API Fuzzer vs. Honggfuzz vs. JavaScript vs. WebReaver Comparison Chart

Honggfuzz is a security-oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW-based). It’s multi-process and multi-threaded, there’s no need to run multiple copies of your fuzzer, as Honggfuzz can unlock the potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. It’s blazingly fast when the persistent fuzzing mode is used. A simple/empty LLVMFuzzerTestOneInput function can be tested with up to 1mo iteration per second on a relatively modern CPU. Has a solid track record of uncovered security bugs, the only (to date) vulnerability in OpenSSL with the critical score mark was discovered by Honggfuzz. As opposed to other fuzzers, it will discover and report hijacked/ignored signals from crashes (intercepted and potentially hidden by a fuzzed program).

WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, suitable for novice as well as advanced users. WebReaver allows you easily test any web application for a large variety of web vulnerabilities from the sever kinds such as SQL Injection, local and remote file Includes, command Injection, cross-site scripting and expression Injection to the less severe ones such as variety of session and headers problems, information leakage and many more. Automated security testing technologies, such as those, which rely on scanning, fuzzing, sending arbitrary malicious data to detect security defects, can seriously damage the web applications they are used against. Therefore, it is often recommended to perform automated tests only against systems in demo, testing or pre-production environments.