ajinabraham / Droid Application Fuzz Framework
Licence: gpl-3.0
Android application fuzzing framework with fuzzers and crash monitor.
Stars: ✭ 248
Projects that are alternatives of or similar to Droid Application Fuzz Framework
Admin
AutoQuery + Admin UI for ServiceStack Projects
Stars: ✭ 47 (-81.05%)
Mutual labels: memory, browser
Ssrfmap
Automatic SSRF fuzzer and exploitation tool
Stars: ✭ 1,344 (+441.94%)
Mutual labels: vulnerability, exploitation
Samsung Trustzone Research
Reverse-engineering tools and exploits for Samsung's implementation of TrustZone
Stars: ✭ 85 (-65.73%)
Mutual labels: exploitation, fuzzing
Herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Stars: ✭ 614 (+147.58%)
Mutual labels: vulnerability, exploitation
Paper collection
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Stars: ✭ 710 (+186.29%)
Mutual labels: exploitation, fuzzing
Fuzzdata
Fuzzing resources for feeding various fuzzers with input. 🔧
Stars: ✭ 376 (+51.61%)
Mutual labels: fuzzing, browser
Morph
An open source fuzzing framework for fun.
Stars: ✭ 166 (-33.06%)
Mutual labels: fuzzing, browser
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-54.03%)
Mutual labels: vulnerability, exploitation
Uxss Db
🔪Browser logic vulnerabilities ☠️
Stars: ✭ 565 (+127.82%)
Mutual labels: vulnerability, browser
Fuzzit
CLI to integrate continuous fuzzing with Fuzzit
Stars: ✭ 220 (-11.29%)
Mutual labels: vulnerability, fuzzing
Damn Vulnerable Graphql Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Stars: ✭ 567 (+128.63%)
Mutual labels: vulnerability, exploitation
Vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (+306.85%)
Mutual labels: vulnerability, exploitation
Pdfjs
A Portable Document Format (PDF) generation library targeting both the server- and client-side.
Stars: ✭ 395 (+59.27%)
Mutual labels: pdf, browser
Ble Security Attack Defence
✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
Stars: ✭ 88 (-64.52%)
Mutual labels: vulnerability, fuzzing
Android Kernel Exploitation
Android Kernel Exploitation
Stars: ✭ 313 (+26.21%)
Mutual labels: vulnerability, exploitation
Ansvif
A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Stars: ✭ 107 (-56.85%)
Mutual labels: vulnerability, fuzzing
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-19.76%)
Mutual labels: exploitation, fuzzing
Droid Application Fuzz Framework
Droid Application Fuzz Framework (DAFF) helps you to fuzz Android Browsers and PDF Readers for memory corruption bugs in real android devices. You can use the inbuilt fuzzers or import fuzz files from your own custom fuzzers. DAFF consist of inbuilt fuzzers and crash monitor. It currently supports fuzzing the following applications:
Browsers
- Google Chrome - com.android.chrome
- Mozilla Firefox - org.mozilla.firefox
- Opera - com.opera.browser
- UC Browser - com.UCMobile.intl
PDF Viewers/Readers
- Adobe Acrobat Reader - com.adobe.reader
- Foxit PDF Reader - com.foxit.mobile.pdf.lite
- Google PDF Viewer - com.google.android.apps.pdfviewer
- WPS Office + PDF - cn.wps.moffice_eng
- Polaris Office - com.infraware.office.link (WIP)
Fuzz Generators
DAFF has three fuzzer modes:
- Google Domato - Uses slightly modified version of Google Domato for generating fuzz files.
- Dumb Fuzzer - As the the name suggests, a dumb fuzzer. (Only for PDF)
-
Pregenerated Files (3rd Party Fuzzer) - To use your private or custom fuzzer generated files. Place html samples in
generators/html/htmlsand pdf samples ingenerators/pdf/pdfs
Usage for Dummies
Android Device
- Install the supported Browsers and PDF readers in Android Device.
- Enable USB Debugging in the Android Device.
- Connect the Android Device to the same WiFi Network where the Computer is connected.
- Connect the Android Device to Computer using USB cable and Always allow the Computer for USB Debuging.
Computer
- Install Python 2.7
git clone https://github.com/ajinabraham/Droid-Application-Fuzz-Framework.gitpip install -r requirements.txt- In
settings.pyset theDEVICE_IDas the Android Device ID. You can find this withadb devicescommand. - Also set
FUZZ_IPas the local IP of the computer. Useifconfig/ipconfigcommand. - Set the path to adb binary in
ADB_BINARYifadbis not in yourPATH. - Run the Web GUI
python daff_server.py - Access the Fuzzer Web Interface at
http://0.0.0.0:1337 - Select the Application, Select the Fuzz Generator and Start Fuzzing!
DAFF in Action
Extra Tip
After installing the apps in Android Device, use them at least once. Allow popups, configure first time screens etc.
Please Note
I am just open sourcing a private project for the benefit of community. I don't have time to actively maintain this project. If you have found bugs, fix them and send pull requests. That's how open source should work! I have done my best to make the documentation clear and simple for all types of users. Please check Google or Stack Overflow if you are stuck.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].