Stupid was developed in late 2011 to automate fuzzing of different file formats( mainly Music/Video Players etc).
This software is licenced under BEER WARE licence although the following libraries are included with Stupid and are licensed separately.
- pydbg
- paimei - https://github.com/pedramamini/paimei
"THE BEER-WARE LICENSE" (Revision 42):
Debasish Mandal <debasishm89 [at] gmail.com> wrote this file. As long as you retain this notice you can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return.
Stupid was developed and tested with Python 2.7(x86). So it's recommended to use the same version of python. Also make sure pydbg(x86) installed on the system.
You need to provide the target application binary path (.exe) and at least one base file to run this fuzzer. You can to modify the configuration section of "stupid.py" as per your requirement.
mutate() routine is responsible for generating test cases from given bases files. It has two sub parts
- Bitflip
- Random Byte Flip
You may want to change / modify these functions to make this fuzzer more effective. ;)
To monitor target application for different types of crashes (access violation), Stupid uses pydbg(Python debugger). Also it uses utils of https://github.com/pedramamini/paimei framework to collect crash information which can be used later to identify interesting app crashes.
Crash files and crash information can be found in "Crashes" folder which can be used to reproduce app crashes.
Sample Crash Synopsis File
Send them to debasishm89 [at] gmail.com
Happy Fuzzing
Debasish Mandal (http://www.debasish.in)