Fuzz testing
Fuzz testing, also known as fuzzing or monkey testing, is a technique used to test software for unknown vulnerabilities. The fuzz testing process is automated by a program known as a fuzzer. This program comes up with a large amount of data to send to the target program as input. If the target program crashes or behaves undesirably, the fuzzer logs the input that caused the error.
Hackers often use fuzzers to look for vulnerabilities in software, probing it for weaknesses they can exploit. Software developers can use a fuzzer to anticipate and defend against those attacks.
Origin
The first fuzzer was written in the early 1980s by developer Steve Capps to test for weaknesses in programs for the Macintosh computer. He called his program "The Monkey," referring to the classic adage of a monkey pressing random keys on a typewriter indefinitely. The theory is that given enough time, the monkey will eventually write the complete works of Shakespeare. Although this approach to software testing is often called "fuzzing," it is also called "monkey testing" because of Capps' program.
List of fuzzers
Fuzzing techniques help with software testing, and many fuzzers exist for specific purposes.
The following list are fuzzers, most being open-source and many still in active development.
Fuzzer Name/URL | Description |
---|---|
Google Sanitizers | A group of four data sanitizers developed at Google, which use fuzzing to detect program errors:
|
afl-fuzz | American Fuzzy Lop, a tool that uses genetic algorithms to test the security of compiled programs. |
Backfuzz | A protocol fuzzing toolkit. |
BrundleFuzz | A distributed fuzzer for Windows and Linux. |
CERT FOE | Failure Observation Engine, a tool developed by CERT (Computer Emergency Response Team), uses mutational fuzzing to detect vulnerabilities in Windows programs. |
CERTfuzz | The source code of CERT FOE. |
Choronzon | An evolutionary knowledge-based fuzzer. |
Diffy | A tool developed by Twitter to discover vulnerabilities in web services. |
Dizzy | A fuzzing library for Python |
dfuzzer | A fuzzing tool for testing processes that communicate through the D-Bus IPC (interprocess communication) and RPC (remote procedure call) mechanism. |
dotdotpwn | A tool to test web applications for path traversal vulnerabilities. |
Dranzer | A fuzz tester for ActiveX controls. |
Exploitable | An extension for GDB that is the GNU (GNU's Not Unix) debugger, that analyzes Linux executables and classifies their bugs by severity according to known exploits. Originally developed at CERT. |
Go-fuzz | A fuzz tester for Go programs that populates their objects with random values. |
grr | Translates 32-bit binaries to 64-bit, fuzzing them as part of the process. |
honggfuzz | Evolutionary, feedback-driven fuzzer for hardware and software. |
HTTP/2 Fuzzer | A fuzzer for HTTP/2 applications, still available for download but no longer actively developed. |
Hodor | A "slightly more than totally dumb" (brute force) fuzzer. |
iFuzzer | A fuzzer written in Python which uses Mercurial and Valgrind. |
KEMUfuzzer | A fuzzer for virtual machines running on QEMU, VMware, VirtualBox, or BHOCS emulation platforms. |
KernelFuzzer | A fuzzer for kernel system calls. |
LibFuzzer | A library for in-process, evolutionary, coverage-guided fuzz testing. |
Netzob | A fuzzer for reverse-engineering communications protocols. |
Neural Fuzzer | A fuzzer that uses machine learning (neural networks) to perform its testing. |
Nightmare | A distributed fuzzer with web-based administration tools. |
Pathgrind | Path-based dynamic analysis for 32-bit applications. |
Perf-fuzzer | A fuzzer designed to test the perf_event_open() system call in the Linux kernel. |
Pulsar | A fuzzer that "learns" protocols. |
PyJFuzz | A Python JSON (JavaScript Object Notation) fuzzer. |
QuickFuzz | An experimental grammar fuzzer written in Haskell. |
Radamsa | A general-purpose fuzzer. |
sfuzz | Simple fuzz. "Exactly what it sounds like — a simple fuzzer." Included as part of the Kali Linux toolset. |
skipfish | A web application security scanner developed at Google. |
syntribios | An automated fuzz tester for web APIs, written in Python and maintained by the OpenStack Security Group. |
TriforceAFL | A full-system fuzzer that uses QEMU. |
Wapiti | A web application vulnerability scanner. |
Wfuzz | A brute-force fuzzer for web applications. |
zzuf | A deterministic, transparent application input fuzzer that randomly changes bits in a file's input operations. |
The following are fuzzing harnesses, or frameworks, which help you manage your fuzz testing.
Fuzzing Framework | Description |
---|---|
CERT BFF | The BFF (Basic Fuzzing Framework), developed by CERT, designed to find vulnerabilities in Windows, macOS, and Linux applications. |
FuzzFlow | A fuzzing framework in AngularJS. |
Fuzzinator | A framework for random fuzz testing. |
FuzzLabs | A general-purpose fuzz testing framework. |
Grinder | A fuzz testing automator/framework for testing web browsers. |
Kitty | A fuzz testing framework written in Python. |
ofuzz | A fuzzing framework written in OCaml. |
Nodefuzz | A fuzz testing framework for web browsers, written in nodejs. |
PassiveFuzzFrameworkOSX | A fuzzer for testing vulnerabilities in the macOS kernel. |
RamFuzz | A fuzzer for testing the individual parameters of object methods. |
Sulley | A "fully-automated and unattended, pure Python" fuzzing framework. |
FunFuzzer | A Python fuzzing harness for JavaScript engines and DOM (document object model) renderers, by Mozilla. |