From e8d0ca6a8ecd36a7a9032cd508529afdc2f4d179 Mon Sep 17 00:00:00 2001 From: Max Moroz Date: Tue, 14 Mar 2017 03:40:56 +0100 Subject: [PATCH 01/21] Add libFuzzer, syzkaller and fuzzer-test-suite. (#8) * Add libFuzzer, syzkaller and fuzzer-test-suite. * Add missing http:// scheme. --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0784add..e606f2c 100644 --- a/README.md +++ b/README.md @@ -159,6 +159,12 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [Filesystem Fuzzing with American Fuzzy lop](http://events.linuxfoundation.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf) +##### libFuzzer Fuzzer related tutorials + +[libFuzzer Tutorial](http://tutorial.libfuzzer.info) + +[libFuzzer Workshop: "Modern fuzzing of C/C++ Projects"](https://github.com/Dor1s/libfuzzer-workshop) + ##### Spike Fuzzer related tutorials [Fuzzing with Spike to find overflows](http://null-byte.wonderhowto.com/how-to/hack-like-pro-build-your-own-exploits-part-3-fuzzing-with-spike-find-overflows-0162789/) @@ -234,6 +240,10 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [Hodor Fuzzer](https://github.com/nccgroup/hodor) - Yet Another general purpose fuzzer. +[libFuzzer](http://libfuzzer.info) - In-process, coverage-guided, evolutionary fuzzing engine for targets written in C/C++. + +[syzkaller](https://github.com/google/syzkaller) - Distributed, unsupervised, coverage-guided Linux syscall fuzzer. + ### Taint Analysis ( How user input affects the execution) @@ -307,10 +317,12 @@ PacketStorm - https://packetstormsecurity.com/files/tags/exploit/ ##### Samples files for seeding during fuzzing: https://files.fuzzing-project.org/ -[PDF Test Corpus from Mozilla] (https://github.com/mozilla/pdf.js/tree/master/test/pdfs) +[PDF Test Corpus from Mozilla](https://github.com/mozilla/pdf.js/tree/master/test/pdfs) [MS Office file format documentation](https://www.microsoft.com/en-us/download/details.aspx?id=14565) +[Fuzzer Test Suite](https://github.com/google/fuzzer-test-suite) - Set of tests for fuzzing engines. Includes different well-known bugs such as Heartbleed, c-ares $100K bug and others. + ## Anti-Fuzzing From 8d1305a33b63759d8cf1883314c4f3e242e98327 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=B0=AD=E5=85=B4=E9=82=A6?= Date: Tue, 14 Mar 2017 10:42:48 +0800 Subject: [PATCH 02/21] Add Chinese Translation (#9) * add chiness translation Chinese translation of part * Add Chinese Translation Add Chinese Translation --- README_ch.md | 326 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 326 insertions(+) create mode 100644 README_ch.md diff --git a/README_ch.md b/README_ch.md new file mode 100644 index 0000000..b8d1fcb --- /dev/null +++ b/README_ch.md @@ -0,0 +1,326 @@ +Fuzzing 大合集 [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) +=================== + +这是一个在学习 fuzzing 的最初阶段最好的有关 fuzzing 的资源合集(书籍、课程、视频、教程等等) + +### Table of Contents +- [书籍](#书籍) +- [课程](#课程) + + [免费](#免费) + + [付费](#付费) +- [视频](#videos) + + [NYU Poly Course videos](#nyu-poly-videos) + + [Conference talks/tutorials on Fuzzing](#conf-talks-tutorials) +- [教程](#教程) +- [工具](#工具) + + [文件格式 Fuzzer](#文件格式Fuzzer) + + [网络协议 Fuzzer](#网络协议Fuzzer) + + [Taint Analysis](#taint-analysis) + + [符号执行 + SAT/SMT求解器](#符号执行) + + [基本工具(通用)](#基本工具(通用)) +- [存在漏洞的应用程序](#存在漏洞的应用程序) +- [反Fuzzing](#反Fuzzing) +- [贡献](#贡献) + +Awesome Fuzzing Resources +------------- + +## 书籍 +*关于 fuzzing 的书籍* + ++ [Fuzzing: Brute Force Vulnerability Discovery](https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119) 作者: Michael Sutton, Adam Greene, Pedram Amini + ++ [Fuzzing for Software Security Testing and Quality Assurance ](https://www.amazon.com/Fuzzing-Software-Security-Assurance-Information/dp/1596932147) 作者: Ari Takanen, Charles Miller, and Jared D Demott + ++ [Open Source Fuzzing Tools](https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950) 作者: Gadi Evron and Noam Rathaus + ++ [Gray Hat Python](https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921) 作者: Justin Seitz + + +> **Note:** 下列书籍中的部分章节也描述了 fuzzing + +> - [The Shellcoder's Handbook: Discovering and Exploiting Security Holes ( Chapter 15 )](https://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/) 作者 Chris Anley, Dave Aitel, David Litchfield 等 + +> - [iOS Hacker's Handbook - Chapter 1](https://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123/) 作者: Charles Miller, Dino DaiZovi, Dion Blazakis, Ralf-Philip Weinmann, and Stefan Esser + +IDA Pro - The IDA Pro Book: 世界上最流行的反汇编工具的非官方指导书 + + +## 课程 + +*与 fuzzing 有关的课程/培训* + + +### 免费 + +[NYU Poly ( see videos for more )](https://vimeo.com/5236104 ) - Dan Guido 出品的免费指导 + +[Samclass.info ( check projects section and chapter 17 ) ](https://samsclass.info/127/127_F15.shtml) - Sam 出品 + +[Modern Binary Exploitation ( RPISEC ) - Chapter 15 ](https://github.com/RPISEC/MBE) - RPISEC 出品 + +[Offensive Computer Security - Week 6](http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) - W. Owen Redwood 和 Prof. Xiuwen Liu 出品 + + +### 付费 ( $$$ ) +[Offensive Security, Cracking The Perimeter ( CTP ) and Advanced Windows Exploitation ( AWE )](https://www.offensive-security.com/information-security-training/) + +[SANS 660/760 Advanced Exploit Development for Penetration Testers](https://www.sans.org/course/advance-exploit-development-pentetration-testers) + +[Exodus Intelligence - 漏洞挖掘大师级课程](https://blog.exodusintel.com/2016/05/18/exodus-intelligence-2016-training-course/) + + +## 视频 + +*讨论 fuzzing 技术、工具、最佳实践的视频* + +### NYU Poly Course videos (from Dan Guido) +[Fuzzing 101 (Part 1)](https://vimeo.com/5236104) - Mike Zusman 出品 + +[Fuzzing 101 (Part 2)](https://vimeo.com/5237484) - Mike Zusman 出品 + +[Fuzzing 101 (2009)](https://vimeo.com/7574602) - Mike Zusman 出品 + +[Fuzzing - Software Security Course on Coursera](https://www.coursera.org/learn/software-security/lecture/VgyOn/fuzzing) - 马里兰大学出品 + + +### 关于 Fuzzing 的会议讨论/教程 +[Youtube Playlist of various fuzzing talks and presentations ](https://www.youtube.com/playlist?list=PLtPrYlwXDImiO_hzK7npBi4eKQQBgygLD) - 列表内有许多优质内容 + + +[Browser bug hunting - Memoirs of a last man standing](https://vimeo.com/109380793) - Atte Kettunen 出品 + +[Coverage-based Greybox Fuzzing as Markov Chain](https://www.comp.nus.edu.sg/~mboehme/paper/CCS16.pdf) + + +## 教程 + +*解释 fuzzing 方法、技术与最佳实践的教程与博客* +### [2016 文章] + +[Effective File Format Fuzzing](http://j00ru.vexillium.org/slides/2016/blackhat.pdf) - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London + +[A year of Windows kernel font fuzzing Part-1 the results](http://googleprojectzero.blogspot.in/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html) - Google Zero 项目的最佳论文,描述了如何进行 fuzzing 以及如何构建一个 fuzzer + +[A year of Windows kernel font fuzzing Part-2 the techniques](http://googleprojectzero.blogspot.in/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html) - Google Zero 项目的最佳论文,描述了如何进行 fuzzing 以及如何构建一个 fuzzer + +[Interesting bugs and resources at fuzzing project](https://blog.fuzzing-project.org/) - fuzzing-project.org 出品 + +[Fuzzing workflows; a fuzz job from start to finish](https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/) - @BrandonPrry 出品 + +[A gentle introduction to fuzzing C++ code with AFL and libFuzzer](http://jefftrull.github.io/c++/clang/llvm/fuzzing/sanitizers/2015/11/27/fuzzing-with-sanitizers.html) - Jeff Trull 出品 + +[15 分钟介绍 fuzzing](https://www.mwrinfosecurity.com/our-thinking/15-minute-guide-to-fuzzing/) - MWR Security 出品 + +> **Note:** Folks at fuzzing.info 收集了很多非常有用的链接,我没有重复他们的工作,我只是整理了 2015 年到 2016 年间他们没有收录的文章 +[Fuzzing Papers](https://fuzzing.info/papers) - fuzzing.info 出品 + +[Fuzzing 博客](https://fuzzing.info/resources/) - fuzzing.info 出品 + +[Root Cause Analysis of the Crash during Fuzzing](https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/) - Corelan Team 出品 +[Root cause analysis of integer flow](https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/) - Corelan Team 出品 + +[Creating custom peach fuzzer publishers](http://blog.opensecurityresearch.com/2014/01/creating-custom-peach-fuzzer-publishers.html) - Open Security Research 出品 + +[在 Fuzzing 大型开源项目前要考虑的 7 件事](https://www.linux.com/blog/7-things-consider-fuzzing-large-open-source-project) - Emily Ratliff + +##### 从 Fuzzing 到 Exploit +[从 fuzzing 到 0-day](https://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/) - Harold Rodriguez(@superkojiman) 出品 + +[从 crash 到 exploit](https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/) - Corelan Team 出品 + +##### Peach Fuzzer 相关教程 +[Peach 上手指南](http://community.peachfuzzer.com/v2/PeachQuickstart.html) +[使用 Peach 进行 Fuzzing Part 1](http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/) - Jason Kratzer of corelan team 出品 +[使用 Peach 进行 Fuzzing Part 2](http://www.flinkd.org/2011/11/fuzzing-with-peach-part-2-fixups-2/) - Jason Kratzer of corelan team 出品 +[Peach pit 文件的自动生成](http://doc.netzob.org/en/latest/tutorials/peach.html) - Frédéric Guihéry, Georges Bossert 出品 + +##### AFL Fuzzer 相关教程 +[Fuzzing 工作流程,包含 fuzz 的始末](https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/) - @BrandonPrry 出品 + +[使用 AFL persistent 模式对 capstone 进行 Fuzzing](https://toastedcornflakes.github.io/articles/fuzzing_capstone_with_afl.html) - @toasted_flakes 出品 + +[RAM disks and saving your SSD from AFL Fuzzing](http://cipherdyne.org/blog/2014/12/ram-disks-and-saving-your-ssd-from-afl-fuzzing.html) + +[使用 AFL 进行 Bug 挖掘](https://josephg.com/blog/bug-hunting-with-american-fuzzy-lop/) + +[AFL 在真实示例中的高级用法](http://volatileminds.net/2015/07/01/advanced-afl-usage.html) + +[Segfaulting Python with afl-fuzz](http://tomforb.es/segfaulting-python-with-afl-fuzz) + +[Fuzzing Perl: A Tale of Two American Fuzzy Lops](http://www.geeknik.net/71nvhf1fp) + +[使用 AFL-Fuzz 进行 Fuzzing 的实例( AFL vs Binutils )](https://www.evilsocket.net/2015/04/30/fuzzing-with-afl-fuzz-a-practical-example-afl-vs-binutils/) + +[Fuzzing 模拟器的重要性](https://mgba.io/2016/09/13/fuzzing-emulators/) + +[心脏滴血漏洞是如何被发现的](https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html) + +[用 AFL 进行文件系统 Fuzzing](http://events.linuxfoundation.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf) + +##### Spike Fuzzer 相关教程 + +[Fuzzing with Spike to find overflows](http://null-byte.wonderhowto.com/how-to/hack-like-pro-build-your-own-exploits-part-3-fuzzing-with-spike-find-overflows-0162789/) + +[Fuzzing with Spike](https://samsclass.info/127/proj/p18-spike.htm) - Samclass.info 出品 + +##### FOE Fuzzer 相关教程 +[Fuzzing with FOE](https://samsclass.info/127/proj/p16-fuzz.htm) - Samclass.info 出品 + + +##### SMT/SAT 求解器教程 +[Z3 - A guide](http://rise4fun.com/z3/tutorial/guide) - Z3 快速上手指南 + + +## 工具 + +*那些在 fuzzing 中能帮上忙的工具* + +### 文件格式 Fuzzer + +*那些帮助对像 pdf, mp3, swf 等文件格式进行 fuzzing 的 Fuzzers* + +[MiniFuzz](https://www.microsoft.com/en-sg/download/details.aspx?id=21769) - Microsoft 出品的基础文件格式 fuzzing 工具 + +[BFF from CERT](https://www.cert.org/vulnerability-analysis/tools/bff.cfm?) - 基础文件格式 fuzzing 框架 + +[AFL Fuzzer (Linux only)]( http://lcamtuf.coredump.cx/afl/) - Michal Zalewski aka lcamtuf 开发的 Fuzzer + +[Win AFL](https://github.com/ivanfratric/winafl) - Ivan Fratic 开发的针对 Windows 二进制程序 fuzzing 的 AFL 分支版本 + +[Shellphish Fuzzer](https://github.com/shellphish/fuzzer) - 一个操纵 AFL 的 Python 接口,可以简单的写入测试用例与其他功能 + +[TriforceAFL](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/project-triforce-run-afl-on-everything/) - 一个 AFL 的修正版,支持应用源码无法获得情况下的 fuzzing + +[Peach Fuzzer](https://peachfuzz.sourceforge.net/) - 帮助创建传统 dumb 以及小型 fuzzer 的框架 + +[MozPeach](https://github.com/MozillaSecurity/peac://github.com/MozillaSecurity/peach) - 由 Mozilla Security 开发基于 peach 2.7 版本的分支版本 + +[Failure Observation Engine (FOE)](http://www.cert.org/vulnerability-analysis/tools/foe.cfm) - 基于畸形文件的 Windows 程序 Fuzzing 工具 + +[rmadair](http://rmadair.github.io/fuzzer/) - 基于畸形文件的 fuzzer,使用 PyDBG 来监视感兴趣的信号 + +[honggfuzz](https://github.com/google/honggfuzz) - 支持反馈驱动、基于代码覆盖率的通用、易用型 Fuzzer + +[zzuf](https://github.com/samhocevar/zzuf) - 一个透明应用输入 fuzzer,可以拦截文件操作、改变程序输入的随机位 + +[radamsa](https://github.com/aoh/radamsa) - 通用的 fuzzer,测试用例生成器 + + +### 网络协议 Fuzzer + +*那些帮助对像 HTTP, SSH, SMTP 等网络协议进行 fuzzing 的 Fuzzer* + +[Peach Fuzzer](https://peachfuzz.sourceforge.net/) - 帮助创建传统 dumb 以及小型 fuzzer 的框架 + +[Sulley](https://github.com/OpenRCE/sulley) - Michael Sutton 开发,包含多个可扩展组件的 Fuzzer 开发与 Fuzzing 测试框架 + +[boofuzz](https://github.com/jtpereyda/boofuzz) - Sulley 框架的继任者 + +[Spike](http://www.immunitysec.com/downloads/SPIKE2.9.tgz) - 像 sulley 的 fuzzer 开发框架,是 sulley 的前身 + +[Metasploit Framework](https://www.rapid7.com/products/metasploit/download.jsp) - 通过 Auxiliary 模块使其具有了 fuzzing 能力的框架 + +[Nightmare](https://github.com/joxeankoret/nightmare) - 一个带有 Web 管理界面的分布式 fuzzing 测试套件,支持对网络协议进行 fuzzing + +[rage_fuzzer](https://github.com/deanjerkovich/rage_fuzzer) - 未知协议包 fuzzer + + +### 杂项,内核 Fuzzer,通用 Fuzzer +[KernelFuzzer](https://github.com/mwrlabs/KernelFuzzer) - 跨平台内核 Fuzzer 框架 + +[honggfuzz](http://google.github.io/honggfuzz/) - 带有分析选项的通用、易用型 fuzzer + +[Hodor Fuzzer](https://github.com/nccgroup/hodor) - 曾经是另一个通用的 fuzzer + + +### 流分析(用户输入如何影响执行) + +[PANDA ( Platform for Architecture-Neutral Dynamic Analysis )](https://github.com/moyix/panda) + +[QIRA (QEMU Interactive Runtime Analyser)](http://qira.me/) + + +### 符号执行 + SAT/SMT 求解器 +[Z3](https://github.com/Z3Prover/z3) + +[SMT-LIB](http://smtlib.cs.uiowa.edu/) + +### 参考 + +我没有把全部的东西都纳进来,比如 AxMan,请参考以下链接获取更多信息 +https://www.ee.oulu.fi/research/ouspg/Fuzzers + + +### 基本工具(通用) + +*漏洞利用工具开发者、逆向工程师常用的工具* + +#### 调试工具 + +[Windbg](https://msdn.microsoft.com/en-in/library/windows/hardware/ff551063(v=vs.85).aspxi) - 漏洞利用者常用的调试器 + +[Immunity Debugger](http://debugger.immunityinc.com) - Immunity Sec 出品的调试器 + +[OllyDbg](http://www.ollydbg.de/) - 逆向工程师的常见选择 + +[Mona.py ( Plugin for windbg and Immunity dbg )](https://github.com/corelan/mona/) - 漏洞利用开发者的绝佳工具 + +[x64dbg](https://github.com/x64dbg/) - 开源 Windows x64/x32 调试器 + +[Evan's Debugger (EDB)](http://codef00.com/projects#debugger) - Front end for gdb. + +[GDB - Gnu Debugger](http://www.sourceware.org/gdb/) - 最好的 Linux 调试器 + +[PEDA](https://github.com/longld/peda) - Python 开发的 GDB 辅助程序 + +[Radare2](http://www.radare.org/r/) - 逆向工程与程序分析的框架 + + + +#### 反汇编工具 + +*反汇编工具、反汇编框架等* + +[IDA Pro](https://www.hex-rays.com/products/ida/index.shtml) - 最好的反汇编工具 + +[binnavi](https://github.com/google/binnavi) - 二进制程序分析 IDE,注释反汇编代码的控制流图与调用图 + +[Capstone](https://github.com/aquynh/capstone) - Capstone 是一个轻量、跨平台、多架构支持的反汇编框架 + + +#### 其他 + +[ltrace](http://ltrace.org/) - 库调用拦截 + +[strace](http://sourceforge.net/projects/strace/) - 系统调用拦截 + + + +## 存在漏洞的应用程序 +Exploit-DB - https://www.exploit-db.com +(搜索、选取漏洞,有些提供了程序下载,可以通过你选择试用的 fuzzer 对利用进行复现 + +PacketStorm - https://packetstormsecurity.com/files/tags/exploit/ + +##### fuzzing 期间种子样本文件 +https://files.fuzzing-project.org/ + +[PDF Test Corpus from Mozilla](https://github.com/mozilla/pdf.js/tree/master/test/pdfs) + +[MS Office file format documentation](https://www.microsoft.com/en-us/download/details.aspx?id=14565) + + +## 反Fuzzing + +[Introduction to Anti-Fuzzing: A Defence In-Depth Aid](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/january/introduction-to-anti-fuzzing-a-defence-in-depth-aid/) + + +## 贡献 + +[请查看 contributing.md 中关于细节的介绍](Contributing.md). + +感谢下列人员对这个项目的贡献: ++ [Tim Strazzere](https://twitter.com/timstrazz) ++ [jksecurity](https://github.com/jksecurity) + From 385a1e64b25e53d77e84277a15e8c6e00a86c2d5 Mon Sep 17 00:00:00 2001 From: Mohammed A Imran Date: Wed, 22 Mar 2017 01:07:07 +0800 Subject: [PATCH 03/21] Fix markdown rendering issues with anchor tags Anchor tag doesnt render well for links inside readme.md --- README.md | 122 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 71 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index e606f2c..e3c2c87 100644 --- a/README.md +++ b/README.md @@ -9,32 +9,32 @@ A curated list of fuzzing resources ( Books, courses - free and paid, videos, to + [Free](#free) + [Paid](#paid) - [Videos](#videos) - + [NYU Poly Course videos](#nyu-poly-videos) - + [Conference talks/tutorials on Fuzzing](#conf-talks-tutorials) -- [Tutorials](#tutorials) + + [NYU Poly Course videos](#nyu-poly-course-videos) + + [Conference talks and tutorials](#conference-talks-and-tutorials) +- [Tutorials and Blogs](#tutorials-and-blogs) - [Tools](#tools) + [File Format Fuzzers](#file-format-fuzzers) + [Network Protocol Fuzzers](#network-protocol-fuzzers) + [Taint Analysis](#taint-analysis) - + [Symbolic Execution + SAT/SMT Solvers](#smt-solvers) - + [Essential Tools (generic)](#essential-tools) -- [Vulnerable Applications](#vuln-apps) -- [Anti-Fuzzing](#antifuzz) -- [Contributing](#contribution) + + [Symbolic Execution SAT and SMT Solvers](#symbolic-execution-sat-and-smt-solvers) + + [Essential Tools](#essential-tools) +- [Vulnerable Applications](#vulnerable-applications) +- [Anti-Fuzzing](#anti-fuzzing) +- [Contributing](#contributing) + + +# Awesome Fuzzing Resources -Awesome Fuzzing Resources -------------- - ## Books + *Books on fuzzing* +- [Fuzzing: Brute Force Vulnerability Discovery](https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119) by Michael Sutton, Adam Greene, Pedram Amini. -+ [Fuzzing: Brute Force Vulnerability Discovery](https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119) by Michael Sutton, Adam Greene, Pedram Amini. +- [Fuzzing for Software Security Testing and Quality Assurance ](https://www.amazon.com/Fuzzing-Software-Security-Assurance-Information/dp/1596932147) by Ari Takanen, Charles Miller, and Jared D Demott. -+ [Fuzzing for Software Security Testing and Quality Assurance ](https://www.amazon.com/Fuzzing-Software-Security-Assurance-Information/dp/1596932147) by Ari Takanen, Charles Miller, and Jared D Demott. +- [Open Source Fuzzing Tools](https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950) by by Gadi Evron and Noam Rathaus. -+ [Open Source Fuzzing Tools](https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950) by by Gadi Evron and Noam Rathaus. - -+ [Gray Hat Python](https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921) by Justin Seitz. +- [Gray Hat Python](https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921) by Justin Seitz. > **Note:** Chapter(s) in the following books are dedicated to fuzzing. @@ -43,14 +43,14 @@ Awesome Fuzzing Resources > - [iOS Hacker's Handbook - Chapter 1](https://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123/) Charles Miller, Dino DaiZovi, Dion Blazakis, Ralf-Philip Weinmann, and Stefan Esser. -IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler. +> - [IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler](https://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler-ebook/dp/B005EI84TM) + - ## Courses *Courses/Training videos on fuzzing* - + ### Free [NYU Poly ( see videos for more )](https://vimeo.com/5236104 ) - Made available freely by Dan Guido. @@ -61,20 +61,21 @@ IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Dis [Offensive Computer Security - Week 6](http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) - by W. Owen Redwood and Prof. Xiuwen Liu. - -### Paid ( $$$ ) +### Paid + [Offensive Security, Cracking The Perimeter ( CTP ) and Advanced Windows Exploitation ( AWE )](https://www.offensive-security.com/information-security-training/) [SANS 660/760 Advanced Exploit Development for Penetration Testers](https://www.sans.org/course/advance-exploit-development-pentetration-testers) [Exodus Intelligence - Vulnerability development master class](https://blog.exodusintel.com/2016/05/18/exodus-intelligence-2016-training-course/) - + ## Videos *Videos talking about fuzzing techniques, tools and best practices* - -### NYU Poly Course videos (from Dan Guido) + + +### NYU Poly Course videos [Fuzzing 101 (Part 1)](https://vimeo.com/5236104) - by Mike Zusman. [Fuzzing 101 (Part 2)](https://vimeo.com/5237484) - by Mike Zusman. @@ -83,19 +84,18 @@ IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Dis [Fuzzing - Software Security Course on Coursera](https://www.coursera.org/learn/software-security/lecture/VgyOn/fuzzing) - by University of Maryland. - -### Conference talks/tutorials on Fuzzing +### Conference talks and tutorials [Youtube Playlist of various fuzzing talks and presentations ](https://www.youtube.com/playlist?list=PLtPrYlwXDImiO_hzK7npBi4eKQQBgygLD) - Lots of good content in these videos. - [Browser bug hunting - Memoirs of a last man standing](https://vimeo.com/109380793) - by Atte Kettunen [Coverage-based Greybox Fuzzing as Markov Chain](https://www.comp.nus.edu.sg/~mboehme/paper/CCS16.pdf) - -## Tutorials/Blogs. + +## Tutorials and Blogs *Tutorials and blogs which explain methodology, techniques and best practices of fuzzing* + ### [2016 articles] [Effective File Format Fuzzing](http://j00ru.vexillium.org/slides/2016/blackhat.pdf) - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London @@ -125,15 +125,21 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [7 Things to Consider Before Fuzzing a Large Open Source Project](https://www.linux.com/blog/7-things-consider-fuzzing-large-open-source-project) - by Emily Ratliff. + ##### From Fuzzing to Exploit: [From fuzzing to 0-day](https://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/) - by Harold Rodriguez(@superkojiman). [From crash to exploit](https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/) - by Corelan Team. ##### Peach Fuzzer related tutorials + [Getting Started with Peach](http://community.peachfuzzer.com/v2/PeachQuickstart.html) -[Fuzzing with Peach Part 1](http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/) - by Jason Kratzer of corelan team. -[Fuzzing with Peach Part 2](http://www.flinkd.org/2011/11/fuzzing-with-peach-part-2-fixups-2/) - by Jason Kratzer of corelan team. + +[Fuzzing with Peach Part 1](http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/) - by Jason Kratzer of corelan team + + +[Fuzzing with Peach Part 2](http://www.flinkd.org/2011/11/fuzzing-with-peach-part-2-fixups-2/) - by Jason Kratzer of corelan team. + [Auto generation of Peach pit files/fuzzers](http://doc.netzob.org/en/latest/tutorials/peach.html) - by Frédéric Guihéry, Georges Bossert. ##### AFL Fuzzer related tutorials @@ -155,34 +161,40 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [The Importance of Fuzzing...Emulators?](https://mgba.io/2016/09/13/fuzzing-emulators/) -[How Heartbleed could've been found](https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html +[How Heartbleed could've been found](https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html) [Filesystem Fuzzing with American Fuzzy lop](http://events.linuxfoundation.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf) + ##### libFuzzer Fuzzer related tutorials [libFuzzer Tutorial](http://tutorial.libfuzzer.info) [libFuzzer Workshop: "Modern fuzzing of C/C++ Projects"](https://github.com/Dor1s/libfuzzer-workshop) + ##### Spike Fuzzer related tutorials [Fuzzing with Spike to find overflows](http://null-byte.wonderhowto.com/how-to/hack-like-pro-build-your-own-exploits-part-3-fuzzing-with-spike-find-overflows-0162789/) [Fuzzing with Spike](https://samsclass.info/127/proj/p18-spike.htm) - by samclass.info + ##### FOE Fuzzer related tutorials + [Fuzzing with FOE](https://samsclass.info/127/proj/p16-fuzz.htm) - by Samclass.info ##### SMT/SAT solver tutorials + [Z3 - A guide](http://rise4fun.com/z3/tutorial/guide) - Getting Started with Z3: A Guide - + ## Tools *Tools which helps in fuzzing applications* - + + ### File Format Fuzzers *Fuzzers which helps in fuzzing file formats like pdf, mp3, swf etc.,* @@ -213,7 +225,7 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [radamsa](https://github.com/aoh/radamsa) - A general purpose fuzzer and test case generator. - + ### Network Protocol Fuzzers *Fuzzers which helps in fuzzing applications which use network based protocals like HTTP, SSH, SMTP etc.,* @@ -232,8 +244,11 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [rage_fuzzer](https://github.com/deanjerkovich/rage_fuzzer) - A dumb protocol-unaware packet fuzzer/replayer. - -### Misc. like Kernel Fuzzers, general purpose fuzzer etc., + +### Misc +*Other notable fuzzers like Kernel Fuzzers, general purpose fuzzer etc.,* + + [KernelFuzzer](https://github.com/mwrlabs/KernelFuzzer) - Cross Platform Kernel Fuzzer Framework. [honggfuzz](http://google.github.io/honggfuzz/) - A general-purpose, easy-to-use fuzzer with interesting analysis options. @@ -244,31 +259,35 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [syzkaller](https://github.com/google/syzkaller) - Distributed, unsupervised, coverage-guided Linux syscall fuzzer. - -### Taint Analysis ( How user input affects the execution) +### Taint Analysis +*How user input affects the execution* [PANDA ( Platform for Architecture-Neutral Dynamic Analysis )](https://github.com/moyix/panda) [QIRA (QEMU Interactive Runtime Analyser)](http://qira.me/) - -### Symbolic Execution + SAT/SMT Solvers + +### Symbolic Execution SAT and SMT Solvers + [Z3](https://github.com/Z3Prover/z3) [SMT-LIB](http://smtlib.cs.uiowa.edu/) + ### References I haven't included some of the legends like AxMan, please refer the following link for more information. https://www.ee.oulu.fi/research/ouspg/Fuzzers - -### Essential Tools (generic) + +### Essential Tools *Tools of the trade for exploit developers, reverse engineers* - + + #### Debuggers + [Windbg](https://msdn.microsoft.com/en-in/library/windows/hardware/ff551063(v=vs.85).aspxi) - The preferred debugger by exploit writers. [Immunity Debugger](http://debugger.immunityinc.com) - Immunity Debugger by Immunity Sec. @@ -288,18 +307,18 @@ https://www.ee.oulu.fi/research/ouspg/Fuzzers [Radare2](http://www.radare.org/r/) - Framework for reverse-engineering and analyzing binaries. - #### Disassemblers and some more *Dissemblers, disassembly frameworks etc.,* + [IDA Pro](https://www.hex-rays.com/products/ida/index.shtml) - The best disassembler [binnavi](https://github.com/google/binnavi) - Binary analysis IDE, annotates control flow graphs and call graphs of disassembled code. [Capstone](https://github.com/aquynh/capstone) - Capstone is a lightweight multi-platform, multi-architecture disassembly framework. - + #### Others [ltrace](http://ltrace.org/) - Intercepts library calls @@ -307,14 +326,16 @@ https://www.ee.oulu.fi/research/ouspg/Fuzzers [strace](http://sourceforge.net/projects/strace/) - Intercepts system calls - ## Vulnerable Applications + Exploit-DB - https://www.exploit-db.com (search and pick the exploits, which have respective apps available for download, reproduce the exploit by using fuzzer of your choice) PacketStorm - https://packetstormsecurity.com/files/tags/exploit/ + ##### Samples files for seeding during fuzzing: + https://files.fuzzing-project.org/ [PDF Test Corpus from Mozilla](https://github.com/mozilla/pdf.js/tree/master/test/pdfs) @@ -323,12 +344,12 @@ https://files.fuzzing-project.org/ [Fuzzer Test Suite](https://github.com/google/fuzzer-test-suite) - Set of tests for fuzzing engines. Includes different well-known bugs such as Heartbleed, c-ares $100K bug and others. - -## Anti-Fuzzing + +## Anti Fuzzing [Introduction to Anti-Fuzzing: A Defence In-Depth Aid](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/january/introduction-to-anti-fuzzing-a-defence-in-depth-aid/) - + ## Contributing [Please refer the guidelines at contributing.md for details](Contributing.md). @@ -336,4 +357,3 @@ https://files.fuzzing-project.org/ Thanks to the following folks who made contributions to this project. + [Tim Strazzere](https://twitter.com/timstrazz) + [jksecurity](https://github.com/jksecurity) - From 49dc9fb8bb9a3d13eb45d7bd4c726e0897ca5676 Mon Sep 17 00:00:00 2001 From: Marshall Whittaker Date: Wed, 12 Apr 2017 10:22:06 -0400 Subject: [PATCH 04/21] ansvif Added ansvif (A Not So Very Intelligent Fuzzer) to the list. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e3c2c87..ed47ee8 100644 --- a/README.md +++ b/README.md @@ -259,6 +259,8 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [syzkaller](https://github.com/google/syzkaller) - Distributed, unsupervised, coverage-guided Linux syscall fuzzer. +[ansvif](https://oxagast.github.io/ansvif/) - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code. + ### Taint Analysis *How user input affects the execution* From 3cc4f05aa5c0bd5d20be3542adffabe7c683ff61 Mon Sep 17 00:00:00 2001 From: Mohammed A Imran Date: Mon, 17 Apr 2017 12:29:33 +0800 Subject: [PATCH 05/21] Fixes #10 - Fix broken Peach tutorial links --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ed47ee8..c17af94 100644 --- a/README.md +++ b/README.md @@ -135,10 +135,10 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [Getting Started with Peach](http://community.peachfuzzer.com/v2/PeachQuickstart.html) -[Fuzzing with Peach Part 1](http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/) - by Jason Kratzer of corelan team +[Fuzzing with Peach Part 1](http://www.flinkd.org/fuzzing-with-peach-part-1/) - by Jason Kratzer of corelan team -[Fuzzing with Peach Part 2](http://www.flinkd.org/2011/11/fuzzing-with-peach-part-2-fixups-2/) - by Jason Kratzer of corelan team. +[Fuzzing with Peach Part 2](http://www.flinkd.org/fuzzing-with-peach-part-2-fixups-2/) - by Jason Kratzer of corelan team. [Auto generation of Peach pit files/fuzzers](http://doc.netzob.org/en/latest/tutorials/peach.html) - by Frédéric Guihéry, Georges Bossert. From 35ba0d91e82cf36872e2988d5b1165f3258f82c2 Mon Sep 17 00:00:00 2001 From: shanmugam Date: Mon, 19 Jun 2017 16:35:15 -0400 Subject: [PATCH 06/21] Minifuzz no longer available --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c17af94..d1610a7 100644 --- a/README.md +++ b/README.md @@ -199,7 +199,7 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio *Fuzzers which helps in fuzzing file formats like pdf, mp3, swf etc.,* -[MiniFuzz](https://www.microsoft.com/en-sg/download/details.aspx?id=21769) - Basic file format fuzzing tool by Microsoft. +~~[MiniFuzz](https://www.microsoft.com/en-sg/download/details.aspx?id=21769) - Basic file format fuzzing tool by Microsoft.~~ (No longer available) [BFF from CERT](https://www.cert.org/vulnerability-analysis/tools/bff.cfm?) - Basic Fuzzing Framework for file formats. From 3739e0cc8269eb385da4c9c9f452b8bb8e2bb763 Mon Sep 17 00:00:00 2001 From: Fuzz Stati0n Date: Wed, 21 Jun 2017 00:59:31 -0700 Subject: [PATCH 07/21] Add Fuzzgoat to Vulnerable Applications section (#19) --- README.md | 2 ++ README_ch.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index c17af94..a27042c 100644 --- a/README.md +++ b/README.md @@ -335,6 +335,8 @@ Exploit-DB - https://www.exploit-db.com PacketStorm - https://packetstormsecurity.com/files/tags/exploit/ +[Fuzzgoat](https://github.com/fuzzstati0n/fuzzgoat) - Vulnerable C program for testing fuzzers. + ##### Samples files for seeding during fuzzing: diff --git a/README_ch.md b/README_ch.md index b8d1fcb..82b3286 100644 --- a/README_ch.md +++ b/README_ch.md @@ -303,6 +303,8 @@ Exploit-DB - https://www.exploit-db.com PacketStorm - https://packetstormsecurity.com/files/tags/exploit/ +[Fuzzgoat](https://github.com/fuzzstati0n/fuzzgoat) - Vulnerable C program for testing fuzzers. + ##### fuzzing 期间种子样本文件 https://files.fuzzing-project.org/ From b45b3ea411ff4cc173879b161de86231030a6d50 Mon Sep 17 00:00:00 2001 From: Aaron Muir Hamilton Date: Wed, 21 Jun 2017 08:05:12 +0000 Subject: [PATCH 08/21] Fix MozPeach link. (#18) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a27042c..50c3eb7 100644 --- a/README.md +++ b/README.md @@ -213,7 +213,7 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [Peach Fuzzer](https://peachfuzz.sourceforge.net/) - Framework which helps to create custom dumb and smart fuzzers. -[MozPeach](https://github.com/MozillaSecurity/peac://github.com/MozillaSecurity/peach) - A fork of peach 2.7 by Mozilla Security. +[MozPeach](https://github.com/MozillaSecurity/peach) - A fork of peach 2.7 by Mozilla Security. [Failure Observation Engine (FOE)](www.cert.org/vulnerability-analysis/tools/foe.cfm) - mutational file-based fuzz testing tool for windows applications. From 937a3e59c5aa8b773a5ea69dfcdf2ab977cb7981 Mon Sep 17 00:00:00 2001 From: Aron Granberg Date: Wed, 21 Jun 2017 10:06:45 +0200 Subject: [PATCH 09/21] Fix typo in README.md (fuzzy loop -> fuzzy lop) (#15) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 50c3eb7..f895ad0 100644 --- a/README.md +++ b/README.md @@ -203,7 +203,7 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [BFF from CERT](https://www.cert.org/vulnerability-analysis/tools/bff.cfm?) - Basic Fuzzing Framework for file formats. -[AFL Fuzzer (Linux only)]( http://lcamtuf.coredump.cx/afl/) - American Fuzzy Loop Fuzzer by Michal Zalewski aka lcamtuf +[AFL Fuzzer (Linux only)]( http://lcamtuf.coredump.cx/afl/) - American Fuzzy Lop Fuzzer by Michal Zalewski aka lcamtuf [Win AFL](https://github.com/ivanfratric/winafl) - A fork of AFL for fuzzing Windows binaries by Ivan Fratic From c1ca34c7f338d8ca0208a176c335f4540c47444e Mon Sep 17 00:00:00 2001 From: Damian Gryski Date: Wed, 21 Jun 2017 10:07:58 +0200 Subject: [PATCH 10/21] add perl/xs fuzzing tutorial (#13) --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f895ad0..9196e75 100644 --- a/README.md +++ b/README.md @@ -165,6 +165,8 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [Filesystem Fuzzing with American Fuzzy lop](http://events.linuxfoundation.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf) +[Fuzzing Perl/XS modules with AFL](https://medium.com/@dgryski/fuzzing-perl-xs-modules-with-afl-4bfc2335dd90) + ##### libFuzzer Fuzzer related tutorials From f302cac4ccd4fb6ae16cf4f33beccbff37f78229 Mon Sep 17 00:00:00 2001 From: jose nazario Date: Wed, 21 Jun 2017 04:09:42 -0400 Subject: [PATCH 11/21] blurbs for SMT-LIB and Z3 (#14) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9196e75..8d2862b 100644 --- a/README.md +++ b/README.md @@ -273,9 +273,9 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio ### Symbolic Execution SAT and SMT Solvers -[Z3](https://github.com/Z3Prover/z3) +[Z3](https://github.com/Z3Prover/z3) - A theorem prover from Microsoft Research. -[SMT-LIB](http://smtlib.cs.uiowa.edu/) +[SMT-LIB](http://smtlib.cs.uiowa.edu/) - An international initiative aimed at facilitating research and development in Satisfiability Modulo Theories (SMT) ### References From 70fde7696afde746b556b4345d18245e09b5f70d Mon Sep 17 00:00:00 2001 From: Foster Brereton Date: Wed, 21 Jun 2017 01:11:45 -0700 Subject: [PATCH 12/21] Adding binspector to the tools list (#17) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8d2862b..b277a7f 100644 --- a/README.md +++ b/README.md @@ -227,6 +227,7 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [radamsa](https://github.com/aoh/radamsa) - A general purpose fuzzer and test case generator. +[binspector](https://github.com/binspector/binspector) - A binary format analysis and fuzzing tool ### Network Protocol Fuzzers From c2d46650bc85c8d78edda7d02ce0e8138db5a8fd Mon Sep 17 00:00:00 2001 From: jose nazario Date: Wed, 21 Jun 2017 14:56:45 -0400 Subject: [PATCH 13/21] add server fuzzing with AFL tutorial (#20) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b277a7f..310fae2 100644 --- a/README.md +++ b/README.md @@ -167,6 +167,7 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [Fuzzing Perl/XS modules with AFL](https://medium.com/@dgryski/fuzzing-perl-xs-modules-with-afl-4bfc2335dd90) +[How to fuzz a server with American Fuzzy Lop](https://www.fastly.com/blog/how-fuzz-server-american-fuzzy-lop/) - by Jonathan Foote ##### libFuzzer Fuzzer related tutorials From 1b08264880a22dc1fa98719d1edbd774cbc0f816 Mon Sep 17 00:00:00 2001 From: Renata Hodovan Date: Thu, 27 Jul 2017 23:03:38 +0200 Subject: [PATCH 14/21] Add grammarinator to file format fuzzers. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 310fae2..34d0f61 100644 --- a/README.md +++ b/README.md @@ -230,6 +230,8 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [binspector](https://github.com/binspector/binspector) - A binary format analysis and fuzzing tool +[grammarinator](https://github.com/renatahodovan/grammarinator) - Fuzzing tool for file formats based on ANTLR v4 grammars (lots of grammars already available from the ANTLR project). + ### Network Protocol Fuzzers *Fuzzers which helps in fuzzing applications which use network based protocals like HTTP, SSH, SMTP etc.,* From 3389f5f05ec282185371b5814c718a58267e8d7a Mon Sep 17 00:00:00 2001 From: Mohammed A Imran Date: Thu, 3 Aug 2017 16:57:55 +0800 Subject: [PATCH 15/21] Link to contributors page --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index dd91e26..38e448c 100644 --- a/README.md +++ b/README.md @@ -367,3 +367,4 @@ https://files.fuzzing-project.org/ Thanks to the following folks who made contributions to this project. + [Tim Strazzere](https://twitter.com/timstrazz) + [jksecurity](https://github.com/jksecurity) ++ [and these awesome people](https://github.com/secfigo/Awesome-Fuzzing/graphs/contributors) From 6aa1eac08825d28e03e7d5a4f9a2bc2f53a1020c Mon Sep 17 00:00:00 2001 From: Mohammed A Imran Date: Tue, 8 Aug 2017 11:49:11 +0800 Subject: [PATCH 16/21] Fix author name for Sulley --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 38e448c..efdd06b 100644 --- a/README.md +++ b/README.md @@ -238,7 +238,7 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [Peach Fuzzer](https://peachfuzz.sourceforge.net/) - Framework which helps to create custom dumb and smart fuzzers. -[Sulley](https://github.com/OpenRCE/sulley) - A fuzzer development and fuzz testing framework consisting of multiple extensible components by Michael Sutton. +[Sulley](https://github.com/OpenRCE/sulley) - A fuzzer development and fuzz testing framework consisting of multiple extensible components by Pedram Amini. [boofuzz](https://github.com/jtpereyda/boofuzz) - A fork and successor of Sulley framework. From 01a365c2bd3a2f22313cf162de6d5270404bab17 Mon Sep 17 00:00:00 2001 From: griddd Date: Sun, 10 Sep 2017 07:05:58 -0500 Subject: [PATCH 17/21] Add Derbycon talk on Fuzzing (#23) * Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index efdd06b..e6a18fb 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,8 @@ A curated list of fuzzing resources ( Books, courses - free and paid, videos, to [Coverage-based Greybox Fuzzing as Markov Chain](https://www.comp.nus.edu.sg/~mboehme/paper/CCS16.pdf) +[DerbyCon 2016: Fuzzing basics...or how to break software](http://www.securitytube.net/video/16939) + ## Tutorials and Blogs From 911c8f4989a6d21f1b71a0e52446e6fe4d6c5fca Mon Sep 17 00:00:00 2001 From: f0r Date: Sun, 10 Sep 2017 20:07:19 +0800 Subject: [PATCH 18/21] Fix broken link of AFL and LibFuzzer tutorial (#24) replace the link of 'A gentle introduction to fuzzing C++ code with AFL and libFuzzer' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e6a18fb..f648bf6 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ A curated list of fuzzing resources ( Books, courses - free and paid, videos, to [Fuzzing workflows; a fuzz job from start to finish](https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/) - by @BrandonPrry. -[A gentle introduction to fuzzing C++ code with AFL and libFuzzer](http://jefftrull.github.io/c++/clang/llvm/fuzzing/sanitizers/2015/11/27/fuzzing-with-sanitizers.html) - by Jeff Trull. +[A gentle introduction to fuzzing C++ code with AFL and libFuzzer](http://jefftrull.github.io/c++/clang/llvm/fuzzing/sanitizer/2015/11/27/fuzzing-with-sanitizers.html) - by Jeff Trull. [A 15 minute introduction to fuzzing](https://www.mwrinfosecurity.com/our-thinking/15-minute-guide-to-fuzzing/) - by folks at MWR Security. From eaf54f8e78c1c0986d0b1b23c72409c76ce943e7 Mon Sep 17 00:00:00 2001 From: Mohammed A Imran Date: Fri, 22 Sep 2017 14:09:51 +0800 Subject: [PATCH 19/21] Add minifuzz way back machine link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f648bf6..d501ec2 100644 --- a/README.md +++ b/README.md @@ -204,7 +204,7 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio *Fuzzers which helps in fuzzing file formats like pdf, mp3, swf etc.,* -~~[MiniFuzz](https://www.microsoft.com/en-sg/download/details.aspx?id=21769) - Basic file format fuzzing tool by Microsoft.~~ (No longer available) +[MiniFuzz - Wayback Machine link](https://web.archive.org/web/20140512203517/http://download.microsoft.com/download/D/6/E/D6EDC908-A1D7-4790-AB0B-66A8B35CD931/MiniFuzzSetup.msi) - Basic file format fuzzing tool by Microsoft. (No longer available on Microsoft website). [BFF from CERT](https://www.cert.org/vulnerability-analysis/tools/bff.cfm?) - Basic Fuzzing Framework for file formats. From 620bb36a8495ab6b16b9d2003d64b5013c0058c9 Mon Sep 17 00:00:00 2001 From: Sponge Date: Fri, 27 Oct 2017 08:04:26 +0530 Subject: [PATCH 20/21] Add kfetch-toolkit, advanced logging of memory references (#25) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d501ec2..2535e09 100644 --- a/README.md +++ b/README.md @@ -276,6 +276,7 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [QIRA (QEMU Interactive Runtime Analyser)](http://qira.me/) +[kfetch-toolkit](https://github.com/j00ru/kfetch-toolkit) - Tool to perform advanced logging of memory references performed by operating systems’ kernels ### Symbolic Execution SAT and SMT Solvers From f11eaae59c5746ac610aec913e29b4946e08cb8c Mon Sep 17 00:00:00 2001 From: mykter Date: Fri, 15 Dec 2017 02:10:59 +0000 Subject: [PATCH 21/21] Add fuzzing with AFL workshop from SteelCon 2017 (#26) Also remove out of date "2016" sub-heading --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2535e09..ca79777 100644 --- a/README.md +++ b/README.md @@ -98,8 +98,6 @@ A curated list of fuzzing resources ( Books, courses - free and paid, videos, to *Tutorials and blogs which explain methodology, techniques and best practices of fuzzing* -### [2016 articles] - [Effective File Format Fuzzing](http://j00ru.vexillium.org/slides/2016/blackhat.pdf) - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London [A year of Windows kernel font fuzzing Part-1 the results](http://googleprojectzero.blogspot.in/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html) - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers. @@ -171,6 +169,8 @@ https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruptio [How to fuzz a server with American Fuzzy Lop](https://www.fastly.com/blog/how-fuzz-server-american-fuzzy-lop/) - by Jonathan Foote +[Fuzzing with AFL Workshop - a set of challenges on real vulnerabilities](https://github.com/ThalesIgnite/afl-training) + ##### libFuzzer Fuzzer related tutorials [libFuzzer Tutorial](http://tutorial.libfuzzer.info)