A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

• Books
• Courses
  • Free
  • Paid
• Videos
  • NYU Poly Course videos
  • Conference talks/tutorials on Fuzzing
• Tutorials
• Tools
  • File Format Fuzzers
  • Network Protocol Fuzzers
  • Taint Analysis
  • Symbolic Execution + SAT/SMT Solvers
  • Essential Tools (generic)
• Vulnerable Applications
• Contributing

• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini.

• Fuzzing for Software Security Testing and Quality Assurance by Ari Takanen, Charles Miller, and Jared D Demott.

• Open Source Fuzzing Tools by by Gadi Evron and Noam Rathaus.

• Gray Hat Python by Justin Seitz.

Note: Chapter(s) in the following books are dedicated to fuzzing.

• The Shellcoder's Handbook: Discovering and Exploiting Security Holes ( Chapter 15 ) by Chris Anley, Dave Aitel, David Litchfield and others.

• iOS Hacker's Handbook - Chapter 1 Charles Miller, Dino DaiZovi, Dion Blazakis, Ralf-Philip Weinmann, and Stefan Esser.

IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler.

NYU Poly ( see videos for more ) - Made available freely by Dan Guido.

Samclass.info ( check projects section and chapter 17 ) - by Sam.

Modern Binary Exploitation ( RIPESEC ) - Chapter 15 - by RPISEC.

Offensive Computer Security - Week 6 - by W. Owen Redwood and Prof. Xiuwen Liu.

SANS 660/760 Advanced Exploit Development for Penetration Testers

Exodus Intelligence - Vulnerability development master class

Videos talking about fuzzing techniques, tools and best practices

Fuzzing 101 (Part 1) - by Mike Zusman.

Fuzzing 101 (Part 2) - by Mike Zusman.

Fuzzing 101 (2009) - by Mike Zusman.

Fuzzing - Software Security Course on Coursera - by University of Maryland.

Browser bug hunting - Memoirs of a last man standing - by Atte Kettunen

A year of Windows kernel font fuzzing Part-1 the results - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers.

A year of Windows kernel font fuzzing Part-2 the techniques - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers.

Interesting bugs and resources at fuzzing project - by fuzzing-project.org.

Fuzzing workflows; a fuzz job from start to finish - by @BrandonPrry.

A gentle introduction to fuzzing C++ code with AFL and libFuzzer - by Jeff Trull.

A 15 minute introduction to fuzzing - by folks at MWR Security.

Note: Folks at fuzzing.info has done a great job of collecting some awesome links, I'm not going to duplicate their work. I will add papers missed by them and from 2015 and 2016. Fuzzing Papers - by fuzzing.info

Fuzzing Blogs - by fuzzing.info

Root Cause Analysis of the Crash during Fuzzing - by Corelan Team. Root cause analysis of integer flow - by Corelan Team.

Creating custom peach fuzzer publishers - by Open Security Research

7 Things to Consider Before Fuzzing a Large Open Source Project - by Emily Ratliff.

From fuzzing to 0-day - by Harold Rodriguez(@superkojiman).

From crash to exploit - by Corelan Team.

Getting Started with Peach Fuzzing with Peach Part 1 - by Jason Kratzer of corelan team. Fuzzing with Peach Part 2 - by Jason Kratzer of corelan team. Auto generation of Peach pit files/fuzzers - by Frédéric Guihéry, Georges Bossert.

Fuzzing workflows; a fuzz job from start to finish - by @BrandonPrry.

Fuzzing capstone using AFL persistent mode - by @toasted_flakes

RAM disks and saving your SSD from AFL Fuzzing

Fuzzing with Spike to find overflows

Fuzzing with Spike - by samclass.info

Fuzzing with FOE - by Samclass.info

Z3 - A guide - Getting Started with Z3: A Guide

Tools which helps in fuzzing applications

Fuzzers which helps in fuzzing file formats like pdf, mp3, swf etc.,

MiniFuzz - Basic file format fuzzing tool by Microsoft.

BFF from CERT - Basic Fuzzing Framework for file formats.

AFL Fuzzer (Linux only) - American Fuzzy Loop Fuzzer by Michal Zalewski aka lcamtuf

Win AFL - A fork of AFL for fuzzing Windows binaries by Ivan Fratic

Shellphish Fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality.

TriforceAFL - A modified version of AFL that supports fuzzing for applications whose source code not available.

Peach Fuzzer - Framework which helps to create custom dumb and smart fuzzers.

MozPeach - A fork of peach 2.7 by Mozilla Security.

Failure Observation Engine (FOE) - mutational file-based fuzz testing tool for windows applications.

rmadair - mutation based file fuzzer that uses PyDBG to monitor for signals of interest.

honggfuzz - A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage. Supports GNU/Linux, FreeBSD, Mac OSX and Android.

zzuf - A transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input.

radamsa - A general purpose fuzzer and test case generator.

Peach Fuzzer - Framework which helps to create custom dumb and smart fuzzers.

Sulley - A fuzzer development and fuzz testing framework consisting of multiple extensible components by Michael Sutton.

boofuzz - A fork and successor of Sulley framework.

Spike - A fuzzer development framework like sulley, a predecessor of sulley.

Metasploit Framework - A framework which contains some fuzzing capabilities via Auxiliary modules.

Nightmare - A distributed fuzzing testing suite with web administration, supports fuzzing using network protocols.

honggfuzz - A general-purpose, easy-to-use fuzzer with interesting analysis options.

Hodor Fuzzer - Yet Another general purpose fuzzer.

PANDA ( Platform for Architecture-Neutral Dynamic Analysis )

QIRA (QEMU Interactive Runtime Analyser)

SMT-LIB

I haven't included some of the legends like AxMan, please refer the following link for more information. https://www.ee.oulu.fi/research/ouspg/Fuzzers

Tools of the trade for exploit developers, reverse engineers

Windbg - The preferred debugger by exploit writers.

Immunity Debugger - Immunity Debugger by Immunity Sec.

OllyDbg - The debugger of choice by reverse engineers and exploit writers alike.

Mona.py ( Plugin for windbg and Immunity dbg ) - Awesome tools that makes life easy for exploit developers.

x64dbg - An open-source x64/x32 debugger for windows.

Evan's Debugger (EDB) - Front end for gdb.

GDB - Gnu Debugger - The favorite linux debugger.

PEDA - Python Exploit Development Assistance for GDB.

Radare2 - Framework for reverse-engineering and analyzing binaries.

IDA Pro - The best disassembler

binnavi - Binary analysis IDE, annotates control flow graphs and call graphs of disassembled code.

Capstone - Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

ltrace - Intercepts library calls

strace - Intercepts system calls

https://files.fuzzing-project.org/

[PDF Test Corpus from Mozilla] (https://github.com/mozilla/pdf.js/tree/master/test/pdfs)

MS Office file format documentation

Please refer the guidelines at contributing.md for details.

Thanks to the following folks who made contributions to this project.

• Tim Strazzere
• jksecurity