Peach Fuzzing Platform – Smarfuzzer For Generation & Mutation Based Fuzzing

Use Netsparker


Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.

There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this is simple and dumb as sending random bytes, or much smarter by knowing good values and combining them in interesting ways.

Mutation on the other hand starts out with a known good “template” which is then modified. However, nothing that is not present in the “template” or “seed” will be produced. For example, if a file format specified 18 types of chunks or optional data segments and the “template”/”seed” only used four (4) of them, a mutational based fuzzer would never generate the other chunks not present only modify the chunks it is presented with.

Peach requires the creation of PeachPit files that define the structure, type information, and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run including selecting a data transport (Publisher), logging interface, etc.

Peach Pit files are XML files that contain all of the information needed for Peach to perform a fuzzing run. When you fuzz something with Peach you are creating a Peach Pit file.

Peach has been under active development for five years and is in its second major version.

You can read the Peach Quickstart here to get going.

Requirements

  • For Windows install Debugging Tools for Windows (download)
  • For Linux Install Python 2.5 (2.6 is OK)

You can download Peach here:

Windows – x86 Installer, x64 Installer
Linux – Peach-2.3.6-src.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Secure Coding

, , ,


Latest Posts:


DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.


Comments are closed.