Awesome-Fuzzing/README.md

Welcome to Awesome Fuzzing

A list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials,and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

Table of Contents

• Books
• Courses
  • Free
  • Paid
• Videos
  • NYU Poly Course videos
  • Conference talks/tutorials on Fuzzing
• Tutorials
• Tools
  • File Format Fuzzers
  • Network Protocol Fuzzers
  • Taint Analysis
  • Symbolic Execution + SAT/SMT Solvers
  • Essential Tools (generic)
• Vulnerable Applications

Awesome Fuzzing Resources

### Books

Fuzzing: Brute Force Vulnerability Discovery - https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119

Fuzzing for Software Security Testing and Quality Assurance - https://www.amazon.com/Fuzzing-Software-Security-Assurance-Information/dp/1596932147

Open Source Fuzzing Tools - https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950

Gray Hat Python - https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921

Note: Chapter(s) in the following books are dedicated to fuzzing

• The Shellcoder's Handbook: Discovering and Exploiting Security Holes ( Chapter 15 ) - https://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/

• iOS Hacker's Handbook - Chapter 1 - https://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123/

IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler

### Courses #### Free NYU Poly - https://vimeo.com/5236104 ( see videos for more )

Samclass.info ( check projects section and chapter 17 ) - https://samsclass.info/127/127_F15.shtml

Modern Binary Exploitation ( RIPESEC ) - Chapter 15 - https://github.com/RPISEC/MBE

#### Paid ( $$$ ) Offensive Security, Cracking The Perimeter ( CTP ) and Advanced Windows Exploitation ( AWE ) - https://www.offensive-security.com/information-security-training/

SANS 660/760 Advanced Exploit Development for Penetration Testers - https://www.sans.org/course/advance-exploit-development-pentetration-testers

### Videos #### NYU Poly Course videos (from Dan Guido) Mike Zusman - Fuzzing 101 (Part 1) - https://vimeo.com/5236104

Mike Zusman - Fuzzing 101 (Part 2) - https://vimeo.com/5237484

Mike Zusman - Fuzzing 101 (2009) - https://vimeo.com/7574602

#### Conference talks/tutorials on Fuzzing Youtube Playlist of various fuzzing talks and presentations - https://www.youtube.com/playlist?list=PLtPrYlwXDImiO_hzK7npBi4eKQQBgygLD Consider watching talks from Charlie Miller, ### Tutorials > **Note:** Folks at fuzzing.info has done a great job of collecting some awesome links, i'm not going to duplicate their work. I will add papers from 2015 and 2016 soon here.

Fuzzing Papers- https://fuzzing.info/papers/

Fuzzing Blogs - https://fuzzing.info/resources/

https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/ https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/

Spike http://null-byte.wonderhowto.com/how-to/hack-like-pro-build-your-own-exploits-part-3-fuzzing-with-spike-find-overflows-0162789/

### Tools #### File Format Fuzzers

MiniFuzz - https://www.microsoft.com/en-sg/download/details.aspx?id=21769

BFF from cert - https://www.cert.org/vulnerability-analysis/tools/bff.cfm?

AFL Fuzzer (Linux only) - http://lcamtuf.coredump.cx/afl/

Peach Fuzzer - https://peachfuzz.sourceforge.net/

Failure Observation Engine (FOE) - www.cert.org/vulnerability-analysis/tools/foe.cfm

rmadair - http://rmadair.github.io/fuzzer/

#### Network Protocol Fuzzers Sulley - https://github.com/OpenRCE/sulley

Spike - http://www.immunitysec.com/downloads/SPIKE2.9.tgz

Peach Fuzzer - https://peachfuzz.sourceforge.net/

Metasploit - https://www.rapid7.com/products/metasploit/download.jsp

#### Taint Analysis ( How user input affects the execution) PANDA ( Platform for Architecture-Neutral Dynamic Analysis ) - https://github.com/moyix/panda -

QIRA (QEMU Interactive Runtime Analyser) - http://qira.me/

#### Symbolic Execution + SAT/SMT Solvers Z3 - https://github.com/Z3Prover/z3

SMT-LIB - http://smtlib.cs.uiowa.edu/

References

I haven't included some of the legends like AxMan, please refer the following link for more information. https://www.ee.oulu.fi/research/ouspg/Fuzzers

#### Essential Tools (generic) ##### Debuggers

Windbg - https://msdn.microsoft.com/en-in/library/windows/hardware/ff551063(v=vs.85).aspx

Immunity Debugger - http://debugger.immunityinc.com

OllyDbg - http://www.ollydbg.de/

Mona.py ( Plugin for windbg and Immunity dbg ) - https://github.com/corelan/mona/

X64dbg - https://github.com/x64dbg/

Evan's Debugger (EDB) - http://codef00.com/projects#debugger

GDB - http://www.sourceware.org/gdb/

PEDA - https://github.com/longld/peda

Radare2 - http://www.radare.org/r/

##### Dissemblers and some more

IDA Pro - https://www.hex-rays.com/products/ida/index.shtml

binnavi - https://github.com/google/binnavi

Capstone - https://github.com/aquynh/capstone

##### Others

ltrace - http://ltrace.org/

strace - http://sourceforge.net/projects/strace/

### Vulnerable Applications Exploit-DB - https://www.exploit-db.com (search and pick the exploits, which have respective apps available for download, reproduce the exploit by using fuzzer of your choice)