This is a list of programs or websites that offer fuzzing tools:
(L)ibrary (E)xploit API - lxapi - A collection of python scripts for fuzzing
Mangle - A fuzzer for generating odd HTML tags, it will also autolaunch a browser. Mangle found the infamous IFRAME IE bug.
SPIKE - A collection of many fuzzers from Immunity. Used to find the recent remote RDP kernel DoS against a firewalled XP SP2, and many others.
PROTOS WAP - A fuzzer from the PROTOS project for fuzzing WAP.
PROTOS HTTP-reply - Another fuzzer from the PROTOS dudes for attack HTTP responses, useful for broswer vulns.
PROTOS LDAP - For fuzzing LDAP, not as successful as the others from the PROTOS project
PROTOS SNMP - Classic SNMP fuzzer, found a vuln in almost every networking gear available at the time (2002).
PROTOS SIP - For fuzzing all those new VOIP SIP devices you see everywhere.
PROTOS ISAKMP - For attacking IPSec implementations
RIOT & faultmon - For attacking plain text protocols (Telnet, HTTP, SMTP). Used by Riley Hassell when he worked at eEye to discover the IIS .printer overflow and included in The Shellcoder's Handbook.
SPIKE Proxy - A semi-functional web fuzzer from the guys at Immunity that brought you the original SPIKE
Tag Brute Forcer - Awesome fuzzer from Drew Copley at eEye for attacking all of those custom ActiveX applications. Used to find a bunch of nasty IE bugs, including some really hard to reach heap overflows.
FileFuzz - A file format fuzzer for PE (Windows) binaries from iDefense. Has a pretty GUI. I've recently used it to find bugs in Word.
SPIKEFile - Another file format fuzzer for attacking ELF (Linux) binaries from iDefense. Based off of SPIKE listed above.
notSPIKFile - A ELF fuzzer closely related to FileFuzz, instead of using SPIKE as a starting point.
Screaming Cobra - Name makes the fuzzer sound better than it really is, but is good for finding CGI bugs. Also, its a perl scrpt so easy to modify or extend.
WebFuzzer - A fuzzer for (guess what?) web app vulns. Just as good as some of the cheap commercial web fuzzers.
eFuzz - A generic TCP/IP protocol fuzzer. Easy to use, but maybe not as full featured as some others on this list.
Peach Fuzzer - A great fuzzer written by Michael Eddington. Peach Fuzzer is more of a framework for building fuzzers.
Fuzz - The ORIGINAL fuzzer developed by Dr. Barton Miller at my Alma Matter, the University of Wisconsin-Madison in 1990. Go badgers!
Fuzzball2 is a little fuzzer for TCP and IP options. It sends a bunch of more or less bogus packets to the host of your choice.
Fuzzer version 1.1 is a multi protocol fuzzing tool written in Python. It can be used to find new SQL injection, format string, buffer overflow, directory traversal, and other vulnerabilities. Written with portability in mind.
Scratch is an advanced protocol destroyer ("fuzzer") which can routinely find a wide variety of vulnerabilities from a simple packet. scratch does complex parsing of binary files to determine what to fuzz with what data. scratch also comes with a framework for fuzzing binary protocols such as SSL and SMB.
>Some websites/links:
http://software.tripbit.net/mistress/
http://www.cirt.dk/tools/fuzzer/fuzzer.txt
http://metasploit.blogspot.com/2006/03/browser-fuzzing-for-fun-and-profit.html
http://www.digitaldwarf.be
http://antiparser.sourceforge.net/
WSFuzzer - claims to test SOAP based web services.
www.musecurity.com
http://www.secdev.org/projects/scapy/
>ActiveX/COM fuzzers:
AXFuzz A tool from Shane Hird for "fuzzing" the IDispatch interface of the components, as well as any IDispatch interfaces returned from the methods, by calling every method with garbage values, or overly long BSTRs.
COMRaider David Zimmer of iDefense has released this tool designed to fuzz COM Object Interfaces. COMRaider includes:
- capability to easily enumerate safe for scripting objects
- ability to scan for COM objects by path, filename, or guid
- integrated type library viewer
- integrated debugger to monitor exceptions, close windows,log api
- external vbs script allows you to easily edit fuzzer permutations
- built in webserver to test exploits on the fly
- distributed auditing mode to allow entire teams to work together
- ability to upload crash files to central server for group analysis
- automation tools allowing you to easily fuzz multiple libraries
- individual classes, or specific functions.
You can watch a video tour of COMRaider in http://labs.idefense.com/doDownload.php?downloadID=24
Hamachi A community-developed utility for verifying browser integrity, written by H D Moore and Aviv Raff. Hamachi will look for common DHTML implementation flaws by specifying common "bad" values for method arguments and property values. Hamachi has found flaws in Firefox 1.0.7, Mozilla 1.7, Konqueror 3.5.1, Opera 8.5, Safari, and Internet Explorer!.
Original text taken from: http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html
------
Update:
AxMan - http://metasploit.com/users/hdm/tools/axman/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment