For the purpose of building a fuzzing lab, I was searching for best fuzzing tools to be included in the lab. Almost, I went through all fuzzing tools available and decided to share my finalized list here. The lab setup and configurations will be covered in different post, InshAllah.
The following are my criteria for shortlisting a fuzzing tool:
- Active development
- Age and history of the tool
- Discovered vulnerabilities
- Categories: File Fuzzing, Network Fuzzing and Browser Fuzzing
Performance and used fuzzing algorithm are not included in my criteria list.
The tools listed here are by alphabetical order.
A general fuzzing framework by which you will able to do fuzzing on files and network protocols. Fuddly is the best when you know when and where exactly you want to fuzz the target. It uses JSON-like format to represent data. Features include capability to fuzz against situation where there are data constrains, time constrains and state constrains.
A powerful yet easy-to-use general fuzzer. Honggfuzz has a nice track record of discovered security bugs (including critical vulnerability in OpenSSL). We can feed a simple input and honggfuzz will start working. It is under Google repository, however it is not official Google product.
Peach fuzzer is commercial fuzzer, however a community edition is available . Peach Community 3 is a cross-platform fuzzer capable of performing both dumb and smart fuzzing. It supports targets of file formats, network protocols, and APIs. With targets ranging from web browsers and network services through mobile devices and even SCADA. Peach has been in active development since 2004.
Radamsa is a test-case generator which can be fed to the target to fuzz it. Radamsa is easy-to-use with good track record of discovered security bugs. It needs only the sample input and it will start case generation. To write a full featured fuzzer from Radamsa you need scriptting (mainly Unix) skills.
Other old recognized tools: Sulley, SPIKE, UniOFuzz and Hodor.
For my testing lab, I chose PEACH and Hongfuzz. The details of the lab will be in next post InshAllah.