Fusil
Fusil is a fuzzing program. Currently, it's specific to Linux command line programs, but the code is designed to be used with any project type (remote process, fake HTTP server, fuzz network socket, etc.). It is based on a multi-agent system instead of a monolithic architecture.
| Licenses | GPLv2 |
|---|---|
| Operating Systems | OS Independent |
| Implementation | Python |
Recent releases
- 06 Feb 2009 09:00
Changes: A user guide and a document index were written. The HOME environment variable is copied for GDB in the replay script. More file formats (bmp, gif, ico, png, svg) are supported in fusil-firefox. fusil-python writes errors to stderr to avoid Unicode errors (especially with Python3). FileWatch renames the session to "long_output" if the program wrote more than max_nbline lines. posix.fork() is blacklisted in fusil-python to avoid false positives.
- 31 Jan 2009 03:51
Changes: replay.py now asks for confirmation if the fuzzer will not be running under a different user or as root. Even with --force-unsafe, a safety warning is shown if the fuzzer is running as the root user. Files for child processes are closed (close_fds=True). IntegerRangeGenerator was created in fusil.unicode_generator. EnvVarIntegerRange was created in fusil.process.env. A fusil-wizzard fuzzer was added. Timestamps are now written in session.log.
- 13 Sep 2008 04:28
Changes: This release adds vlc and zzuf fuzzers, a replay.py script with many options (e.g. --valgrind), and a --force-unsafe option (like --unsafe but without the confirmation). It always uses a null device as stdin for child processes to avoid blocking the fuzzer if the process reads stdin. The created process identifier is written in the logs.
- 03 Sep 2008 14:28
Changes: The session is renamed using the process exit status (exit code or signal). Execution progress is displayed. The total number of processes is limited (to protect against fork bombs) and a core dump is allowed. Bugs introduced by the user switching were fixed. Compatibility with Python 3000 and FreeBSD was improved.
- 24 Aug 2008 13:41
Changes: A fuzzer is now an executable program (instead of a file loaded by a Fusil script). Child processes are run as a different user and group to avoid removing arbitrary files or killing arbitrary processes. The session directory is renamed on success with strings like "invalid_read" or "timeout". For each session, a shell script is created to replay the session (and another to replay in gdb). python-ptrace is used to trace child processes (catch and diplay signals). A configuration file (~/.config/fusil.conf) is created. A session can be removed even if the directory contains generated files. There is improved Python 3.0 support.
