Q: What is the best fuzzer (automated software testing tool) to find 0-days? Why?
A:
0-day is a very broad statement.
I tend to use the payload fuzzers in BurpSuite and OWasp Zap Proxy, but these require me to identify the target that I’m testing, and the appropriate data scope and range to fuzz.
I suspect you might be more interested in application or file based fuzzers.
Google have introduced a service for fuzzing applications.
There are many lists of fuzzers to read through.
New tools are being created for this all the time and there is a constant flood of research on fuzzing:
scholar.google.co.uk/scholar?hl=en&as_sdt=0%2C5&q=fuzzing&btnG=
Since the fuzzers all work at different levels and on different technologies you have to be very specific in your research to make sure you don’t overload yourself with tools (with is all too easy to do in Security Testing)
You will need a Github account to comment. Or you can contact me with your comment.
I reserve the right to delete spam comments e.g. if your comment adds no value and its purpose is simply to create a backlink to another site offering training, or courses, or etc.