node-radamsa - A simple, synchronous, pipe to Radamsa tool from your nodejs programs.

  •        17

A synchronous pipe to Radamsa tool from your nodejs programs. The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

https://github.com/skepticfx/node-radamsa

Dependencies:

node-xstream : 0.0.2

Tags
Implementation
License
Platform

   




Related Projects

radamsa - a general-purpose fuzzer

  •    Scheme

Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main selling points of radamsa are that it has already found a slew of bugs in programs that actually matter, it is easily scriptable and easy to get up and running. Programming is hard. All nontrivial programs have bugs in them. What's more, even the simplest typical mistakes are in some of the most widely used programming languages usually enough for attackers to gain undesired powers.

syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

  •    Go

syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

honggfuzz - Security oriented fuzzer with powerful analysis options

  •    C

A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for more data on the usage.The examples directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the OpenSSL library and in the Apache web server.

kernel-fuzzer-for-xen-project - VMI Kernel Fuzzer for Xen Project - VM forking, VMI & AFL integration demo

  •    C

This project is intended to illustrate the harnessing required to fuzz a Linux kernel module using AFL through the Xen VMI API. The tool utilizes Xen VM forks to perform the fuzzing, thus allowing for parallel fuzzing/multiple AFL instances to fuzz at the same time. Coverage guidance for AFL is achieved using Capstone to dynamically disassemble the target code to locate the next control-flow instruction. The instruction is breakpointed and when the breakpoint triggers, MTF is activated to advance the VM ahead, then the processes is repeated again. The tool allows fine-tuning how many control-flow instructions to allow the fuzzing to encounter before terminating. This provides an alternative to timing out the fuzzing process. Hardware requirements: Intel CPU with VT-x and EPT enabled.

kAFL - A fuzzer for full VM kernel/driver targets

  •    Python

This is a fork of the kAFL kernel fuzzer. It can be used for targets that execute efficiently as Qemu/KVM guests, including BIOS, custom kernels and full-blown Linux VMs. kAFL uses Qemu/KVM and Intel PT to provide fast execution and coverage feedback. This allows to run many x86 FW and OS kernels with any desired toolchain and without major modifications.


Simple Fuzzer

  •    C

Simple Fuzzer is a simple fuzzing framework which allows rapid development of protocol fuzzers for blackbox testing. It can fuzz across networks using TCP/UDP, IP4/IP6, and can be extended via plugins to perform in-depth fuzzing.

jazzer - Coverage-guided, in-process fuzzing for the JVM

  •    C++

Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. The JVM bytecode is executed inside the fuzzer process, which ensures fast execution speeds and allows seamless fuzzing of native libraries.

XDiFF - Extended Differential Fuzzing Framework

  •    Python

The fuzzer uses Python and runs on multiple OSs (Linux, Windows, OS X, and Freebsd). Its main goal is to detect issues based on diffential fuzzing aided with the extended capabilities to increase coverage. Still, it will found common vulnerabilities based on hangs and crashes, allowing to attach a memory debugger to the fuzzing sessions. The tool and the fuzzing process can be susceptible to code execution. Use it at your own risk always inside a VM.

Clusterfuzz - All your bug are belong to us

  •    Python

ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

afl-utils - Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization

  •    Python

As of June, 6th 2018 this project moved to Gitlab that's why this repository is archived and thus read-only until it is entirely removed from Github. Repository removal is scheduled for September, 15th 2018. Please report issues and request your merges through the new project home. All further discussion - even for existing issues - will take place there.

domato - DOM fuzzer

  •    Python

Copyright 2017 Google Inc. All Rights Reserved. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

KernelFuzzer - Cross Platform Kernel Fuzzer Framework

  •    C

This is the core Kernel Fuzzer, with example library calls and Syscalls to start fuzzing Windows. The fuzzer has been tested on Windows 7 / 10, OS X and QNX. Compile binary for your system using the included .bat scripts for the correct architecture (Windows only!). Tested using Visual Studio 2013 - if you use a different version of VS, edit the script to point at your copy of 'vcvarsall.bat'.

fuzzer-test-suite - Set of tests for fuzzing engines

  •    C

This is a set of tests (benchmarks) for fuzzing engines (fuzzers).The goal of this project is to have a set of fuzzing benchmarks derived from real-life libraries that have interesting bugs, hard-to-find code paths, or other challenges for bug finding tools.

go-fuzz - Randomized testing for Go

  •    Go

Go-fuzz is a coverage-guided fuzzing solution for testing of Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary), and is especially useful for hardening of systems that parse inputs from potentially malicious users (e.g. anything accepted over a network).Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase priority of the given input during subsequent fuzzing (for example, the input is lexically correct and was parsed successfully); -1 if the input must not be added to corpus even if gives new coverage; and 0 otherwise; other values are reserved for future use.

winnie - Winnie is an end-to-end system that makes fuzzing Windows applications easy

  •    C

Winnie-AFL is a fork of WinAFL that supports fuzzing using a fork()-like API. For more details about Winnie, check out the NDSS paper. The fuzzer was tested on Windows 10 x64 1809 17763.973. Any other configurations should be considered as unsupported. Notwithstanding that, it probably still works on most 64-bit Windows 10 systems 1809 and up (but no guarantees). Windows 7 isn't supported because of differences in the CSRSS and subsystem implementation.

autodafe - fuzzer framework

  •    

Autodafeacute; is a fuzzing framework able to uncover buffer overflows by using the fuzzing by weighting attacks with markers technique.

Taof - The art of fuzzing

  •    Python

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Peach

  •    CSharp

Peach 3 is a cross-platform fuzzer that supports WIndows, OS X, and Linux. Peach allows the creation of dumb or smart fuzzers using an XML definition language. Peach is easy to extend allowing full control of the fuzzing process. Peach is good at fuzzing file formats, network protocols, embedded devices, etc. Peach has been in active development since 2004.

scout - 🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs

  •    Go

Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server. Filename to seek in the directory being searched. Useful when all directories report 404 status.

SkCodecFuzzer - Fuzzing harness for testing proprietary image codecs supported by Skia on Android

  •    C++

SkCodecFuzzer is a small utility for testing the security and reliability of C/C++ image codecs supported by the Skia graphics library. In Android, these parsers are reachable through standard interfaces such as BitmapFactory and BitmapRegionDecoder and execute in the context of local apps (not a sandboxed media server), which exposes them to remote attacks via MMS, chat apps, emails etc. While the decoders available in Android by default (bmp, png, jpeg, gif, ...) are all open-source and already subject to extensive fuzzing, there may exist additional lesser-known, proprietary codecs added by device manufacturers. Such codecs aren't put under the same scrutiny due to their closed-source nature, and they may go unaudited, non-fuzzed or even completely unnoticed for many years. A notable example is the Qmage format (.qmg file extension), which was introduced in Skia on Samsung Android phones in late 2014, but was only recognized as an attack surface at the end of 2019. It has been used as the container for image resources in built-in Samsung APKs and themes in some (but not all) firmwares. The loader in this repository was used by Google Project Zero to run Qmage fuzzing at scale in January 2020, resulting in the uncovering of 5218 unique crashes, including hundreds of memory corruption issues (buffer overflows, use-after-free's etc.). They were subsequently reported to Samsung on January 28 as issue #2002 in the PZ bug tracker, and fixed by the vendor in May 2020. For additional context and more information about .qmg files, we recommend to refer to that tracker entry as it aims to explain our effort in great detail. The purpose of this harness is to link to Android's precompiled ARM(64) Skia libraries (libhwui.so or libskia.so on older versions) and use its SkCodec class to load an input file, in the same way that BitmapFactory::doDecode decodes images on real Android devices. It can run on both physical phones with ARM CPUs and in an emulated qemu-aarch64 environment on any host CPU of choice, enabling effective parallelized fuzzing.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.