Fuzzing is the act of generating random input to be fed to programs to try to flush out bugs in them. In theory, programs should reject all invalid input with suitable error messages, but sometimes there are holes in their validation checks, which means that certain inputs can produce odd, unintended behaviours or crashes.

Some fuzzing tools are:

  • zzuf, a sort of “man-in-the-middle” fuzzer
  • fusil, a Python library for writing fuzzers
  • wapiti, which scans Web pages for potential form- and script-injection vulnerabilities
  • fuzz