2017-03-13 22:42:48 -04:00
Fuzzing 大合集 [![Awesome ](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg )](https://github.com/sindresorhus/awesome)
===================
这是一个在学习 fuzzing 的最初阶段最好的有关 fuzzing 的资源合集(书籍、课程、视频、教程等等)
### Table of Contents
- [书籍 ](#书籍 )
- [课程 ](#课程 )
+ [免费 ](#免费 )
+ [付费 ](#付费 )
- [视频 ](#videos )
+ [NYU Poly Course videos ](#nyu-poly-videos )
+ [Conference talks/tutorials on Fuzzing ](#conf-talks-tutorials )
- [教程 ](#教程 )
- [工具 ](#工具 )
2018-04-07 22:38:37 -04:00
+ [云 Fuzzer ](#cloud-fuzzers )
2017-03-13 22:42:48 -04:00
+ [文件格式 Fuzzer ](#文件格式Fuzzer )
+ [网络协议 Fuzzer ](#网络协议Fuzzer )
2018-06-02 23:54:36 -04:00
+ [浏览器 Fuzzer ](#浏览器Fuzzer )
2018-01-07 20:49:15 -05:00
+ [污点分析 ](#taint-analysis )
2017-03-13 22:42:48 -04:00
+ [符号执行 + SAT/SMT求解器 ](#符号执行 )
+ [基本工具(通用) ](#基本工具(通用) )
- [存在漏洞的应用程序 ](#存在漏洞的应用程序 )
- [反Fuzzing ](#反Fuzzing )
- [贡献 ](#贡献 )
Awesome Fuzzing Resources
-------------
< a name = "books" / >
## 书籍
*关于 fuzzing 的书籍*
+ [Fuzzing: Brute Force Vulnerability Discovery ](https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119 ) 作者: Michael Sutton, Adam Greene, Pedram Amini
+ [Fuzzing for Software Security Testing and Quality Assurance ](https://www.amazon.com/Fuzzing-Software-Security-Assurance-Information/dp/1596932147 ) 作者: Ari Takanen, Charles Miller, and Jared D Demott
+ [Open Source Fuzzing Tools ](https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950 ) 作者: Gadi Evron and Noam Rathaus
+ [Gray Hat Python ](https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921 ) 作者: Justin Seitz
> **Note:** 下列书籍中的部分章节也描述了 fuzzing
2018-04-07 22:38:37 -04:00
> - [The Shellcoder's Handbook: Discovering and Exploiting Security Holes ( Chapter 15 )](https://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X) 作者 Chris Anley, Dave Aitel, David Litchfield 等
2017-03-13 22:42:48 -04:00
2018-04-07 22:38:37 -04:00
> - [iOS Hacker's Handbook - Chapter 1](https://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123) 作者: Charles Miller, Dino DaiZovi, Dion Blazakis, Ralf-Philip Weinmann, and Stefan Esser
2017-03-13 22:42:48 -04:00
2018-04-07 22:38:37 -04:00
> - [IDA Pro - The IDA Pro Book: 世界上最流行的反汇编工具的非官方指导书](https://www.amazon.com/IDA-Pro-Book-2nd-ebook/dp/B005EI84TM)
2017-03-13 22:42:48 -04:00
< a name = "courses" / >
## 课程
*与 fuzzing 有关的课程/培训*
< a name = "free" / >
### 免费
[NYU Poly ( see videos for more ) ](https://vimeo.com/5236104 ) - Dan Guido 出品的免费指导
[Samclass.info ( check projects section and chapter 17 ) ](https://samsclass.info/127/127_F15.shtml ) - Sam 出品
[Modern Binary Exploitation ( RPISEC ) - Chapter 15 ](https://github.com/RPISEC/MBE ) - RPISEC 出品
[Offensive Computer Security - Week 6 ](http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html ) - W. Owen Redwood 和 Prof. Xiuwen Liu 出品
< a name = "paid" / >
2018-01-07 20:49:15 -05:00
### 付费
2017-03-13 22:42:48 -04:00
[Offensive Security, Cracking The Perimeter ( CTP ) and Advanced Windows Exploitation ( AWE ) ](https://www.offensive-security.com/information-security-training/ )
2018-04-07 22:38:37 -04:00
[SANS 660/760 Advanced Exploit Development for Penetration Testers ](https://www.sans.org/course/advanced-exploit-development-penetration-testers )
2017-03-13 22:42:48 -04:00
[Exodus Intelligence - 漏洞挖掘大师级课程 ](https://blog.exodusintel.com/2016/05/18/exodus-intelligence-2016-training-course/ )
< a name = "videos" / >
## 视频
*讨论 fuzzing 技术、工具、最佳实践的视频*
< a name = "nyu-poly-videos" / >
### NYU Poly Course videos (from Dan Guido)
2018-01-07 20:49:15 -05:00
2017-03-13 22:42:48 -04:00
[Fuzzing 101 (Part 1) ](https://vimeo.com/5236104 ) - Mike Zusman 出品
[Fuzzing 101 (Part 2) ](https://vimeo.com/5237484 ) - Mike Zusman 出品
[Fuzzing 101 (2009) ](https://vimeo.com/7574602 ) - Mike Zusman 出品
2019-02-16 07:36:59 -05:00
[Fuzzing - Software Security Course on Coursera ](https://www.coursera.org/lecture/software-security/fuzzing-VgyOn ) - 马里兰大学出品
2017-03-13 22:42:48 -04:00
< a name = "conf-talks-tutorials" / >
### 关于 Fuzzing 的会议讨论/教程
2018-01-07 20:49:15 -05:00
2017-03-13 22:42:48 -04:00
[Youtube Playlist of various fuzzing talks and presentations ](https://www.youtube.com/playlist?list=PLtPrYlwXDImiO_hzK7npBi4eKQQBgygLD ) - 列表内有许多优质内容
[Browser bug hunting - Memoirs of a last man standing ](https://vimeo.com/109380793 ) - Atte Kettunen 出品
[Coverage-based Greybox Fuzzing as Markov Chain ](https://www.comp.nus.edu.sg/~mboehme/paper/CCS16.pdf )
2018-06-02 23:54:36 -04:00
[DerbyCon 2016: Fuzzing 如何击溃软件 ](http://www.irongeek.com/i.php?page=videos/derbycon6/411-fuzzing-basicshow-to-break-software-grid-aka-scott-m )
2018-01-07 20:49:15 -05:00
2017-03-13 22:42:48 -04:00
< a name = "tutorials" / >
2018-01-07 20:49:15 -05:00
## 教程与博客
2017-03-13 22:42:48 -04:00
*解释 fuzzing 方法、技术与最佳实践的教程与博客*
2019-02-16 07:36:59 -05:00
[Effective File Format Fuzzing ](https://j00ru.vexillium.org/slides/2016/blackhat.pdf ) - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London
2017-03-13 22:42:48 -04:00
2018-06-03 04:39:26 -04:00
[A year of Windows kernel font fuzzing Part-1 the results ](https://googleprojectzero.blogspot.com/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html ) - Google Zero 项目的最佳论文,描述了如何进行 fuzzing 以及如何构建一个 fuzzer
2017-03-13 22:42:48 -04:00
2018-06-03 04:38:36 -04:00
[A year of Windows kernel font fuzzing Part-2 the techniques ](https://googleprojectzero.blogspot.com/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html ) - Google Zero 项目的最佳论文,描述了如何进行 fuzzing 以及如何构建一个 fuzzer
2017-03-13 22:42:48 -04:00
[Interesting bugs and resources at fuzzing project ](https://blog.fuzzing-project.org/ ) - fuzzing-project.org 出品
[Fuzzing workflows; a fuzz job from start to finish ](https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/ ) - @BrandonPrry 出品
[A gentle introduction to fuzzing C++ code with AFL and libFuzzer ](http://jefftrull.github.io/c++/clang/llvm/fuzzing/sanitizers/2015/11/27/fuzzing-with-sanitizers.html ) - Jeff Trull 出品
[15 分钟介绍 fuzzing ](https://www.mwrinfosecurity.com/our-thinking/15-minute-guide-to-fuzzing/ ) - MWR Security 出品
> **Note:** Folks at fuzzing.info 收集了很多非常有用的链接,我没有重复他们的工作,我只是整理了 2015 年到 2016 年间他们没有收录的文章
2018-04-07 22:38:37 -04:00
[Fuzzing Papers ](https://fuzzing.info/papers/ ) - fuzzing.info 出品
2017-03-13 22:42:48 -04:00
[Fuzzing 博客 ](https://fuzzing.info/resources/ ) - fuzzing.info 出品
[Root Cause Analysis of the Crash during Fuzzing ](https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/ ) - Corelan Team 出品
[Root cause analysis of integer flow ](https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/ ) - Corelan Team 出品
[Creating custom peach fuzzer publishers ](http://blog.opensecurityresearch.com/2014/01/creating-custom-peach-fuzzer-publishers.html ) - Open Security Research 出品
2019-02-16 07:36:59 -05:00
[在 Fuzzing 大型开源项目前要考虑的 7 件事 ](https://www.linuxfoundation.org/blog/2016/02/7-things-to-consider-before-fuzzing-a-large-open-source-project/ ) - Emily Ratliff
2017-03-13 22:42:48 -04:00
##### 从 Fuzzing 到 Exploit
[从 fuzzing 到 0-day ](https://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/ ) - Harold Rodriguez(@superkojiman) 出品
[从 crash 到 exploit ](https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/ ) - Corelan Team 出品
##### Peach Fuzzer 相关教程
[Peach 上手指南 ](http://community.peachfuzzer.com/v2/PeachQuickstart.html )
[使用 Peach 进行 Fuzzing Part 1 ](http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/ ) - Jason Kratzer of corelan team 出品
[使用 Peach 进行 Fuzzing Part 2 ](http://www.flinkd.org/2011/11/fuzzing-with-peach-part-2-fixups-2/ ) - Jason Kratzer of corelan team 出品
[Peach pit 文件的自动生成 ](http://doc.netzob.org/en/latest/tutorials/peach.html ) - Frédéric Guihéry, Georges Bossert 出品
##### AFL Fuzzer 相关教程
[Fuzzing 工作流程,包含 fuzz 的始末 ](https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/ ) - @BrandonPrry 出品
[使用 AFL persistent 模式对 capstone 进行 Fuzzing ](https://toastedcornflakes.github.io/articles/fuzzing_capstone_with_afl.html ) - @toasted_flakes 出品
[RAM disks and saving your SSD from AFL Fuzzing ](http://cipherdyne.org/blog/2014/12/ram-disks-and-saving-your-ssd-from-afl-fuzzing.html )
[使用 AFL 进行 Bug 挖掘 ](https://josephg.com/blog/bug-hunting-with-american-fuzzy-lop/ )
2018-04-07 22:38:37 -04:00
[AFL 在真实示例中的高级用法 ](https://volatileminds.net/2015/07/01/advanced-afl-usage.html )
2017-03-13 22:42:48 -04:00
2018-04-07 22:38:37 -04:00
[Segfaulting Python with afl-fuzz ](https://tomforb.es/segfaulting-python-with-afl-fuzz )
2017-03-13 22:42:48 -04:00
[使用 AFL-Fuzz 进行 Fuzzing 的实例( AFL vs Binutils ) ](https://www.evilsocket.net/2015/04/30/fuzzing-with-afl-fuzz-a-practical-example-afl-vs-binutils/ )
[Fuzzing 模拟器的重要性 ](https://mgba.io/2016/09/13/fuzzing-emulators/ )
[心脏滴血漏洞是如何被发现的 ](https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html )
2018-04-07 22:38:37 -04:00
[用 AFL 进行文件系统 Fuzzing ](https://events.static.linuxfound.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf )
2017-03-13 22:42:48 -04:00
2018-01-07 20:49:15 -05:00
[使用 AFL 对 Perl/XS 进行模糊测试 ](https://medium.com/@dgryski/fuzzing-perl-xs-modules-with-afl-4bfc2335dd90 )
2018-04-07 22:38:37 -04:00
[如何使用 AFL 对服务器进行模糊测试 ](https://www.fastly.com/blog/how-fuzz-server-american-fuzzy-lop ) - by Jonathan Foote
2018-01-07 20:49:15 -05:00
[一系列真实漏洞的挑战:使用 AFL 完成模糊测试 ](https://github.com/ThalesIgnite/afl-training )
##### libFuzzer 相关教程
2018-04-07 22:38:37 -04:00
[libFuzzer 教程 ](https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md )
2018-01-07 20:49:15 -05:00
[如何使用 libFuzzer 对现代 C/C++ 项目进行模糊测试 ](https://github.com/Dor1s/libfuzzer-workshop )
2017-03-13 22:42:48 -04:00
##### Spike Fuzzer 相关教程
2018-04-07 22:38:37 -04:00
[使用 Spike 发现溢出漏洞 ](https://null-byte.wonderhowto.com/how-to/hack-like-pro-build-your-own-exploits-part-3-fuzzing-with-spike-find-overflows-0162789/ )
2017-03-13 22:42:48 -04:00
2018-01-07 20:49:15 -05:00
[使用 Spike 进行模糊测试 ](https://samsclass.info/127/proj/p18-spike.htm ) - Samclass.info 出品
2017-03-13 22:42:48 -04:00
##### FOE Fuzzer 相关教程
[Fuzzing with FOE ](https://samsclass.info/127/proj/p16-fuzz.htm ) - Samclass.info 出品
##### SMT/SAT 求解器教程
2018-04-07 22:38:37 -04:00
[Z3 - A guide ](https://rise4fun.com/z3/tutorial/guide ) - Z3 快速上手指南
2017-03-13 22:42:48 -04:00
< a name = "tools" / >
## 工具
*那些在 fuzzing 中能帮上忙的工具*
< a name = "file-format-fuzzers" / >
2018-04-07 22:38:37 -04:00
### 云 Fuzzer
*可以在云环境中进行模糊测试的模糊测试工具*
[Cloudfuzzer ](https://github.com/ouspg/cloudfuzzer ) - 在云环境中自动、便易地进行云 Fuzzing 的框架
2017-03-13 22:42:48 -04:00
### 文件格式 Fuzzer
*那些帮助对像 pdf, mp3, swf 等文件格式进行 fuzzing 的 Fuzzers*
[MiniFuzz ](https://www.microsoft.com/en-sg/download/details.aspx?id=21769 ) - Microsoft 出品的基础文件格式 fuzzing 工具
2018-04-07 22:38:37 -04:00
[BFF from CERT ](https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=507974 ) - 基础文件格式 fuzzing 框架
2017-03-13 22:42:48 -04:00
[AFL Fuzzer (Linux only) ]( http://lcamtuf.coredump.cx/afl/ ) - Michal Zalewski aka lcamtuf 开发的 Fuzzer
[Win AFL ](https://github.com/ivanfratric/winafl ) - Ivan Fratic 开发的针对 Windows 二进制程序 fuzzing 的 AFL 分支版本
[Shellphish Fuzzer ](https://github.com/shellphish/fuzzer ) - 一个操纵 AFL 的 Python 接口,可以简单的写入测试用例与其他功能
[TriforceAFL ](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/project-triforce-run-afl-on-everything/ ) - 一个 AFL 的修正版,支持应用源码无法获得情况下的 fuzzing
2018-04-07 22:38:37 -04:00
[Peach Fuzzer ](https://sourceforge.net/projects/peachfuzz/ ) - 帮助创建传统 dumb 以及小型 fuzzer 的框架
2017-03-13 22:42:48 -04:00
[MozPeach ](https://github.com/MozillaSecurity/peac://github.com/MozillaSecurity/peach ) - 由 Mozilla Security 开发基于 peach 2.7 版本的分支版本
[Failure Observation Engine (FOE) ](http://www.cert.org/vulnerability-analysis/tools/foe.cfm ) - 基于畸形文件的 Windows 程序 Fuzzing 工具
[rmadair ](http://rmadair.github.io/fuzzer/ ) - 基于畸形文件的 fuzzer, 使用 PyDBG 来监视感兴趣的信号
2018-04-07 22:38:37 -04:00
[honggfuzz ](http://honggfuzz.com/ ) - 支持反馈驱动、基于代码覆盖率的通用、易用型 Fuzzer
2017-03-13 22:42:48 -04:00
[zzuf ](https://github.com/samhocevar/zzuf ) - 一个透明应用输入 fuzzer, 可以拦截文件操作、改变程序输入的随机位
[radamsa ](https://github.com/aoh/radamsa ) - 通用的 fuzzer, 测试用例生成器
2018-01-07 20:49:15 -05:00
[binspector ](https://github.com/binspector/binspector ) - 二进制格式分析与模糊测试工具
[grammarinator ](https://github.com/renatahodovan/grammarinator ) - 基于 ANTLR v4 语法的文件格式模糊测试工具( ANTLR 项目已有大量的语法)
2017-03-13 22:42:48 -04:00
< a name = "network-protocol-fuzzers" / >
### 网络协议 Fuzzer
*那些帮助对像 HTTP, SSH, SMTP 等网络协议进行 fuzzing 的 Fuzzer*
2018-04-07 22:38:37 -04:00
[Peach Fuzzer ](https://sourceforge.net/projects/peachfuzz/ ) - 帮助创建传统 dumb 以及小型 fuzzer 的框架
2017-03-13 22:42:48 -04:00
[Sulley ](https://github.com/OpenRCE/sulley ) - Michael Sutton 开发,包含多个可扩展组件的 Fuzzer 开发与 Fuzzing 测试框架
[boofuzz ](https://github.com/jtpereyda/boofuzz ) - Sulley 框架的继任者
[Spike ](http://www.immunitysec.com/downloads/SPIKE2.9.tgz ) - 像 sulley 的 fuzzer 开发框架,是 sulley 的前身
2018-04-07 22:38:37 -04:00
[Metasploit Framework ](https://github.com/rapid7/metasploit-framework ) - 通过 Auxiliary 模块使其具有了 fuzzing 能力的框架
2017-03-13 22:42:48 -04:00
[Nightmare ](https://github.com/joxeankoret/nightmare ) - 一个带有 Web 管理界面的分布式 fuzzing 测试套件,支持对网络协议进行 fuzzing
[rage_fuzzer ](https://github.com/deanjerkovich/rage_fuzzer ) - 未知协议包 fuzzer
2018-06-02 23:54:36 -04:00
[Fuzzotron ](https://github.com/denandz/fuzzotron ) - 支持 TCP、UDP 的简单多进程网络 Fuzzer
[Mutiny ](https://github.com/Cisco-Talos/mutiny-fuzzer ) - 通过重放畸变的 PCAP 数据包来对网络进行 Fuzzer
[Fuzzing For Worms ](https://github.com/dobin/ffw ) - 用于网络服务的 Fuzzing 框架
### 浏览器Fuzzer
[BFuzz ](https://github.com/RootUp/BFuzz ) - An input based, browser fuzzing framework.
2017-03-13 22:42:48 -04:00
< a name = "Misc" / >
### 杂项,内核 Fuzzer, 通用 Fuzzer
2018-01-07 20:49:15 -05:00
2018-04-07 22:38:37 -04:00
[Choronzon ](https://github.com/CENSUS/choronzon ) - 基于遗传知识的 Fuzzer
[QuickFuzz ](https://github.com/CIFASIS/QuickFuzz ) - Haskell 写的针对第三方软件使用常见文件格式进行测试的工具,利用现成的、知名的 Fuzzer
[gramfuzz ](https://github.com/d0c-s4vage/gramfuzz ) - 可定义复杂语法来建模文档与二进制数据格式的基于语法的 Fuzzer
2017-03-13 22:42:48 -04:00
[KernelFuzzer ](https://github.com/mwrlabs/KernelFuzzer ) - 跨平台内核 Fuzzer 框架
2018-04-07 22:38:37 -04:00
[honggfuzz ](http://honggfuzz.com/ ) - 带有分析选项的通用、易用型 fuzzer
2017-03-13 22:42:48 -04:00
[Hodor Fuzzer ](https://github.com/nccgroup/hodor ) - 曾经是另一个通用的 fuzzer
2018-04-07 22:38:37 -04:00
[libFuzzer ](http://llvm.org/docs/LibFuzzer.html ) - 面向 C/C++ 程序、基于覆盖度的进化模糊测试工具
2018-01-07 20:49:15 -05:00
[syzkaller ](https://github.com/google/syzkaller ) - 分布式、无监督、基于覆盖度的 Linux 系统调用模糊测试工具
[ansvif ](https://oxagast.github.io/ansvif/ ) - 用于在 C/C++ 程序中查找漏洞的高级跨平台模糊测试框架
2018-07-03 21:57:11 -04:00
[Tribble ](https://github.com/SatelliteApplicationsCatapult/tribble ) - 易用、覆盖度指导的 JVM 模糊测试框架
2019-02-16 07:36:59 -05:00
[go-fuzz ](https://github.com/dvyukov/go-fuzz ) - 覆盖度指导的 go 包模糊测试
2017-03-13 22:42:48 -04:00
< a name = "taint-analysis" / >
### 流分析(用户输入如何影响执行)
[PANDA ( Platform for Architecture-Neutral Dynamic Analysis ) ](https://github.com/moyix/panda )
[QIRA (QEMU Interactive Runtime Analyser) ](http://qira.me/ )
2018-01-07 20:49:15 -05:00
[kfetch-toolkit ](https://github.com/j00ru/kfetch-toolkit ) - 用于记录操作系统内核执行的内存引用的高级日志工具
2018-06-02 23:54:36 -04:00
[moflow ](https://github.com/vrtadmin/moflow ) - 软件安全框架,包括漏洞的挖掘和修补
2017-03-13 22:42:48 -04:00
< a name = "smt-solvers" / >
### 符号执行 + SAT/SMT 求解器
[Z3 ](https://github.com/Z3Prover/z3 )
[SMT-LIB ](http://smtlib.cs.uiowa.edu/ )
### 参考
我没有把全部的东西都纳进来,比如 AxMan, 请参考以下链接获取更多信息
https://www.ee.oulu.fi/research/ouspg/Fuzzers
< a name = "essential-tools" / >
### 基本工具(通用)
*漏洞利用工具开发者、逆向工程师常用的工具*
< a name = "debuggers" / >
#### 调试工具
2018-04-07 22:38:37 -04:00
[Windbg ](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools ) - 漏洞利用者常用的调试器
2017-03-13 22:42:48 -04:00
[Immunity Debugger ](http://debugger.immunityinc.com ) - Immunity Sec 出品的调试器
[OllyDbg ](http://www.ollydbg.de/ ) - 逆向工程师的常见选择
[Mona.py ( Plugin for windbg and Immunity dbg ) ](https://github.com/corelan/mona/ ) - 漏洞利用开发者的绝佳工具
[x64dbg ](https://github.com/x64dbg/ ) - 开源 Windows x64/x32 调试器
[Evan's Debugger (EDB) ](http://codef00.com/projects#debugger ) - Front end for gdb.
[GDB - Gnu Debugger ](http://www.sourceware.org/gdb/ ) - 最好的 Linux 调试器
[PEDA ](https://github.com/longld/peda ) - Python 开发的 GDB 辅助程序
[Radare2 ](http://www.radare.org/r/ ) - 逆向工程与程序分析的框架
< a name = "dissembers" / >
#### 反汇编工具
*反汇编工具、反汇编框架等*
[IDA Pro ](https://www.hex-rays.com/products/ida/index.shtml ) - 最好的反汇编工具
[binnavi ](https://github.com/google/binnavi ) - 二进制程序分析 IDE, 注释反汇编代码的控制流图与调用图
[Capstone ](https://github.com/aquynh/capstone ) - Capstone 是一个轻量、跨平台、多架构支持的反汇编框架
< a name = "others" / >
#### 其他
[ltrace ](http://ltrace.org/ ) - 库调用拦截
2018-04-07 22:38:37 -04:00
[strace ](https://sourceforge.net/projects/strace/ ) - 系统调用拦截
2017-03-13 22:42:48 -04:00
< a name = "vuln-apps" / >
## 存在漏洞的应用程序
2018-01-07 20:49:15 -05:00
[Exploit-DB ](https://www.exploit-db.com )
搜索、选取漏洞,有些提供了程序下载,可以通过你选择试用的 fuzzer 对利用进行复现
[PacketStorm ](https://packetstormsecurity.com/files/tags/exploit/ )
2017-03-13 22:42:48 -04:00
2018-01-07 20:49:15 -05:00
[Fuzzgoat ](https://github.com/fuzzstati0n/fuzzgoat ) - 对有漏洞的 C 程序模糊测试的工具
2017-06-21 03:59:31 -04:00
2017-03-13 22:42:48 -04:00
##### fuzzing 期间种子样本文件
https://files.fuzzing-project.org/
[PDF Test Corpus from Mozilla ](https://github.com/mozilla/pdf.js/tree/master/test/pdfs )
[MS Office file format documentation ](https://www.microsoft.com/en-us/download/details.aspx?id=14565 )
2018-01-07 20:49:15 -05:00
[Fuzzer Test Suite ](https://github.com/google/fuzzer-test-suite ) - 模糊测试引擎的测试集,包括许多知名的 Bug, 如 Heartbleed、c-ares $100K bug 等
2017-03-13 22:42:48 -04:00
< a name = "antifuzz" / >
## 反Fuzzing
2018-01-07 20:49:15 -05:00
[Anti-Fuzzing 的介绍:纵深防御的辅助 ](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/january/introduction-to-anti-fuzzing-a-defence-in-depth-aid/ )
2017-03-13 22:42:48 -04:00
< a name = "contribution" / >
## 贡献
[请查看 contributing.md 中关于细节的介绍 ](Contributing.md ).
感谢下列人员对这个项目的贡献:
+ [Tim Strazzere ](https://twitter.com/timstrazz )
+ [jksecurity ](https://github.com/jksecurity )
2018-01-07 20:49:15 -05:00
+ [and these awesome people ](https://github.com/secfigo/Awesome-Fuzzing/graphs/contributors )