Penetration Testing mailing list archives
Fusil the fuzzer version 1.0beta3
From: Victor Stinner <victor.stinner () haypocalc com>
Date: Wed, 3 Sep 2008 23:24:49 +0200
Fusil is a Python library for writing fuzzers and a set of specific fuzzers: Apache, ClamAV, Firefox, gettext, gstreamer, ImageMagick, libpoppler, printf(), Mplayer, ogg123, PHP and Python. The goal is to quickly write your fuzzer, Fusil is reponsible to manage a fuzzing campain (create files, cleanup at exist, sort errors, etc.). With the version 1.0, Fusil is safe: it uses a dedicated (UNIX) user to create child processes and limit resources (memory, total number of processes, etc.). Fusil now uses python-ptrace debugger for helping error classification (invalid memory read/write, division by zero, stack overflow, ...): it renames the fuzzer working directory (eg. "exitcode1", "abort", "div_by_zero", ...). This version is a beta version, it have to be tested as much as possible on any architectures and operating systems. Don't hesitate to report bugs! Website: http://fusil.hachoir.org/ python-ptrace website: http://python-ptrace.hachoir.org/ The development of the version 1.0 (still in beta phase) took around one year. The project is distributed under license GPLv2, is written in Python and is pacakaged for Debian, Mandriva and OpenEmbedded. The project is developed under Linux, but Fusil works correctly on FreeBSD and should works on any POSIX system (especially UNIX and BSD). Getting started --------------- To install Fusil, you will need python-ptrace and a system user "fusil" (and a group "fusil"). To run a fuzzer, type it's name, eg. "fusil-gettext". Each fuzzer has its own options, so don't hesitate to use the option "--help". For the documentation, browse the directory doc/. Simple examples are available in the directory examples/. python-ptrace only works correclty on Linux (i386, x86_64, PPC32) and FreeBSD (i386). If you have troubles with another architecture/OS, disable it with the Fusil configuration file (~/.config/fusil.conf): [debugger] use_debugger = False Read doc/configuration.rst to learn other Fusil options. python-ptrace ------------- If you didn't know python-ptrace, you should know that it's only written in Python and includes the programs strace.py and gdb.py (strace and gdb clones). strace.py is very close to strace, but has more options and works on FreeBSD without the Linux emulation (/proc directory). gdb.py is very limited, it doesn't support thread nor symbols for example. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Fusil the fuzzer version 1.0beta3 Victor Stinner (Sep 03)