Fuzzing Software
From the Book (alphabetical)
- FileFuzz
- ifuzz
- In Memory Fuzz PoC
- notSPIKEfile
- SPIKEfile
- Sulley Fuzzing Framework (new version coming out 11/8/2007)
- WebFuzz
- ProtoFuzz
Others (alphabetical)
- antiparser
- Written in Python, simple and limited fuzzing framework.
- Autodafe
- Can be perceived as a more powerful version of SPIKE. It’s main contribution is the introduction of a UNIX-based debugging agent capable of weighting the possibility of a crash on any given fuzz input.
- AxMan
- A web-based ActiveX fuzzing engine written by HD Moore.
- bugger
- A Linux in-process fuzzer written by Michal Zalewski.
- COMRaider
- A Windows GUI fuzzer written by David Zimmer, designed to fuzz COM Object Interfaces.
- Dfuz
- Written in C, exposes a custom and easy to use scripting language for fuzzer deveopment.
- DOM-Hanoi
- Written by H D Moore and Aviv Raff, DOM-Hanoi is designed to identify common DHTML implementation flaws by adding/removing DOM elements
- Evolutionary Fuzzing System (EFS)
- A fuzzer which attempts to dynamically learn a protocol using code coverage and other feedback mechanisms.
- FileH
- A haskell-based file fuzzer that generates mutated files from a list of source files and feeds them to an external program in batches.
- FileP
- A python-based file fuzzer that generates mutated files from a list of source files and feeds them to an external program in batches.
- Fuzzled
- A Perl based generic fuzzing framework.
- General Purpose Fuzzer (GPF)
- Written in C, GPF has a number of modes ranging from simple pure random fuzzing to more complex protocol tokenization.
- hamachi
- Written by H D Moore and Aviv Raff, Hamachi will look for common DHTML implementation flaws by specifying common “bad” values for method arguments and property values.
- mangleme
- An automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers
- Peach
- Written in Python, an advanced and robust fuzzing framework which successfully separates and abstracts relevant concepts. Learning curve is a bit overwhelming.
- Protocol Informatics
- Slides, whitepaper and code from the last publicly seen snapshot from Marshall Beddoe’s work.
- QueFuzz
- Small fuzzer that uses libnetfilter_queue to take in packets from iptables. It’s fuzzing engine either randomly fuzzes binary or ASCII protocols or uses a basic fuzzing template to search and replace packet data.
- Schemer
- XML driven generic file and protocol fuzzer.
- SMUDGE
- Pure Python network protocol fuzzer from nd@felincemenace.
- SPIKE
- Written in C, exposes a custom API for fuzzer development. Probably the most widely used and popular framework.
- TAOF (The Art of Fuzzing)
- Written in Python, a cross-platform GUI driven network protocol fuzzing environment for both UNIX and Windows systems.
Want to add yours here? Drop us a line.
17 Comments so far
Leave a reply
Is there a public release date set for Sulley?
Yeah it will be released this Thursday at my BlackHat talk. Sorry for the delay in getting it out and about.
Where is the ProtoFuzz project from Chapter 16?
are you planning to release the code listings soon as mentioned in chapter 21 ;)
fuzzkid,
Sorry about that. Thought it would be releasable in time for the book release. Aaron (guy working on it) hasn’t given me the go ahead just yet, so you’ll have to play with Sulley for the time being ;-)
conrad: ProtoFuzz has been uploaded.
Thanks for posting the ProtoFuzz. I have tried several different ndisprot packages, but they all seem to fail at the driver.SendPacket() lines. Any ideas what the problem is? Can you post your ndisprot (.inf and .sys) for Win XP? I’ll keep trying on my end, thanks for the great book!
Hi,
Where may I find the fuzz_client.exe and fuzz_server.exe described in the chapter 20 of the book?
It’s validation check perl script.
URI perimeter validation check for Xss & SQL Injection
Check script and add your “other” fuzzer section ^^
http://sourceforge.net/projects/gamja/
Just posted the In-Memory-Fuzzer from Chapters 19 and 20. Sorry I forgot to post it before. One quick note, the PyDbg Python code published in the book is going to look slightly different from the one in the download archive. This is due to the fact that the interface to PyDbg callback handlers changed from when that chapter was written to what is currently up to date.
It’s not all that confusing though, in fact it’s easier to understand (which was the main motivation for the change in the first place).
Has anyone run into the Request Icon not showing up in WebFuzz?? I downloaded it several times to make sure I didnt catch a bad copy somehow however I have a copy of it at home that works fine.I have tried it out on several different systems and sometimes it just doesent show up any ideas? :)
Hi, I wrote a fuzzer framework based on some ideas of your book, especially the idea of probes. Fusil uses many probes to compute a session score in percent. Examples: If target program writes “assertion”, score is increment by +20%; if program exits with not nul exitcode: +50%; if CPU consumption is bigger than 90% during 5 seconds: +100%; etc. Fusil protects system and itself: create working directory for each session, limit memory, use timeout for most operations, etc. Many fuzzing “projects” are available: ClamAV, Mplayer, gettext, printf(), Linux syscalls, etc.
I have a question.
What other application do I nee to run/install Web Fuzz?
Just the dot net framework.
What about “wfuzz”?
http://www.edge-security.com/wfuzz.php
It is really a great tool in my opinion…
Cheers,
Luca
Which tool should I use for performing fuzz testing on any web application specially mail application.
Work environment:
OS:Win xp
Browser: IE6/7 or FF2
Language: C#.Net
Thankx
Bhavesh
Is the python code for generating SWF structs available
for download?
Thanks,
Wes