Honggfuzz – Simple Command Line Software Fuzzing Tool


Honggfuzz is a general-purpose fuzzing tool. Given a starting corpus of test files, Hongfuzz supplies and modifies input to a test program and utilize the ptrace() API/POSIX signal interface to detect and log crashes.

Basically it’s a simple, easy to use via command-line interface, providing nice analysis of software crashes in a simple form of file names.

It has been used to find a few (possibly exploitable) bugs in some major software packages including freetype2, librsvg and libtiff.

Features

  • Easy setup: No complicated configuration files or setup necessary — Hongfuzz can be run directly from the command line.
  • Fast: Multiple Hongfuzz instances can be run simultaneously for more efficient fuzzing.
  • Powerful analysis capabilities: Hongfuzz will use the most powerful process state analysis (e.g. ptrace) interface under a given OS.

You can download Honggfuzz here:

honggfuzz-0.1.tgz

Or read more here.

Posted in: Exploits/Vulnerabilities, Secure Coding

, ,


Latest Posts:


RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.


2 Responses to Honggfuzz – Simple Command Line Software Fuzzing Tool

  1. Hackito Fan December 16, 2010 at 10:53 am #

    What’s the main difference with zzuf command line fuzzer? Something it does better?

    • Darknet December 17, 2010 at 8:12 am #

      How about you compare them both and let us know :)