GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → XiphosResearch → phuzz

XiphosResearch / phuzz

Licence: other
Find exploitable PHP files by parameter fuzzing and function call tracing

Programming Languages

python
139335 projects - #7 most used programming language
PHP
23972 projects - #3 most used programming language
Makefile
30231 projects

Labels

xdebugfuzzingdynamic-analysisexploitationstrace

Projects that are alternatives of or similar to phuzz

Paper collection
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Stars: ✭ 710 (+1239.62%)
Mutual labels:  fuzzing, exploitation
AEGPaper
Automatic Exploit Generation Paper
Stars: ✭ 30 (-43.4%)
Mutual labels:  fuzzing, exploitation
Crosshair
An analysis tool for Python that blurs the line between testing and type systems.
Stars: ✭ 586 (+1005.66%)
Mutual labels:  fuzzing, dynamic-analysis
Samsung Trustzone Research
Reverse-engineering tools and exploits for Samsung's implementation of TrustZone
Stars: ✭ 85 (+60.38%)
Mutual labels:  fuzzing, exploitation
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (+275.47%)
Mutual labels:  fuzzing, exploitation
titanm
This repository contains the tools we used in our research on the Google Titan M chip
Stars: ✭ 149 (+181.13%)
Mutual labels:  fuzzing, exploitation
Droid Application Fuzz Framework
Android application fuzzing framework with fuzzers and crash monitor.
Stars: ✭ 248 (+367.92%)
Mutual labels:  fuzzing, exploitation
libdft64
libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)
Stars: ✭ 174 (+228.3%)
Mutual labels:  fuzzing, dynamic-analysis
swiftfuzztools
Swift-based fuzzing tools
Stars: ✭ 18 (-66.04%)
Mutual labels:  fuzzing
sedoppkit
A knockoff social-engineer toolkit
Stars: ✭ 46 (-13.21%)
Mutual labels:  exploitation
r2frida-book
The radare2 + frida book for Mobile Application assessment
Stars: ✭ 38 (-28.3%)
Mutual labels:  dynamic-analysis
Easy-Pickings
Automatic function exporting and linking for fuzzing cross-architecture binaries.
Stars: ✭ 49 (-7.55%)
Mutual labels:  fuzzing
php8-xdebug
PHP 8.0 for development and production usage. With nginx, brotli, xdebug, JIT and more...
Stars: ✭ 17 (-67.92%)
Mutual labels:  xdebug
afl-cygwin
AFL "mostly" ported to cygwin
Stars: ✭ 24 (-54.72%)
Mutual labels:  fuzzing
DrGadget
dr.rer.oec.gadget IDAPython plugin for the Interactive Disassembler <ABANDONED PROJECT>
Stars: ✭ 61 (+15.09%)
Mutual labels:  exploitation
sidefuzz
Fuzzer to automatically find side-channel (timing) vulnerabilities
Stars: ✭ 94 (+77.36%)
Mutual labels:  fuzzing
MsFontsFuzz
OpenType font file format fuzzer for Windows
Stars: ✭ 49 (-7.55%)
Mutual labels:  fuzzing
exploit-CVE-2016-7434
NTPD remote DOS exploit and vulnerable container
Stars: ✭ 23 (-56.6%)
Mutual labels:  exploitation
jest-fuzz
Fuzz testing for jest
Stars: ✭ 24 (-54.72%)
Mutual labels:  fuzzing
FuzzImageMagick
Sample files for fuzzing ImageMagick
Stars: ✭ 15 (-71.7%)
Mutual labels:  fuzzing
View All Similar Projects ➔

PHP Hardening Phuzzer

Build Status

It uses feedback from xdebug and strace to generate random and arbitrary input parameters to a PHP script and find code paths which lead to exploitation. Primarily it's designed to scan for vulnerabilities in PHP scripts which are web accessible but not meant to be run directly.

Features

  • Detect input parameters, _GET, _POST, _REQUEST, _COOKIE and _FILES
  • Generate random input parameters
  • Find unique code paths
  • systemcall tracing with strace and dtruss, tested on Linux & OSX
  • PHP function call tracing, using Xdebug

TODO

  • Make it suck less
  • Analysis of collected Phuzz cases/traces, automatic exploit generation
  • dtrace and systemtap support

Example

The first request is made to analyse which inputs the script uses.

[Thu Sep  8 17:36:00 2016] 127.0.0.1:36996 [200]: /rce1.php

It then generates random values for the required parameters, and finds all the PHP and system calls that.

[Thu Sep  8 17:36:00 2016] 127.0.0.1:36998 [200]: /rce1.php?cmd=SWGAGI55
<webroot>/rce1.php
	 system ( 'SWGAGI55' )

syscalls:
	 stat ( "/usr/local/sbin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/local/bin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/sbin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/bin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/sbin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/bin/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/games/SWGAGI55", 0x7ffff9f76140 )
	 stat ( "/usr/local/games/SWGAGI55", 0x7ffff9f76140 )

Installation

Debian / Ubuntu

sudo apt-get install php5.6-cli php-xdebug
pip install -r requirements.txt

sudo sh -c 'echo 0 > /proc/sys/kernel/yama/ptrace_scope' python -mphuzz

OSX

brew install php56 php56-xdebug
pip install -r requirements.txt
python -mphuzz

Microsoft Windows (XP or above)

  • Click on Start button (bottom left hand corner of screen)
  • Click My Computer
  • Navigate to C:\Program Files (Intel X86 Architecture)\Microsoft Internet Explorer Professional Edition 2016\
  • Locate iexplore.exe, you may have to use the scroll bars
  • Click on it... twice, quickly!
  • Wait until new window opens up
  • Find the white bar with http://worldwideweb.msn.com/en-US/infestedmalwaresmegma.exe in it
  • Click the text, just once!
  • Press the Ctrl and A buttons on your keyboard, together, at the same time.
  • Type in www.google.com
  • Wait until your computer starts responding again
  • Type in Self immolation techniques for beginners
  • Press the Search button
  • Follow instructions until warm throughout

TL;DR any ideas on porting this to Win32 API?

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].