boofuzz: Network Protocol Fuzzing for Humans

It is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, it aims for extensibility. The goal: fuzz everything.

Features

Like Sulley, boofuzz incorporates all the critical elements of a fuzzer:

• Easy and quick data generation.
• Instrumentation – AKA failure detection.
• Target reset after failure.
• Recording of test data.

Unlike Sulley, it also features:

• Online documentation.
• Support for arbitrary communications mediums.
• Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast.
• Better recording of test data — consistent, thorough, clear.
• Test result CSV export.
• Extensible instrumentation/failure detection.
• Much easier install experience!
• Far fewer bugs.

Changelog v0.4.2

Features

• Remove six compatibility module.
• Remove Python 2 compatibility code.
• Remove specifying object inheritance in classes.
• Added Web UI listening on specific IP address.
• Added Python 3.11 compatibility.

Fixes

• Specified encoding on file write rather than assuming default encoding.
• Changed type of default_value from string to bytes for FromFile.
• s_update primitive was out of date.
• The minimum supported Python version is now 3.8.
• Removed duplicates from BitField primitive.
• Fixed unwanted deprecation warning when using Session.fuzz(name=name).
• Changed type of dep_value argument of Block to bytes and added type checks.
• Split sessions.py into multiple files.
• Using poetry as package build system.

Installation

pip install boofuzz

Tutorial

Author:

• Pedram Amini <pedram.amini@gmail.com>
• Aaron Portnoy <aportnoy@gmail.com>
• Ryan Sears <fitblip@gmail.com>

Source: https://github.com/jtpereyda/