SPIKE - SPIKE IS AN ATTEMPT TO WRITE AN EASY TO USE GENERIC PROTOCOL API THAT HELPS REVERSE

ENGINEER NEW AND UNKNOWN NETWORK PROTOCOLS. IT FEATURES SEVERAL WORKING EXAMPLES. INCLUDES A WEB

NTLM AUTHENTICATION
SERVER BRUTE FORCE AND EXAMPLE CODE THAT PARSES WEB APPLICATIONS AND DCE-
RPC (MSRPC).

SCRATCH - SCRATCH IS AN ADVANCED PROTOCOL DESTROYER (”FUZZER”) WHICH CAN ROUTINELY FIND A WIDE

VARIETY OF VULNERABILITIES FROM A SIMPLE PACKET. SCRATCH DOES COMPLEX PARSING OF BINARY FILES TO

DETERMINE WHAT TO FUZZ WITH WHAT DATA. SCRATCH ALSO COMES WITH A FRAMEWORK FOR FUZZING BINARY

PROTOCOLS SUCH AS SSL AND SMB.

LXAPI - LIBRARY EXPLOIT API - A SELECTION OF PYTHON METHODS DESIGNED FOR BUG TESTING AND

EXPLOITATION OF LOCAL AND REMOTE VULNERABILITIES. IT INCLUDES A FUZZ TESTING COMPONENT, MISCELLANEOUS

SHELL CODE METHODS AND A SIMPLE GUI. LXAPI IS CURRENTLY A WORK-IN-PROGRESS.

PEACH - PEACH FUZZER FRAMEWORK - PEACH IS A CROSS-PLATFORM FUZZING FRAMEWORK WRITTEN IN PYTHON.
PEACHES MAIN GOALS INCLUDE: SHORT DEVELOPMENT TIME, CODE REUSE, EASE OF USE, AND FLEXIBILITY. PEACH CAN
FUZZ JUST ABOUT ANYTHING FROM .NET, COM/ACTIVEX, SQL, SHARED LIBRARIES/DLL’S, NETWORK

APPLICATIONS, WEB, YOU NAME IT!

ANTIPARSER - ANTIPARSER IS A FUZZ TESTING AND FAULT INJECTION API. THE PURPOSE OF ANTIPARSER IS TO PROVIDE

AN API THAT CAN BE USED TO MODEL NETWORK PROTOCOLS AND FILE FORMATS BY THEIR COMPOSITE DATA TYPES.

ONCE A MODEL HAS BEEN CREATED, THE ANTIPARSER HAS VARIOUS METHODS FOR CREATING RANDOM SETS OF DATA

THAT DEVIATES IN WAYS THAT WILL IDEALLY TRIGGER SOFTWARE BUGS OR SECURITY VULNERABILITIES. REQUIRES
PYTHON 2.3 OR LATER.

AUTODAFE - AUTODAFE IS A FUZZING FRAMEWORK THAT CAN BE USED TO IDENTIFY BOUNDARY VALIDATION AND OTHER

ISSUES IN PROTOCOLS AND APPLICATIONS.

DFUZ - A REMOTE PROTOCOL FUZZER/TRIGGERED WHICH CAN DO MANY THINGS SUCH AS SENDING RANDOM

DATA/RANDOM SIZES, TOGETHER WITH THE DATA YOU WANT. IT HAS A LOT OF WAYS TO TELL THE PROGRAM TO USE

THIS DATA BY USING RULE FILES WHICH WILL BE LATER PARSED BY THE PROGRAM ITSELF, AND WITH SEVERAL OPTIONS

AND WAYS TO MAKE IT VERY SPECIFIC, AND VERY FLEXIBLE. IT’S NOT ONLY A REMOTE PROTOCOL FUZZER AS ITSELF,

BUT IT IS A SCRIPTING-LIKE MOTOR ON WHICH YOU CAN CREATE ANY KIND OF PAYLOAD. USER-FRIENDLY.

WEB APPLICATION FUZZING TOOLS

MIELIETOOL - MIELIETOOL V.1.0 IS AN EASY TO USE PERL BASED WEB APPLICATION FUZZER. IT SUPPORTS FUZZING
OF CGIS IN FORMS AND LINKS AND SUPPORTS MULTIPLE SITES. REQUIRES HTTRACK, LYNX, GREP, FIND, AND RM.

WAPITI - WAPITI IS A FUZZ TESTER FOR WEB APPLICATIONS, AND VERSION 1.1.1 WAS RECENTLY RELEASED TO THE
PUBLIC. WAPITI SCANS THE FRONTEND OF THE TARGET APPLICATION AND IDENTIFIES ALL THE EXPECTED USER INPUTS.

IT THEN RUNS A SERIES OF TESTS AGAINST EACH VARIABLE, SUCH AS INJECTING PUNCTUATION AND SPECIAL
CHARACTERS, AND LOOKS FOR UNEXPECTED OUTPUT FROM THE APPLICATION. WAPITI CAN BE USED TO AUTOMATE THE

DISCOVERY OF SQL AND CODE INJECTION ATTACKS, CROSS-SITE SCRIPTING AND DIRECTORY TRAVERSAL

VULNERABILITIES.
WEBFUZZER – WEB FUZZER IS A WEB APPLICATION FUZZER THAT CHECKS FOR REMOTE VULNERABILITIES SUCH AS
SQL INJECTION, CROSS SITE SCRIPTING, REMOTE CODE EXECUTION, FILE DISCLOSURE, DIRECTORY TRAVERSAL, PHP

INCLUDES, SHELL ESCAPES AND INSECURE PERL OPEN() CALLS.

SPI WEBINSPECT - THE COMMERCIAL SPI WEBINSPECT TOOLKIT PROVIDES A PROFESSIONAL WEB FUZZING TOOL

KNOWN AS SPI FUZZER. SPI TOOLKIT USERS BENEFIT FROM A COMMERCIALLY SUPPORTED PRODUCT THAT ENSURES

RELIABILITY, UPDATES, AND EASE-OF-USE.

CFUZZER -A SIMPLE C-SOURCE FUZZER TO TEST FOR HTTP CHUNKED ENCODING ISSUES IN CLIENTS AND SERVERS.

BROWSER FUZZING TOOLS

MANGLEME - A SIMPLE FUZZER FOR GENERATING ODD HTML TAGS - IT WILL ALSO AUTOLAUNCH A BROWSER.

MANGLE FOUND THE INFAMOUS IE IFRAME BUG.

AXMAN - AXMAN IS A WEB-BASED ACTIVEX FUZZING ENGINE. THE

AXMAN IS TO DISCOVER
GOAL OF

VULNERABILITIES IN COM OBJECTS EXPOSED THROUGH INTERNET EXPLORER. SINCE AXMAN IS WEB-BASED, ANY

SECURITY CHANGES IN THE BROWSER WILL ALSO AFFECT THE RESULTS OF THE FUZZING PROCESS. THIS ALLOWS FOR A

MUCH MORE REALISTIC TEST THAN OTHER COM-BASED ASSESSMENT TOOLS. AXMAN IS DESIGNED TO BE USED WITH

INTERNET EXPLORER 6 ONLY.

COMRAIDER - COMRAIDER COM OBJECT INTERFACES. COMRAIDER INCLUDES

IS A TOOL DESIGNED TO FUZZ

CAPABILITY TO EASILY ENUMERATE SAFE FOR SCRIPTING OBJECTS, ABILITY TO SCAN FOR COM OBJECTS BY PATH,

FILENAME, OR GUID; INTEGRATED TYPE LIBRARY VIEWER; INTEGRATED DEBUGGER TO MONITOR EXCEPTIONS, CLOSE

WINDOWS,LOG API; EXTERNAL VBS SCRIPT ALLOWS YOU TO EASILY EDIT FUZZER PERMUTATIONS; BUILT IN WEBSERVER

TO TEST EXPLOITS ON THE FLY; DISTRIBUTED AUDITING MODE TO ALLOW ENTIRE TEAMS TO WORK TOGETHER; ABILITY

TO UPLOAD CRASH FILES TO CENTRAL SERVER FOR GROUP ANALYSIS; AUTOMATION TOOLS ALLOWING YOU TO EASILY

FUZZ MULTIPLE LIBRARIES, INDIVIDUAL CLASSES, OR SPECIFIC FUNCTIONS.

TAGBRUTEFORCER - TAGBRUTEFORCER IS A CLIENT-SIDE SECURITY TOOL DESIGNED TO FIND OVERFLOWS IN

APPLICATIONS THAT CAN BE OPENED BY DEFAULT WITHIN INTERNET EXPLORER. IT ALSO INCLUDES BASIC FUNCTIONALITY

FOR TESTING ACTIVEX OBJECTS OR INTERNET EXPLORER ITSELF.

HAMACHI - HAMACHI IS A COMMUNITY-DEVELOPED UTILITY FOR VERIFYING BROWSER INTEGRITY, WRITTEN BY H D

MOORE AND AVIV RAFF. HAMACHI WILL LOOK FOR COMMON DHTML IMPLEMENTATION FLAWS BY SPECIFYING
COMMON “BAD” VALUES FOR METHOD ARGUMENTS AND PROPERTY VALUES.

SERVICE AND PROTOCOL FUZZING TOOLS

SNMPFUZZER - SNMP FUZZER USES PROTOS TEST CASES WITH AN ENTIRELY NEW ENGINE WRITTEN IN PERL. IT
PROVIDES EFFICIENT METHODS OF DETERMINING WHICH TEST CASE HAS CAUSED A FAULT, OFFERS MORE TESTING

GRANULARITY AND A FRIENDLIER USER INTERFACE.

FTPFUZZ - FTPFUZZ IS A SIMPLE GUI-BASED FUZZER FOR TESTING FTPD SERVER IMPLEMENTATIONS. IT ALLOWS
THE USER TO SPECIFY FTP COMMANDS AND PARAMETERS TO FUZZ, AND THE PATTERN OF TEST STRINGS TO USE FOR
EACH CASE. REMOTELY EXPLOITABLE VULNERABILITIES IN MANY POPULAR FTP SERVICES HAVE BEEN DISCOVERED USING

THIS UTILITY.

PROTOS - THE PROTOS PROJECT RESEARCHES DIFFERENT APPROACHES OF TESTING IMPLEMENTATIONS OF

PROTOCOLS USING BLACK-BOX (I.E. FUNCTIONAL) TESTING METHODS. THE GOAL IS TO SUPPORT PRO-ACTIVE

ELIMINATION OF FAULTS WITH INFORMATION SECURITY IMPLICATIONS. NUMEROUS PROTOS TEST CASES HAVE BEEN

PROVIDED FOR ASSESSMENT: WAP FUZZERS, LDAP AND SNMP FUZZERS, DNS FUZZERS AND MORE.

IRCFUZZ - DIGITAL DWARF SOCIETY: FUZZING TOOL FOR IRC CLIENTS.

ICALFUZZ - DIGITAL DWARF SOCIETY: FUZZING TOOL FOR THE ICAL CALENDAR FORMAT.

TFTPFUZZ - DIGITAL DWARF SOCIETY: FUZZING TOOL FOR THE TFTP PROTOCOL.

DHCPFUZZ - DIGITAL DWARF SOCIETY: FUZZING TOOL FOR THE DHCP PROTOCOL.

SMTPFUZZER - BLACKOPS SMTP FUZZING UTILITY CAN BE USED TO FIND WEAKNESSES IN SERVER

IMPLEMENTATIONS OF THE SMTP PROTOCOL.

RIOT AND FAULTMON - RIOT TESTING UTILITY AND FAULTMON EXCEPTION CATCHER. MAY BE USED FOR ATTACKING
PLAIN TEXT PROTOCOLS (TELNET, HTTP, SMTP). USED BY RILEY HASSELL WHEN HE WORKED AT EEYE TO
DISCOVER THE IIS .PRINTER OVERFLOW AND INCLUDED IN THE SHELLCODER’S HANDBOOK.

TCP/IP FUZZING TOOLS

FUZZBALL2 - FUZZBALL2 IS A LITTLE FUZZER FOR TCP AND IP OPTIONS. IT SENDS A BUNCH OF MORE OR LESS

BOGUS PACKETS TO THE HOST OF YOUR CHOICE.

ISIC - ISIC IS A SUITE OF UTILITIES TO EXERCISE THE STABILITY OF AN IP STACK AND ITS COMPONENT STACKS
(TCP, UDP, ICMP ET. AL.) IT GENERATES PILES OF PSEUDO RANDOM PACKETS OF THE TARGET PROTOCOL. THE
PACKETS BE GIVEN TENDENCIES TO CONFORM TO. IE 50% OF THE PACKETS GENERATED CAN HAVE IP OPTIONS.

25% OF THE PACKETS CAN BE IP FRAGMENTS - BUT THE PERCENTAGES ARE ARBITRARY AND MOST OF THE PACKET
FIELDS HAVE A CONFIGURABLE TENDENCY. THE PACKETS ARE THEN SENT AGAINST THE TARGET MACHINE TO EITHER

PENETRATE ITS FIREWALL RULES OR FIND BUGS IN THE IP STACK. ISIC ALSO CONTAINS A UTILITY GENERATE RAW

ETHER FRAMES TO EXAMINE HARDWARE IMPLEMENTATIONS.

IP6SIC- IP6SIC IS A TOOL FOR STRESS TESTING AN IPV6 STACK IMPLEMENTATION. IT WORKS IN A WAY MUCH SIMILAR
TO ISIC ABOVE. IT WAS DEVELOPED MAINLY ON FREEBSD AND IS KNOWN TO WORK ON OPENBSD AND LINUX.

THEORETICALLY, IT SHOULD WORK WHEREVER LIBDNET WORKS.

OTHER FUZZ TESTINGS TOOLS

SYSCALLFUZZ - A SYSTEM CALL FUZZER FOR LINUX. C SOURCE PROVIDED.

SOCKET FUZZER - A SOCKET/FILE DESCRIPTOR FUZZING TOOL FOR UNIX. C SOURCE PROVIDED.

MANGLE - TRIVIAL BINARY FILE FUZZER BY ILJA

SPRUNDEL. IT’S USAGE IS
VAN VERY SIMPLE, IT TAKES A FILENAME

AND HEADERSIZE AS INPUT. IT WILL THEN CHANGE BETWEEN 0 AND 10% OF THE HEADER WITH RANDOM BYTES.

MAY BE USEFUL TO TESTERS WITH SOME SCRIPTING EXPERIENCE.

FILEFUZZ - A FILE FORMAT FUZZER FOR WINDOWS PE BINARIES FROM IDEFENSE.

SPIKEFILE - SPIKEFILE IS A LINUX BASED FILE FORMAT FUZZING TOOL, BASED ON SPIKE 2.9. IT WAS

DESIGNED TO AUTOMATE THE LAUNCHING OF APPLICATIONS AND DETECTION OF EXCEPTIONS CAUSED BY FUZZED FILES.

IT USES STANDARD SPIKE SCRIPTS TO GENERATE FILES AND UTILIZES PTRACE TO PICK UP INTERESTING SIGNALS AND

DUMP REGISTER STATE.

FUZZYFILES - FILE FUZZER WRITTEN BY REED ARVIN. CREATES MULTIPLE VARIATIONS OF A FILE - USEFUL FOR

FINDING LOCAL APPLICATION FLAWS.

FUZZYSNIFFANDSEND - PACKET SNIFFER AND REPLAYER WRITTEN BY REED ARVIN. CAN BE USED TO CAPTURE DATA
ON THE WIRE, MODIFY IT IN VARIOUS WAYS AND RESEND TO THE TARGET. USED TO TEST FOR PROTOCOL AND

APPLICATION VULNERABILITIES.

RADIUSFUZZER - A RADIUS PROTOCOL FUZZER WRITTEN IN C, BY THOMAS BIEGE OF THE SUSE SECURITY TEAM.

MSN FUZZER - C SOURCE CODE FOR A SIMPLE MSN PROTOCOL FUZZER. MAY BE USED TO DISCOVER

VULNERABILITIES IN MSN CLIENT SOFTWARE.

MISTRESS - MISTRESS IN AN ‘APPLICATION SADISM ENVIRONMENT’ AND CAN ALSO BE CALLED A FUZZER. IT IS
WRITTEN IN PYTHON AND WAS CREATED FOR PROBING FILE FORMATS ON THE FLY AND PROTOCOLS WITH MALFORMED

DATA, BASED ON PRE-DEFINED PATTERNS. IT IS RECOMMENDED THAT THE PROJECT SITE BE VISITED FOR FURTHER

DOCUMENTATION AND USE CASES.

PLEASENOTE:

1. THE MOST OF THE FUZZING TOOL ARE DEVELOPED IN PYTHON .EVEN THE TOOL SELECTED
BY US IS ALSO DEVELOPED IN PYTHON SO I TOOK UP THE TASK FOR FINDING AN TOOL OR

LIBRARY TO CONVERT OR TO GET AN EQUIVALENT CODE IN JAVA.

2. I WAS SUCCESSFUL TO OBTAIN A TOOL WHICH CONVERTS PYTHON CODE TO JAVA .I.E. IT
CREATES A JAVA CODE IN WHICH IT POINTS TO THE PYTHON CODE AND ACTIVATES THE

PYTHON CODE.

3. THE ACTUAL IDEA IS CALLING PYTHON CODE USING JAVA .IN THE COMING WEEK I WILL BE
WORKING ON THIS TOOL.

SOME OTHER TOOLS:

1. SPIKE PROXY
IT IS A PROFESSIONAL-GRADE TOOL FOR LOOKING FOR APPLICATION-LEVEL VULNERABILITIES IN WEB
APPLICATIONS. SPIKE PROXY COVERS THE BASICS, SUCH AS SQL INJECTION AND CROSS-SITE-SCRIPTING, BUT
IT’S COMPLETELY OPEN PYTHON INFRASTRUCTURE ALLOWS ADVANCED USERS TO CUSTOMIZE IT FOR WEB
APPLICATIONS THAT OTHER TOOLS FALL APART ON. SPIKE PROXY IS AVAILABLE FOR LINUX AND WINDOWS.

2. WEBSCARAB
WEBSCARAB IS A FRAMEWORK FOR ANALYZING APPLICATIONS THAT COMMUNICATE USING THE HTTP AND
HTTPS PROTOCOLS. IT IS WRITTEN IN JAVA, AND IS THUS PORTABLE TO MANY PLATFORMS. WEBSCARAB HAS
SEVERAL MODES OF OPERATION, IMPLEMENTED BY A NUMBER OF PLUGINS.
PARAMETER FUZZER PLUG IN PERFORMS AUTOMATED SUBSTITUTION OF PARAMETER VALUES THAT ARE LIKELY TO
EXPOSE INCOMPLETE PARAMETER VALIDATION, LEADING TO VULNERABILITIES LIKE CROSS SITE SCRIPTING (XSS)
AND SQL INJECTION.

3. BURP INTRUDER
BURP INTRUDER IS A HIGHLY CONFIGURABLE JAVA WEB APPLICATION SECURITY TOOL AND CAN BE USED TO
AUTOMATE A WIDE RANGE OF ATTACKS AGAINST APPLICATIONS, INCLUDING TESTING FOR COMMON WEB
APPLICATION VULNERABILITIES SUCH AS SQL INJECTION, CROSS-SITE SCRIPTING, BUFFER OVERFLOWS AND
DIRECTORY TRAVERSAL; BRUTE FORCE ATTACKS AGAINST AUTHENTICATION SCHEMES; ENUMERATION; PARAMETER
MANIPULATION; TRAWLING FOR HIDDEN CONTENT AND FUNCTIONALITY; SESSION TOKEN SEQUENCING AND SESSION
HIJACKING; DATA MINING; CONCURRENCY ATTACKS; AND APPLICATION-LAYER DENIAL-OF-SERVICE ATTACKS.

4. WAPITI

WAPITI ALLOWS YOU TO AUDIT THE SECURITY OF YOUR WEB APPLICATIONS. IT PERFORMS "BLACK-BOX" SCANS,
I.E. IT DOES NOT STUDY THE SOURCE CODE OF THE APPLICATION BUT WILL SCANS THE WEBPAGES OF THE
DEPLOYED WEBAPP, LOOKING FOR SCRIPTS AND FORMS WHERE IT CAN INJECT DATA. ONCE IT GETS THIS LIST,
WAPITI ACTS LIKE A FUZZER, INJECTING PAYLOADS TO SEE IF A SCRIPT IS VULNERABLE.

5. RFUZZ THE WEB DESTROYER

RFUZZ IS A RUBY LIBRARY TO EASILY TEST WEB APPLICATIONS FROM THE OUTSIDE USING A FAST HTTPCLIENT
AND WICKED EVIL RANDOM GENERATOR ALLOWING THE AVERAGE PROGRAMMER TO USE ADVANCED FUZZING
TECHNIQUES FOR JUST PENNIES A DAY.

6. OWASP WSFUZZER

WSFUZZER IS A GPL’D PROGRAM, WRITTEN IN PYTHON THAT CURRENTLY TARGETS WEB SERVICES. IN THE
CURRENT VERSIONHTTP BASED SOAP SERVICES ARE THE MAIN TARGET. THIS TOOL WAS CREATED BASED ON,
AND TO AUTOMATE, SOME REAL-WORLD MANUAL SOAP PEN TESTING WORK.

7. SPI FUZZER (MEMBER OF SPI DYNAMICS WEB INSPECT SUITE)

IT IDENTIFIES BUFFER OVERFLOWS USING HTTP FUZZING OR MODIFICATION OF INPUT VARIABLES.TRIAL VERSION
AVAILABLE FOR DOWNLOAD.

8. SURU WEB PROXY

SURU GIVES THE ANALYST THE ABILITY TO FUZZ ANY PART OF THE HTTP REQUEST. THIS OBVIOUSLY INCLUDES
GET AND POST PARAMETERS, BUT CAN ALSO BE EXTENDED TO HOST: FIELDS, CONTENT-LENGTH: ETC. THE
ANALYST CAN CHOOSE TO FUZZ ANY POINT OF THE HTTP REQUEST HEADER OR BODY. THESE "FUZZ CONTROL
POINTS" CAN BE FUZZED WITH ANY VALUE - AND SURU INCLUDES SOME SAMPLE FUZZ STRINGS BY DEFAULT.

9. APPSCAN
APPSCAN SCANS AND TESTS FOR ALL COMMON WEB APPLICATION VULNERABILITIES - INCLUDING THOSE
WASC
IDENTIFIED IN THE THREAT CLASSIFICATION - SUCH AS SQL-INJECTION, CROSS-SITE SCRIPTING AND
BUFFER OVERFLOW.

10. ASP AUDITOR

THE PURPOSE OF THIS TOOL IS TO LOOK FOR COMMON MISCONFIGURATION AND INFORMATION LEAKS IN ASP.NET
APPLICATIONS.