Fuzzing Tools

Fuzzing Tools

     http://www.fuzzing.org

• FileFuzz
• ifuzz
• In Memory Fuzz PoC
• notSPIKEfile
• SPIKEfile
• Sulley Fuzzing Framework (new version coming out 11/8/2007)
  • Manual
  • EpyDocs
  • Presentation slides from release at BlackHat 2007
• WebFuzz
• ProtoFuzz

• antiparser
  • Written in Python, simple and limited fuzzing framework.
• Autodafe
  • Can be perceived as a more powerful version of SPIKE. It’s main contribution is the introduction of a UNIX-based debugging agent capable of weighting the possibility of a crash on any given fuzz input.
• AxMan
  • A web-based ActiveX fuzzing engine written by HD Moore.
• bugger
  • A Linux in-process fuzzer written by Michal Zalewski.
• COMRaider
  • A Windows GUI fuzzer written by David Zimmer, designed to fuzz COM Object Interfaces.
• Dfuz
  • Written in C, exposes a custom and easy to use scripting language for fuzzer deveopment.
• DOM-Hanoi
  • Written by H D Moore and Aviv Raff, DOM-Hanoi is designed to identify common DHTML implementation flaws by adding/removing DOM elements
• Evolutionary Fuzzing System (EFS)
  • A fuzzer which attempts to dynamically learn a protocol using code coverage and other feedback mechanisms.
• FileH
  • A haskell-based file fuzzer that generates mutated files from a list of source files and feeds them to an external program in batches.
• FileP
  • A python-based file fuzzer that generates mutated files from a list of source files and feeds them to an external program in batches.
• Fuzzled
  • A Perl based generic fuzzing framework.
• General Purpose Fuzzer (GPF)
  • Written in C, GPF has a number of modes ranging from simple pure random fuzzing to more complex protocol tokenization.
• hamachi
  • Written by H D Moore and Aviv Raff, Hamachi will look for common DHTML implementation flaws by specifying common “bad” values for method arguments and property values.
• mangleme
  • An automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers
• Peach
  • Written in Python, an advanced and robust fuzzing framework which successfully separates and abstracts relevant concepts. Learning curve is a bit overwhelming.
• Protocol Informatics
  • Slides, whitepaper and code from the last publicly seen snapshot from Marshall Beddoe’s work.
• QueFuzz
  • Small fuzzer that uses libnetfilter_queue to take in packets from iptables. It’s fuzzing engine either randomly fuzzes binary or ASCII protocols or uses a basic fuzzing template to search and replace packet data.
• Schemer
  • XML driven generic file and protocol fuzzer.
• SMUDGE
  • Pure Python network protocol fuzzer from nd@felincemenace.
• SPIKE
  • Written in C, exposes a custom API for fuzzer development. Probably the most widely used and popular framework.
• TAOF (The Art of Fuzzing)
  • Written in Python, a cross-platform GUI driven network protocol fuzzing environment for both UNIX and Windows systems.