Fuzzing测试框架
来源:互联网 发布:在线表单软件 编辑:程序博客网 时间:2024/06/10 02:58
名称
简介
地址
备注
Sulley
http://www.fuzzing.org/wp-content/Sulley%20Fuzzing%20Framework.exe
Python的fuzzing框架,包括进程监视、网络监视、虚拟机控制
SPIKE
SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC).
http://www.immunitysec.com/resources-freesoftware.shtml
一个C++的接口 fuzz框架,fuzz http server等比较成熟。
Scratch
Scratch is an advanced protocol destroyer (”fuzzer”) which can routinely find a wide variety of vulnerabilities from a simple packet. scratch does complex parsing of binary files to determine what to fuzz with what data.scratch also comes with a framework for fuzzing binary protocols such as SSL and SMB.
http://packetstormsecurity.org/UNIX/misc/scratch.rar
Python的框架,支持2进制fuzz,主要针对formatstring overflow 等模块fuzz。Audits目录下有些测试用例产生的例子(formatstring overflow 等)
LXAPI
Library Exploit API - A selection of python methods designed forbugtesting and exploitation of local and remote vulnerabilities. It includes a fuzz testingcompenent, miscellaneousshellcode methods and a simple GUI.LxAPI is currently a work-in-progress.
http://lxapi.sourceforge.NET/
没有下载到。
antiparse
antiparser is a fuzz testing and fault injection API. The purpose of antiparser is to provide an API that can be used to model network protocols and file formats by their composite data types. Once a model has been created, theantiparser has various methods for creating random sets of data that deviates in ways that will ideally trigger software bugs or security vulnerabilities. Requires Python 2.3 or later.
http://antiparser.sourceforge.Net/
基于Python的fuzzing框架,主要提供各种各样的数据变异API
Autodafe
Autodafe is a fuzzing framework that can be used to identify boundary validation and other issues in protocols and applications. Written by MartinVuagnoux.
http://packetstormsecurity.org/fuzzer/autodafe-0.1.tar.gz
支持sniffer包自动生成测试数据,基于block,自动计算block的大小,带调试器,能自动监控危险函数和测试用例间的情况,比较好的一个。
dfuz
a remote protocolfuzzer/triggererwhich can do many things such as sending random data/random sizes, together with the data you want. it hasalot of ways to tell the program to use this data by using rule files which will be later parsed by the program itself, and with several options and ways to make it very specific, and very flexible. It’s not only a remote protocolfuzzer as itself, but it is a scripting-like motor on which you can create any kind of payload. User-friendly.(Unix)
http://www.genexx.org/dfuz/
一个简单易用的fuzz工具
EvolutionaryFuzzing System (EFS)
Afuzzer which attempts to dynamically learn a protocol using code coverage and other feedback mechanisms.
http://www.vdalabs.com/tools/efs_gpf.html
Python,fuzzing框架,包含进程调试
General PurposeFuzzer (GPF)
Written in C, GPF has a number of modes ranging from simple pure randomfuzzing to more complex protocol tokenization.
http://www.vdalabs.com/tools/efs_gpf.html
C,只有通用的协议
Protocol Informatics
Slides, whitepaper and code from the last publicly seen snapshot from MarshallBeddoe’s work.
http://www.fuzzing.org/wp-content/Protocol%20Informatics.zip
通过统计的等技术自动识别协议,统计部分比较新颖,其他部分一般。
Schemer
XML driven generic file and protocolfuzzer.
http://www.fuzzware.net/Schemer/Schemer.htm
基于XML定义格式,协议审计感觉比较麻烦,建议file可以采用,结合模板的形式。
SMUDGE
Pure Python network protocolfuzzer fromnd@felincemenace.
http://www.fuzzing.org/wp-content/SMUDGE.zip
Python,但是不支持UDP
taof
Written in Python, a cross-platform GUI driven network protocolfuzzing environment for both UNIX and Windows systems.
http://theartoffuzzing.com/
Python,基于代理模式,不支持UDP
Bruteforce Exploit Detector
This is a collection of scripts to automatically test implementations of different protocols for buffer overflows and / or format string vulnerabilities, by sending a lot of long strings to a server.
http://www.cobra-basket.de/bed.html
Perl,仅支持FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5
EFuzz
Efuzz is an easy to use Win32 tcp/udp protocol fuzzer which finds unknown buffer overflows in local and remote services. Usesconfig files to define the range of malformed requests. Includes C source, released under GPL.
http://soft.hackbase.com/page/2004-11-11/202714671777
Win32,C,通过配置文件格式进行fuzzing
zzuf
transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes fromuntrusted sources on the Internet). It works by intercepting file and network operations and changing random bits in the program’s input.zzuf’s behaviour is deterministic, making it easier to reproduce bugs.(unix)
http://sam.zoy.org/zzuf/
File Fuzz比较强大,建议我们在fuzz file的时候使用。Linux平台。
JBroFuzz
a Java based stateless network protocol fuzzer for penetration tests. It allows for the identification of certain classes of securitybugs, by means of creating malformed data and having the network protocol in question consume the data.
http://sourceforge.net/projects/jbrofuzz
Java版本
fuzzCIRT
a simplefuzzer by Dennis Rand. Looks more suited for ASCII protocols than binary ones, but I could be wrong.(pl)
http://www.cirt.dk/tools/
- Fuzzing测试框架
- Fuzzing测试中对于SPIKE框架的应用(一)
- 软件测试-file fuzzing
- SPIKE&FUZZING 模糊测试
- Fuzzing
- 软件测试漏洞检查工具Fuzzing
- SPIKE&FUZZING 模糊测试(收藏)
- SPIKE&FUZZING 模糊测试(收藏)
- Requirements for Effective Fuzzing(软件测试类英文资料)
- Fuzzing简介以及使用AFL对LibTIFF进行模糊测试
- 从零开始学Fuzzing系列:浏览器挖掘框架Morph诞生记
- 开源的工控协议fuzzing框架Aegis
- 使用Afl-fuzz (American Fuzzy Lop) 进行fuzzing测试(四)——直接对二进制进行fuzzing
- Fuzzing Tools
- Fuzzing技术
- 使用Afl-fuzz (American Fuzzy Lop) 进行fuzzing测试(待续)
- 使用Afl-fuzz (American Fuzzy Lop) 进行fuzzing测试(待续)
- 使用Afl-fuzz (American Fuzzy Lop) 进行fuzzing测试(二)——详细使用说明(README.txt)
- IO库
- 70后游戏辅助开发程序猿的人生路(完结篇)
- Android活动的四种启动模式
- 深度剖析ConcurrentHashMap
- java8 lambda表达式原理
- Fuzzing测试框架
- Android图片加载框架Glide、Picaso、Fresco的选择
- ANR 分析(一)
- php入门过程及总结
- Redirect和Dispatcher 区别
- Easy单例模式
- php 自带加密、解密函数
- Java多线程基础——Lock类
- 无人机这个创业方向靠谱吗?值得投资吗?