⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up.

autofz: Automated Fuzzer Composition at Runtime

Curated list of classic fuzzing books, papers about fuzzing at information security top conferences over the years, commonly used fuzzing tools, and resources that can help us use fuzzer easily.

Greybox Fuzzing of Distributed Systems (CCS'23)

This repository contains the artifact for the SOSP'23 paper: Sishuai Gong, Dinglan Peng, Deniz Altınbüken, Pedro Fonseca, Petros Maniatis, "Snowcat: Efficient Kernel Concurrency Testing using a Lea…

Hopper is a tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing.

Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug.

🧠 LLMFuzzer - Fuzzing Framework for Large Language Models 🧠 LLMFuzzer is the first open-source fuzzing framework specifically designed for Large Language Models (LLMs), especially for their integra…

Ankou: Guiding Grey-box Fuzzing towards Combinatorial Difference (ICSE '20)

SLIME is a novel program-sensitive fuzzer that designs multiple property-aware queues and leverages a customized Upper Confidence Bound Variance-aware (UCB-V) algorithm.

OSS-Sydr-Fuzz - OSS-Fuzz fork for hybrid fuzzing (fuzzer+DSE) open source software.

一个基于 docsify 快速部署 Awesome-POC 漏洞文档的项目。Deploying the Awesome-POC repository via docsify.

🐙 Guides, papers, lessons, notebooks and resources for prompt engineering, context engineering, RAG, and AI Agents.

Code for the NDSS'23 paper "DARWIN: Survival of the Fittest Fuzzing Mutators"

UT based automated fuzz driver generation

A universal seed scheduler for fuzzers (LibFuzzer and AFL havoc mode) and concolic execution engine (qsym).

Set of tests for fuzzing engines

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Open source vulnerability DB and triage service.

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others),…

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

revng: the core repository of the rev.ng project

一些阅读源码和Fuzzing 的经验,涵盖黑盒与白盒测试..

Static Value-Flow Analysis Framework for Source Code

⏰ Collaboratively track worldwide conference deadlines (Website, Python Cli, Wechat Applet) / If you find it useful, please star this project, thanks~

The PHP Interpreter