This is SPIKE, a Fuzzer Creation Kit. It has a fairly interesting
generic API for data marshalling. Examples can be found in the src
directory. The API attempts to make duplicating an unknown protocol
easier for a reverse engineer or security researcher.
Included are working (although not completely finished) fuzzers and
supporting code. These include the following:
1. webfuzz: webfuzz is a combination of many small tools to provide a
flexible and comprehensive web application fuzzing
tool. Specifically, a modified version of Dug Song's webmitm tool
is provided. When used as a transparent proxy (by modifying
/etc/hosts files on the "attacking" machine) it records all client
requests in separate files. It handles SSL reliably, and requires
no additional libraries, other than openssl, to compile. These
recorded client requests (or requests recorded by a network sniffer
such as Ethereal) are translated into C source files using the
SPIKE API. When compiled, these C files (webfuzz.c) will
automatically fuzz that particular cgi. webfuzz.c files may, as
source files, be easily modified or extended to close in on
particular vulnerabilities. Because SPIKE is completely open
source, you get a level of flexibility and effectiveness that
cannot be matched by proprietary and expensive alternatives. SPIKE
also includes a very pretty and effective GUI for fuzzing, like
proprietary alternatives, if you use emacs and a nice window
manager theme. In addition, because webfuzz completely relies on a
browser to generate requests for it, it always correctly parses
Java and scripting languages.
2. msrpcfuzz: when combined with dcetest, msrpcfuzz attempts to
exercise an arbitrary ncan_tcp program. It basically sends random
arguments. If the port suddenly closes, you've found a potentially
serious bug.
Comments, flames, letters, requests, patches, vicious ferrets
muzzelled with duct tape - send to [email protected]