haypo / fusil

Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment, start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, process stdout/syslog for text patterns, session duration, cpu usage, etc.

Clone this repository (size: 1.6 MB): HTTPS / SSH
$ hg clone http://bitbucket.org/haypo/fusil/
commit 1277: 89868fc9484a
parent 1276: e30908723a01
fusil-python: update blacklist defaulttip
Victor Stinner / haypo
8 days ago
View at rev
fusil /
filename size last modified message
doc  
examples  
fusil  
fuzzers  
tests  
.hgignore 54 B 7 months ago Create .hgignore
.hgtags 157 B 2 months ago Added tag fusil-1.3.2 for changeset 7fc14b36efaa
AUTHORS 169 B 10 months ago Add geal to AUTHORS
COPYING 17.6 KB 2 years ago Add AUTHORS, COPYING and README files
ChangeLog 5.9 KB 2 months ago set version to 1.3.3, update the changelog
IDEAS 1.5 KB 18 months ago * Create process: use repr(arguments) to avoid str/unicodeā€¦
INSTALL 1.2 KB 13 months ago Fusil now depends on python-ptrace 0.6
README 2.8 KB 8 months ago Set new website (in the README example)
README.windows.txt 519 B 19 months ago * Fix AttachProcess/AttachProcessPID for Windows: raise a
TODO 449 B 7 months ago Update TODO list
conv_python3.0.sh 142 B 2 weeks ago conv_python3.0.sh: convert also python files docstrings
graph.sh 744 B 14 months ago * Set version to 1.2.1
lsall.sh 108 B 18 months ago Create lsall.sh
py3k_snapshot.py 3.7 KB 14 months ago Fix py3k_snapshot.py
pyflakes.sh 102 B 18 months ago * Cleanup ChangeLog
python3.0.patch 7.0 KB 15 months ago Update python3.0.patch (line numbers)
setup.py 2.1 KB 4 months ago release procedure: setup.py register
test_doc.py 1.3 KB 18 months ago Update process.rst doc and include it in unit tests

README

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

Fusil is a Python library used to write fuzzing programs. It helps to start
process with a prepared environment (limit memory, environment variables,
redirect stdout, etc.), start network client or server, and create mangled
files. Fusil has many probes to detect program crash: watch process exit code,
watch process stdout and syslog for text patterns (eg. "segmentation fault"),
watch session duration, watch cpu usage (process and system load), etc.

Fusil is based on a multi-agent system architecture. It computes a session
score used to guess fuzzing parameters like number of injected errors to input
files.

Available fuzzing projects: ClamAV, Firefox (contains an HTTP server),
gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall,
mplayer, php, poppler, vim, xterm.

Website: http://bitbucket.org/haypo/fusil/wiki/Home


Usage
=====

Fusil is a library and a set of fuzzers called "fusil-...". To run a fuzzer,
call it by its name. Example: ::

    $ fusil-gettext
    Fusil version 0.9.1 -- GNU GPL v2
    http://bitbucket.org/haypo/fusil/wiki/Home
    (...)
    [0][session 13] Start session
    [0][session 13] ------------------------------------------------------------
    [0][session 13] PID: 16989
    [0][session 13] Signal: SIGSEGV
    [0][session 13] Invalid read from 0x0c1086e0
    [0][session 13] - instruction: CMP EDX, [EAX]
    [0][session 13] - mapping: 0x0c1086e0 is not mapped in memory
    [0][session 13] - register eax=0x0c1086e0
    [0][session 13] - register edx=0x00000019
    [0][session 13] ------------------------------------------------------------
    [0][session 13] End of session: score=100.0%, duration=3.806 second
    (...)
    Success 1/1!
    Project done: 13 sessions in 5.4 seconds (414.5 ms per session), total 5.9 seconds, aggresssivity: 19.0%
    Total: 1 success
    Keep non-empty directory: /home/haypo/prog/SVN/fusil/trunk/run-3


Features
========

Why using Fusil instead your own hand made C script?

 * Fusil limits child process environment: limit memory, use timeout, make
   sure that process is killed on session end
 * Fusil waits until system load is load before starting a fuzzing session
 * Fusil creates a session directory used as the process current working
   directory and Fusil only creates files in this directory (and not in /tmp)
 * Fusil stores all actions in fusil.log but also session.log for all
   actions related of a session
 * Fusil has multiple available probes to compute session score: guess if
   a sessions is a succes or not
 * Fusil redirects process output to a file and searchs bug text patterns
   in the stdout/stderr (Fusil contains many text patterns to detect crashes
   and problems)


Installation
============

Read INSTALL documentation file.


Documentation
=============

Read doc/index.rst: documentation index.