Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:57:45 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1698468413&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Fuzzer%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Ffuzzer%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1698468413.1338191865.1338191865.1338191865.1%3B%2B__utmz%3D32867617.1338191865.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112152/531.txt http://packetstormsecurity.org/files/112152/531.txt http://packetstormsecurity.org/files/112152/Cross-Site-Scripting-Payloads.html Tue, 24 Apr 2012 11:11:11 GMT Vulnerability Lab has produced a large amount of cross site scripting payloads that can be used with fuzzers for automated scanning, etc. http://packetstormsecurity.org/files/111182/tftp-fuzz.py.txt http://packetstormsecurity.org/files/111182/tftp-fuzz.py.txt http://packetstormsecurity.org/files/111182/TFTP-Fuzzer-Script.html Mon, 26 Mar 2012 21:34:22 GMT This is a master TFTP fuzzing script that is part of the ftools series of fuzzers. http://packetstormsecurity.org/files/110712/backfuzz.tar.gz http://packetstormsecurity.org/files/110712/backfuzz.tar.gz http://packetstormsecurity.org/files/110712/Back-To-The-FUZZer-Toolkit.html Mon, 12 Mar 2012 17:22:11 GMT This tool is for fuzzing different protocols such as FTP, HTTP, IMAP, and more. It also has no-protocol plugins like a file fuzzer. Written in Python. http://packetstormsecurity.org/files/110430/sfuzz-0.7.0.tar.bz2 http://packetstormsecurity.org/files/110430/sfuzz-0.7.0.tar.bz2 http://packetstormsecurity.org/files/110430/Simple-Fuzzing-Utility-0.7.0.html Sun, 04 Mar 2012 18:22:22 GMT Simple Fuzz is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability. http://packetstormsecurity.org/files/109658/dotdotpwn-v3.0.tar.gz http://packetstormsecurity.org/files/109658/dotdotpwn-v3.0.tar.gz http://packetstormsecurity.org/files/109658/DotDotPwn-The-Directory-Traversal-Fuzzer-3.0.html Sat, 11 Feb 2012 05:28:40 GMT DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. http://packetstormsecurity.org/files/108760/uniofuzz.py.txt http://packetstormsecurity.org/files/108760/uniofuzz.py.txt http://packetstormsecurity.org/files/108760/UniOFuzz-Universal-Fuzzer-Tool.html Wed, 18 Jan 2012 00:24:12 GMT UniOFuzz is a universal fuzzing tool for browsers, web services, files, programs and network services/ports. http://packetstormsecurity.org/files/108532/phpvh1.2.0.2.zip http://packetstormsecurity.org/files/108532/phpvh1.2.0.2.zip http://packetstormsecurity.org/files/108532/PHP-Vulnerability-Hunter-1.2.0.2.html Tue, 10 Jan 2012 10:11:11 GMT PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities. http://packetstormsecurity.org/files/108492/phpvh1.2.0.1.zip http://packetstormsecurity.org/files/108492/phpvh1.2.0.1.zip http://packetstormsecurity.org/files/108492/PHP-Vulnerability-Hunter-1.2.0.1.html Mon, 09 Jan 2012 22:26:45 GMT PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities. http://packetstormsecurity.org/files/107301/sipArmyKnife_11232011.pl.txt http://packetstormsecurity.org/files/107301/sipArmyKnife_11232011.pl.txt http://packetstormsecurity.org/files/107301/SIP-Army-Knife-Fuzzer-11232011.html Thu, 24 Nov 2011 18:22:22 GMT SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more. http://packetstormsecurity.org/files/107136/rtsp_fuzz_v0.1.rar http://packetstormsecurity.org/files/107136/rtsp_fuzz_v0.1.rar http://packetstormsecurity.org/files/107136/rtspFUZZ-0.1.html Sat, 19 Nov 2011 04:04:34 GMT rtspFUZZ is a real time streaming protocol server fuzzer. It uses 6 basic crafting techniques OPTIONS,DESCRIBE,SETUP,PLAY,GET_PARAMETER,TEARDOWN,PAUSE etc rtsp commands and 9 advanced crafting techniques to test any target application. It has the ability to fuzz with Metasploit Pattern (pattern_create.rb) which can be helpful for finding the offset. http://packetstormsecurity.org/files/107074/phpvh1.1.4.6.zip http://packetstormsecurity.org/files/107074/phpvh1.1.4.6.zip http://packetstormsecurity.org/files/107074/PHP-Vulnerability-Hunter-1.1.4.6.html Thu, 17 Nov 2011 15:57:19 GMT PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities. http://packetstormsecurity.org/files/104826/FuzzTalk1.0.0.0.zip http://packetstormsecurity.org/files/104826/FuzzTalk1.0.0.0.zip http://packetstormsecurity.org/files/104826/FuzzTalk-Fuzzing-Framework-1.0.0.0.html Tue, 06 Sep 2011 13:31:04 GMT FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers. http://packetstormsecurity.org/files/104049/phpvh1.1.3.1.zip http://packetstormsecurity.org/files/104049/phpvh1.1.3.1.zip http://packetstormsecurity.org/files/104049/PHP-Vulnerability-Hunter-1.1.3.1.html Tue, 16 Aug 2011 04:00:26 GMT PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities. http://packetstormsecurity.org/files/96709/honggfuzz-0.1.tgz http://packetstormsecurity.org/files/96709/honggfuzz-0.1.tgz http://packetstormsecurity.org/files/96709/Honggfuzz-CLI-Fuzzer-0.1.html Tue, 14 Dec 2010 13:11:11 GMT Honggfuzz is a general-purpose, easy-to-use fuzzer with interesting analysis options. Given a starting corpus of test files, Honggfuzz supplies and modifies input to a test program and utilizes the ptrace() API/POSIX signal interface to detect and log crashes. It works on Linux, FreeBSD and Mac OS X. http://packetstormsecurity.org/files/95399/dotdotpwn-v2.1.tar.gz http://packetstormsecurity.org/files/95399/dotdotpwn-v2.1.tar.gz http://packetstormsecurity.org/files/95399/DotDotPwn-The-Directory-Traversal-Fuzzer-2.1.html Tue, 02 Nov 2010 04:41:14 GMT DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. http://packetstormsecurity.org/files/95376/intelligent-debugging.pdf http://packetstormsecurity.org/files/95376/intelligent-debugging.pdf http://packetstormsecurity.org/files/95376/Intelligent-Debugging-and-In-Memory-Fuzzers.html Tue, 02 Nov 2010 02:11:54 GMT Whitepaper called Intelligent Debugging and In-Memory Fuzzers. http://packetstormsecurity.org/files/92178/fuzzdiff.py.txt http://packetstormsecurity.org/files/92178/fuzzdiff.py.txt http://packetstormsecurity.org/files/92178/FuzzDiff-Crash-Analysis-Tool.html Mon, 26 Jul 2010 22:36:37 GMT FuzzDiff is a simple tool created to assist in helping make crash analysis during file format fuzzing a bit easier. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash. http://packetstormsecurity.org/files/91064/simplefuzz-0.6.2.tar.bz2 http://packetstormsecurity.org/files/91064/simplefuzz-0.6.2.tar.bz2 http://packetstormsecurity.org/files/91064/Simple-Fuzzer-0.6.2.html Sat, 26 Jun 2010 01:18:01 GMT Simple Fuzzer is a simple fuzzer. It has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences. It is built to fill a need - the need for a quickly configurable black box testing utility that does not require intimate knowledge of the inner workings of C or require specialized software rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability. http://packetstormsecurity.org/files/90273/spiderpig.tar.gz http://packetstormsecurity.org/files/90273/spiderpig.tar.gz http://packetstormsecurity.org/files/90273/Spiderpig-PDF-Fuzzer.html Fri, 04 Jun 2010 04:42:27 GMT Spiderpig is a PDF fuzzing utility written in python. http://packetstormsecurity.org/files/90098/sulley-framework.pdf http://packetstormsecurity.org/files/90098/sulley-framework.pdf http://packetstormsecurity.org/files/90098/Sulley-Framework-Basics.html Sun, 30 May 2010 22:40:12 GMT Whitepaper called The Sulley Framework: Basics. Sulley is a fuzzer packed with interesting capabilities. Such as packet-capturing, crash reporting and VMware automation. http://packetstormsecurity.org/files/89835/column_finder.py.txt http://packetstormsecurity.org/files/89835/column_finder.py.txt http://packetstormsecurity.org/files/89835/Full-Automated-Column-Finder-For-SQL-Injection.html Sat, 22 May 2010 19:27:13 GMT This fuzzing tool is called the Full Automated Column Finder for SQL Injection. http://packetstormsecurity.org/files/86547/darkcgi.tar.gz http://packetstormsecurity.org/files/86547/darkcgi.tar.gz http://packetstormsecurity.org/files/86547/CGIFuzz-Fuzzing-Tool.html Tue, 23 Feb 2010 06:52:55 GMT CGIFuzz is a python script for scanning 592 CGI paths on a given target. http://packetstormsecurity.org/files/85829/zzuf-0.13.tar.gz http://packetstormsecurity.org/files/85829/zzuf-0.13.tar.gz http://packetstormsecurity.org/files/85829/zzuf-0.13.tar.gz.html Thu, 04 Feb 2010 04:48:00 GMT zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs. http://packetstormsecurity.org/files/85269/bf3.tar.gz http://packetstormsecurity.org/files/85269/bf3.tar.gz http://packetstormsecurity.org/files/85269/bf3.tar.gz.html Thu, 04 Feb 2010 04:44:05 GMT Browser Fuzzer 3 (bf3) is a comprehensive web browser fuzzer that fuzzes CSS, DOM, HTML and JavaScript. http://packetstormsecurity.org/files/85024/tcpcontrol-fuzzer.txt http://packetstormsecurity.org/files/85024/tcpcontrol-fuzzer.txt http://packetstormsecurity.org/files/85024/2-6-TCP-Control-Bit-Fuzzer.html Mon, 11 Jan 2010 23:12:31 GMT 2^6 TCP control bit fuzzer (no ECN or CWR).