4f: The File Format Fuzzing Framework

The New Acunetix V12 Engine


4f is a file format fuzzing framework. 4f uses modules which are specifications of the targeted binary or text file format that tell it how to fuzz the target application. If 4f detects a crash, it will log crucial information important for allowing the 4f user to reproduce the problem and also debugging information important to deciding the severity of the bug and its exploitability.

4f’s purpose is to find vulnerabilities in code that parses file formats including configuration files.

4f uses specialized modules for fuzzing code that interprets file formats. Several modules are included and more can be written to follow other file formats.

A module system is in place for fuzzing any file format you like as long as you know its specification

Custom debugger gathers crucial debugging information on crash, logs it, then continues fuzzing.

Usage


You can download 4f here:

4f.tar.gz

Or read more here.

Posted in: Exploits/Vulnerabilities, Secure Coding

, , ,


Latest Posts:


HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.


Comments are closed.