# Fuzzing

## API

* [RESTler](https://github.com/microsoft/restler-fuzzer) - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
* [GitLab Protocol Fuzzer Community Edition](https://gitlab.com/gitlab-org/security-products/protocol-fuzzer-ce) - This is the community edition of GitLab's protocol fuzzing framework. This framework is based on Peach Fuzzer Professional with some features removed.

## Java

* [javafuzz](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/javafuzz) - a coverage guided fuzzer for java.

## Javascript

* [jsfuzz](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/jsfuzz) - a coverage guided fuzzer for testing javascript/nodejs packages.

## JSON

* [jdam](https://gitlab.com/michenriksen/jdam) - a [Radamsa](https://gitlab.com/akihe/radamsa) inspired tool for fuzzing arbitrary JSON objects in a structure-aware fashion, which ensures that fuzzing results will always be valid JSON.

## Python

* [pythonfuzz](https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/pythonfuzz) - a coverage guided fuzzer for testing python packages.

## TCP/UDP

* [Fuzzotron](https://github.com/denandz/fuzzotron) - a simple network fuzzer supporting TCP, UDP and multithreading.

## Web

* [ffuf - Fuzz Faster U Fool](https://github.com/ffuf/ffuf) - fast web fuzzer written in Go.