Fusil the fuzzer 1.0 beta1 ready
Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.
Fusil is based on a multi-agent system architecture. It computes a session score used to guess fuzzing parameters like number of injected errors to input files.
Available fuzzing projects: ClamAV, Firefox (contains an HTTP server), gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall, mplayer, php, poppler, vim, xterm.
Updates :
- Convert projects to programs so it’s possible to execute directly a fuzzer and a fuzzer has its own command line options
- Remove all generated files: use —keep-generated-files to keep them
- Use ptrace debugger in CreateProcess to watch process signals
- Fix "Too many files open" bug: CreateProcess waits until process death to avoid creation of process zombi
- Create a shell script (replay.sh) to replay a session, and gdb.sh to replay it in gdb
- Create a configuration file, fusil.conf, to choose some global options like using the CPU probe or a debugger
- Replace usage of FileWatch.patterns by FileWatch.addRegex()
- Create AttachProcessPID() to watch a running process identified by its identifier (instead of its name)
- Remove many debug messages: from the Multi Agent System, from the network client and server (don’t log data exchange by default), don’t show file/process informations
- NetworkClient: close socket on session stop
- NetworkClient: support non-blocking receive (timeout=0)
- Create MangleProcess to simplify the fuzzers using an MangleAgent
- A fuzzer is now a Python executable program and a Python module: move all projects from projects/ to fuzzers/, and remove run_fusil.sh script
- AutoMangle: use increment operation for aggressivity >= 0.25
- Create FileWatch.fromFilename() static method
- Improve Python 3.0 support
- Run Fusil as an different user and group to avoid arbitrary file remove or process kill
- Rename a session using strings like "abort", "timeout", "invalid_write", ...
Post scriptum
Related Articles
Fusil |
|
Fuzzers |
|