Skip to main content

Feb 13, 2019 - 1 minute read - Quora Technical Web Testing Security Testing

What is the best fuzzer (automated software testing tool) to find 0-days? Why? Quora Answer

Q: What is the best fuzzer (automated software testing tool) to find 0-days? Why?

A:

0-day is a very broad statement.

I tend to use the payload fuzzers in BurpSuite and OWasp Zap Proxy, but these require me to identify the target that I’m testing, and the appropriate data scope and range to fuzz.

I suspect you might be more interested in application or file based fuzzers.

Google have introduced a service for fuzzing applications.

github.com/google/oss-fuzz

There are many lists of fuzzers to read through.

New tools are being created for this all the time and there is a constant flood of research on fuzzing:

scholar.google.co.uk/scholar?hl=en&as_sdt=0%2C5&q=fuzzing&btnG=

Since the fuzzers all work at different levels and on different technologies you have to be very specific in your research to make sure you don’t overload yourself with tools (with is all too easy to do in Security Testing)

owasp.org/index.php/Fuzzing

Read this on Quora

- in Quora Technical Web Testing Security Testing


You will need a Github account to comment. Or you can contact me with your comment.

I reserve the right to delete spam comments e.g. if your comment adds no value and its purpose is simply to create a backlink to another site offering training, or courses, or etc.