Fusil Fuzzer 0.7 – Fuzzing Functions in Python

Find your website's Achilles' Heel


Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 license. Fusil allows you to easily write “Fuzzing Projects” from a set of functions such as:

  • Create a process
  • Compile a C program
  • Watch a process
  • Watch syslog and so on

Fusil uses small “agents” which exchange messages to launch actions. e.g. MangleFile injects errors into valid file (PDF file, AVI movie, JPEG picture etc.). And then Fusil uses generated filename to run a process.

Currently available projects are ClamAV, Firefox (contains an HTTP server), gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall, mplayer, php, poppler, vim and xterm.

For fuzzing safety, Fusil limits process memory, process priority, only copies a few environment variables, creates a temporary directory used as working directory, etc.

You can download Fusil 0.7 here:

fusil-0.7.tar.gz (INSTALL doc)

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming

, , , , , ,

Recent in Exploits/Vulnerabilities:
- Intel Hidden Management Engine – x86 Security Risk?
- TeamViewer Hacked? It Certainly Looks Like It
- Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,744 views
- AJAX: Is your application secure enough? - 120,098 views
- eEye Launches 0-Day Exploit Tracker - 85,537 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


One Response to Fusil Fuzzer 0.7 – Fuzzing Functions in Python

  1. James C March 11, 2008 at 5:52 pm #

    I’ll give it a go. I currently use SPIKE. Hope fusil requires less initial setup and planing.