BFuzz Description
BFuzz is a fuzzer tool designed to take HTML input, launch a new instance of your browser, and execute multiple test cases created by the domato generator found in the recurve directory. Additionally, BFuzz automates this process, consistently performing the same tasks without altering any of the test cases. When you run BFuzz, it prompts you to choose between fuzzing Chrome or Firefox; however, it specifically opens Firefox from the recurve folder and generates logs in the terminal. This compact script facilitates the opening of your browser and the execution of test cases seamlessly. The test cases located in the recurve folder are generated by the domato tool and include the primary script, along with supplementary helper code designed for effective DOM fuzzing. Ultimately, BFuzz serves as a streamlined solution for automated browser testing, enhancing the efficiency of web application security assessments.
BFuzz Alternatives
Boozang
It works: Codeless testing
Give your entire team the ability to create and maintain automated tests. Not just developers.
Meet your testing demands fast. You can get full coverage of your tests in days and not months.
Our natural-language tests are very resistant to code changes. Our AI will quickly repair any test failures.
Continuous Testing is a key component of Agile/DevOps. Push features to production in the same day.
Boozang supports the following test approaches:
- Codeless Record/Replay interface
- BDD / Cucumber
- API testing
- Model-based testing
- HTML Canvas testing
The following features makes your testing a breeze
- In-browser console debugging
- Screenshots to show where test fails
- Integrate to any CI server
- Test with unlimited parallel workers to speed up tests
- Root-cause analysis reports
- Trend reports to track failures and performance over time
- Test management integration (Xray / Jira)
Learn more
NeoLoad
Software for continuous performance testing to automate API load and application testing. For complex applications, you can design code-free performance tests. Script performance tests in automated pipelines for API test. You can design, maintain, and run performance tests in code. Then analyze the results within continuous integration pipelines with pre-packaged plugins for CI/CD tools or the NeoLoad API. You can quickly create test scripts for large, complex applications with a graphical user interface. This allows you to skip the tedious task of manually coding new or updated tests. SLAs can be defined based on the built-in monitoring metrics. To determine the app's performance, put pressure on it and compare SLAs with server-level statistics. Automate pass/fail triggers using SLAs. Contributes to root cause analysis. Automatic test script updates make it easier to update test scripts. For easy maintenance, update only the affected part of the test and re-use any remaining.
Learn more
go-fuzz
Go-fuzz serves as a coverage-guided fuzzing tool designed specifically for testing Go packages, making it particularly effective for those that handle intricate inputs, whether they are textual or binary in nature. This method of testing is crucial for strengthening systems that need to process data from potentially harmful sources, such as network interactions. Recently, go-fuzz has introduced initial support for fuzzing Go Modules, inviting users to report any issues they encounter with detailed descriptions. It generates random input data, which is often invalid, and the function must return a value of 1 to indicate that the fuzzer should elevate the priority of that input in future fuzzing attempts, provided that it should not be stored in the corpus, even if it uncovers new coverage; a return value of 0 signifies the opposite, while other values are reserved for future enhancements. The fuzz function is required to reside in a package that go-fuzz can recognize, meaning the code under test cannot be located within the main package, although fuzzing of internal packages is permitted. This structured approach ensures that the testing process remains efficient and focused on identifying vulnerabilities in the code.
Learn more
Honggfuzz
Honggfuzz is a software fuzzer focused on enhancing security through its advanced fuzzing techniques. It employs evolutionary and feedback-driven methods that rely on both software and hardware-based code coverage. This tool is designed to operate in a multi-process and multi-threaded environment, allowing users to maximize their CPU's potential without needing to launch multiple fuzzer instances. The file corpus is seamlessly shared and refined across all processes undergoing fuzzing, which greatly enhances efficiency. When persistent fuzzing mode is activated, Honggfuzz exhibits remarkable speed, capable of executing a simple or empty LLVMFuzzerTestOneInput function at an impressive rate of up to one million iterations per second on modern CPUs. It has a proven history of identifying security vulnerabilities, including the notable discovery of the only critical vulnerability in OpenSSL to date. Unlike other fuzzing tools, Honggfuzz can detect and report on hijacked or ignored signals that result from crashes, making it a valuable asset for identifying hidden issues within fuzzed programs. Its robust features make it an essential tool for security researchers aiming to uncover hidden flaws in software systems.
Learn more
Pricing
Pricing Starts At:
Free
Free Version:
Yes
Integrations
Company Details
Company:
RootUp
Website:
github.com/RootUp/BFuzz
Media
Recommended Products
Passwordless Authentication and Passwordless Security
It’s no secret — passwords can be a real headache, both for the people who use them and the people who manage them. Over time, we’ve created hundreds of passwords, it’s easy to lose track of them and they’re easily compromised. Fortunately, passwordless authentication is becoming a feasible reality for many businesses. Duo can help you get there.
Product Details
Platforms
Windows
Mac
Linux
Types of Training
Training Docs
Customer Support
Online Support
BFuzz Features and Options
BFuzz User Reviews
Write a Review- Previous
- Next