haypo / fusil
Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment, start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, process stdout/syslog for text patterns, session duration, cpu usage, etc.
Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.
Fusil is based on a multi-agent system architecture. It computes a session score used to guess fuzzing parameters like number of injected errors to input files.
Available fuzzing projects: ClamAV, Firefox (contains an HTTP server), gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall, mplayer, php, poppler, vim, xterm.
Fusil is an opensource project (contribute!) written in Python under GNU GPLv2 license.
Download and try Fusil
Download
Stable version:
- Download fusil-1.3.2.tar.gz
- MD5: 01d47b2f350ea97309456a42fbef6a3e
- Debian: Fusil Debian package
- Ubuntu: Fusil in Intrepid. WARNING: Fusil package 0.8 depends on python-ptrace but dependency is missing!
- Mandriva: Fusil Mandriva package (Cookier: 1.0.0)
- OpenEmbedded: Fusil entry in the bug tracker (see also the recipe in git)
- Arch Linux: python-fusil package
- MacPort: Fusil MacPort
- Gentoo: dev-python/fusil
- See also Fusil on Python Package Index (PyPi) where you can download eggs
Read INSTALL document for the installation procedure. Fusil 1.3 depends on Python 2.5+ and python-ptrace 0.6+.
Download the last version (developer version) with Mercurial:
You can also browse Fusil source code.
Try fusil
You can use Fusil without installation by changing PYTHONPATH: Fusil module have to be part of PYTHONPATH. Go to Fusil parent directory and type:
Then you can use any fuzzer, eg. :
Pages
- Documentation (doc/ directory of the source code)
- List of crashed programs
- fusil-python: Python fuzzer
- Tested programs
- Status (TODO list)
- Contact Fusil author
- Idea of new projects
- Links
- Notes
News
- 2010-01-09: Release of Fusil 1.3.2, read ChangeLog
- 2009-11-09: Release of Fusil 1.3.1
- 2009-09-18: Release of Fusil 1.3
- 2009-08-05: The website moved to a new server (bitbucket), the source code is now stored in a Mercurial repository instead of a Subversion repository
- 2009-02-04: Release of Fusil 1.2
- 2008-10-22: Release of Fusil 1.1
- 2008-09-13: Release of Fusil 1.0 final
- Create zzuf and vlc fuzzers
- Replace replay.sh and gdb.sh by replay.py which has many more options (eg. --valgrind or --user)
- Basic Windows support
Presentations
- (en) Fusil : FOSDEM 2009, Bruxelles (Belgium)
- (fr) Assurance qualité avec Fusil le fuzzer : RMLL 2008, Mont de Marsan (France)
- (fr) Rump session : SSTIC 2007, Rennes (France)
Articles
- (en) Fusil: a Python fuzzing library by By Jake Edge (March 11, 2009) on LWN.net
- (fr) Pratiquer le fuzzing avec Fusil : MISC magazine #39 (September/October 2008), pages 38-41
- (fr) Comment réaliser un fuzzer : MISC magazine #36, March/April 2008, pages 68-73
This revision is from 2010-01-25 02:21