boofuzz: Network Protocol Fuzzing for Humans

It is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, it aims for extensibility. The goal: fuzz everything.

Features

Like Sulley, boofuzz incorporates all the critical elements of a fuzzer:

• Easy and quick data generation.
• Instrumentation – AKA failure detection.
• Target reset after failure.
• Recording of test data.

Unlike Sulley, it also features:

• Online documentation.
• Support for arbitrary communications mediums.
• Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast.
• Better recording of test data — consistent, thorough, clear.
• Test result CSV export.
• Extensible instrumentation/failure detection.
• Much easier install experience!
• Far fewer bugs.

Changelog v0.4.1

Features

• Added support for fuzzing NETCONF servers with the NETCONFConnection class.
• Add support and tests for Python 3.10.
• Added Session arg db_filename to modify the location of the log database.

Fixes

• Fixed check for when to enable the web app.
• Documented the possibility to disable the web app.
• Correctly initialize all children of a request which inherits from FuzzableBlock.
• Added type checking for arguments of Bytes primitive to prevent incorrect use.
• Fixed TypeError in s_binary initialization.
• Remove redundant unicode strings.

Installation

pip install boofuzz

Tutorial

Author:

• Pedram Amini <pedram.amini@gmail.com>
• Aaron Portnoy <aportnoy@gmail.com>
• Ryan Sears <fitblip@gmail.com>

Source: https://github.com/jtpereyda/