Fuzzing: Brute Force Vulnerability Discovery
Authors: Michael Sutton, Adam Greene, Pedram Amini
You can purchase this book from Amazon. Preview Chapter 21 as a free sample.
Software From the Book (alphabetical)
Other Fuzzing Software (alphabetical)
- Written in Python, simple and limited fuzzing framework.
- Can be perceived as a more powerful version of SPIKE. It’s main contribution is the introduction of a UNIX-based
debugging agent capable of weighting the possibility of a crash on any given fuzz input.
- A web-based ActiveX fuzzing engine written by HD Moore.
- A Linux in-process fuzzer written by Michal Zalewski.
- A Windows GUI fuzzer written by David Zimmer, designed to fuzz COM Object Interfaces.
- Written in C, exposes a custom and easy to use scripting language for fuzzer deveopment.
- Written by H D Moore and Aviv Raff, DOM-Hanoi is designed to identify common DHTML implementation flaws by
adding/removing DOM elements
- Evolutionary Fuzzing System (EFS)
- A fuzzer which attempts to dynamically learn a protocol using code coverage and other feedback mechanisms.
- A haskell-based file fuzzer that generates mutated files from a list of source files and feeds them to an external
program in batches.
- A python-based file fuzzer that generates mutated files from a list of source files and feeds them to an external
program in batches.
- A Perl based generic fuzzing framework.
- General Purpose Fuzzer (GPF)
- Written in C, GPF has a number of modes ranging from simple pure random fuzzing to more complex protocol
- Written by H D Moore and Aviv Raff, Hamachi will look for common DHTML implementation flaws by specifying common
“bad” values for method arguments and property values.
- A Python tool focused in discovering programming faults in network software.
- An automated broken HTML generator and browser tester, originally used to find dozens of security and reliability
problems in all major Web browsers.
- Written in Python, an advanced and robust fuzzing framework which successfully separates and abstracts relevant
concepts. Learning curve is a bit overwhelming.
- Protocol Informatics
- Slides, whitepaper and code from the last publicly seen snapshot from Marshall Beddoe’s work.
- Small fuzzer that uses libnetfilter_queue to take in packets from iptables. It’s fuzzing engine either randomly
fuzzes binary or ASCII protocols or uses a basic fuzzing template to search and replace packet data.
- XML driven generic file and protocol fuzzer.
- Pure Python network protocol fuzzer from nd@felincemenace.
- Written in C, exposes a custom API for fuzzer development. Probably the most widely used and popular framework.
- TAOF (The Art of Fuzzing)
- Written in Python, a cross-platform GUI driven network protocol fuzzing environment for both UNIX and Windows