Feb 13, 2019 - 1 minute read - Quora Technical Web Testing Security Testing

What is the best fuzzer (automated software testing tool) to find 0-days? Why? Quora Answer

Q: What is the best fuzzer (automated software testing tool) to find 0-days? Why?

0-day is a very broad statement.

I tend to use the payload fuzzers in BurpSuite and OWasp Zap Proxy, but these require me to identify the target that I’m testing, and the appropriate data scope and range to fuzz.

I suspect you might be more interested in application or file based fuzzers.

Google have introduced a service for fuzzing applications.

github.com/google/oss-fuzz

There are many lists of fuzzers to read through.

New tools are being created for this all the time and there is a constant flood of research on fuzzing:

scholar.google.co.uk/scholar?hl=en&as_sdt=0%2C5&q=fuzzing&btnG=

Since the fuzzers all work at different levels and on different technologies you have to be very specific in your research to make sure you don’t overload yourself with tools (with is all too easy to do in Security Testing)

owasp.org/www-community/Fuzzing

Read this on Quora

If you like this content then you might be interested in my Patreon Community. I create exclusive content multiple times a week. Gain access to Patreon only content and online training courses for as little as $1 per month. Learn more about the EvilTester Patreon Community.

All Posts | Categories | Archive

<< When getting rid of a browser, what are the advantages of using taskkill.exe over close method in Selenium? Quora

JavaScript Tutorial Creating a CounterString tool in Chrome Browser Dev Tools Snippets >>

You will need a Github account to comment. Or you can contact me with your comment.

I reserve the right to delete spam comments e.g. if your comment adds no value and its purpose is simply to create a backlink to another site offering training, or courses, etc.