.. image:: https://github.com/jtpereyda/boofuzz/raw/master/artwork/boo-logo-dark.svg
:width: 60%
:alt: boofuzz logo
boofuzz: Network Protocol Fuzzing for Humans
============================================
.. image:: https://github.com/jtpereyda/boofuzz/workflows/Test/badge.svg?branch=master
:target: https://github.com/jtpereyda/boofuzz/actions?query=workflow%3ATest+branch%3Amaster
.. image:: https://readthedocs.org/projects/boofuzz/badge/?version=latest
:target: https://boofuzz.readthedocs.io/
:alt: Documentation Status
.. image:: https://img.shields.io/pypi/v/boofuzz.svg
:target: https://pypi.org/project/boofuzz/
.. image:: https://badges.gitter.im/jtpereyda/boofuzz.svg
:alt: Join the chat at https://gitter.im/jtpereyda/boofuzz
:target: https://gitter.im/jtpereyda/boofuzz
.. image:: https://img.shields.io/badge/code%20style-black-000000.svg
:target: https://github.com/psf/black
Boofuzz is a fork of and the successor to the venerable `Sulley`_ fuzzing
framework. Besides numerous bug fixes, boofuzz aims for extensibility.
The goal: fuzz everything.
.. figure:: https://github.com/jtpereyda/boofuzz/raw/master/_static/boofuzz-screenshot.png
:alt: boofuzz screenshot
Why?
----
Sulley has been the preeminent open source fuzzer for some time, but has
fallen out of maintenance.
Features
--------
Like Sulley, boofuzz incorporates all the critical elements of a fuzzer:
- Easy and quick data generation.
- Instrumentation – AKA failure detection.
- Target reset after failure.
- Recording of test data.
Unlike Sulley, boofuzz also features:
- Online `documentation`_.
- Support for arbitrary communications mediums.
- Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast.
- Better recording of test data -- consistent, thorough, clear.
- Test result CSV export.
- *Extensible* instrumentation/failure detection.
- Much easier install experience!
- Far fewer bugs.
Sulley is affectionately named after the giant teal and purple creature
from Monsters Inc. due to his fuzziness. Boofuzz is likewise named after
the only creature known to have scared Sulley himself: Boo!
.. figure:: https://github.com/jtpereyda/boofuzz/raw/master/_static/boo.png
:alt: Boo from Monsters Inc
Boo from Monsters Inc
Installation
------------
::
pip install boofuzz
Boofuzz installs as a Python library used to build fuzzer scripts. See
`INSTALL.rst`_ for advanced and detailed instructions.
Documentation
-------------
Documentation is available at https://boofuzz.readthedocs.io/, including nifty quickstart guides.
Contributions
-------------
Pull requests are welcome, as boofuzz is actively maintained (at the
time of this writing ;)). See `CONTRIBUTING.rst`_.
Community
---------
For questions that take the form of “How do I… with boofuzz?” or “I got
this error with boofuzz, why?”, consider posting your question on Stack
Overflow. Make sure to use the ``fuzzing`` tag.
If you’ve found a bug, or have an idea/suggestion/request, file an issue
here on GitHub.
For other questions, check out boofuzz on `gitter`_ or `Google Groups`_.
For updates, follow `@b00fuzz`_ on Twitter.
.. _Sulley: https://github.com/OpenRCE/sulley
.. _Google Groups: https://groups.google.com/d/forum/boofuzz
.. _gitter: https://gitter.im/jtpereyda/boofuzz
.. _@b00fuzz: https://twitter.com/b00fuzz
.. _documentation: https://boofuzz.readthedocs.io/
.. _INSTALL.rst: INSTALL.rst
.. _CONTRIBUTING.rst: CONTRIBUTING.rst
Changelog
=========
v0.4.2
------
Features
^^^^^^^^
- Remove six compatibility module.
- Remove Python 2 compatibility code.
- Remove specifying object inheritance in classes.
- Added Web UI listening on specific IP address.
- Added Python 3.11 compatibility.
Fixes
^^^^^
- Specified encoding on file write rather than assuming default encoding.
- Changed type of `default_value` from string to bytes for `FromFile`.
- `s_update` primitive was out of date.
- The minimum supported Python version is now 3.8.
- Removed duplicates from `BitField` primitive.
- Fixed unwanted deprecation warning when using `Session.fuzz(name=name)`.
- Changed type of `dep_value` argument of `Block` to bytes and added type checks.
- Split sessions.py into multiple files.
- Using poetry as package build system.
v0.4.1
------
Features
^^^^^^^^
- Added support for fuzzing NETCONF servers with the `NETCONFConnection` class.
- Add support and tests for Python 3.10.
- Added `Session` arg `db_filename` to modify the location of the log database.
Fixes
^^^^^
- Fixed check for when to enable the web app.
- Documented the possibility to disable the web app.
- Correctly initialize all children of a request which inherits from `FuzzableBlock`.
- Added type checking for arguments of `Bytes` primitive to prevent incorrect use.
- Fixed TypeError in `s_binary` initialization.
- Remove redundant unicode strings.
v0.4.0
------
Features
^^^^^^^^
- Fuzzing CLI -- Use main_helper() to use boofuzz's generic fuzzing CLI with your script.
- Combinatorial fuzzing -- now fuzzes multiple mutations at once by default.
- Test cases can now be specified and re-run by name.
- Implemented visual request-graph rendering functions for Session.
- Added to web UIL: runtime, exec speed, current test case name.
- Added simple custom checksum and example usage.
- Added `Simple` primitive that uses only the specified values for fuzzing.
- Added `Float` primitive with support for IEEE 754 encoding.
- Added an example for s_float/Float usage.
Fixes
^^^^^
- Clarified documentation of custom checksum function for `Checksum` primitive.
- String and RandomData primitives now use a local and independent instance of `random`.
- The minimum supported Python version is now 3.6.
- Fixed two memory leaks in the fuzz logger.
v0.3.0
------
Features
^^^^^^^^
- Memory optimization: Efficient mutation generation and smarter string reuse -- decrease memory consumption by orders of magnitude.
- `Aligned` block: Aligns content length to multiple of certain number of bytes.
- Relative names: Name references for `Checksum`, `Size`, etc. now resolve absolute and relative names. Block and primitive
names no longer need to be globally unique within a message, they only need to be locally unique within a block.
- Passing data between messages: Callbacks now have a `TestCaseContext` object to which one can save data to be used
later in the test case. `TestCaseSessionReference` can be passed as a default value in a protocol definition. The name
it references must have been saved by the time that message in the protocol is reached.
- `Fuzzable` rewrite: Simpler definitions for new fuzz primitives. See `static.py` for an example of a very simple primitive.
- Protocol definition: Protocols can now be defined with an object oriented rather than static approach.
- Independent mutation and encoding steps: Will enable multiple mutations and code coverage feedback.
- Procmon: Additional debug steps. Partial backwards compatibility for old interface.
- `ProcessMonitorLocal` allows running procmon as part of fuzzer process.
- Network monitor: improved network interface discovery (Linux support).
- Added support for fuzzing Unix sockets with the `UnixSocketConnection` class.
- Added metadata to ProtocolSession to support callbacks -- `current_message`, `previous_message`.
- All primitive arguments are now optional keyword arguments.
Fixes
^^^^^
- Various web interface fixes.
- Various refactors and simplifications.
- Fewer duplicates from `Group` primitives.
- Network monitor: fixed data_bytes calculation and PcapThread synchronization.
- Fixed a crash when using the network monitor.
- Session can now be "quiet" by passing an empty list of loggers.
- Process Monitor: fixed Thread.isAlive for Python 3.9 compatibility.
- Correctly truncate values of the string primitive when max_len or size is set.
- The string primitive will no longer generate duplicates when max_len or size is set.
- Greatly improved string to bytes conversion speed.
v0.2.1
------
Features
^^^^^^^^
- Added simple TFTP fuzzer example.
Fixes
^^^^^
- Fixed UDPSocketConnection data truncation when sending more data than the socket supports.
- Fixed execution of procmon stop_commands.
- Fixed TCP and SSL server connections.
v0.2.0
------
Features
^^^^^^^^
- Rewrote and split the SocketConnection class into individual classes per socket type.
- `SocketConnection` is now deprecated. Use the classes derived from `BaseSocketConnection` instead.
- Added support for receiving on raw Layer 2 and Layer 3 connections.
- Layer 2 and Layer 3 connections may now use arbitrary payload / MTU sizes.
- Moved connection related modules into new `connections` submodule.
- Added the ability to repeat sending of packages within a given time or count.
- Added optional timeout and threshold to quit infinite connection retries.
- Reworked Monitors, consolidated interface. Breaking change: session no longer has netmon_options and procmon_options.
- `SessionInfo` has had attributes renamed; procmon_results and netmon_results are deprecated and now aliases for monitor_results and monitor_data respectively.
- New `BoofuzzFailure` exception type allows callback methods to signal a failure that should halt the current test case.
- Added `capture_output` option to process monitor to capture target process stderr/stdout .
- Added post-start-target callbacks (called every time a target is started or restarted).
- Added method to gracefully stop PED-RPC Server.
- Added new boofuzz logo and favicon to docs and webinterface.
- Added `FileConnection` to dump messages to files.
- Removed deprecated session arguments `fuzz_data_logger`, `log_level`, `logfile`, `logfile_level` and `log()`.
- Removed deprecated logger `FuzzLoggerFile`.
- `crc32c` is no longer a required package. Install manually if needed.
Fixes
^^^^^
- Fixed size of s_size block when output is ascii.
- Fixed issue with tornado on Python 3.8 and Windows.
- Fixed various potential type errors.
- Renamed `requests` folder to `request_definitions` because it shadowed the name of the `requests` python module.
- Examples are up to date with current Boofuzz version.
- Modified timings on serial_connection unit tests to improve test reliability.
- Refactored old unit-tests.
- Fixed network monitor compatibility with Python 3.
- Minor console GUI optimizations.
- Fixed crash_threshold_element handling if blocks are used.
- Fixed many bugs in which a failure would not stop the test case evaluation.
v0.1.6
------
Features
^^^^^^^^
- New primitive `s_bytes` which fuzzes an arbitrary length binary value (similiar to `s_string`).
- We are now using `Black` for code style standardization.
- Compatibility for Python 3.8
- Added crc32c as checksum algorithm (Castagnoli).
- Added favicon for web interface.
- Pushed Tornado to 5.x and unpinned Flask.
Fixes
^^^^^
- Test cases were not being properly closed when using the check_message() functionality.
- Some code style changes to meet PEP8.
- `s_group` primitive was not accepting empty default value.
- Timeout during opening TCP connection now raises BoofuzzTargetConnectionFailedError exception.
- SSL/TLS works again. See `examples/fuzz-ssl-server.py` and `examples/fuzz-ssl-client.py`.
- Dropped six.binary_type in favor of b"" format.
- Fixed process monitor handling of backslashes in Windows start commands.
- Fixed and documented `boo open`.
- Fixed receive function in `fuzz_logger_curses`.
- Installing boofuzz with `sudo` is no longer recommended, use the `--user` option of pip instead.
- Fixed setting socket timeout options on Windows.
- If all sockets are exhausted, repeatedly try fuzzing for 4 minutes before failing.
- Fixed CSV logger send and receive data decoding.
- Handle SSL-related exception. Added `ignore_connection_ssl_errors` session attribute that can
be set to True to ignore SSL-related error on a test case.
- Fixed `s_from_file` decoding in Python 2 (the encoding parameter is now depreciated).
- Updated documentation of `s_checksum`. It is possible to use a custom algorithm with this block.
v0.1.5
------
Features
^^^^^^^^
- New curses logger class to provide a console gui similar to the webinterface. Use the session option `console_gui` to enable it.
This has not been tested under Windows!
- Compatibility for Python 3
- Large test cases are now truncated, unless a failure is detected.
- When a target fails to respond after restart, boofuzz will now continue to restart instead of crashing.
- New Session option `keep_web_open` to allow analyzing the test results after test completion.
- Process monitor creates new crash file for each run by default.
- Long lines now wrap in web view; longer lines no longer need to be truncated.
- Process monitor now stores crash bins in JSON format instead of pickled format.
- Process monitor in Windows will use `taskkill -F` if `taskkill` fails.
Fixes
^^^^^
- Web server no longer crashes when asked for a non-existing test case.
- EINPROGRESS socket error is now handled while opening a socket (note: this sometimes-transient error motivated the move to retry upon connection failure)
v0.1.4
------
Features
^^^^^^^^
- New Session options `restart_callbacks`, `pre_send_callbacks`, and `post_test_case_callbacks` to hand over custom callback functions.
- New Session option `fuzz_db_keep_only_n_pass_cases`. This allowes saving only n test cases preceding a failure or error to the database.
- Added logic to find next available port for web interface or disable the web interface.
- Removed sleep logs when sleep time is zero.
- Added option to reuse the connection to the target.
Fixes
^^^^^
- Windows process monitor now handles combination of proc_name and/or start_commands more reasonably
- Windows process monitor handles certain errors more gracefully
- Fixed target close behavior so post send callbacks can use the target.
- Fixed a dependency issue in installation.
v0.1.3
------
Features
^^^^^^^^
- Socket Connections now allow client fuzzing.
- Log only the data actually sent, when sending is truncated. Helps reduce database size, especially when fuzzing layer 2 or 3.
- `Target` `recv` function now accepts a `max_recv_bytes` argument.
Fixes
^^^^^
- Fixed install package -- now includes JavaScript files.
v0.1.2
------
Features
^^^^^^^^
- Clearer error message when procmon is unavailable at fuzz start.
- Web UI now refreshes current case even when snap-to-current-test-case is disabled.
Fixes
^^^^^
- Web UI no longer permits negative test cases.
- Fix Windows procmon regression.
- Minor fixes and UI tweaks.
v0.1.1
------
Features
^^^^^^^^
- New `boo open` command can open and inspect saved database log files.
- Unix procmon now saves coredumps by default.
- Improved "Cannot connect to target" error message.
- Improved API for registering callbacks.
- Made the global `REQUESTS` map available in top level boofuzz package.
Fixes
^^^^^
- Handle exceptions when opening crash bin files in process monitor.
- Fix Block.__len__ to account for custom encoder.
v0.1.0
------
Features
^^^^^^^^
- Web UI
- Statistics now auto-update.
- Test case logs now stream on the main page.
- Cool left & right arrow buttons to move through test case
- New ``Session`` parameter ``receive_data_after_fuzz``. Controls whether to execute a receive step after sending
fuzz messages. Defaults to False. This significantly speeds up tests in which the target tends not to respond to
invalid messages.
Fixes
^^^^^
- Text log output would include double titles, e.g. "Test Step: Test Step: ..."
v0.0.13
-------
Features
^^^^^^^^
- Web UI
- Test case numbers are now clickable and link to test case detail view.
- Test case details now in color!
- ``FuzzLoggerDB``
- Added FuzzLoggerDB to allow querying of test results during and after test run. Saves results in a SQLite file.
- Added ``Session.open_test_run()`` to read test results database from previous test run.
- New ``Session.feature_check()`` method to verify protocol functionality before fuzzing.
- Process Monitor
- Unify process monitor command line interface between Unix and Windows.
- Added procmon option ``proc_name`` to support asynchronously started target processes.
- procmon is now checked for errors before user ``post_send()`` is called, reducing redundant error messages.
- Improved procmon logging.
- Process monitor gives more helpful error messages when running 64-bit application (unsupported) or when a process is
killed before being attached
- Logging Improvements
- ``Target`` ``open()`` and ``close()`` operations are now logged.
- Added some optional debug output from boofuzz runtime.
- Improve capability and logging of messages' ``callback`` methods.
- New ``Session`` & Connection Options
- Add ``Session`` ``receive_data_after_each_request`` option to enable disabling of data receipt after messages are sent.
- ``Session`` ``skip`` argument replaced with ``index_start`` and ``index_end``.
- ``Session`` now has separate crash thresholds for elements/blocks and nodes/messages.
- Give ``SocketConnection`` separate timeouts for ``send()``/``recv()``.
- Ease of Use
- ``Target.recv()`` now has a default ``max_bytes`` value.
- Added ``DEFAULT_PROCMON_PORT`` constant.
- ``Session.post_send()``'s ``sock`` parameter now deprecated (use ``target`` instead).
Fixes
^^^^^
- Fixed bug in which failures were not recognized.
- ``BitField`` blocks with ASCII format reported incorrect sizes.
- Fixed bug in ``s_update``.
- Handle socket errors that were getting missed.
- Fixed process monitor logging when providing more or less than 1 stop/start commands.
- Show graceful error on web requests for non-existent test cases.
- ``get_max_udp_size()`` was crashing in Windows.
- ``String`` padding was not always being applied.
- ``String`` was not accepting unicode strings in ``value`` parameter.
- ``String`` was skipping valid mutations and reporting wrong ``num_mutations()`` when ``size`` parameter was used.
- Unix and Windows process monitors now share much more code.
Development
^^^^^^^^^^^
- Added unit tests for ``BitField``.
- Cleaned up CSS on web pages.
- Added a unit test to verify restart on failure behavior
0.0.12
------
Features
^^^^^^^^
- Test cases now have descriptive names
- Added Session methods to fuzz a test cae by name: ``fuzz_by_name`` and ``fuzz_single_node_by_path``
Fixes
^^^^^
- Fixed test case numbers when using ``fuzz_single_case``
0.0.11
------
Features
^^^^^^^^
- Set Session ``check_data_received_each_request`` to False to disable receive after send.
Fixes
^^^^^
- Dosctring format fixes.
0.0.10
------
Features
^^^^^^^^
- Add Session ignore_connection_reset parameter to suppress ECONNRESET errors.
- Add Session ignore_connection_aborted parameter to suppress ECONNABORTED errors.
Fixes
^^^^^
- Fix Session class docstring formats.
0.0.9
-----
Features
^^^^^^^^
- ``s_size`` is now fuzzable by default.
- Add new s_fuzz_list primitive to read fuzz value from files.
- Add new FuzzLoggerCsv to write log in CSV format
Fixes
^^^^^
- Fixed: Add missing dummy value for custom checksum, allowing recursive uses of length/checksum (issue #107)
0.0.8
-----
Features
^^^^^^^^
- Console output - now with colors!
- process_monitor_unix.py: added option to move coredumps for later analysis.
- The process monitor (procmon) now tracks processes by PID by default rather than searching by name. Therefore,
stop_commands and proc_name are no longer required.
- SIGINT (AKA Ctrl+C) now works to close both boofuzz and process_monitor.py (usually).
- Made Unix procmon more compatible with Windows.
- Improved procmon debugger error handling, e.g., when running 64-bit apps.
- Windows procmon now runs even if pydbg fails.
- Added ``--help`` parameter to process monitor.
- Target class now takes ``procmon`` and ``procmon_options`` in constructor.
- Added example fuzz scripts.
Fixes
^^^^^
- SIGINT (AKA Ctrl+C) now works to close both boofuzz and process_monitor.py (usually).
- Fixed: The pedrpc module was not being properly included in imports.
- Made process_monitor.py ``--crash_bin`` optional (as documented).
- Improved procmon behavior when certain parameters aren't given.
- Improved procmon error handling.
- Fixed a bug in which the procmon would not properly restart a target that had failed without crashing.
0.0.7
-----
Features
^^^^^^^^
- Added several command injection strings from fuzzdb.
- Blocks can now be created and nested using ``with s_block("my-block"):``
Fixes
^^^^^
- Fixed pydot import error message
0.0.6
-----
Features
^^^^^^^^
- Added ``Request.original_value()`` function to render the request as if it were not fuzzed.
This will help enable reuse of a fuzz definition to generate valid requests.
- ``SocketConnection`` can now send and receive UDP broadcast packets using the ``udp_broadcast`` constructor
parameter.
- ``Target.recv()`` now logs an entry before receiving data, in order to help debug receiving issues.
Fixes
^^^^^
- Maximum UDP payload value was incorrect, causing crashes for tests running over UDP. It now works on some systems,
but the maximum value may be too high for systems that set it lower than the maximum possible value, 65507.
- ``SocketConnection`` class now handles more send and receive errors: ``ECONNABORTED``, ``ECONNRESET``,
``ENETRESET``, and ``ETIMEDOUT``.
- Fixed setup.py to not include superfluous packages.
Development
^^^^^^^^^^^
- Added two exceptions: ``BoofuzzTargetConnectionReset`` and ``BoofuzzTargetConnectionAborted``.
- These two exceptions are handled in ``sessions.py`` and may be thrown by any ``ITargetConnection`` implementation.
0.0.5
-----
Fixes
^^^^^
- Boofuzz now properly reports crashes detected by the process monitor. It was calling log_info instead of log_fail.
- Boofuzz will no longer crash, but will rather give a helpful error message, if the target refuses socket connections.
- Add utils/crash_binning.py to boofuzz/utils, avoiding import errors.
- Fix procmon argument processing bug.
- Fix typos in INSTALL.rst.
0.0.4
-----
- Add Gitter badge to README.
- Add default sleep_time and fuzz_data_logger for Session to simplify boilerplate.
0.0.3
-----
- Fixed deployment from 0.0.2.
- Simplify CONTRIBUTING.rst for automated deployment.
- tox no longer runs entirely as sudo. The sudo has been moved into tox.ini and is more fine-grained.
- Reduced default ``Session.__init__`` ``restart_sleep_time`` from 5 minutes to 5 seconds.
0.0.2
-----
Continuous deployment with Travis.
Development
^^^^^^^^^^^
- Added build and PyPI badges.
- Added CONTRIBUTING.rst.
- check-manifest now runs in automated build.
- Travis now deploys to PyPI!
0.0.1-dev5
----------
Development
^^^^^^^^^^^
- Tests now run on tox.
- Added Google Groups and Twitter link.
0.0.1-dev4
----------
Fixes
^^^^^
- Missing property setters in ``boofuzz.request.Request`` now implemented.
- Unit tests now pass on Windows.
- Fixed wheel build issue; boofuzz subpackages were missing.
0.0.1-dev3
----------
Fixes
^^^^^
- Session constructor param ``session_filename`` is now optional.
0.0.1-dev2
----------
New features
^^^^^^^^^^^^
- Now on PyPI! ``pip install boofuzz``
- API is now centralized so all classes are available at top level
``boofuzz.*``
- This makes it way easier to use. Everything can be used like
``boofuzz.MyClass`` instead of ``boofuzz.my_file.MyClass``.
- Added ``EzOutletReset`` class to support restarting devices using an
ezOutlet EZ-11b.
Backwards-incompatible
^^^^^^^^^^^^^^^^^^^^^^
- Target now only takes an ``ITargetConnection``. This separates
responsibilities and makes our code more flexible with different
kinds of connections.
Fixes
^^^^^
- Bugs fixed:
- ``helpers.udp_checksum`` was failing with oversized messages.
- Missing install requirements.
- Grammar and spelling.
- ``setup.py`` was previously installing around five mostly unwanted
packages. Fixed.
- Removed deprecated unit tests.
- Removed overly broad exception handling in Session.
- ``Checksum.render()`` for UDP was not handling dependencies
properly.
Back-end Improvements
^^^^^^^^^^^^^^^^^^^^^
This section took the most work. It has the least visible impact, but
all of the refactors enable new features, fixes, and unit tests.
- Primitives and Blocks:
- Created ``IFuzzable`` which properly defines interface for
``Block``, ``Request``, and all ``BasePrimitive`` classes.
- Made effectively private members actually private.
- Eliminated ``exhaust()`` function. It was used only once and was
primarily a convoluted break statement. Now it's gone. :)
- Split all block and primitive classes into separate files.
- Many Unit tests added.
Other
^^^^^
- Continuous integration with Travis is running!
- Doc organization improvements.
- Can now install with extras ``[dev]``
Initial Development Release - 0.0.1-dev1
----------------------------------------
- Much easier install experience!
- Support for arbitrary communications mediums.
- Added serial communications support.
- Improved sockets to fuzz at Ethernet and IP layers.
- Extensible instrumentation/failure detection.
- Better recording of test data.
- Records all sent and received data
- Records errors in human-readable format, in same place as
sent/received data.
- Improved functionality in checksum blocks.
- Self-referential size and checksum blocks now work.
- ``post_send`` callbacks can now check replies and log failures.
- Far fewer bugs.
- Numerous refactors within framework code.
Raw data
{
"_id": null,
"home_page": "https://github.com/jtpereyda/boofuzz",
"name": "boofuzz",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8,<4.0",
"maintainer_email": "",
"keywords": "security,fuzzing",
"author": "Joshua Pereyda",
"author_email": "joshua.t.pereyda@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/df/16/d272cf4e8132084bcaa50a534c701716e86c77e54af542c46e4e45fc3ac1/boofuzz-0.4.2.tar.gz",
"platform": null,
"description": ".. image:: https://github.com/jtpereyda/boofuzz/raw/master/artwork/boo-logo-dark.svg\n :width: 60%\n :alt: boofuzz logo\n\nboofuzz: Network Protocol Fuzzing for Humans\n============================================\n\n.. image:: https://github.com/jtpereyda/boofuzz/workflows/Test/badge.svg?branch=master\n :target: https://github.com/jtpereyda/boofuzz/actions?query=workflow%3ATest+branch%3Amaster\n.. image:: https://readthedocs.org/projects/boofuzz/badge/?version=latest\n :target: https://boofuzz.readthedocs.io/\n :alt: Documentation Status\n.. image:: https://img.shields.io/pypi/v/boofuzz.svg\n :target: https://pypi.org/project/boofuzz/\n.. image:: https://badges.gitter.im/jtpereyda/boofuzz.svg\n :alt: Join the chat at https://gitter.im/jtpereyda/boofuzz\n :target: https://gitter.im/jtpereyda/boofuzz\n.. image:: https://img.shields.io/badge/code%20style-black-000000.svg\n :target: https://github.com/psf/black\n\nBoofuzz is a fork of and the successor to the venerable `Sulley`_ fuzzing\nframework. Besides numerous bug fixes, boofuzz aims for extensibility.\nThe goal: fuzz everything.\n\n.. figure:: https://github.com/jtpereyda/boofuzz/raw/master/_static/boofuzz-screenshot.png\n :alt: boofuzz screenshot\n\nWhy?\n----\n\nSulley has been the preeminent open source fuzzer for some time, but has\nfallen out of maintenance.\n\nFeatures\n--------\n\nLike Sulley, boofuzz incorporates all the critical elements of a fuzzer:\n\n- Easy and quick data generation.\n- Instrumentation \u2013 AKA failure detection.\n- Target reset after failure.\n- Recording of test data.\n\nUnlike Sulley, boofuzz also features:\n\n- Online `documentation`_.\n- Support for arbitrary communications mediums.\n- Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast.\n- Better recording of test data -- consistent, thorough, clear.\n- Test result CSV export.\n- *Extensible* instrumentation/failure detection.\n- Much easier install experience!\n- Far fewer bugs.\n\nSulley is affectionately named after the giant teal and purple creature\nfrom Monsters Inc. due to his fuzziness. Boofuzz is likewise named after\nthe only creature known to have scared Sulley himself: Boo!\n\n.. figure:: https://github.com/jtpereyda/boofuzz/raw/master/_static/boo.png\n :alt: Boo from Monsters Inc\n\n Boo from Monsters Inc\n\nInstallation\n------------\n::\n\n pip install boofuzz\n\n\nBoofuzz installs as a Python library used to build fuzzer scripts. See\n`INSTALL.rst`_ for advanced and detailed instructions.\n\n\nDocumentation\n-------------\n\nDocumentation is available at https://boofuzz.readthedocs.io/, including nifty quickstart guides.\n\nContributions\n-------------\n\nPull requests are welcome, as boofuzz is actively maintained (at the\ntime of this writing ;)). See `CONTRIBUTING.rst`_.\n\nCommunity\n---------\n\nFor questions that take the form of \u201cHow do I\u2026 with boofuzz?\u201d or \u201cI got\nthis error with boofuzz, why?\u201d, consider posting your question on Stack\nOverflow. Make sure to use the ``fuzzing`` tag.\n\nIf you\u2019ve found a bug, or have an idea/suggestion/request, file an issue\nhere on GitHub.\n\nFor other questions, check out boofuzz on `gitter`_ or `Google Groups`_.\n\nFor updates, follow `@b00fuzz`_ on Twitter.\n\n.. _Sulley: https://github.com/OpenRCE/sulley\n.. _Google Groups: https://groups.google.com/d/forum/boofuzz\n.. _gitter: https://gitter.im/jtpereyda/boofuzz\n.. _@b00fuzz: https://twitter.com/b00fuzz\n.. _documentation: https://boofuzz.readthedocs.io/\n.. _INSTALL.rst: INSTALL.rst\n.. _CONTRIBUTING.rst: CONTRIBUTING.rst\n\nChangelog\n=========\n\nv0.4.2\n------\nFeatures\n^^^^^^^^\n- Remove six compatibility module.\n- Remove Python 2 compatibility code.\n- Remove specifying object inheritance in classes.\n- Added Web UI listening on specific IP address.\n- Added Python 3.11 compatibility.\n\nFixes\n^^^^^\n- Specified encoding on file write rather than assuming default encoding.\n- Changed type of `default_value` from string to bytes for `FromFile`.\n- `s_update` primitive was out of date.\n- The minimum supported Python version is now 3.8.\n- Removed duplicates from `BitField` primitive.\n- Fixed unwanted deprecation warning when using `Session.fuzz(name=name)`.\n- Changed type of `dep_value` argument of `Block` to bytes and added type checks.\n- Split sessions.py into multiple files.\n- Using poetry as package build system.\n\nv0.4.1\n------\nFeatures\n^^^^^^^^\n- Added support for fuzzing NETCONF servers with the `NETCONFConnection` class.\n- Add support and tests for Python 3.10.\n- Added `Session` arg `db_filename` to modify the location of the log database.\n\nFixes\n^^^^^\n- Fixed check for when to enable the web app.\n- Documented the possibility to disable the web app.\n- Correctly initialize all children of a request which inherits from `FuzzableBlock`.\n- Added type checking for arguments of `Bytes` primitive to prevent incorrect use.\n- Fixed TypeError in `s_binary` initialization.\n- Remove redundant unicode strings.\n\nv0.4.0\n------\nFeatures\n^^^^^^^^\n- Fuzzing CLI -- Use main_helper() to use boofuzz's generic fuzzing CLI with your script.\n- Combinatorial fuzzing -- now fuzzes multiple mutations at once by default.\n- Test cases can now be specified and re-run by name.\n- Implemented visual request-graph rendering functions for Session.\n- Added to web UIL: runtime, exec speed, current test case name.\n- Added simple custom checksum and example usage.\n- Added `Simple` primitive that uses only the specified values for fuzzing.\n- Added `Float` primitive with support for IEEE 754 encoding.\n- Added an example for s_float/Float usage.\n\nFixes\n^^^^^\n- Clarified documentation of custom checksum function for `Checksum` primitive.\n- String and RandomData primitives now use a local and independent instance of `random`.\n- The minimum supported Python version is now 3.6.\n- Fixed two memory leaks in the fuzz logger.\n\nv0.3.0\n------\nFeatures\n^^^^^^^^\n- Memory optimization: Efficient mutation generation and smarter string reuse -- decrease memory consumption by orders of magnitude.\n- `Aligned` block: Aligns content length to multiple of certain number of bytes.\n- Relative names: Name references for `Checksum`, `Size`, etc. now resolve absolute and relative names. Block and primitive\n names no longer need to be globally unique within a message, they only need to be locally unique within a block.\n- Passing data between messages: Callbacks now have a `TestCaseContext` object to which one can save data to be used\n later in the test case. `TestCaseSessionReference` can be passed as a default value in a protocol definition. The name\n it references must have been saved by the time that message in the protocol is reached.\n- `Fuzzable` rewrite: Simpler definitions for new fuzz primitives. See `static.py` for an example of a very simple primitive.\n- Protocol definition: Protocols can now be defined with an object oriented rather than static approach.\n- Independent mutation and encoding steps: Will enable multiple mutations and code coverage feedback.\n- Procmon: Additional debug steps. Partial backwards compatibility for old interface.\n- `ProcessMonitorLocal` allows running procmon as part of fuzzer process.\n- Network monitor: improved network interface discovery (Linux support).\n- Added support for fuzzing Unix sockets with the `UnixSocketConnection` class.\n- Added metadata to ProtocolSession to support callbacks -- `current_message`, `previous_message`.\n- All primitive arguments are now optional keyword arguments.\n\nFixes\n^^^^^\n- Various web interface fixes.\n- Various refactors and simplifications.\n- Fewer duplicates from `Group` primitives.\n- Network monitor: fixed data_bytes calculation and PcapThread synchronization.\n- Fixed a crash when using the network monitor.\n- Session can now be \"quiet\" by passing an empty list of loggers.\n- Process Monitor: fixed Thread.isAlive for Python 3.9 compatibility.\n- Correctly truncate values of the string primitive when max_len or size is set.\n- The string primitive will no longer generate duplicates when max_len or size is set.\n- Greatly improved string to bytes conversion speed.\n\nv0.2.1\n------\nFeatures\n^^^^^^^^\n- Added simple TFTP fuzzer example.\n\nFixes\n^^^^^\n- Fixed UDPSocketConnection data truncation when sending more data than the socket supports.\n- Fixed execution of procmon stop_commands.\n- Fixed TCP and SSL server connections.\n\nv0.2.0\n------\nFeatures\n^^^^^^^^\n- Rewrote and split the SocketConnection class into individual classes per socket type.\n- `SocketConnection` is now deprecated. Use the classes derived from `BaseSocketConnection` instead.\n- Added support for receiving on raw Layer 2 and Layer 3 connections.\n- Layer 2 and Layer 3 connections may now use arbitrary payload / MTU sizes.\n- Moved connection related modules into new `connections` submodule.\n- Added the ability to repeat sending of packages within a given time or count.\n- Added optional timeout and threshold to quit infinite connection retries.\n- Reworked Monitors, consolidated interface. Breaking change: session no longer has netmon_options and procmon_options.\n- `SessionInfo` has had attributes renamed; procmon_results and netmon_results are deprecated and now aliases for monitor_results and monitor_data respectively.\n- New `BoofuzzFailure` exception type allows callback methods to signal a failure that should halt the current test case.\n- Added `capture_output` option to process monitor to capture target process stderr/stdout .\n- Added post-start-target callbacks (called every time a target is started or restarted).\n- Added method to gracefully stop PED-RPC Server.\n- Added new boofuzz logo and favicon to docs and webinterface.\n- Added `FileConnection` to dump messages to files.\n- Removed deprecated session arguments `fuzz_data_logger`, `log_level`, `logfile`, `logfile_level` and `log()`.\n- Removed deprecated logger `FuzzLoggerFile`.\n- `crc32c` is no longer a required package. Install manually if needed.\n\nFixes\n^^^^^\n- Fixed size of s_size block when output is ascii.\n- Fixed issue with tornado on Python 3.8 and Windows.\n- Fixed various potential type errors.\n- Renamed `requests` folder to `request_definitions` because it shadowed the name of the `requests` python module.\n- Examples are up to date with current Boofuzz version.\n- Modified timings on serial_connection unit tests to improve test reliability.\n- Refactored old unit-tests.\n- Fixed network monitor compatibility with Python 3.\n- Minor console GUI optimizations.\n- Fixed crash_threshold_element handling if blocks are used.\n- Fixed many bugs in which a failure would not stop the test case evaluation.\n\nv0.1.6\n------\nFeatures\n^^^^^^^^\n- New primitive `s_bytes` which fuzzes an arbitrary length binary value (similiar to `s_string`).\n- We are now using `Black` for code style standardization.\n- Compatibility for Python 3.8\n- Added crc32c as checksum algorithm (Castagnoli).\n- Added favicon for web interface.\n- Pushed Tornado to 5.x and unpinned Flask.\n\nFixes\n^^^^^\n- Test cases were not being properly closed when using the check_message() functionality.\n- Some code style changes to meet PEP8.\n- `s_group` primitive was not accepting empty default value.\n- Timeout during opening TCP connection now raises BoofuzzTargetConnectionFailedError exception.\n- SSL/TLS works again. See `examples/fuzz-ssl-server.py` and `examples/fuzz-ssl-client.py`.\n- Dropped six.binary_type in favor of b\"\" format.\n- Fixed process monitor handling of backslashes in Windows start commands.\n- Fixed and documented `boo open`.\n- Fixed receive function in `fuzz_logger_curses`.\n- Installing boofuzz with `sudo` is no longer recommended, use the `--user` option of pip instead.\n- Fixed setting socket timeout options on Windows.\n- If all sockets are exhausted, repeatedly try fuzzing for 4 minutes before failing.\n- Fixed CSV logger send and receive data decoding.\n- Handle SSL-related exception. Added `ignore_connection_ssl_errors` session attribute that can\n be set to True to ignore SSL-related error on a test case.\n- Fixed `s_from_file` decoding in Python 2 (the encoding parameter is now depreciated).\n- Updated documentation of `s_checksum`. It is possible to use a custom algorithm with this block.\n\nv0.1.5\n------\nFeatures\n^^^^^^^^\n- New curses logger class to provide a console gui similar to the webinterface. Use the session option `console_gui` to enable it.\n This has not been tested under Windows!\n- Compatibility for Python 3\n- Large test cases are now truncated, unless a failure is detected.\n- When a target fails to respond after restart, boofuzz will now continue to restart instead of crashing.\n- New Session option `keep_web_open` to allow analyzing the test results after test completion.\n- Process monitor creates new crash file for each run by default.\n- Long lines now wrap in web view; longer lines no longer need to be truncated.\n- Process monitor now stores crash bins in JSON format instead of pickled format.\n- Process monitor in Windows will use `taskkill -F` if `taskkill` fails.\n\nFixes\n^^^^^\n- Web server no longer crashes when asked for a non-existing test case.\n- EINPROGRESS socket error is now handled while opening a socket (note: this sometimes-transient error motivated the move to retry upon connection failure)\n\nv0.1.4\n------\nFeatures\n^^^^^^^^\n- New Session options `restart_callbacks`, `pre_send_callbacks`, and `post_test_case_callbacks` to hand over custom callback functions.\n- New Session option `fuzz_db_keep_only_n_pass_cases`. This allowes saving only n test cases preceding a failure or error to the database.\n- Added logic to find next available port for web interface or disable the web interface.\n- Removed sleep logs when sleep time is zero.\n- Added option to reuse the connection to the target.\n\nFixes\n^^^^^\n- Windows process monitor now handles combination of proc_name and/or start_commands more reasonably\n- Windows process monitor handles certain errors more gracefully\n- Fixed target close behavior so post send callbacks can use the target.\n- Fixed a dependency issue in installation.\n\n\nv0.1.3\n------\nFeatures\n^^^^^^^^\n- Socket Connections now allow client fuzzing.\n- Log only the data actually sent, when sending is truncated. Helps reduce database size, especially when fuzzing layer 2 or 3.\n- `Target` `recv` function now accepts a `max_recv_bytes` argument.\n\nFixes\n^^^^^\n- Fixed install package -- now includes JavaScript files.\n\nv0.1.2\n------\nFeatures\n^^^^^^^^\n- Clearer error message when procmon is unavailable at fuzz start.\n- Web UI now refreshes current case even when snap-to-current-test-case is disabled.\n\nFixes\n^^^^^\n- Web UI no longer permits negative test cases.\n- Fix Windows procmon regression.\n- Minor fixes and UI tweaks.\n\nv0.1.1\n------\nFeatures\n^^^^^^^^\n- New `boo open` command can open and inspect saved database log files.\n- Unix procmon now saves coredumps by default.\n- Improved \"Cannot connect to target\" error message.\n- Improved API for registering callbacks.\n- Made the global `REQUESTS` map available in top level boofuzz package.\n\nFixes\n^^^^^\n- Handle exceptions when opening crash bin files in process monitor.\n- Fix Block.__len__ to account for custom encoder.\n\nv0.1.0\n------\nFeatures\n^^^^^^^^\n- Web UI\n - Statistics now auto-update.\n - Test case logs now stream on the main page.\n - Cool left & right arrow buttons to move through test case\n- New ``Session`` parameter ``receive_data_after_fuzz``. Controls whether to execute a receive step after sending\n fuzz messages. Defaults to False. This significantly speeds up tests in which the target tends not to respond to\n invalid messages.\n\nFixes\n^^^^^\n- Text log output would include double titles, e.g. \"Test Step: Test Step: ...\"\n\nv0.0.13\n-------\nFeatures\n^^^^^^^^\n- Web UI\n - Test case numbers are now clickable and link to test case detail view.\n - Test case details now in color!\n- ``FuzzLoggerDB``\n - Added FuzzLoggerDB to allow querying of test results during and after test run. Saves results in a SQLite file.\n - Added ``Session.open_test_run()`` to read test results database from previous test run.\n- New ``Session.feature_check()`` method to verify protocol functionality before fuzzing.\n- Process Monitor\n - Unify process monitor command line interface between Unix and Windows.\n - Added procmon option ``proc_name`` to support asynchronously started target processes.\n - procmon is now checked for errors before user ``post_send()`` is called, reducing redundant error messages.\n - Improved procmon logging.\n - Process monitor gives more helpful error messages when running 64-bit application (unsupported) or when a process is\n killed before being attached\n- Logging Improvements\n - ``Target`` ``open()`` and ``close()`` operations are now logged.\n - Added some optional debug output from boofuzz runtime.\n - Improve capability and logging of messages' ``callback`` methods.\n- New ``Session`` & Connection Options\n - Add ``Session`` ``receive_data_after_each_request`` option to enable disabling of data receipt after messages are sent.\n - ``Session`` ``skip`` argument replaced with ``index_start`` and ``index_end``.\n - ``Session`` now has separate crash thresholds for elements/blocks and nodes/messages.\n - Give ``SocketConnection`` separate timeouts for ``send()``/``recv()``.\n- Ease of Use\n - ``Target.recv()`` now has a default ``max_bytes`` value.\n - Added ``DEFAULT_PROCMON_PORT`` constant.\n - ``Session.post_send()``'s ``sock`` parameter now deprecated (use ``target`` instead).\n\n\nFixes\n^^^^^\n- Fixed bug in which failures were not recognized.\n- ``BitField`` blocks with ASCII format reported incorrect sizes.\n- Fixed bug in ``s_update``.\n- Handle socket errors that were getting missed.\n- Fixed process monitor logging when providing more or less than 1 stop/start commands.\n- Show graceful error on web requests for non-existent test cases.\n- ``get_max_udp_size()`` was crashing in Windows.\n- ``String`` padding was not always being applied.\n- ``String`` was not accepting unicode strings in ``value`` parameter.\n- ``String`` was skipping valid mutations and reporting wrong ``num_mutations()`` when ``size`` parameter was used.\n- Unix and Windows process monitors now share much more code.\n\nDevelopment\n^^^^^^^^^^^\n- Added unit tests for ``BitField``.\n- Cleaned up CSS on web pages.\n- Added a unit test to verify restart on failure behavior\n\n0.0.12\n------\nFeatures\n^^^^^^^^\n- Test cases now have descriptive names\n- Added Session methods to fuzz a test cae by name: ``fuzz_by_name`` and ``fuzz_single_node_by_path``\n\nFixes\n^^^^^\n- Fixed test case numbers when using ``fuzz_single_case``\n\n0.0.11\n------\nFeatures\n^^^^^^^^\n- Set Session ``check_data_received_each_request`` to False to disable receive after send.\n\nFixes\n^^^^^\n- Dosctring format fixes.\n\n0.0.10\n------\nFeatures\n^^^^^^^^\n- Add Session ignore_connection_reset parameter to suppress ECONNRESET errors.\n- Add Session ignore_connection_aborted parameter to suppress ECONNABORTED errors.\n\nFixes\n^^^^^\n- Fix Session class docstring formats.\n\n0.0.9\n-----\nFeatures\n^^^^^^^^\n- ``s_size`` is now fuzzable by default.\n- Add new s_fuzz_list primitive to read fuzz value from files.\n- Add new FuzzLoggerCsv to write log in CSV format\n\nFixes\n^^^^^\n- Fixed: Add missing dummy value for custom checksum, allowing recursive uses of length/checksum (issue #107)\n\n0.0.8\n-----\nFeatures\n^^^^^^^^\n- Console output - now with colors!\n- process_monitor_unix.py: added option to move coredumps for later analysis.\n- The process monitor (procmon) now tracks processes by PID by default rather than searching by name. Therefore,\n stop_commands and proc_name are no longer required.\n- SIGINT (AKA Ctrl+C) now works to close both boofuzz and process_monitor.py (usually).\n- Made Unix procmon more compatible with Windows.\n- Improved procmon debugger error handling, e.g., when running 64-bit apps.\n- Windows procmon now runs even if pydbg fails.\n- Added ``--help`` parameter to process monitor.\n- Target class now takes ``procmon`` and ``procmon_options`` in constructor.\n- Added example fuzz scripts.\n\nFixes\n^^^^^\n- SIGINT (AKA Ctrl+C) now works to close both boofuzz and process_monitor.py (usually).\n- Fixed: The pedrpc module was not being properly included in imports.\n- Made process_monitor.py ``--crash_bin`` optional (as documented).\n- Improved procmon behavior when certain parameters aren't given.\n- Improved procmon error handling.\n- Fixed a bug in which the procmon would not properly restart a target that had failed without crashing.\n\n0.0.7\n-----\nFeatures\n^^^^^^^^\n- Added several command injection strings from fuzzdb.\n- Blocks can now be created and nested using ``with s_block(\"my-block\"):``\n\nFixes\n^^^^^\n- Fixed pydot import error message\n\n0.0.6\n-----\nFeatures\n^^^^^^^^\n- Added ``Request.original_value()`` function to render the request as if it were not fuzzed.\n This will help enable reuse of a fuzz definition to generate valid requests.\n- ``SocketConnection`` can now send and receive UDP broadcast packets using the ``udp_broadcast`` constructor\n parameter.\n- ``Target.recv()`` now logs an entry before receiving data, in order to help debug receiving issues.\n\nFixes\n^^^^^\n- Maximum UDP payload value was incorrect, causing crashes for tests running over UDP. It now works on some systems,\n but the maximum value may be too high for systems that set it lower than the maximum possible value, 65507.\n- ``SocketConnection`` class now handles more send and receive errors: ``ECONNABORTED``, ``ECONNRESET``,\n ``ENETRESET``, and ``ETIMEDOUT``.\n- Fixed setup.py to not include superfluous packages.\n\nDevelopment\n^^^^^^^^^^^\n- Added two exceptions: ``BoofuzzTargetConnectionReset`` and ``BoofuzzTargetConnectionAborted``.\n- These two exceptions are handled in ``sessions.py`` and may be thrown by any ``ITargetConnection`` implementation.\n\n0.0.5\n-----\nFixes\n^^^^^\n- Boofuzz now properly reports crashes detected by the process monitor. It was calling log_info instead of log_fail.\n- Boofuzz will no longer crash, but will rather give a helpful error message, if the target refuses socket connections.\n- Add utils/crash_binning.py to boofuzz/utils, avoiding import errors.\n- Fix procmon argument processing bug.\n- Fix typos in INSTALL.rst.\n\n0.0.4\n-----\n- Add Gitter badge to README.\n- Add default sleep_time and fuzz_data_logger for Session to simplify boilerplate.\n\n0.0.3\n-----\n- Fixed deployment from 0.0.2.\n- Simplify CONTRIBUTING.rst for automated deployment.\n- tox no longer runs entirely as sudo. The sudo has been moved into tox.ini and is more fine-grained.\n- Reduced default ``Session.__init__`` ``restart_sleep_time`` from 5 minutes to 5 seconds.\n\n0.0.2\n-----\nContinuous deployment with Travis.\n\nDevelopment\n^^^^^^^^^^^\n- Added build and PyPI badges.\n- Added CONTRIBUTING.rst.\n- check-manifest now runs in automated build.\n- Travis now deploys to PyPI!\n\n0.0.1-dev5\n----------\nDevelopment\n^^^^^^^^^^^\n- Tests now run on tox.\n- Added Google Groups and Twitter link.\n\n0.0.1-dev4\n----------\n\nFixes\n^^^^^\n- Missing property setters in ``boofuzz.request.Request`` now implemented.\n- Unit tests now pass on Windows.\n- Fixed wheel build issue; boofuzz subpackages were missing.\n\n0.0.1-dev3\n----------\n\nFixes\n^^^^^\n- Session constructor param ``session_filename`` is now optional.\n\n0.0.1-dev2\n----------\nNew features\n^^^^^^^^^^^^\n\n- Now on PyPI! ``pip install boofuzz``\n- API is now centralized so all classes are available at top level\n ``boofuzz.*``\n\n - This makes it way easier to use. Everything can be used like\n ``boofuzz.MyClass`` instead of ``boofuzz.my_file.MyClass``.\n\n- Added ``EzOutletReset`` class to support restarting devices using an\n ezOutlet EZ-11b.\n\nBackwards-incompatible\n^^^^^^^^^^^^^^^^^^^^^^\n\n- Target now only takes an ``ITargetConnection``. This separates\n responsibilities and makes our code more flexible with different\n kinds of connections.\n\nFixes\n^^^^^\n\n- Bugs fixed:\n\n - ``helpers.udp_checksum`` was failing with oversized messages.\n - Missing install requirements.\n - Grammar and spelling.\n - ``setup.py`` was previously installing around five mostly unwanted\n packages. Fixed.\n - Removed deprecated unit tests.\n - Removed overly broad exception handling in Session.\n - ``Checksum.render()`` for UDP was not handling dependencies\n properly.\n\nBack-end Improvements\n^^^^^^^^^^^^^^^^^^^^^\n\nThis section took the most work. It has the least visible impact, but\nall of the refactors enable new features, fixes, and unit tests.\n\n- Primitives and Blocks:\n\n - Created ``IFuzzable`` which properly defines interface for\n ``Block``, ``Request``, and all ``BasePrimitive`` classes.\n - Made effectively private members actually private.\n - Eliminated ``exhaust()`` function. It was used only once and was\n primarily a convoluted break statement. Now it's gone. :)\n - Split all block and primitive classes into separate files.\n\n- Many Unit tests added.\n\nOther\n^^^^^\n\n- Continuous integration with Travis is running!\n- Doc organization improvements.\n- Can now install with extras ``[dev]``\n\nInitial Development Release - 0.0.1-dev1\n----------------------------------------\n\n\n- Much easier install experience!\n- Support for arbitrary communications mediums.\n\n - Added serial communications support.\n - Improved sockets to fuzz at Ethernet and IP layers.\n\n- Extensible instrumentation/failure detection.\n- Better recording of test data.\n\n - Records all sent and received data\n - Records errors in human-readable format, in same place as\n sent/received data.\n\n- Improved functionality in checksum blocks.\n- Self-referential size and checksum blocks now work.\n- ``post_send`` callbacks can now check replies and log failures.\n- Far fewer bugs.\n- Numerous refactors within framework code.\n",
"bugtrack_url": null,
"license": "GPL-2.0-only",
"summary": "A fork and successor of the Sulley Fuzzing Framework",
"version": "0.4.2",
"project_urls": {
"Documentation": "https://boofuzz.readthedocs.io/",
"Homepage": "https://github.com/jtpereyda/boofuzz",
"Repository": "https://github.com/jtpereyda/boofuzz"
},
"split_keywords": [
"security",
"fuzzing"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "0dcf9934fad8c317ef5e82b5ba92a14e9690a7ce851f86f279ea6a49deaae1f4",
"md5": "4ce4f5f784ec4fce1c373f90d37a038e",
"sha256": "474776e1e51c30a2b858b82663cafd05a043b812ca9e06c64b60cdf35efbb12c"
},
"downloads": -1,
"filename": "boofuzz-0.4.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4ce4f5f784ec4fce1c373f90d37a038e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8,<4.0",
"size": 180541,
"upload_time": "2023-10-06T23:34:44",
"upload_time_iso_8601": "2023-10-06T23:34:44.751724Z",
"url": "https://files.pythonhosted.org/packages/0d/cf/9934fad8c317ef5e82b5ba92a14e9690a7ce851f86f279ea6a49deaae1f4/boofuzz-0.4.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "df16d272cf4e8132084bcaa50a534c701716e86c77e54af542c46e4e45fc3ac1",
"md5": "ac2d202843ad28ced5be4debdbe18091",
"sha256": "f9f0f91b9682fe7b417f6f82050a05d8a265c8affabdf3fecfb43932b5faee01"
},
"downloads": -1,
"filename": "boofuzz-0.4.2.tar.gz",
"has_sig": false,
"md5_digest": "ac2d202843ad28ced5be4debdbe18091",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8,<4.0",
"size": 1083880,
"upload_time": "2023-10-06T23:34:47",
"upload_time_iso_8601": "2023-10-06T23:34:47.599322Z",
"url": "https://files.pythonhosted.org/packages/df/16/d272cf4e8132084bcaa50a534c701716e86c77e54af542c46e4e45fc3ac1/boofuzz-0.4.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-10-06 23:34:47",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "jtpereyda",
"github_project": "boofuzz",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "boofuzz"
}
JSON
