Section: .. / fuzzer /
| /// File Name: |
WAFUTFF.pdf |
Description:
|
Whitepaper entitled "Writing a fuzzer using the Fuzzled framework". The paper includes some of the techniques used to dismantle protocols including documentation, observation and static analysis.
| | Author: | Tim Brown | | Homepage: | http://www.nth-dimension.org.uk/ | | File Size: | 83733 | | Last Modified: | Sep 5 00:45:10 2007 |
| MD5 Checksum: | add66aa7259bcf872fdab3c30ab0c06d |
|
| /// File Name: |
notSPIKEfile.tgz |
Description:
|
notSPIKEfile is a Linux based file format fuzzing tool. It was designed to automate the launching of applications and detection of exceptions caused by fuzzed files. It operates on an existing valid file and creates fuzzed files. It utilizes ptrace to pick up interesting signals and dump register state.
| | Author: | Adam Greene | | Homepage: | http://labs.idefense.com | | File Size: | 79421 | | Last Modified: | Aug 26 02:27:20 2005 |
| MD5 Checksum: | 8198bd8a3d5b18b5aa36335ab8cd3ec2 |
|
| /// File Name: |
dirTraversal.txt |
Description:
|
This is a list of fuzzing vectors used in order to trigger directory traversal vulnerabilities. It is quite a huge list composed using different encodings and bizarre attack patterns reported in several vulnerability advisories.
| | Author: | Luca Carettoni | | Homepage: | http://www.ikkisoft.com/ | | File Size: | 72536 | | Last Modified: | Oct 7 21:58:53 2008 |
| MD5 Checksum: | b931800f5bd30d6bd489d21dffb589f4 |
|
| /// File Name: |
bunny-0.93.tgz |
Description:
|
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
| | Author: | Michal Zalewski | | Homepage: | http://code.google.com/p/bunny-the-fuzzer/ | | Changes: | Bug fix release. | | File Size: | 64575 | | Last Modified: | May 22 19:44:45 2008 |
| MD5 Checksum: | 95fac3531bf5b64e20aab748278c2129 |
|
| /// File Name: |
bunny-0.92.tgz |
Description:
|
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
| | Author: | Michal Zalewski | | Homepage: | http://code.google.com/p/bunny-the-fuzzer/ | | Changes: | IPC handling bug fix. | | File Size: | 64537 | | Last Modified: | Nov 8 18:26:21 2007 |
| MD5 Checksum: | 37ee71ac134446b5560d912ea82da562 |
|
| /// File Name: |
bunny-0.91.tgz |
Description:
|
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
| | Author: | Michal Zalewski | | Homepage: | http://code.google.com/p/bunny-the-fuzzer/ | | Changes: | Various bug fixes. | | File Size: | 64412 | | Last Modified: | Nov 7 00:27:22 2007 |
| MD5 Checksum: | 288b17950491878e849c03b3580bdeda |
|
| /// File Name: |
bunny-0.9.tgz |
Description:
|
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
| | Author: | Michal Zalewski | | Homepage: | http://code.google.com/p/bunny-the-fuzzer/ | | File Size: | 63824 | | Last Modified: | Oct 31 18:29:40 2007 |
| MD5 Checksum: | 91dbc29e0ecda883078f012844566bb4 |
|
| /// File Name: |
bf10BETA.tar.gz |
Description:
|
BF stands for Browser Fuzzer. BF is a web browser fuzzing tool that fuzzes HTML and Javascript.
| | Author: | Jeremy Brown | | Homepage: | http://jbrownsec.blogspot.com/ | | File Size: | 48656 | | Last Modified: | Oct 9 02:15:29 2008 |
| MD5 Checksum: | 7554fb43fd5260e4617844780003e5c3 |
|
| /// File Name: |
zfz20BETA.tar.gz |
Description:
|
ZfZ stands for Zeroday fuZzer. ZfZ is a network fuzzer that supports many protocols and can do generic fuzzing as well. It is trivial to add protocols to fuzz, just copy and modify the protocols already implemented.
| | Author: | Jeremy Brown | | Homepage: | http://jbrownsec.blogspot.com/ | | File Size: | 44855 | | Last Modified: | Oct 1 18:00:00 2008 |
| MD5 Checksum: | b533d8929a93e66708fde27b7b26bc16 |
|
| /// File Name: |
powerfuzzer_v1_beta.zip |
Description:
|
Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (including cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering a website and identifying inputs.
| | Author: | Marcin Kozlowski | | Homepage: | http://powerfuzzer.sourceforge.net/ | | File Size: | 37148 | | Last Modified: | Jul 25 13:53:25 2008 |
| MD5 Checksum: | 396b2d6d7bff4882890ef159d826b641 |
|
| /// File Name: |
Fuzzled-1.0.tar.gz |
Description:
|
Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.
| | Author: | Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 31082 | | Last Modified: | Mar 23 22:03:06 2007 |
| MD5 Checksum: | 4d71849c1f07e89ae4289ac6557e4693 |
|
| /// File Name: |
taof-0.1beta-src.tgz |
Description:
|
Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.
| | Author: | Rodrigo Marcos | | Homepage: | http://sourceforge.net/projects/taof | | File Size: | 29027 | | Last Modified: | Oct 17 14:31:06 2006 |
| MD5 Checksum: | d2af30e33af194e04d1d7fece1bcdba0 |
|
| /// File Name: |
ospf-ash.txt |
Description:
|
OSPF Attack Shell module. This may be useful for writing fuzzers.
| | Author: | GomoR | | Homepage: | http://www.gomor.org/ | | File Size: | 16249 | | Last Modified: | Mar 20 10:58:35 2007 |
| MD5 Checksum: | efe7b6a9186a91be5e306397d5261439 |
|
| /// File Name: |
pff-BETA.tar.gz |
Description:
|
pff (Php Fuzzing Framework) is a tiny tool that was created with the intention of discovering security and general bugs within Php functions.
| | Author: | calcite | | Homepage: | http://setec.org/~calcite/ | | File Size: | 15072 | | Last Modified: | Jul 7 00:35:31 2007 |
| MD5 Checksum: | ebbeca3a8634877abc7341608b0f6c18 |
|
| /// File Name: |
pgmfuzz.c |
Description:
|
PGMfuzz is a fuzzer written for identifying vulnerabilities in PGM option parsing implementations.
| | Author: | Varun Uppal,Andy Davis - IRMPLC | | Homepage: | http://www.irmplc.com/ | | File Size: | 12617 | | Last Modified: | Dec 11 23:10:23 2007 |
| MD5 Checksum: | 7c6b0d9d6be1af9843f432ff7d30f6ac |
|
| /// File Name: |
fsfuzzer-0.6-lmh.tgz |
Description:
|
fsfuzzer (0.6-lmh): This is a filesystem fuzzer. This tool creates initial (valid) filesystem images and then manipulates their binary format and structure for detecting flaws/bugs/design problems in the parsing/handling code for that particular filesystem. Expects a /media directory and some base tools (util-linux, etc) as well as support for some filesystems in the kernel (fortunately it will add the filesystems that are supported on your system, if it finds the necessary tools available).
| | Author: | Lance M. Havok | | Homepage: | http://www.info-pull.com/ | | File Size: | 12480 | | Last Modified: | Oct 27 16:43:26 2006 |
| MD5 Checksum: | d4d435cbaafcbcb5d352e9cb2ba242b6 |
|
| /// File Name: |
tmin-0.04.tar.gz |
Description:
|
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
| | Author: | Michal Zalewski | | Homepage: | http://code.google.com/p/tmin/ | | File Size: | 11336 | | Last Modified: | Jun 19 18:23:25 2008 |
| MD5 Checksum: | ec8d0047b0441cd963979080d427c0bd |
|
| /// File Name: |
tmin-0.03.tar.gz |
Description:
|
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
| | Author: | Michal Zalewski | | Homepage: | http://code.google.com/p/tmin/ | | File Size: | 11319 | | Last Modified: | Apr 28 18:38:32 2008 |
| MD5 Checksum: | 403793ec22c6d0f7675c87cce652edd3 |
|
| /// File Name: |
Net-Frame-Layer-LLTD-1.00.tar.gz |
Description:
|
LLTD (Link Layer Topology Discovery Protocol) Perl module written using the Net::Frame framework. This may be useful for creating fuzzers.
| | Author: | GomoR | | Homepage: | http://www.gomor.org/ | | File Size: | 10842 | | Last Modified: | Mar 20 10:56:34 2007 |
| MD5 Checksum: | bdb6e393dbf5e3682b0e3f7a0d3b2a44 |
|
| /// File Name: |
untidy-beta1.tgz |
Description:
|
untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input. It's released under GPL v2 and written in python.
| | Author: | Andres Riancho | | Homepage: | http://untidy.sourceforge.net/ | | File Size: | 10231 | | Last Modified: | Dec 27 18:27:40 2006 |
| MD5 Checksum: | 2d5987c42ffa5c37141a4b23655bf1fd |
|
| /// File Name: |
untidy-beta2.tgz |
Description:
|
untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input. It's released under GPL v2 and written in python.
| | Author: | Andres Riancho | | Homepage: | http://untidy.sourceforge.net/ | | File Size: | 9752 | | Last Modified: | Jun 7 01:22:07 2007 |
| MD5 Checksum: | 975159c10cd897f66408cf0b0d4283de |
|
| /// File Name: |
oldfuzzer.py.txt |
Description:
|
Oracle Database PL/SQL fuzzing tool.
| | Author: | Joxean Koret | | File Size: | 7702 | | Last Modified: | Dec 7 04:12:05 2006 |
| MD5 Checksum: | 23917282220a9c4c19b824b88e32645f |
|
| /// File Name: |
PSA3.zip |
Description:
|
PHP Source Auditor III (or PSA3) was created in order to quickly find vulnerabilities in PHP source code. Written in Perl.
| | Author: | Ironfist | | File Size: | 6768 | | Last Modified: | Jul 27 22:25:48 2007 |
| MD5 Checksum: | dabe3fa7d3c23bfd494f6ae51cc6174e |
|
| /// File Name: |
ohrwurm-0.1.tar.bz2 |
Description:
|
Ohrwurm is a small and simple RTP fuzzer. Some features include the ability to read SIP messages to get information of the RTP port numbers, fuzzing of RTP traffic, allows for MITM attacks, and the RTP payload is fuzzed with a constant BER. The BER is also configurable.
| | Author: | Matthias Wenzel | | Homepage: | http://mazzoo.de/ | | File Size: | 6281 | | Last Modified: | Sep 8 19:39:03 2006 |
| MD5 Checksum: | 210977dfe239bb4e6d4d35c4a00bea48 |
|
|
|
|
|