Peach Fuzzing Platform – Smarfuzzer For Generation & Mutation Based Fuzzing

Keep on Guard!


Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.

There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this is simple and dumb as sending random bytes, or much smarter by knowing good values and combining them in interesting ways.

Mutation on the other hand starts out with a known good “template” which is then modified. However, nothing that is not present in the “template” or “seed” will be produced. For example, if a file format specified 18 types of chunks or optional data segments and the “template”/”seed” only used four (4) of them, a mutational based fuzzer would never generate the other chunks not present only modify the chunks it is presented with.

Peach requires the creation of PeachPit files that define the structure, type information, and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run including selecting a data transport (Publisher), logging interface, etc.

Peach Pit files are XML files that contain all of the information needed for Peach to perform a fuzzing run. When you fuzz something with Peach you are creating a Peach Pit file.

Peach has been under active development for five years and is in its second major version.

You can read the Peach Quickstart here to get going.

Requirements

  • For Windows install Debugging Tools for Windows (download)
  • For Linux Install Python 2.5 (2.6 is OK)

You can download Peach here:

Windows – x86 Installer, x64 Installer
Linux – Peach-2.3.6-src.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Secure Coding

, , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Comments are closed.