The idea is to be the Network Protocol Fuzzer that we will want to use.
The aim of this tool is to assist during the whole process of fuzzing a network protocol, allowing to define the communications, helping to identify the “suspects” of crashing a service, and much more
Also Read – CTFTool : Interactive CTF Exploration Tool
virtualenv venv -p python3
source venv/bin/activate
pip install -r requirements.txt
Help
usage: python -m fuzzowski [-h] [-p {tcp,udp,ssl}] [-b BIND] [-st SEND_TIMEOUT]
[-rt RECV_TIMEOUT] [–sleep-time SLEEP_TIME] [-nc] [-tn]
[-nr] [-nrf] [-cr]
[–threshold-request CRASH_THRESHOLD_REQUEST]
[–threshold-element CRASH_THRESHOLD_ELEMENT]
[–ignore-aborted] [–ignore-reset] [–error-fuzz-issues]
[-c CALLBACK | –file FILENAME] -f
{cops,dhcp,ipp,lpd,netconf,telnet_cli,tftp,raw}
[-r FUZZ_REQUESTS [FUZZ_REQUESTS …]]
[–restart module_name [args …]]
[–restart-sleep RESTART_SLEEP_TIME]
[–monitors {IPPMon} [{IPPMon} …]] [–path PATH]
[–document_url DOCUMENT_URL]
host port
positional arguments:
host Destination Host
port Destination Port
optional arguments:
-h, –help show this help message and exit
Connection Options:
-p {tcp,udp,ssl}, –protocol {tcp,udp,ssl}
Protocol ( Default tcp)
-b BIND, –bind BIND Bind to port
-st SEND_TIMEOUT, –send_timeout SEND_TIMEOUT
Set send() timeout (Default 5s)
-rt RECV_TIMEOUT, –recv_timeout RECV_TIMEOUT
Set recv() timeout (Default 5s)
–sleep-time SLEEP_TIME
Sleep time between each test (Default 0)
-nc, –new-conns Open a new connection after each packet of the same test
-tn, –transmit-next-node
Transmit the next node in the graph of the fuzzed node
RECV() Options:
-nr, –no-recv Do not recv() in the socket after each send
-nrf, –no-recv-fuzz Do not recv() in the socket after sending a fuzzed request
-cr, –check-recv Check that data has been received in recv()
Crashes Options:
–threshold-request CRASH_THRESHOLD_REQUEST
Set the number of allowed crashes in a Request before skippi ng it (Default 9999)
–threshold-element CRASH_THRESHOLD_ELEMENT
Set the number of allowed crashes in a Primitive before skipping it (Default 3)
–ignore-aborted Ignore ECONNABORTED errors
–ignore-reset Ignore ECONNRESET errors
–error-fuzz-issues Log as error when there is any connection issue in the fuzzed node
Fuzz Options:
-c CALLBACK, –callback CALLBACK
Set a callback address to fuzz with callback generator instead of normal mutations
–file FILENAME Use contents of a file for fuzz mutations
Fuzzers:
-f {cops,dhcp,ipp,lpd,netconf,telnet_cli,tftp,raw}, –fuzz {cops,dhcp,ipp,lpd,netconf,telnet_cli,tftp,raw}
Available Protocols
-r FUZZ_REQUESTS [FUZZ_REQUESTS …], –requests FUZZ_REQUESTS [FUZZ_REQUESTS …]
Requests of the protocol to fuzz, default All
dhcp: [opt82]
ipp: [http_headers, get_printer_attribs, print_uri_message, send_uri, get_jobs, get_job_attribs]
lpd: [long_queue, short_queue, ctrl_file, data_file, remove_job]
telnet_cli: [commands]
tftp: [read]
raw: [‘\x01string\n’ ‘\x02request2\x00’ …]
Restart options:
–restart module_name [args …]
Restarter Modules:
run: ‘ [ …]’ (Pass command and arguments within quotes, as only one argument)
smartplug: It will turn off and on the Smart Plug
teckin:
–restart-sleep RESTART_SLEEP_TIME
Set sleep seconds after a crash bef ore continue (Default 5)
Monitor options:
–monitors {IPPMon} [{IPPMon} …], -m {IPPMon} [{IPPMon} …]
Monitor Modules:
IPPMon: Sends a get-attributes IPP message to the target
Other Options:
–path PATH Set path when fuzzing HTTP based protocols (Default /)
–document_url DOCUMENT_URL
Set Document URL for print_uri
Examples
Fuzz the get_printer_attribs IPP operation with default options:
python -m fuzzowski printer1 631 -f ipp -r get_printer_attribs –restart smartplug
Use the raw feature of IPP to fuzz the finger protocol:
python -m fuzzowski printer 79 -f raw -r ‘{{root}}\n’
Use the raw feature of IPP to fuzz the finger protocol, but instead of using the predefined mutations, use a file:
python -m fuzzowski printer 79 -f raw -r ‘{{root}}\n’ –file ‘path/to/my/fuzzlist’
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…