Fuzzing (aka Fuzz-Testing) consists of automatically creating and evaluating inputs towards discovering vulnerabilities. Traditional undirected fuzzing may get stuck into one direction and thus may not be efficient in finding a broad range of local optima. In this work, we combine artificial intelligence and security testing techniques to guide the fuzzing via an evolutionary algorithm. Our work is the first application of a genetic algorithm for black-box fuzzing for vulnerability detection. We designed heuristics for fuzzing PDF interpreters searching for memory corruption vulnerabilities and for fuzzing websites for cross site scripting. Our evolutionary fuzzers ShiftMonkey and KameleonFuzz outperform traditional black-box fuzzers both in vulnerability detection capabilities and efficiency.