来源:zwell's blog

关键字(Keywords) : fuzzing, fuzz testing, fuzzer.

antiparser is a fuzz testing and fault injection API. The purpose of antiparser is to provide an API that can be used to model network protocols and file formats by their composite data types. Once a model has been created, the antiparser has various methods for creating random sets of data that deviates in ways that will ideally trigger software bugs or security vulnerabilities. Requires Python 2.3 or later.

Autodafe is a fuzzing framework that can be used to identify boundary validation and other issues in protocols and applications. Written by Martin Vuagnoux.

AxMan is a web-based ActiveX fuzzing engine. The goal of AxMan is to discover vulnerabilities in COM objects exposed through Internet Explorer. Since AxMan is web-based, any security changes in the browser will also affect the results of the fuzzing process. This allows for a much more realistic test than other COM-based assessment tools. AxMan is designed to be used with Internet Explorer 6 only.
A web-based ActiveX fuzzing engine written by HD Moore.

A Linux in-process fuzzer written by Michal Zalewski.

A simple C-source fuzzer to test for HTTP chunked encoding issues in clients and servers.

COMRaider is a tool designed to fuzz COM Object Interfaces. COMRaider includes capability to easily enumerate safe for scripting objects, ability to scan for COM objects by path, filename, or guid; integrated type library viewer; integrated debugger to monitor exceptions, close windows,log api; external vbs script allows you to easily edit fuzzer permutations; built in webserver to test exploits on the fly; distributed auditing mode to allow entire teams to work together; ability to upload crash files to central server for group analysis; automation tools allowing you to easily fuzz multiple libraries, individual classes, or specific functions.

a remote protocol fuzzer/triggerer which can do many things such as sending random data/random sizes, together with the data you want. it has alot of ways to tell the program to use this data by using rule files which will be later parsed by the program itself, and with several options and ways to make it very specific, and very flexible. It’s not only a remote protocol fuzzer as itself, but it is a scripting-like motor on which you can create any kind of payload. User-friendly.

Digital Dwarf Society: fuzzing tool for the dhcp protocol.

Written by H D Moore and Aviv Raff, DOM-Hanoi is designed to identify common DHTML implementation flaws by adding/removing DOM elements

Evolutionary Fuzzing System (EFS)
A fuzzer which attempts to dynamically learn a protocol using code coverage and other feedback mechanisms.

FileFuzz A file format fuzzer for Windows PE binaries from iDefense.

A haskell-based file fuzzer that generates mutated files from a list of source files and feeds them to an external program in batches.

A python-based file fuzzer that generates mutated files from a list of source files and feeds them to an external program in batches.

FTPFuzz is a simple GUI-based fuzzer for testing FTPD server implementations. It allows the user to specify FTP commands and parameters to fuzz, and the pattern of test strings to use for each case. Remotely exploitable vulnerabilities in many popular FTP services have been discovered using this utility.

Fuzzball2 is a little fuzzer for TCP and IP options. It sends a bunch of more or less bogus packets to the host of your choice.

Include boffuzzer and cmdfuzzer

Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them .

File fuzzer written by Reed Arvin. Creates multiple variations of a file – useful for finding local application flaws.

Packet sniffer and replayer written by Reed Arvin. Can be used to capture data on the wire, modify it in various ways and resend to the target. Used to test for protocol and application vulnerabilities.

General Purpose Fuzzer (GPF)
Written in C, GPF has a number of modes ranging from simple pure random fuzzing to more complex protocol tokenization.

Hamachi is a community-developed utility for verifying browser integrity, written by H D Moore and Aviv Raff. Hamachi will look for common DHTML implementation flaws by specifying common “bad” values for method arguments and property values.

Digital Dwarf Society: fuzzing tool for the iCal calendar format.

ip6sic is a tool for stress testing an IPv6 stack implementation. It works in a way much similar to ISIC above. It was developed mainly on FreeBSD and is known to work on OpenBSD and Linux. Theoretically, it should work wherever libdnet works.

Digital Dwarf Society: fuzzing tool for IRC clients.

ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It generates piles of pseudo random packets of the target protocol. The packets be given tendancies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the packets can be IP fragments – but the percentages are arbitrary and most of the packet fields have a configurable tendancy. The packets are then sent against the target machine to either penetrate its firewall rules or find bugs in the IP stack. ISIC also contains a utility generate raw ether frames to examine hardware implementations.

JavaScript fuzzer
which has led to the discovery and resolution of dozens of critical security bugs.

OWASP JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.

KIPH is an advance protocol fuzzed developed by the team. The tool builds on novel algorithms to make stateful in depth fuzzing of remote devices. KIPH has already been succesfully applied to various Internet services and protocols.

Library Exploit API – A selection of python methods designed for bugtesting and exploitation of local and remote vulnerabilities. It includes a fuzz testing compenent, miscellaneous shellcode methods and a simple GUI. LxAPI is currently a work-in-progress.

Trivial binary file fuzzer by Ilja van Sprundel. It’s usage is very simple, it takes a filename and headersize as input. It will then change between 0 and 10% of the header with random bytes. May be useful to testers with some scripting experience.

An automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers

MielieTool v.1.0 is an easy to use Perl based web application fuzzer. It supports fuzzing of CGIs in forms and links and supports multiple sites. Requires HTTrack, Lynx, grep, find, and rm.

Mistress in an ‘Application Sadism Environment’ and can also be called a fuzzer. It is written in Python and was created for probing file formats on the fly and protocols with malformed data, based on pre-defined patterns. It is recommended that the project site be visited for further documentation and use cases.

msn fuzzer
C source code for a simple MSN protocol fuzzer. May be used to discover vulnerabilities in MSN client software.

Peach Fuzzer Framework – Peach is a cross-platform fuzzing framework written in Python. Peaches main goals include: short development time, code reuse, ease of use, and flexability. Peach can fuzz just about anything from .NET, COM/ActiveX, SQL, shared libraries/DLL’s, network applications, web, you name it!

Protocol Informatics
Slides, whitepaper and code from the last publicly seen snapshot from Marshall Beddoe’s work.

The PROTOS project researches different approaches of testing implementations of protocols using black-box (i.e. functional) testing methods. The goal is to support pro-active elimination of faults with information security implications. Numerous PROTOS test cases have been provided for assessment: WAP fuzzers, LDAP and SNMP fuzzers, DNS fuzzers and more.

A Radius protocol fuzzer written in C, by Thomas Biege of the SuSe Security Team.

RFuzz is a Ruby library to easily test web applications from the outside using a fast HttpClient and wicked evil RandomGenerator allowing the average programmer to use advanced fuzzing techniques for just pennies a day.

and Faultmon – RIOT testing utility and Faultmon exception catcher. May be used for attacking plain text protocols (Telnet, HTTP, SMTP). Used by Riley Hassell when he worked at eEye to discover the IIS .printer overflow and included in The Shellcoder’s Handbook.

XML driven generic file and protocol fuzzer.

Pure Python network protocol fuzzer from [email protected]

SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC).

SPIKEfile is a Linux based file format fuzzing tool, based on SPIKE 2.9. It was designed to automate the launching of applications and detection of exceptions caused by fuzzed files. It uses standard SPIKE scripts to generate files and utilizes ptrace to pick up interesting signals and dump register state.

Scratch is an advanced protocol destroyer (”fuzzer”) which can routinely find a wide variety of vulnerabilities from a simple packet. scratch does complex parsing of binary files to determine what to fuzz with what data. scratch also comes with a framework for fuzzing binary protocols such as SSL and SMB.

SPI WebInspect
The commercial SPI WebInspect toolkit provides a professional Web fuzzing tool known as SPI Fuzzer. SPI ToolKit users benefit from a commercially supported product that ensures reliability, updates, and ease-of-use.

SNMP fuzzer uses Protos test cases with an entirely new engine written in Perl. It provides efficient methods of determining which test case has caused a fault, offers more testing granularity and a friendlier user interface.

BlackOps SMTP Fuzzing utility can be used to find weaknesses in server implementations of the SMTP protocol.

A System Call Fuzzer for Linux. C Source provided.

Socket Fuzzer
A socket/file descriptor fuzzing tool for Unix. C Source provided.


TagBruteForcer is a client-side security tool designed to find overflows in applications that can be opened by default within Internet Explorer. It also includes basic functionality for testing ActiveX objects or Internet Explorer itself.

TAOF (The Art of Fuzzing)
Written in Python, a cross-platform GUI driven network protocol fuzzing environment for both UNIX and Windows systems.

Digital Dwarf Society: fuzzing tool for the tftp protocol.

UFuz3 is a binary file fuzzer focused on finding integer overflow vulnerabilities. This tool can audit any application which loads a binary file such as Windows Media player, Microsoft office, etc.(From eeye)

untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input. It's released under GPL v2 and written in python.

Wapiti is a fuzz tester for web applications, and version 1.1.1 was recently released to the public. Wapiti scans the frontend of the target application and identifies all the expected user inputs. It then runs a series of tests against each variable, such as injecting punctuation and special characters, and looks for unexpected output from the application. Wapiti can be used to automate the discovery of SQL and code injection attacks, cross-site scripting and directory traversal vulnerabilities.

WebFuzzer is a web application fuzzer that checks for remote vulnerabilities such as sql injection, cross site scripting, remote code execution, file disclosure, directory traversal, php includes, shell escapes and insecure perl open() calls.

zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes from untrusted sources on the Internet).

develops and markets state-of-the-art software testing tools for proactive elimination and prevention of security vulnerabilities. Codenomicon test tools are available for a wide range of protocols and file formats. Commercial

is developing solutions to characterize, quantify and proactively improve security. Using this approach, it is possible to detect unknown and known vulnerabilities in applications and systems by methodically attacking target systems to uncover flaws; compare the relative robustness of different products to malicious attacks; and drive improvement in product security through quantifiable metrics. Commercial

* http://www.nosec.org
* http://www.fuzzing.org/fuzzing-software
* http://hacksafe.com.au/blog/category/fuzz-testing/ & http://hacksafe.com.au/blog/2006/08/21/fuzz-testing-tools-and-techniques/
* http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html
* http://www.scadasec.net/secwiki/FuzzingTools
* http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing