Twenty Year Anniversary

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 1 - 25 of 154

Fuzzer Files

Building A Simple Proxy Fuzzer For THe MQTT Protocol Using The Polymorph Framework

Posted Apr 24, 2018

Authored by Santiago Hernandez Ramos

Whitepaper that shows how easy you can build a fuzzer for the MQTT protocol by using the Polymorph framework.

tags | paper, protocol, fuzzer

MD5 | 9eca60d90eccec483d8294bf95607a9b

Download | Favorite | Comments (0)

BadParser 1.6.42218.0

Posted Apr 24, 2018

Authored by John Leitch

BadParser is a vulnerability parser designed to aid in the testing of fuzzers by simulating different kinds of memory corruption issues. Vulnerabilities are simulated by causing write-access violations at specific addresses, which serve as unique identifiers for the different issues. BadParser supports JSON and XML input files, with other file formats planned.

tags | tool, vulnerability, fuzzer

MD5 | 5f97c33e863249efd46f1c115db1e025

Download | Favorite | Comments (0)

Ansvif 1.9.1

Posted Apr 19, 2018

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This version is a bugfix release that includes lots of error handling.

tags | tool, fuzzer

systems | unix

MD5 | 97371b0e55e116f79ca220e8b3d2945c

Download | Favorite | Comments (0)

Ansvif 1.9

Posted Apr 16, 2018

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes lots of bugfixes and a bunch of new entries in the examples folder.

tags | tool, fuzzer

systems | unix

MD5 | a07a93145eca7def5fbc6d783e896e99

Download | Favorite | Comments (0)

Ansvif 1.8.1.1

Posted Dec 29, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release is for Windows 10 compatibility. Includes an ansvif.exe (with embedded icon this time), and printf.exe for reproducing faults. Also included are the examples to test ansvif on.

tags | tool, fuzzer

systems | unix

MD5 | f47c628a779c1cf59ca0520159f7b5a8

Download | Favorite | Comments (0)

Ansvif 1.8.1

Posted Oct 26, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: Bug fixes and a new option to let you control if null characters are in the fuzz.

tags | tool, fuzzer

systems | unix

MD5 | 958bee7b83ae584ad404b7efaa9635ac

Download | Favorite | Comments (0)

Fuzzing Font Parsing

Posted Oct 23, 2017

Authored by James Fell

This article presents a cross-platform test harness written in Python that assists the user in searching for vulnerabilities in web browsers, specifically by fuzzing their font parsing functionality. The tool automates the delivery of test cases (font files in this context) into a web browser. The creation of a corpus of mutated TTF font files suitable for use in fuzzing is also covered.

tags | tool, web, vulnerability, python, fuzzer

systems | unix

MD5 | 9836d6b3407dbfd2c3fa9eee3efaf3c7

Download | Favorite | Comments (0)

Ansvif 1.8

Posted Sep 12, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes some touchups to the main ansvif code, better crash detection under linux, as well as a primary new feature: the frontend to ansvif.

tags | tool, fuzzer

systems | unix

MD5 | 1ab718b21b637249541d3d518f0641e9

Download | Favorite | Comments (0)

Ansvif 1.7

Posted Apr 13, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release marks easier compiling on most modern operating systems including Windows 7, Windows 10, Linux (Redhat and Debian based distros), and OpenBSD. It may compile/work on other operating systems but has not been tested. This is mostly a source code release with lots of code cleanup, and no new features.

tags | tool, fuzzer

systems | unix

MD5 | 477bcf4f4f8b5e2294e46d20f0d9f8d1

Download | Favorite | Comments (0)

Ansvif 1.6.2

Posted Feb 25, 2017

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release has lots of code cleanup, bug fixes, and includes a -y or -b 0 option for zero buffer size (useful with -A and -B when in use with other fuzzers), and a -K option to keep going after a crash (usually only useful when logging).

tags | tool, fuzzer

systems | unix

MD5 | cfa6a5023498f09090cfd480c310b8cd

Download | Favorite | Comments (0)

Mobile Security Framework MobSF 0.9.3 Beta

Posted Nov 23, 2016

Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.

tags | tool, web, vulnerability, fuzzer, xxe

systems | cisco, ios

MD5 | 0c1d2d101da02097ba466840e0148138

Download | Favorite | Comments (0)

Ansvif 1.6.1

Posted Nov 21, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes a -M option for maximum arguments in the fuzz, as well as algorithmic control of ansvif fuzz testing (so that if it has already tried a particular fuzz it will not try it again, this speeds things up quite a bit).

tags | tool, fuzzer

systems | unix

MD5 | a1a9d5a417b5bbb3a4def98bfad33802

Download | Favorite | Comments (0)

Ansvif 1.6

Posted Oct 2, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes lots of bug fixes, and better Windows compatibility. Now there is no need for the extra .dll files in the Windows version.

tags | tool, fuzzer

systems | unix

MD5 | 78574201a60bed0e73d23ea05e7aa536

Download | Favorite | Comments (0)

Ansvif 1.5.2

Posted Jun 21, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes a bunch of bug fixes, and manual pages. No changes to the Windows code.

tags | tool, fuzzer

systems | unix

MD5 | e15781fd3ff2b6b54ffcf1146ecd200f

Download | Favorite | Comments (0)

Ansvif 1.5.1

Posted Jun 2, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes drafted manpages for ansvif and find_suid, plus binaries rebuilt on Debian Jessie for i386 and amd64. No changes to the Windows release were made.

tags | tool, fuzzer

systems | unix

MD5 | 9d8599991090441a912825ec5a91e7c0

Download | Favorite | Comments (0)

Ansvif 1.5

Posted May 19, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes new ways to crash programs using things like 1, -1, 0, x00 (null), etc. Also included are some minor bug fixes. It also includes binaries for most supported operating systems, Debian/Ubuntu 32 and 64 bit, Windows 10 32 and 64 bit.

tags | tool, fuzzer

systems | unix

MD5 | 07c83eab59174ada29de7b82d096a64f

Download | Favorite | Comments (0)

Mobile Security Framework MobSF 0.9.2 Beta

Posted May 3, 2016

Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Drag and Drop support, allows upto 8 files in Web GUI. Added Google Enjarify. Added procyon decompiler. Various other additions and improvements.

tags | tool, web, vulnerability, fuzzer, xxe

systems | cisco, ios

MD5 | f3df40afd37a25833c3786065c2145fd

Download | Favorite | Comments (0)

Ansvif 1.4.2

Posted May 2, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes bug fixes, more crash code detection for Windows, and better overall crash recognition.

tags | tool, fuzzer

systems | unix

MD5 | f1424cb108c0d4a01cd5f49c2993b8af

Download | Favorite | Comments (0)

Ansvif 1.4.1

Posted Apr 26, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes XML output support, the crash detection under Windows has been fixed, and is tested and working in Ubuntu, Windows, and OpenBSD.

tags | tool, fuzzer

systems | unix

MD5 | c77ebf6b44d2c7d120de72faa2765817

Download | Favorite | Comments (0)

Ansvif 1.4

Posted Apr 18, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: Various updates.

tags | tool, fuzzer

systems | unix

MD5 | bd1ec5f8001ded882c1ee5421e5cce84

Download | Favorite | Comments (0)

Ansvif 1.3.4

Posted Apr 2, 2016

Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes % hex notation for fuzzing things like browsers that accept %41 (A), etc.

tags | tool, fuzzer

systems | unix

MD5 | e807932ecec741401b428e495b254044

Download | Favorite | Comments (0)

Mobile Security Framework MobSF 0.9.1

Posted Mar 16, 2016

Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK and IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Improved and responsive UI. Dynamic SSL testing. Various other updates and improvements.

tags | tool, web, vulnerability, fuzzer, xxe

systems | cisco, ios

MD5 | a8ac951b0e02bb3cc5dd36141d17023c

Download | Favorite | Comments (0)

ShakeIt Grammar Mutation Engine Fuzzer

Posted Nov 30, 2015

Authored by Jeremy Brown

ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.

tags | tool, web, fuzzer

MD5 | 54c861884798451395aeaab5988a76c7

Download | Favorite | Comments (0)

PKZip Fuzzing Tool

Posted Nov 14, 2015

Authored by Andrea Sindoni

This is a python script that can be used to fuzz PKZip files.

tags | python, fuzzer

MD5 | b8ac6b2f63831925b17bb3c3bf59dfbd

Download | Favorite | Comments (0)

Mozilla Firefox Secret Leak

Posted Sep 3, 2014

Authored by Michal Zalewski

The recent release of Firefox 32 fixes another interesting image parsing issue found by afl. Following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with a simple <canvas> + toDataURL() harness that examines all the fuzzer-generated test cases. Depending on a variety of factors, problems like that may leak secrets across web origins, or more prosaically, may help attackers bypass security measures such as ASLR. This code is a proof of concept for versions prior to 32.

tags | exploit, web, proof of concept, fuzzer

advisories | CVE-2014-1564

MD5 | 2235bb65ae6abe2af194f34a079a0f08

Download | Favorite | Comments (0)