dfuzz-自动后台程序模糊器
dfuzz的Python项目详细描述
dfuzz-自动后台程序配置模糊器。而不是 作为一个fuzzer本身,dfuzz是其他简单fuzzer的包装器 解决一些常见的缺陷,这使得自动化测试有点困难。
尽管它的主要目标是配置文件,但是 使用dfuzz模糊任何输入文件。
-
dfuzz解决的主要问题是:
- fuzzers的alpha版本-大多数fuzzers只是alpha版本,不再开发或维护
- 通用格式-无需了解如何使用每个底层fuzzer
- 可定制的监控和自动错误分析
- 直接指定要测试的内容和要向目标提供的文件
- 变异与模糊文件生成的结合
要求
- python >= 2.6
- fuzzer (zzuf, autodafe, …)
- gdb, valgrind (both are optional)
功能
- independent of underlying fuzzer
- highly configurable
- built to be extendible
- automation friendly
支持的模糊器
- zzuf (mutation)
- autodafe (generation)
- plain (debugging purposes)
用法
- install requirements
- install dfuzz (for example easy_install dfuzz)
- create a working directory
- supply fuzz.conf file (sample follows)
- according to the modules you want to use, create mut or gen directory in your working directory and supply a file to fuzz or a template to use
- run dfuzz -d -o name_of_the_working_directory
- observe output
- if everything is fine remove the -d and -o options and run the command again
- check the samples directory created in your working directory
- use included incident_viewer to browser incidents if there are any
完成文档目录中的文档。
fuzz.conf文件示例
[global] binary=libvirtd args=-f FUZZED_FILE --verbose threads = 1 timeout = 2 generation = 0 mutation = 1 combination = 0 [generation] modules = dfuzz.gen.autodafe priority = high [mutation] modules = dfuzz.mut.zzuf; dfuzz.mut.plain priority = high [combination] modules = dfuzz.comb.simple priority = low
在最简单的形式中,dfuzz可以用作 增强检测和报告功能的zzuf包装器 能力。