boofuzz v0.4.1 releases: Network Protocol Fuzzing for Humans
boofuzz: Network Protocol Fuzzing for Humans
It is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, it aims for extensibility. The goal: fuzz everything.
Features
Like Sulley, boofuzz incorporates all the critical elements of a fuzzer:
- Easy and quick data generation.
- Instrumentation – AKA failure detection.
- Target reset after failure.
- Recording of test data.
Unlike Sulley, it also features:
- Online documentation.
- Support for arbitrary communications mediums.
- Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast.
- Better recording of test data — consistent, thorough, clear.
- Test result CSV export.
- Extensible instrumentation/failure detection.
- Much easier install experience!
- Far fewer bugs.
Changelog v0.4.1
Features
- Added support for fuzzing NETCONF servers with the
NETCONFConnection
class. - Add support and tests for Python 3.10.
- Added
Session
argdb_filename
to modify the location of the log database.
Fixes
- Fixed check for when to enable the web app.
- Documented the possibility to disable the web app.
- Correctly initialize all children of a request which inherits from
FuzzableBlock
. - Added type checking for arguments of
Bytes
primitive to prevent incorrect use. - Fixed TypeError in
s_binary
initialization. - Remove redundant unicode strings.
Installation
pip install boofuzz
Tutorial
Author:
- Pedram Amini <pedram.amini@gmail.com>
- Aaron Portnoy <aportnoy@gmail.com>
- Ryan Sears <fitblip@gmail.com>
Source: https://github.com/jtpereyda/