forked from devdanzin/fusil
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPKG-INFO
259 lines (208 loc) · 11.5 KB
/
PKG-INFO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
Metadata-Version: 1.1
Name: fusil
Version: 1.5
Summary: Fuzzing framework
Home-page: http://bitbucket.org/haypo/fusil/wiki/Home
Author: Victor Stinner
Author-email: UNKNOWN
License: GNU GPL v2
Download-URL: http://bitbucket.org/haypo/fusil/wiki/Home
Description: Fusil is a Python library used to write fuzzing programs. It helps to start
process with a prepared environment (limit memory, environment variables,
redirect stdout, etc.), start network client or server, and create mangled
files. Fusil has many probes to detect program crash: watch process exit code,
watch process stdout and syslog for text patterns (eg. "segmentation fault"),
watch session duration, watch cpu usage (process and system load), etc.
Fusil is based on a multi-agent system architecture. It computes a session
score used to guess fuzzing parameters like number of injected errors to input
files.
Available fuzzing projects: ClamAV, Firefox (contains an HTTP server),
gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall,
mplayer, php, poppler, vim, xterm.
Website: http://bitbucket.org/haypo/fusil/wiki/Home
Usage
=====
Fusil is a library and a set of fuzzers called "fusil-...". To run a fuzzer,
call it by its name. Example: ::
$ fusil-gettext
Fusil version 0.9.1 -- GNU GPL v2
http://bitbucket.org/haypo/fusil/wiki/Home
(...)
[0][session 13] Start session
[0][session 13] ------------------------------------------------------------
[0][session 13] PID: 16989
[0][session 13] Signal: SIGSEGV
[0][session 13] Invalid read from 0x0c1086e0
[0][session 13] - instruction: CMP EDX, [EAX]
[0][session 13] - mapping: 0x0c1086e0 is not mapped in memory
[0][session 13] - register eax=0x0c1086e0
[0][session 13] - register edx=0x00000019
[0][session 13] ------------------------------------------------------------
[0][session 13] End of session: score=100.0%, duration=3.806 second
(...)
Success 1/1!
Project done: 13 sessions in 5.4 seconds (414.5 ms per session), total 5.9 seconds, aggresssivity: 19.0%
Total: 1 success
Keep non-empty directory: /home/haypo/prog/SVN/fusil/trunk/run-3
Features
========
Why using Fusil instead your own hand made C script?
* Fusil limits child process environment: limit memory, use timeout, make
sure that process is killed on session end
* Fusil waits until system load is load before starting a fuzzing session
* Fusil creates a session directory used as the process current working
directory and Fusil only creates files in this directory (and not in /tmp)
* Fusil stores all actions in fusil.log but also session.log for all
actions related of a session
* Fusil has multiple available probes to compute session score: guess if
a sessions is a succes or not
* Fusil redirects process output to a file and searchs bug text patterns
in the stdout/stderr (Fusil contains many text patterns to detect crashes
and problems)
Installation
============
Read INSTALL documentation file.
Documentation
=============
Read doc/index.rst: documentation index.
Changelog
=========
Fusil 1.5 (2013-03-05)
----------------------
* experimental Python 3.3 support with the same code base; python 2.5 is no
more supported
* fusil-python: generate buffer objects and Unicode strings with surrogate
characters
* Change the default process memory limit from 100 MB to 500 MB
Fusil 1.4 (2011-02-16)
----------------------
* Python 3 support
* fusil-python:
- improve function listing all Python modules: use sys.builtin_module_names
and pkgutil.iter_modules()
- blacklist more modules, classes and functions
Fusil 1.3.2 (2010-01-09)
------------------------
* replay.py: set sys.path to ease the usage of Fusil without installing it
* Fix fusil-gettext: ignore strace errors in locateMO()
* fusil-python:
- hide Python warnings
- listAllModules() includes builtin modules
- new option --only-c to test only modules written in C
- fix memory leak: unload tested modules
- fix getFunctions(): use also isclass() to detect classes
* Disable Fusil process maximum memory limit
Fusil 1.3.1 (2009-11-09)
------------------------
* fusil-python: autodiscover all modules instead of using a static list of
modules, catch any exception when loading a module, only fuzz public
functions (use module.__all__)
* FileWatch: ignore duplicate parts on session rename
* Remove session name parts duplicate (eg. "pickle-error-error" =>
"picke-error")
* replay.py: don't redirect stdin to /dev/null if --ptrace is used
* CPU probe: set max duration from 3 to 10 seconds (and rename the session on
success)
Fusil 1.3 (2009-09-18)
----------------------
* Create fusil-gimp
* Remove charset from WriteCode: use builtin open() instead codecs.open()
because files created by open() are much faster
* Optimize FileWatch: don't recompile patterns at each session
* fusil now depends on python-ptrace 0.6
* Don't use close_fds argument of subprocess.Popen() on Windows
* Fix configuration reader: normal_calm_load, normal_calm_sleep,
slow_calm_load, slow_calm_sleep keys global options are float, not integer
* Project website moved to http://bitbucket.org/haypo/fusil/wiki/Home
* FileWatch uses the pattern to rename the session
Fusil 1.2.1 (2009-02-06)
------------------------
* Fix mangle agent of the Image Magick fuzzer
* Fix AttachProcessPID() probe: stop the probe at process exit
Fusil 1.2 (2009-02-04)
----------------------
User visible changes:
* Fusil now requires Python 2.5
* Documentation: write an index (index.rst) and an user guide (usage.rst)
* Replay script: copy HOME environment for GDB and catch setuid() error
* fusil-firefox: support more file formats (bmp, gif, ico, png, svg), create
--test command line option, write the HTML page into index.html file
* fusil-python: write errors to stderr (instead of stdout) to avoid unicode
error (especially with Python3)
* FileWatch: rename the session with "long_output" if the program wrote more
than max_nbline lines
* fusil-python: blacklist posix.fork() to avoid false positive
* If the process is killed by a signal, rename the session using the
signal name (already worked if the debugger was disabled)
Developer changes:
* MangleAgent supports multiple input files
* Create DummyMangle: agent with MangleFile API but don't touch file content
to test the fuzzer
* Network: close() method of NetworkClient and ServerClient use
shutdown(SHUT_RDWR)
* NetworkServer uses a backlog of 5 clients for socket.listen() (instead of 1)
Bugfixes:
* Fix Directory.rmtree() and replay script for Python 3.0
* Fix ServerClient.sendBytes(): use socket.send() result to get the next
data offset
Fusil 1.1 (2008-10-22)
----------------------
User visible changes:
* replay.py: ask confirmation if the fuzzer will not be running under a
different user or as root
* Even with --force-unsafe, show safety warning if the fuzzer is
running as the root user
* Close files for child processes (close_fds=True)
* Fix directory.rmtree() for Python 3.0 final
Developer changes:
* Create IntegerRangeGenerator in fusil.unicode_generator
* Create EnvVarIntegerRange in fusil.process.env
* Create fusil-wizzard fuzzer
* Write timestamp in session.log
* Add session() method to ProjectAgent
* Add NAME attribute to a fuzzer, reused to choose the project directory name
Bugfixes:
* Fix Debugger.processSignal(): use the process agent to send the message
(session_rename) since the debugger agent may be disabled
* Fix replay.py: quote gdb arguments escape quote and antislash characters
(eg. "text=\"Hello\\n\".")
* replay.py uses /dev/null for stdin as Fusil does
* FileWatch: open file in binary mode to use bytes in Python3
Fusil 1.0 final (2008-09-13)
----------------------------
Visible changes:
* Create fusil-zzuf fuzzer (use the zzuf library)
* Create fusil-vlc fuzzer (VLC media player)
* For each session, generate a Python script (replay.py) to replay the
session. The script can run the target in gdb, valgrind or gdb.py
(python-ptrace debugger), with many options (--user, --limit, etc.)
* Create --force-unsafe option, like --unsafe without the confirmation
* CreateProcess is now a probe (with a score): if the debugger catchs a
fatal signal, the session stops
* Always use a null device as stdin for child processes to avoid blocking the
fuzzer if the process reads stdin (eg. call getchar())
* Write the created process identifier in the logs
Developer:
* Create EnvVarIntegerRange: environment variable with an integer value
in a fixed range
* Changes to get a minimal Windows support: disable "change user/group"
feature on Windows; remove log file before removing the project directory;
use ":NUL" instead of /dev/null for null input/output
* On setupProject() error, make sure that the project is cleaned
* Close stdout files (input and output) at process exit (fix needed
by Windows)
* Rename long2raw() to uint2bytes(), and bytes2long() to bytes2uint()
* Normalize score that make sure that a probe score is in range [-1; +1]
and so that score*weight is in range[-weight; +weight]
* CodeC: remove method lines(), writeCode() is renamed writeIntoFile(),
use unicode strings (instead of byte strings)
* Remove StdoutFile class, code merged in CreateProcess
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Console
Classifier: License :: OSI Approved :: GNU General Public License (GPL)
Classifier: Operating System :: OS Independent
Classifier: Natural Language :: English
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3