GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0xricksanchez → HITB2020_FSFUZZER

0xricksanchez / HITB2020_FSFUZZER

Licence: GPL-3.0 license
My Material for the HITB presentation

Programming Languages

python
139335 projects - #7 most used programming language
shell
77523 projects

Labels

kernelslidesbsdfuzzingfuzzersecurity-tools

Projects that are alternatives of or similar to HITB2020 FSFUZZER

Janus
Janus: a state-of-the-art file system fuzzer on Linux
Stars: ✭ 139 (+321.21%)
Mutual labels:  fuzzing, fuzzer
Javafuzz
coverage guided fuzz testing for java
Stars: ✭ 193 (+484.85%)
Mutual labels:  fuzzing, fuzzer
Grammarinator
ANTLR v4 grammar-based test generator
Stars: ✭ 162 (+390.91%)
Mutual labels:  fuzzing, fuzzer
Fuzzing Survey
The Art, Science, and Engineering of Fuzzing: A Survey
Stars: ✭ 116 (+251.52%)
Mutual labels:  fuzzing, fuzzer
afl-dyninst
American Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries
Stars: ✭ 65 (+96.97%)
Mutual labels:  fuzzing, fuzzer
Aflplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Stars: ✭ 2,319 (+6927.27%)
Mutual labels:  fuzzing, fuzzer
Sharpfuzz
AFL-based fuzz testing for .NET
Stars: ✭ 185 (+460.61%)
Mutual labels:  fuzzing, fuzzer
Crlf Injection Scanner
Command line tool for testing CRLF injection on a list of domains.
Stars: ✭ 91 (+175.76%)
Mutual labels:  fuzzing, fuzzer
Fuzzcheck Rs
Structure-aware, in-process, coverage-guided, evolutionary fuzzing engine for Rust functions.
Stars: ✭ 247 (+648.48%)
Mutual labels:  fuzzing, fuzzer
Honggfuzz Rs
Fuzz your Rust code with Google-developed Honggfuzz !
Stars: ✭ 222 (+572.73%)
Mutual labels:  fuzzing, fuzzer
Clusterfuzz Tools
Bugs are inevitable. Suffering is optional.
Stars: ✭ 111 (+236.36%)
Mutual labels:  fuzzing, fuzzer
ras-fuzzer
RAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (+27.27%)
Mutual labels:  fuzzing, fuzzer
Fisy Fuzz
This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.
Stars: ✭ 110 (+233.33%)
Mutual labels:  fuzzing, fuzzer
Sienna Locomotive
A user-friendly fuzzing and crash triage tool for Windows
Stars: ✭ 130 (+293.94%)
Mutual labels:  fuzzing, fuzzer
Ansvif
A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Stars: ✭ 107 (+224.24%)
Mutual labels:  fuzzing, fuzzer
Pythonfuzz
coverage guided fuzz testing for python
Stars: ✭ 175 (+430.3%)
Mutual labels:  fuzzing, fuzzer
Example Go
Go Fuzzit Example
Stars: ✭ 39 (+18.18%)
Mutual labels:  fuzzing, fuzzer
Afl Patches
Patches to afl to fix bugs or add enhancements
Stars: ✭ 76 (+130.3%)
Mutual labels:  fuzzing, fuzzer
Gramfuzz
gramfuzz is a grammar-based fuzzer that lets one define complex grammars to generate text and binary data formats.
Stars: ✭ 209 (+533.33%)
Mutual labels:  fuzzing, fuzzer
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+790.91%)
Mutual labels:  fuzzing, fuzzer
View All Similar Projects ➔

fs-fuzzer

My Material for the HITB 2020 Lockdown edition presentation in April. This repo contains the presentation slides as well as all used scripts that were used to demonstrate the demos.

Update May 2020

FULL FUZZING FRAMEWORK HERE

fs_generator.py

This standalone script can be used to generate different file systems across the different support host systems:

SUPPORTED_FILE_SYSTEMS = {
    "freebsd": ["ufs1", "ufs2", "zfs", "ext2", "ext3", "ext4"],
    "netbsd": ["4.3bsd", "ufs1", "ufs2", "ext2"],
    "openbsd": ["4.3bsd", "ufs1", "ufs2", "ext2"],
    "linux": ["uf1", "ufs2", "ext2", "ext3", "ext4", "zfs"],
    "darwin": ["apfs"],
}

Depending on the supplied flags to fs_generator.py the generated file system is either empty or contains a randomly generated file system hierarchy. The files will be directories, symbolic as well as hard links and binary files.

Example:

$ sudo python3 fs_generator.py -fs ext4 -s 15 -n "ubuntu_ext4_15mb" -o /home/dev/HITB/scripts/create_fs -p 10 -ps 1024

This creates a ext4 disk image of size 15 MB on a Ubuntu host system. It will contain 10 files of which the maximum file size for each will be at most 1024 bytes. Finally, it will be saved at /home/dev/HITB/scripts/create_fs/:

$ ls /home/dev/HITB/scripts/create_fs/ubuntu_ext4_15mb
/home/dev/HITB/scripts/create_fs/ubuntu_ext4_15mb

fs_mutator.py

Is a standalone mutation script that supports mutation via radamsa, targeted mutation of specific metadata fields as well as less targeted variant where you can write n bytes of 0x00/0xff/random to either the superblock, cylinder groups or data section.

Examples

$ ./fs_mutator.py -f HITB_ufs -o HITB_ufs_rad --radamsa --determinism --restore

Takes the HITB_ufs file system and applies a seeded full binary radamsa mutation to it. Afterwards the magic bytes are restored. The output is saved in a file called HITB_ufs_rad.

$ ./fs_mutator.py -f HITB_ufs -t sb 0 fs_magic 'AAAA' -o HITB_ufs_fsmagic

This overwrites the 4 byte magic sequence in the 0th ufs superblock with 'AAAA'.

$ ./fs_mutator.py -f HITB_ufs -t sb all fs_fsmnt 'Hello World @ HITB 2020 Lockdown' -o HITB_ufs_fsmnt

This overwrites all superblock fields that correspond to the fs_fsmnt name with the provided Hello World... string.

fs_fuzzer.py

This is a minimal working demo fuzzer, which includes 5 PoCs. You can read the code and understand the concept behind accessing and playing with remote machines.

fs_util.py, ext-/ufs-superblock_parser.py

Provide some helper scripts to parse metadata fields and so forth.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].