Surku – mutation-based fuzzer

Fuzz testing is widely used in auditing application by providing some invalid or random data to see how the application will be working with such behavior. The testing usually is automated using some open source program that may assist in fuzzing and monitoring the application in case of crash.

One of the tools that you can use in fuzzing is Surku. Surku is a mutation-based general purpose fuzzer, written in JavaScript. Surku runs on Node.js platform and is tested on version 0.8.x and 0.10.x.

This project consists of several files:

  • Surku.js: The core implementation of Surku
  • cmd.js: Commandline parser
  • mersenne-twister.js: Random number generator
  • mutators.js: Contains default mutators and Surku.mutators API
  • generators.js: Contains some prewritten random number generators.
  • xmlMutator.js: xml-mutations

By default you will have 19 mutators to control changes on the application you test but you can add new mutators or enable/remove specific ones according to your need. 

You can download the Surku over this link:

Notify of
Inline Feedbacks
View all comments