-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathfuzzer5.py
69 lines (51 loc) · 1.66 KB
/
fuzzer5.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/usr/bin/python
# 5-line fuzzer below is from Charlie Miller's
# "Babysitting an Army of Monkeys":
# Part 1 - http://www.youtube.com/watch?v=Xnwodi2CBws
# Part 2 - http://www.youtube.com/watch?v=lK5fgCvS2N
# List of files to use as initial seed
file_list=[
"doc_files_samples\LiveCode-Reviewers-Guide-April-2013.doc",
"doc_files_samples\Work Instructions - Rally Naming Conventions.docx",
"doc_files_samples\Parilak.doc"
]
# List of applications to test (vymazal som jednu dalsiu, pouzivam iba jednu a upravil som to dalej v kode)
app = [
"\Program Files\Microsoft Office\Office14\WINWORD.EXE"
]
fuzz_output = "fuzz"
FuzzFactor = 244
num_tests = 10
########### end configuration ##########
import math
import random
import string
import subprocess
import time
import os
crashes = {}
for i in range(num_tests):
file_choice = random.choice(file_list)
#app = random.choice(app)
buf = bytearray(open(file_choice, 'rb').read())
# start Charlie Miller code
numwrites=random.randrange(math.ceil((float(len(buf)) / FuzzFactor)))+1
for j in range(numwrites):
rbyte = random.randrange(256)
rn = random.randrange(len(buf))
buf[rn] = "%c"%(rbyte)
#end Charlie Miller code
with open(fuzz_output, "wb") as f:
f.write(buf)
print "Opening file '%s' with app '%s', %d bytes changed" % (file_choice, app, numwrites)
p = subprocess.Popen([app, fuzz_output])
time.sleep(3)
crashed = p.poll()
if not crashed:
p.terminate()
else:
crashes[app] += 1
print "Test summary"
print "=" * 40
for app, count in crashes.items():
print "App '%s' crashed %d times." % (app, count)