forked from pvi44/fuzzer
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfuzzer3.py
66 lines (52 loc) · 1.63 KB
/
fuzzer3.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/usr/bin/python
# 5-line fuzzer below is from Charlie Miller's
# "Babysitting an Army of Monkeys":
# Part 1 - http://www.youtube.com/watch?v=Xnwodi2CBws
# Part 2 - http://www.youtube.com/watch?v=lK5fgCvS2N
# List of files to use as initial seed
file_list=[
"pdf_files_samples\git-cheat-sheet.pdf",
"pdf_files_samples\MHD_Denne-linky.pdf",
"pdf_files_samples\tabulka-ESR.pdf",
]
# List of applications to test (vymazal som jednu dalsiu, pouzivam iba jednu a upravil som to dalej v kode)
app = [
"\Program Files\Foxit Software\Foxit Reader\FoxitReader.exe"
]
fuzz_output = "fuzz.pdf"
FuzzFactor = 244
num_tests = 10000
########### end configuration ##########
import math
import random
import string
import subprocess
import time
import os
crashes = {}
for i in range(num_tests):
file_choice = random.choice(file_list)
#app = random.choice(apps)
buf = bytearray(open(file_choice, 'rb').read())
# start Charlie Miller code
numwrites=random.randrange(math.ceil((float(len(buf)) / FuzzFactor)))+1
for j in range(numwrites):
rbyte = random.randrange(256)
rn = random.randrange(len(buf))
buf[rn] = "%c"%(rbyte)
#end Charlie Miller code
open(fuzz_output, 'wb').write(buf)
process = subprocess.Popen([app, fuzz_output])
statinfo = os.stat(file_choice)
time.sleep(3)
# time.sleep(int(statinfo.st_size/50000))
crashed = process.poll()
if not crashed:
process.terminate()
else:
stats.append((app, file_choice))
results = open("stats_monkey_result.txt", "wt")
print "%d crashes\n" % len(stats)
for c in stats:
print c
results.write(c[0] + c[1])