Projects tagged ‘fuzzing’

zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes from untrusted sources on the ... [More] Internet). It works by intercepting file and network operations and changing random bits in the program’s input. zzuf’s behaviour is deterministic, making it easier to reproduce bugs. [Less]

Fusil project is a fuzzing program. Today, it's specific to Linux command line program, but the code is designed to be used with any project type (remote process, fake HTTP server, fuzz network ... [More] socket, etc.). New Fusil implementation is now based on multi-agent system instead monolithic architecture. [Less]

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and ... [More] provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. [Less]

USBroken is a framework and Arduino-based hardware platform for USB device driver fuzzing. It will allow the user to spoof arbitrary USB device IDs in order to force the loading of specific drivers, which can then be attacked.

Updates - May 2009QueFuzz is outdated, I have replaced it with QueRub which you can read more about here. STOP QueFuzz is old, read the text above this! QueFuzz is a small fuzzer that uses ... [More] libnetfilter_queue to take in packets from iptables. It's fuzzing engine reads a small template file and fuzzes the packets as you requested. QueFuzz has a very short learning curve, unlike many other fuzzing frameworks. It may not be as powerful but you can have it up and fuzzing in under a minute. Unlike other fuzzers, QueFuzz is not focused on data generation. It relies on a valid application to generate the data and instead just mutates the network traffic inline and passes it on. Heres an a quick how-to: 1. Setup an iptables rule that queues all outgoing packets with a TCP destination port of 80. iptables -A OUTPUT -p tcp --dport 80 -j QUEUE 2. Start QueFuzz with an HTTP template that looks like this $ cat http.fuz quefuzz HTTP { ip_src (192.168.4.3) ip_dst (192.168.4.2) replace (AAAA) (BBBB) replace (GET /index.html) (GET /../../../../) replace (Content-Length: 90) (Content-Length: -1) replace (User-Agent: Mozilla) (User-Agent: Moz%n%n) binary_replace (04050f) (616263) fuzz_word (Content-Length) random_binary random_ascii random_depth 2 } $./quefuzz -t http.fuz -v -f3. Open your HTTP browser, and connect to your server at 192.168.4.2 as normal. QueFuzz takes care of the packet mutation inline, all you have to do is monitor your server or client with a debugger for any potential crashes. (The example template has all keywords used) QueFuzz can obviously be used in the opposite direction. You can fuzz your client using your server. It doesn't care what direction the traffic is going. Its not as in-depth as some of the better fuzzing frameworks out there like Sulley or Spike, but it gets the job done. Heres a basic flow chart of how it works: http://em386.blogspot.com | http://chris.rohlf.googlepages.com/index.html [Less]

File Fuzzing Tool in Python built on top of pyraft framework.

Bunny the FuzzerA closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks ... [More] into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals. Bunny is currently known to support Linux, FreeBSD, OpenBSD, and Cygwin on IA32 and IA64 systems. Quick linksDownload current version (0.93 beta) See detailed documentation [Less]

Flayer is a Valgrind tool which provides bit-precise dynamic taint analysis of input to a target application. In addition, it allows this flow to be altered irrespective of content through the ... [More] modification of conditional jump (if clauses) and function call behavior. In addition, a small, Python wrapper library, LibFlayer, is included. It provides an easy interface for automation. This is a proof of concept implementation, but it is fully functional. Please check it out! [Less]

Fuzzing of WebServices. Features: gui, input definition(per parameter), test case generatiion, filter of results, ...

Sulley is a fuzzer development and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies ... [More] , commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and target monitoring as well. Sulley is affectionately named after the creature from Monsters Inc., because, well, he is fuzzy. Modern day fuzzers are, for the most part, solely focus on data generation. Sulley not only has impressive data generation but has taken this a step further and includes many other important aspects a modern fuzzer should provide. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a known good state using multiple methods. Sulley detects, tracks and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases trigger faults. Sulley does all this, and more, automatically and without attendance. [Less]