes then something is likely wrong. While fuzzing is a well-known strategy, it is surprisingly easy to find bugs, often with security implications, in widely used software. Memory access errors are the errors most likely to be exposed when fuzzing software that is written in C/C++. While they differ in the details, the core problem is often the same, the software reads or writes to the wrong memory locations. A modern Linux or BSD system ships a large number of basic tools that do some kind of file displaying and parsing. In their current state, most of these tools are not suitable for untrusted inputs. On the other hand, we have powerful tools these days that allow us to find and analyze these bugs.Starting Price: Free -
15
afl-unicorn
Battelle
afl-unicorn lets you fuzz any piece of binary that can be emulated by Unicorn Engine. If you can emulate the code you’re interested in using the Unicorn Engine, you can fuzz it with afl-unicorn. Unicorn Mode works by implementing the block-edge instrumentation that AFL’s QEMU mode normally does into Unicorn Engine. Basically, AFL will use block coverage information from any emulated code snippet to drive its input generation. The whole idea revolves around the proper construction of a Unicorn-based test harness. The Unicorn-based test harness loads the target code, sets up the initial state, and loads in data mutated by AFL from disk. The test harness then emulates the target binary code, and if it detects that a crash or error occurred it throws a signal. AFL will do all its normal stuff, but it’s actually fuzzing the emulated target binary code. Only tested on Ubuntu 16.04 LTS, but it should work smoothly with any OS capable of running both AFL and Unicorn.Starting Price: Free -
16
go-fuzz
dvyukov
Go-fuzz is a coverage-guided fuzzing solution for testing Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary) and is especially useful for hardening systems that parse inputs from potentially malicious users (anything accepted over a network). go-fuzz has recently added preliminary support for fuzzing Go Modules. If you encounter a problem with modules, please file an issue with details. Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase the priority of the given input during subsequent fuzzing if the input must not be added to the corpus even if it gives new coverage, and 0 otherwise; other values are reserved for future use. The fuzz function must be in a package that go-fuzz can import. This means the code you want to test can't be in package main. Fuzzing internal packages is supported, however.Starting Price: Free -
17
Jazzer
Code Intelligence
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. You can use Docker to try out Jazzer's autofuzz mode, which automatically generates arguments to a given Java function and reports unexpected exceptions and detected security issues. You can also use GitHub release archives to run a standalone Jazzer binary that starts its own JVM configured for fuzzing.Starting Price: Free -
18
BlackArch Fuzzer
BlackArch
BlackArch is a Linux pentesting distribution based on ArchLinux. BlackArch Fuzzer provides packages that use the fuzz testing principle. -
19
DragonFly BSD
DragonFly BSD
DragonFly version 6.2.2 is released. The 6.2 series has hardware support for type-2 hypervisors with NVMM, an amdgpu driver, the experimental ability to remote-mount HAMMER2 volumes, and many other changes. DragonFly belongs to the same class of operating systems as other BSD-derived systems and Linux. It is based on the same UNIX ideals and APIs and shares ancestor code with other BSD operating systems. DragonFly provides an opportunity for the BSD base to grow in an entirely different direction from the one taken in the FreeBSD, NetBSD, and OpenBSD series. DragonFly includes many useful features that differentiate it from other operating systems in the same class. The most prominent one is HAMMER, our modern high-performance filesystem with built-in mirroring and historic access functionality. Virtual kernels provide the ability to run a full-blown kernel as a user process for the purpose of managing resources or for accelerated kernel development and debugging.Starting Price: Free -
20
SystemRescue
SystemRescue
SystemRescue is a Linux system rescue toolkit available as a bootable medium for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the hard disk partitions. It comes with a lot of Linux system utilities such as GParted, fsarchiver, filesystem tools and basic tools (editors, midnight commander, network tools). It can be used for both Linux and windows computers, and on desktops as well as servers. This rescue system requires no installation as it can be booted from a CD/DVD drive or USB stick, but it can be installed on the hard disk if you wish. The kernel supports all important file systems (ext4, xfs, btrfs, vfat, ntfs), as well as network filesystems such as Samba and NFS. -
21
american fuzzy lop
Google
American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor or resource-intensive testing regimes down the road. Compared to other instrumented fuzzers, afl-fuzz is designed to be practical, it has a modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases, say, common image parsing or file compression libraries. It's an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets.Starting Price: Free -
22
Sulley
OpenRCE
Sulley is a fuzzing engine and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and instrumentation. A pure-Python fully automated and unattended fuzzing framework. Sulley not only has impressive data generation but has taken this a step further and includes many other important aspects a modern fuzzer should provide. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a known good state using multiple methods. Sulley detects, tracks, and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases triggers faults.Starting Price: Free -
23
Boofuzz
Boofuzz
Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, Boofuzz aims for extensibility. Like Sulley, Boofuzzincorporates all the critical elements of a fuzzer like easy and quick data generation, instrumentation and failure detection, target reset after failure, and recording of test data. Much easier install experience and support for arbitrary communications mediums. Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast. Better recording of test data, consistent, thorough, and clear. Test result CSV export and extensible instrumentation/failure detection. Boofuzz installs as a Python library used to build fuzzer scripts. It is strongly recommended to set up Boofuzz in a virtual environment.Starting Price: Free -
24
UserX
UserX
UserX is a cutting-edge UX analytics platform that provides growth-oriented insights for mobile app teams. Our comprehensive suite of tools, including session recordings, heatmaps, and conversion funnels, empowers companies to gain a deep understanding of user behavior and make data-driven decisions. Session recordings allow you to gain valuable insights into user behavior by closely monitoring and analyzing their interactions with your app. Heatmaps provide a comprehensive understanding of user interactions on every application screen, enabling you to identify the interface elements that are most appealing to users, as well as those that are being overlooked or ignored. Conversion funnels help you determine the stage in the application funnel where users are dropping off and identify the reasons for churn. Crash replays enable you to identify and reproduce technical errors, allowing for quicker resolution of technical bugs.Starting Price: $299 per month -
25
Luciq
Luciq
Luciq is an AI-powered mobile observability platform designed for app developers and enterprises to monitor, diagnose, and improve mobile applications seamlessly. The solution brings together bug reporting, crash analytics, session replay, and performance monitoring in one unified SDK that supports Android, iOS, web and hybrid apps. It enables users to capture detailed device logs, network traces, annotated screenshots, videos and user feedback, while automatically correlating events and errors using machine learning to prioritize issues by impact. Developers gain visibility into user sessions where things went wrong, reproduce defects through replay, and resolve issues faster using integrations with JIRA, Slack, Zapier, Zendesk and other tools. With Luciq’s “Agentic Mobile Observability” approach, the system surface the most critical problems, suggests root-causes and even recommends remediations, helping teams increase velocity, improve app stability and enhance user experience. -
26
Echidna
Crytic
Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases. Generates inputs tailored to your actual code. Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Interactive terminal UI, text-only or JSON output. Automatic test case minimization for quick triage. Seamless integration into the development workflow. Maximum gas usage reporting of the fuzzing campaign. Support for a complex contract initialization with Etheno and Truffle.Starting Price: Free -
27
CrashSight
WeTest
CrashSight, developed by Tencent WeTest, is a professional crash and exception management platform built for game developers. It captures, reports, and analyzes crashes, ANRs, errors, and OOM issues in real time across iOS, Android, Windows, Linux, PlayStation, Xbox, and Nintendo Switch. The platform integrates with Unreal Engine, Unity, and Cocos, providing detailed crash reports with error stacks, trace data, register info, and system logs. A real-time dashboard tracks crash trends and top issues, updated every 10 minutes. Key capabilities include proprietary OOM detection using device-specific memory thresholds, emulator recognition with 10-15% higher accuracy, automated issue classification, version comparison, user/device timeline tracking, and advanced search across 20+ dimensions. Integrates with Jira, Slack, and DingTalk. Configurable alerts and comprehensive OpenAPI. Deployed globally across the US, Singapore, and Shanghai. Serving over 200 million DAUs worldwide.Starting Price: Contact Sales -
28
Leviathan Lotan
Leviathan Security Group
Lotan™ provides your enterprise with the unique capability to detect attacks earlier, and with greater confidence. The fragility of exploits in the face of modern countermeasures and environment heterogeneity often leads to application crashes. Lotan analyzes these crashes to detect the attack and aid the response. Lotan collects crashes using either a simple registry change on Windows, or a small userland application for Linux. A RESTful API allows you to share evidence and conclusions with your existing Threat Defense and SIEM solutions. The API provides insight into each step of Lotan's workflow, including detailed information required to understand and respond to the threat rapidly. Lotan greatly increases the accuracy, rate, and speed with which threats are detected, and impedes the ability of adversaries to operate undetected within your network. -
29
Google OSS-Fuzz
Google
OSS-Fuzz offers continuous fuzzing for open source software. Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community. OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. Projects that do not qualify for OSS-Fuzz can run their own instances of ClusterFuzz or ClusterFuzzLite. Currently, OSS-Fuzz supports C/C++, Rust, Go, Python, and Java/JVM code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.Starting Price: Free -
30
Crashlytics
Google
Prioritize and fix stability issues faster. Firebase Crashlytics helps you track, prioritize, and fix stability issues that erode app quality, in real time. Spend less time triaging and troubleshooting crashes and more time building app features that delight user. Crashlytics intelligently groups an avalanche of crashes into a manageable list of issues. It also provides information on why a crash occurred and what happened leading up to it. With this insight, you can uncover the root cause of crashes more quickly. Crashes are prioritized by the impact on actual users so you know how best to triage effort for fixing bugs. Get real-time alerts for new issues, regressed issues, and burgeoning issues that might require immediate attention, no matter where you are. Firebase Crashlytics works seamlessly with tools for bug tracking and project management like Slack, Jira, and more. -
31
CrashPlan
CrashPlan
CrashPlan provides cyber resilience and data protection through a unified platform trusted by organizations worldwide. With secure, scalable backup and recovery for servers, endpoints, Microsoft 365, and Google Workspace, CrashPlan safeguards critical data against threats such as accidental deletion, ransomware, and system failure. Built with proactive threat detection and automated governance, CrashPlan ensures continuous access and compliance. Whether you back up to our cloud, your Azure instance, a local destination, or a third-party cloud, CrashPlan restores your data and your peace of mind. Features Automatic Data Protection Complete security & compliance Unlimited Versioning Point-in-Time Recovery Benefits Beyond BackupStarting Price: $8 per computer per month -
32
RootCause
Bryntum
Record videos of user sessions to easily reproduce JavaScript errors without having to ask end user for details. Try a demo in our online sandbox. RootCause provides you with a comprehensive set of tools to monitor and reproduce errors in web sites / applications. Using the built-in recorder feature you’ll know exactly what the user did. After an error has been logged, head over to the web based Replay Studio where you can replay the session to reproduce the error with one click. This means you don’t have to read call stacks or parse through huge logs to be able to reproduce bugs. Using the Feedback button, you can also collect reports about visual / usability / rendering errors from your users. -
33
RunMat
Dystr
RunMat (by Dystr) is a fast, free, open-source alternative for running MATLAB code. Users can run their existing MATLAB code with complete language grammar and core semantics. No license fees, no lock-in. RunMat is built with a modern compiler, which enables blazing-fast calculations. It boots in 5 milliseconds, GPU optimization is enabled by default, and it's a single, compact, cross-platform binary. Typical engineering use cases - Controls/signal processing & numerics: accelerate MATLAB-style loops plus heavy linear algebra; enjoy faster iteration due to instant startup and tiered JIT. - Batch/CI & serverless jobs: snapshots + compact binaries make it easy to run .m workloads in containers or ephemeral runners at scale. - Plot-heavy workflows: interactive GPU plots for exploratory analysis and reportable exports for stakeholders. - Education: remove license friction and start labs instantly; Jupyter kernel supports reproducible worksheets.Starting Price: $0 -
34
Mayhem Code Security
Mayhem
Thousands of autonomously generated tests run every minute to pinpoint vulnerabilities and guide rapid remediation. Mayhem takes the guesswork out of untested code by autonomously generating test suites that produce actionable results. No need to recompile the code, since Mayhem works with dockerized images. Self-learning ML continually runs thousands of tests per second probing for crashes and defects, so developers can focus on features. Continuous testing runs in the background to surface new defects and increase code coverage. Mayhem delivers a copy/paste reproduction and backtrace for every defect, then prioritizes them based on your risk. See all the results, duplicated and prioritized by what you need to fix now. Mayhem fits into your existing build pipeline and development tools, putting actionable results at your developers' fingertips. No matter what language or tools your team uses. -
35
API Fuzzer
Fuzzapi
API Fuzzer allows to fuzz-request attributes using common pentesting techniques and lists vulnerabilities. API Fuzzer gem accepts an API request as input and returns vulnerabilities possible in the API. Cross-site scripting vulnerability, SQL injection, blind SQL injection, XML external entity vulnerability, IDOR, API rate limiting, open redirect vulnerabilities, information disclosure flaws, info leakage through headers, and cross-site request forgery vulnerability.Starting Price: Free -
36
BFuzz
RootUp
BFuzz is an input-based fuzzer tool that takes HTML as an input, opens up your browser with a new instance, and passes multiple test cases generated by domato which is present in the recurve folder of BFuzz, more over BFuzz is an automation that performs the same task repeatedly and it doesn't mangle any test cases. Running BFuzz will ask for the option of whether to fuzz Chrome or Firefox, however, this will open Firefox from recurve and create the logs on the terminal. BFuzz is a small script that enables you to open the browser and run test cases. The test cases in recurve are generated by the domato generator and contain the main script. It contains additional helper code for DOM fuzzing.Starting Price: Free -
37
Bluefish
Bluefish
Bluefish is a powerful editor targeted towards programmers and web developers, with many options to write websites, scripts and programming code. Bluefish supports many programming and markup languages. See features for an extensive overview, take a look at the screenshots, or download it right away. Bluefish is an open-source development project, released under the GNU GPL license. Bluefish is a multi-platform application that runs on most desktop operating systems including Linux, FreeBSD, MacOS-X, Windows, OpenBSD and Solaris. Bluefish 2.2.12 is a minor maintenance release with some minor new features. Most important is a fix for a crash in a simple search. Python 3 compatibility has been further improved. Encoding detection in python files has been improved. Triple-click now selects the line. On Mac OSX Bluefish deals better with the new permission features. Also using the correct language in the Bluefish user interface is fixed for certain languages on OSX. -
38
Solidity Fuzzing Boilerplate
patrickd
Solidity Fuzzing Boilerplate is a template repository intended to ease fuzzing components of Solidity projects, especially libraries. Write tests once and run them with both Echidna and Foundry's fuzzing. Fuzz components that use incompatible Solidity versions by deploying those into a Ganache instance via Etheno. Use HEVM's FFI cheat code to generate complex fuzzing inputs or to compare outputs with non-EVM executables while doing differential fuzzing. Publish your fuzzing experiments without worrying about licensing by extending the shell script to download specific files. Turn off FFI if you don't intend to make use of shell commands from your Solidity contracts. Note that FFI is slow and should only be used as a workaround. It can be useful for testing against things that are difficult to implement within Solidity and already exist in other languages. Before executing tests of a project that has FFI enabled, be sure to check what commands are actually being executed.Starting Price: Free -
39
Defensics Fuzz Testing
Black Duck
Defensics Fuzz Testing is a comprehensive, versatile, automated black box fuzzer that enables organizations to efficiently and effectively discover and remediate security weaknesses in software. The generational fuzzer takes an intelligent, targeted approach to negative testing. Advanced file and protocol template fuzzers enable users to build their own test cases. The SDK allows expert users to use the Defensics framework to develop their own test cases. Defensics is a black box fuzzer, meaning it doesn’t require source code to run. With Defensics, users can secure their cyber supply chain to ensure the interoperability, robustness, quality, and security of software and devices before introducing them into IT or lab environments. Defensics fits nearly any development workflow, whether in a traditional SDL or CI environment. Its API and data export capabilities also enable it to integrate with surrounding technologies, making it a true plug-and-play fuzzer. -
40
eCrash
LexisNexis
Transform crash reporting by automating everything, from the scene of the accident to online report distribution to help reduce costs and create a more citizen-friendly process. eCrash can help by bringing simplicity and efficiency to the handling of crash reports. It automates the reporting process and provides a highly secure, electronic data management resource that helps agencies deliver faster crash report data, while advancing traffic safety and the quality of life for the people they protect and serve. Simplify report data entry, storage, access and distribution with this robust online solution. Save time by eliminating manual handling. Minimize walk-in and mail report requests so staff can focus on more important tasks. Sustain and grow report revenue by conveniently collecting report fees online. Agencies continue to receive their regular fees. Strengthen law enforcement investigations and enhance public service with better, more citizen-centric crash report management. -
41
Fuzzbuzz
Fuzzbuzz
The Fuzzbuzz workflow is very similar to other CI/CD testing workflows. However, unlike other testing workflows, fuzz testing requires multiple jobs to run simultaneously, which results in a few extra steps. Fuzzbuzz is a fuzz testing platform. We make it trivial for developers to add fuzz tests to their code and run them in CI/CD, helping them catch critical bugs and vulnerabilities before they hit production. Fuzzbuzz completely integrates into your environment, following you from the terminal to CI/CD. Write a fuzz test in your environment and use your own IDE, terminal, or build tools. Push to CI/CD and Fuzzbuzz will automatically start running your fuzz tests against your latest code changes. Get notified when bugs are found through Slack, GitHub, or email. Catch regressions as new changes are automatically tested and compared to previous runs. Code is built and instrumented by Fuzzbuzz as soon as a change is detected.Starting Price: Free -
42
Mayhem
ForAllSecure
Advanced fuzzing solution that combines guided fuzzing with symbolic execution, a patented technology from CMU. Mayhem is an advanced fuzz testing solution that dramatically reduces manual testing efforts with autonomous defect detection and validation. Deliver safe, secure, reliable software with less time, cost, and effort. Mayhem’s unique advantage is in its ability to acquire intelligence of its targets over time. As Mayhem’s knowledge grows, it deepens its analysis and maximizes its code coverage. All reported vulnerabilities are exploitable, confirmed risks. Mayhem guides remediation efforts with in-depth system level information, such as backtraces, memory logs, and register state, expediting issue diagnosis and fixes. Mayhem utilizes target feedback to custom generate test cases on the fly -- meaning no manual test case generation required. Mayhem offers access to all of its test cases to make regression testing effortless and continuous. -
43
HostedNetworkStarter
NirSoft
Using the Wifi hosted network feature of Windows operating system. With the wifi hotspot created by this tool, you can allow any device with wifi support to access the network and the Internet connection available in your computer. HostedNetworkStarter crashes when trying to start the hosted network. The crash occurs inside hnetcfg.dll while HostedNetworkStarter requests to disable previous ICS (Internet Connection Sharing) settings in order to set ICS for the hosted network. It's unclear whether this crash occurs because HostedNetworkStarter does something wrong or it's some kind of bug in ICS component of Windows 10. Some people reported that this crash started to appear after installing Windows 10 Anniversary Update.Starting Price: Free -
44
Firejail
Firejail
Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, no socket connections open, no daemons running in the background. All security features are implemented directly in Linux kernel and available on any Linux computer. -
45
EasyQA
ThinkMobiles
In order to start catch crashes which can appear in you Android or iOS applications, you need to integrate EasyQA Software Development Kit with the code of your apps. To download SDK and find full instructions on connecting it to a project, you can open the Integrations page within your project in EasyQA Test Management Tool. When you connect the SDK to your project, use the generated token and initialize it in the application class of your project. After that you can create your app’s build and upload it in Test Objects within your project in EasyQA and your application starts to send crashes to the service. After you have added our EasyQA SDK into your project and uploaded it to Test Objects within your project in EasyQA, you can track your app’s crashes on our website. You just need to download the app to any Android or iOS device and start testing. When there is a crash, reboot the app and press Upload button.Starting Price: $10 per user per month -
46
FuzzDB
FuzzDB
FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. FuzzDB contains comprehensive lists of attack payload primitives for fault injection testing. These patterns, categorized by the attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, HTTP header crlf injections, SQL injection, NoSQL injection, and more. For example, FuzzDB catalogs 56 patterns that can potentially be interpreted as a null byte and contains lists of commonly used methods and name-value pairs that trigger debug modes.Starting Price: Free -
47
APIFuzzer
PyPI
APIFuzzer reads your API description and step-by-step fuzzes the fields to validate if your application can cope with the fuzzed parameters, and it does not require coding. Parse API definition from a local file or remote URL. JSON and YAML file format support. All HTTP methods are supported. Fuzzing of the request body, query string, path parameter, and request header is supported. Relies on random mutations and supports CI integration. Generate JUnit XML test report format. Send a request to an alternative URL. Support HTTP basic auth from the configuration. Save the report of the failed test in JSON format into the pre-configured folder.Starting Price: Free -
48
Nextflow
Seqera Labs
Data-driven computational pipelines. Nextflow enables scalable and reproducible scientific workflows using software containers. It allows the adaptation of pipelines written in the most common scripting languages. Its fluent DSL simplifies the implementation and deployment of complex parallel and reactive workflows on clouds and clusters. Nextflow is built around the idea that Linux is the lingua franca of data science. Nextflow allows you to write a computational pipeline by making it simpler to put together many different tasks. You may reuse your existing scripts and tools and you don't need to learn a new language or API to start using it. Nextflow supports Docker and Singularity containers technology. This, along with the integration of the GitHub code-sharing platform, allows you to write self-contained pipelines, manage versions, and rapidly reproduce any former configuration. Nextflow provides an abstraction layer between your pipeline's logic and the execution layer.Starting Price: Free -
49
MLflow
MLflow
MLflow is an open source platform to manage the ML lifecycle, including experimentation, reproducibility, deployment, and a central model registry. MLflow currently offers four components. Record and query experiments: code, data, config, and results. Package data science code in a format to reproduce runs on any platform. Deploy machine learning models in diverse serving environments. Store, annotate, discover, and manage models in a central repository. The MLflow Tracking component is an API and UI for logging parameters, code versions, metrics, and output files when running your machine learning code and for later visualizing the results. MLflow Tracking lets you log and query experiments using Python, REST, R API, and Java API APIs. An MLflow Project is a format for packaging data science code in a reusable and reproducible way, based primarily on conventions. In addition, the Projects component includes an API and command-line tools for running projects. -
50
NoQ
NoQ
NoQ offers innovative solutions to eliminate bottlenecks of your existing system, with the minimum effort. They are suitable for mass public-facing systems, like flash sales, online lucky draw, and quota allocation that expects 10s of thousands or even millions of visitors in a short period of time. The demand for online activities is increasing rapidly, many systems crashed by the influx of large traffic. The cost of the several-minute system downtimes is huge. The common cause of system crashes is overload, therefore understanding your system capacity is important. Crashes could be prevented. NoQ offers an innovative and affordable solution to help you deal with planned huge traffic generated by timely events like flash sales, without sacrificing user experience. room is a virtual waiting room solution for you to protect the existing system against traffic crises. By integrating with RoomQ, just the network traffic is offloaded to our system, no more no less.
