Projects tagged ‘fuzzer’

zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes from untrusted sources on the ... [More] Internet). It works by intercepting file and network operations and changing random bits in the program’s input. zzuf’s behaviour is deterministic, making it easier to reproduce bugs. [Less]

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and ... [More] provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. [Less]

Fusil project is a fuzzing program. Today, it's specific to Linux command line program, but the code is designed to be used with any project type (remote process, fake HTTP server, fuzz network ... [More] socket, etc.). New Fusil implementation is now based on multi-agent system instead monolithic architecture. [Less]

My new security blog @ http://deesec.com/ Webreak is a software designed to perform security audits on web applications. It's the next generation of wfuzz It's main objetives are: Brute force ... [More] application parameters Finding hidden paths Features: Multiple fuzzing points (in the same request) Support multiple threaded attacks Web interface (RIA) Inline encoding/decoding works in *IX systems and Windows. WB is crossBrowser. Currently there aren't SVN repositories for this project because it's in a BETA stage. You can download a BETA release in the following URL: webreak-0.1.1-BETA If you want the latest version download the sources from SVN Just run "webreak.py" !! You only need Python2.5 and PyCurl library. Screenshots: Enjoy it! [Less]

Updates - May 2009QueFuzz is outdated, I have replaced it with QueRub which you can read more about here. STOP QueFuzz is old, read the text above this! QueFuzz is a small fuzzer that uses ... [More] libnetfilter_queue to take in packets from iptables. It's fuzzing engine reads a small template file and fuzzes the packets as you requested. QueFuzz has a very short learning curve, unlike many other fuzzing frameworks. It may not be as powerful but you can have it up and fuzzing in under a minute. Unlike other fuzzers, QueFuzz is not focused on data generation. It relies on a valid application to generate the data and instead just mutates the network traffic inline and passes it on. Heres an a quick how-to: 1. Setup an iptables rule that queues all outgoing packets with a TCP destination port of 80. iptables -A OUTPUT -p tcp --dport 80 -j QUEUE 2. Start QueFuzz with an HTTP template that looks like this $ cat http.fuz quefuzz HTTP { ip_src (192.168.4.3) ip_dst (192.168.4.2) replace (AAAA) (BBBB) replace (GET /index.html) (GET /../../../../) replace (Content-Length: 90) (Content-Length: -1) replace (User-Agent: Mozilla) (User-Agent: Moz%n%n) binary_replace (04050f) (616263) fuzz_word (Content-Length) random_binary random_ascii random_depth 2 } $./quefuzz -t http.fuz -v -f3. Open your HTTP browser, and connect to your server at 192.168.4.2 as normal. QueFuzz takes care of the packet mutation inline, all you have to do is monitor your server or client with a debugger for any potential crashes. (The example template has all keywords used) QueFuzz can obviously be used in the opposite direction. You can fuzz your client using your server. It doesn't care what direction the traffic is going. Its not as in-depth as some of the better fuzzing frameworks out there like Sulley or Spike, but it gets the job done. Heres a basic flow chart of how it works: http://em386.blogspot.com | http://chris.rohlf.googlepages.com/index.html [Less]

This is an HTTP fuzzer built by a students's group of the University of Buenos Aires for learning about HTTP servers security.

Fuzzing of WebServices. Features: gui, input definition(per parameter), test case generatiion, filter of results, ...

This project aims to provide Client Side APIs for fuzz testing SSL v3 Servers. It will be useful in fuzz testing OpenSSL based servers (or any server which is based on SSL v3). Further additions will ... [More] include python wrappers for making it just a little more easier! Currently it is not even release version 1. Lot of work left over! [Less]

This fuzzing tool allows fuzzing of events, tags, styles and HTML attributes. You can use incomplete tags with various depth and randomise case of all parameters. It also contains a database of all new attack vectors gathered.

Fuzzer generator based on unix man pages. Extracts offered options from a man page and creates a shell script that will execute a command using all possible combination of options and arguments. ... [More] More information on how to use this fuzzer visit : fuzzman-man-pages-based-fuzzer [Less]