Fusil the fuzzer

Giraffe

Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. “segmentation fault”), watch session duration, watch cpu usage (process and system load), etc.

Fusil is based on a multi-agent system architecture. It computes a session score used to guess fuzzing parameters like number of injected errors to input files.

Available fuzzing projects: ClamAV, Firefox (contains an HTTP server), gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall, mplayer, php, poppler, vim, xterm.

Fusil is an opensource project written in Python under GNU GPLv2 license.

Features

Why using Fusil instead your own hand made C script?

  • Fusil limits child process environment: limit memory, use timeout, make sure that process is killed on session end
  • Fusil waits until system load is load before starting a fuzzing session
  • Fusil creates a session directory used as the process current working directory and Fusil only creates files in this directory (and not in /tmp)
  • Fusil stores all actions in fusil.log but also session.log for all actions related of a session
  • Fusil has multiple available probes to compute session score: guess if a sessions is a succes or not
  • Fusil redirects process output to a file and searchs bug text patterns in the stdout/stderr (Fusil contains many text patterns to detect crashes and problems)

Presentations

Articles

News

  • 2011-02-16: Release of Fusil 1.4, read the ChangeLog
  • 2010-01-09: Release of Fusil 1.3.2, read the ChangeLog
  • 2009-11-09: Release of Fusil 1.3.1
  • 2009-09-18: Release of Fusil 1.3
  • 2009-08-05: The website moved to a new server (bitbucket), the source code is now stored in a Mercurial repository instead of a Subversion repository
  • 2009-02-04: Release of Fusil 1.2
  • 2008-10-22: Release of Fusil 1.1
  • 2008-09-13: Release of Fusil 1.0 final
    • Create zzuf and vlc fuzzers
    • Replace replay.sh and gdb.sh by replay.py which has many more options (eg. –valgrind or –user)
    • Basic Windows support