Peach Fuzzing Platform – Smarfuzzer For Generation & Mutation Based Fuzzing

Use Netsparker


Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.

There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this is simple and dumb as sending random bytes, or much smarter by knowing good values and combining them in interesting ways.

Mutation on the other hand starts out with a known good “template” which is then modified. However, nothing that is not present in the “template” or “seed” will be produced. For example, if a file format specified 18 types of chunks or optional data segments and the “template”/”seed” only used four (4) of them, a mutational based fuzzer would never generate the other chunks not present only modify the chunks it is presented with.

Peach requires the creation of PeachPit files that define the structure, type information, and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run including selecting a data transport (Publisher), logging interface, etc.

Peach Pit files are XML files that contain all of the information needed for Peach to perform a fuzzing run. When you fuzz something with Peach you are creating a Peach Pit file.

Peach has been under active development for five years and is in its second major version.

You can read the Peach Quickstart here to get going.

Requirements

  • For Windows install Debugging Tools for Windows (download)
  • For Linux Install Python 2.5 (2.6 is OK)

You can download Peach here:

Windows – x86 Installer, x64 Installer
Linux – Peach-2.3.6-src.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Secure Coding

, , ,


Latest Posts:


CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.
Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.


Comments are closed.