Fusil

Software Screenshot:
Fusil
Software Details:
Version: 1.4
Upload Date: 12 May 15
Developer: Victor Stinner
Distribution Type: Freeware
Downloads: 24
Download

Rating: nan/5 (Total Votes: 0)

Fusil project is a fuzzing program. Currently, it's specific to Linux command line programs, but the code is designed to be used with any project type (remote process, fake HTTP server, fuzz network socket, etc.). Fusil project is based on a multi-agent system instead of a monolithic architecture.

Fusil is an opensource project written in Python under GNU GPL license.

Try fusil

Go to fusil parent directory and start fuzzing xterm project:
fusil --project project/xterm.py

Output result:

$ cd fusil
$ fusil -p project/xterm.py
[session #1] Start session
[process xterm] Timeout! (1.0 second)
(...)
[session #8] Start session
*** glibc detected *** /usr/bin/xterm: double free or corruption (!prev): 0x080ad2b8 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7b957cd]
(...)
[watch process] Process killed by signal SIGIOT
[session #8] Session score: 100.0%
[application] Success with session #8!

What is new in this release:

  • Python 3 support
  • fusil-python:
  • improve function listing all Python modules: use sys.builtin_module_names and pkgutil.iter_modules()
  • blacklist more modules, classes and functions

What is new in version 1.3.2:

  • replay.py: set sys.path to ease the usage of Fusil without installing it
  • Fix fusil-gettext: ignore strace errors in locateMO()
  • fusil-python:
  • hide Python warnings
  • listAllModules() includes builtin modules
  • new option --only-c to test only modules written in C
  • fix memory leak: unload tested modules
  • fix getFunctions(): use also isclass() to detect classes
  • Disable Fusil process maximum memory limit

What is new in version 1.3.1:

  • fusil-python: autodiscover all modules instead of using a static list of modules, catch any exception when loading a module, only fuzz public functions (use module.__all__)
  • FileWatch: ignore duplicate parts on session rename
  • Remove session name parts duplicate (eg. "pickle-error-error" => "picke-error")
  • replay.py: don't redirect stdin to /dev/null if --ptrace is used
  • CPU probe: set max duration from 3 to 10 seconds (and rename the session on success)

What is new in version 1.3:

  • Create fusil-gimp
  • Remove charset from WriteCode: use builtin open() instead codecs.open() because files created by open() are much faster
  • Optimize FileWatch: don't recompile patterns at each session
  • fusil now depends on python-ptrace 0.6
  • Don't use close_fds argument of subprocess.Popen() on Windows
  • Fix configuration reader: normal_calm_load, normal_calm_sleep, slow_calm_load, slow_calm_sleep keys global options are float, not integer
  • FileWatch uses the pattern to rename the session

What is new in version 1.2.1:

  • Fix mangle agent of the Image Magick fuzzer
  • Fix AttachProcessPID() probe: stop the probe at process exit

What is new in version 1.2:

  • User visible changes:
  • Fusil now requires Python 2.5
  • Documentation: write an index (index.rst) and an user guide (usage.rst)
  • Replay script: copy HOME environment for GDB and catch setuid() error
  • fusil-firefox: support more file formats (bmp, gif, ico, png, svg), create --test command line option, write the HTML page into index.html file
  • fusil-python: write errors to stderr (instead of stdout) to avoid unicode error (especially with Python3)
  • FileWatch: rename the session with "long_output" if the program wrote more than max_nbline lines
  • fusil-python: blacklist posix.fork() to avoid false positive
  • If the process is killed by a signal, rename the session using the signal name (already worked if the debugger was disabled)
  • Developer changes:
  • MangleAgent supports multiple input files
  • Create DummyMangle: agent with MangleFile API but don't touch file content to test the fuzzer
  • Network: close() method of NetworkClient and ServerClient use shutdown(SHUT_RDWR)
  • NetworkServer uses a backlog of 5 clients for socket.listen() (instead of 1)
  • Bugfixes:
  • Fix Directory.rmtree() and replay script for Python 3.0
  • Fix ServerClient.sendBytes(): use socket.send() result to get the next data offset

What is new in version 1.0 Final:

  • This release adds vlc and zzuf fuzzers, a replay.py script with many options (e.g. --valgrind), and a --force-unsafe option (like --unsafe but without the confirmation).
  • It always uses a null device as stdin for child processes to avoid blocking the fuzzer if the process reads stdin.
  • The created process identifier is written in the logs.

What is new in version 1.0 Beta 3:

  • The session is renamed using the process exit status (exit code or signal). Execution progress is displayed.
  • The total number of processes is limited (to protect against fork bombs) and a core dump is allowed.
  • Bugs introduced by the user switching were fixed.
  • Compatibility with Python 3000 and FreeBSD was improved.

Requirements:

  • Python
  • GCC

12 May 15

Other Software of Developer Victor Stinner

python-ptrace
python-ptrace

11 May 15

IPy
IPy

12 May 15

Application features It can detect about a dozen different ways...">IPy
Application features It can detect about a dozen different ways...">IPy

11 Apr 15

Comments to Fusil

Comments not found
Add Comment
Turn on images!
Search by Category
Popular software