dfuzz 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/README.rdoc +18 -0
- data/Rakefile +40 -0
- data/VERSION +1 -0
- data/dfuzz.gemspec +57 -0
- data/lib/dfuzz.rb +37 -0
- data/lib/dfuzz/block.rb +28 -0
- data/lib/dfuzz/char.rb +37 -0
- data/lib/dfuzz/fudge.rb +22 -0
- data/lib/dfuzz/generator.rb +16 -0
- data/lib/dfuzz/generator18.rb +385 -0
- data/lib/dfuzz/integer.rb +32 -0
- data/lib/dfuzz/sequential.rb +26 -0
- data/lib/dfuzz/string.rb +35 -0
- data/test/helper.rb +9 -0
- data/test/test_dfuzz.rb +74 -0
- metadata +88 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 9d357bf3301dd7c682ec2da083387fb19ec0b713
|
4
|
+
data.tar.gz: a352d7e660207450f6b0062fdb67680dfa255f22
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: e5c25fc9cda6e3663a8a684c595529a89bab0659b9e4f762252d722a876228d4216962f85ac9fe79d087bc4ddff25db62403dc2c56ee2693c9ddaaca8e5d470f
|
7
|
+
data.tar.gz: adc0c2a308b0a1137ed14278beb77d1e499e40c4551b76d6002efc7236fc14d31cdcf768dd7f55109399fcb45668396b9bcba735480ea3030bb15e059004f2fe
|
data/.document
ADDED
data/README.rdoc
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
= dfuzz
|
2
|
+
|
3
|
+
Description goes here.
|
4
|
+
|
5
|
+
== Contributing to dfuzz
|
6
|
+
|
7
|
+
* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
|
8
|
+
* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
|
9
|
+
* Fork the project
|
10
|
+
* Start a feature/bugfix branch
|
11
|
+
* Commit and push until you are happy with your contribution
|
12
|
+
* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
|
13
|
+
* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
|
14
|
+
|
15
|
+
== Copyright
|
16
|
+
|
17
|
+
Copyright (c) 2005-2008 Dino Dai Zovi
|
18
|
+
Copyright (c) 2011-2016 tduehr. See LICENSE.txt for further details.
|
data/Rakefile
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'rake'
|
4
|
+
|
5
|
+
require 'jeweler'
|
6
|
+
Jeweler::Tasks.new do |gem|
|
7
|
+
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
8
|
+
gem.name = "dfuzz"
|
9
|
+
gem.homepage = "http://github.com/tduehr/dfuzz"
|
10
|
+
gem.summary = %Q{Fuzz generators}
|
11
|
+
gem.description = %Q{Fuzzing payload generators for pentesting}
|
12
|
+
gem.email = "timur.duehr@nccgroup.trust"
|
13
|
+
gem.authors = ["tduehr", "Dino Dai Zovi"]
|
14
|
+
gem.add_development_dependency "jeweler", "~> 2.1.2"
|
15
|
+
gem.add_development_dependency "yard", "~> 0.9.5"
|
16
|
+
end
|
17
|
+
Jeweler::RubygemsDotOrgTasks.new
|
18
|
+
|
19
|
+
require 'rake/testtask'
|
20
|
+
Rake::TestTask.new(:test) do |test|
|
21
|
+
test.libs << 'lib' << 'test'
|
22
|
+
test.pattern = 'test/**/test_*.rb'
|
23
|
+
test.verbose = true
|
24
|
+
end
|
25
|
+
|
26
|
+
begin
|
27
|
+
require 'rcov/rcovtask'
|
28
|
+
Rcov::RcovTask.new do |test|
|
29
|
+
test.libs << 'test'
|
30
|
+
test.pattern = 'test/**/test_*.rb'
|
31
|
+
test.verbose = true
|
32
|
+
test.rcov_opts << '--exclude "gems/*"'
|
33
|
+
end
|
34
|
+
rescue LoadError
|
35
|
+
end
|
36
|
+
|
37
|
+
task :default => :test
|
38
|
+
|
39
|
+
require 'yard'
|
40
|
+
YARD::Rake::YardocTask.new
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.3.0
|
data/dfuzz.gemspec
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
# stub: dfuzz 0.3.0 ruby lib
|
6
|
+
|
7
|
+
Gem::Specification.new do |s|
|
8
|
+
s.name = "dfuzz"
|
9
|
+
s.version = "0.3.0"
|
10
|
+
|
11
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
|
+
s.require_paths = ["lib"]
|
13
|
+
s.authors = ["tduehr", "Dino Dai Zovi"]
|
14
|
+
s.date = "2016-11-03"
|
15
|
+
s.description = "Fuzzing payload generators for pentesting"
|
16
|
+
s.email = "timur.duehr@nccgroup.trust"
|
17
|
+
s.extra_rdoc_files = [
|
18
|
+
"README.rdoc"
|
19
|
+
]
|
20
|
+
s.files = [
|
21
|
+
".document",
|
22
|
+
"README.rdoc",
|
23
|
+
"Rakefile",
|
24
|
+
"VERSION",
|
25
|
+
"dfuzz.gemspec",
|
26
|
+
"lib/dfuzz.rb",
|
27
|
+
"lib/dfuzz/block.rb",
|
28
|
+
"lib/dfuzz/char.rb",
|
29
|
+
"lib/dfuzz/fudge.rb",
|
30
|
+
"lib/dfuzz/generator.rb",
|
31
|
+
"lib/dfuzz/generator18.rb",
|
32
|
+
"lib/dfuzz/integer.rb",
|
33
|
+
"lib/dfuzz/sequential.rb",
|
34
|
+
"lib/dfuzz/string.rb",
|
35
|
+
"test/helper.rb",
|
36
|
+
"test/test_dfuzz.rb"
|
37
|
+
]
|
38
|
+
s.homepage = "http://github.com/tduehr/dfuzz"
|
39
|
+
s.rubygems_version = "2.5.1"
|
40
|
+
s.summary = "Fuzz generators"
|
41
|
+
|
42
|
+
if s.respond_to? :specification_version then
|
43
|
+
s.specification_version = 4
|
44
|
+
|
45
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
46
|
+
s.add_development_dependency(%q<jeweler>, ["~> 2.1.2"])
|
47
|
+
s.add_development_dependency(%q<yard>, ["~> 0.9.5"])
|
48
|
+
else
|
49
|
+
s.add_dependency(%q<jeweler>, ["~> 2.1.2"])
|
50
|
+
s.add_dependency(%q<yard>, ["~> 0.9.5"])
|
51
|
+
end
|
52
|
+
else
|
53
|
+
s.add_dependency(%q<jeweler>, ["~> 2.1.2"])
|
54
|
+
s.add_dependency(%q<yard>, ["~> 0.9.5"])
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
data/lib/dfuzz.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
# = fuzz.rb
|
4
|
+
#
|
5
|
+
# Fuzz Generators
|
6
|
+
#
|
7
|
+
# Ruby 1.8 Generators use continuations (which are slow) and leak
|
8
|
+
# memory like crazy, so use generators.rb from Ruby 1.9.
|
9
|
+
#
|
10
|
+
# Author:: Dai Zovi, Dino <ddz@theta44.org>
|
11
|
+
# License:: Private
|
12
|
+
# Revision:: $Id$
|
13
|
+
#
|
14
|
+
|
15
|
+
if RUBY_VERSION < "1.9"
|
16
|
+
require 'dfuzz/generator18'
|
17
|
+
else
|
18
|
+
require 'dfuzz/generator'
|
19
|
+
end
|
20
|
+
|
21
|
+
require 'dfuzz/fudge'
|
22
|
+
require 'dfuzz/integer'
|
23
|
+
require 'dfuzz/char'
|
24
|
+
require 'dfuzz/block'
|
25
|
+
require 'dfuzz/sequential'
|
26
|
+
require 'dfuzz/string'
|
27
|
+
|
28
|
+
module DFuzz
|
29
|
+
#
|
30
|
+
# Modules for higher-level tokens (e-mail addresses, asn1, etc)
|
31
|
+
#
|
32
|
+
class EmailAddress < Generator
|
33
|
+
def initialize()
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
end
|
data/lib/dfuzz/block.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
module DFuzz
|
2
|
+
# Serially generate each variable in turn (equivalent to
|
3
|
+
# recursively nesting generators)
|
4
|
+
class Block
|
5
|
+
def initialize(defaults, generators)
|
6
|
+
@defaults = defaults
|
7
|
+
@generators = generators
|
8
|
+
end
|
9
|
+
|
10
|
+
def run(&block)
|
11
|
+
generators_index = 0
|
12
|
+
|
13
|
+
# Baseline
|
14
|
+
block.call(@defaults)
|
15
|
+
|
16
|
+
# Iterate through generators, fully exhausting each and
|
17
|
+
# calling the code block with each set of values
|
18
|
+
@generators.each { |g|
|
19
|
+
values = Array.new(@defaults)
|
20
|
+
while (g.next?)
|
21
|
+
values[generators_index] = g.next
|
22
|
+
block.call(values)
|
23
|
+
end
|
24
|
+
generators_index += 1;
|
25
|
+
}
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
data/lib/dfuzz/char.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
module DFuzz
|
2
|
+
class Char < Generator
|
3
|
+
def initialize(c=:default)
|
4
|
+
c = case c
|
5
|
+
when :all
|
6
|
+
(0..256).map(&:chr)
|
7
|
+
when :alpha
|
8
|
+
('A'..'Z').to_a + ('a'..'z').to_a
|
9
|
+
when Enumerator
|
10
|
+
c
|
11
|
+
when ::String
|
12
|
+
c.chars
|
13
|
+
when :default
|
14
|
+
["A", "0", "~", "`", "!", "@", "#", "$", "%", "^", "&",
|
15
|
+
"*", "(", ")", "-", "=", "+", "[", "]", "|",
|
16
|
+
":", "'", "\"", ",", "<", ".", ">", "/",
|
17
|
+
" ", "~", "_", "{", "}", "\x7f","\x00",
|
18
|
+
"\x88","\x89","\x8f",
|
19
|
+
"\x98","\x99","\x9f",
|
20
|
+
"\xa8","\xa9","\xaf",
|
21
|
+
"\xb8","\xb9","\xbf",
|
22
|
+
"\xc8","\xc9","\xcf",
|
23
|
+
"\xd8","\xd9","\xdf",
|
24
|
+
"\xe8","\xe9","\xef",
|
25
|
+
"\xf8","\xf9","\xff"
|
26
|
+
]
|
27
|
+
else
|
28
|
+
c.to_enum
|
29
|
+
end
|
30
|
+
super() {|yldr|
|
31
|
+
c.each do |char|
|
32
|
+
yldr.yield char
|
33
|
+
end
|
34
|
+
}
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
data/lib/dfuzz/fudge.rb
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'dfuzz/generator'
|
2
|
+
|
3
|
+
module DFuzz
|
4
|
+
# Generate Xi-F...Xi+F for each Xi in boundaries and fudge_factor F
|
5
|
+
class Fudge < DFuzz::Generator
|
6
|
+
def initialize(boundaries, fudge_factor, mask = nil)
|
7
|
+
super() { |g|
|
8
|
+
boundaries.each {|b|
|
9
|
+
0.upto(fudge_factor) { |f|
|
10
|
+
if (mask)
|
11
|
+
g.yield((b+f) & mask)
|
12
|
+
g.yield((b-f) & mask)
|
13
|
+
else
|
14
|
+
g.yield b+f
|
15
|
+
g.yield b-f
|
16
|
+
end
|
17
|
+
}
|
18
|
+
}
|
19
|
+
}
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,385 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#--
|
3
|
+
# $Idaemons: /home/cvs/rb/generator.rb,v 1.8 2001/10/03 08:54:32 knu Exp $
|
4
|
+
# $RoughId: generator.rb,v 1.10 2003/10/14 19:36:58 knu Exp $
|
5
|
+
# $Id: generator.rb,v 1.12 2005/12/31 02:56:46 ocean Exp $
|
6
|
+
#++
|
7
|
+
#
|
8
|
+
# = generator.rb: convert an internal iterator to an external one
|
9
|
+
#
|
10
|
+
# Copyright (c) 2001,2003 Akinori MUSHA <knu@iDaemons.org>
|
11
|
+
#
|
12
|
+
# All rights reserved. You can redistribute and/or modify it under
|
13
|
+
# the same terms as Ruby.
|
14
|
+
#
|
15
|
+
# == Overview
|
16
|
+
#
|
17
|
+
# This library provides the Generator class, which converts an
|
18
|
+
# internal iterator (i.e. an Enumerable object) to an external
|
19
|
+
# iterator. In that form, you can roll many iterators independently.
|
20
|
+
#
|
21
|
+
# The SyncEnumerator class, which is implemented using Generator,
|
22
|
+
# makes it easy to roll many Enumerable objects synchronously.
|
23
|
+
#
|
24
|
+
# See the respective classes for examples of usage.
|
25
|
+
|
26
|
+
module DFuzz
|
27
|
+
|
28
|
+
#
|
29
|
+
# Generator converts an internal iterator (i.e. an Enumerable object)
|
30
|
+
# to an external iterator.
|
31
|
+
#
|
32
|
+
# == Example
|
33
|
+
#
|
34
|
+
# require 'generator'
|
35
|
+
#
|
36
|
+
# # Generator from an Enumerable object
|
37
|
+
# g = Generator.new(['A', 'B', 'C', 'Z'])
|
38
|
+
#
|
39
|
+
# while g.next?
|
40
|
+
# puts g.next
|
41
|
+
# end
|
42
|
+
#
|
43
|
+
# # Generator from a block
|
44
|
+
# g = Generator.new { |g|
|
45
|
+
# for i in 'A'..'C'
|
46
|
+
# g.yield i
|
47
|
+
# end
|
48
|
+
#
|
49
|
+
# g.yield 'Z'
|
50
|
+
# }
|
51
|
+
#
|
52
|
+
# # The same result as above
|
53
|
+
# while g.next?
|
54
|
+
# puts g.next
|
55
|
+
# end
|
56
|
+
#
|
57
|
+
class Generator
|
58
|
+
include Enumerable
|
59
|
+
|
60
|
+
# Creates a new generator either from an Enumerable object or from a
|
61
|
+
# block.
|
62
|
+
#
|
63
|
+
# In the former, block is ignored even if given.
|
64
|
+
#
|
65
|
+
# In the latter, the given block is called with the generator
|
66
|
+
# itself, and expected to call the +yield+ method for each element.
|
67
|
+
def initialize(enum = nil, &block)
|
68
|
+
if enum
|
69
|
+
@block = proc{|g| enum.each{|value| g.yield value}}
|
70
|
+
else
|
71
|
+
@block = block
|
72
|
+
end
|
73
|
+
@index = 0
|
74
|
+
@queue = []
|
75
|
+
@main_thread = nil
|
76
|
+
@loop_thread.kill if defined?(@loop_thread)
|
77
|
+
@loop_thread = Thread.new do
|
78
|
+
Thread.stop
|
79
|
+
begin
|
80
|
+
@block.call(self)
|
81
|
+
rescue
|
82
|
+
@main_thread.raise $!
|
83
|
+
ensure
|
84
|
+
@main_thread.wakeup
|
85
|
+
end
|
86
|
+
end
|
87
|
+
Thread.pass until @loop_thread.stop?
|
88
|
+
self
|
89
|
+
end
|
90
|
+
|
91
|
+
# Yields an element to the generator.
|
92
|
+
def yield(value)
|
93
|
+
if Thread.current != @loop_thread
|
94
|
+
raise "should be called in Generator.new{|g| ... }"
|
95
|
+
end
|
96
|
+
Thread.critical = true
|
97
|
+
begin
|
98
|
+
@queue << value
|
99
|
+
@main_thread.wakeup
|
100
|
+
Thread.stop
|
101
|
+
ensure
|
102
|
+
Thread.critical = false
|
103
|
+
end
|
104
|
+
self
|
105
|
+
end
|
106
|
+
|
107
|
+
# Returns true if the generator has reached the end.
|
108
|
+
def end?
|
109
|
+
if @queue.empty?
|
110
|
+
if @main_thread
|
111
|
+
raise "should not be called in Generator.new{|g| ... }"
|
112
|
+
end
|
113
|
+
Thread.critical = true
|
114
|
+
begin
|
115
|
+
@main_thread = Thread.current
|
116
|
+
@loop_thread.wakeup
|
117
|
+
Thread.stop
|
118
|
+
rescue ThreadError
|
119
|
+
# ignore
|
120
|
+
ensure
|
121
|
+
@main_thread = nil
|
122
|
+
Thread.critical = false
|
123
|
+
end
|
124
|
+
end
|
125
|
+
@queue.empty?
|
126
|
+
end
|
127
|
+
|
128
|
+
# Returns true if the generator has not reached the end yet.
|
129
|
+
def next?
|
130
|
+
!end?
|
131
|
+
end
|
132
|
+
|
133
|
+
# Returns the current index (position) counting from zero.
|
134
|
+
def index
|
135
|
+
@index
|
136
|
+
end
|
137
|
+
|
138
|
+
# Returns the current index (position) counting from zero.
|
139
|
+
def pos
|
140
|
+
@index
|
141
|
+
end
|
142
|
+
|
143
|
+
# Returns the element at the current position and moves forward.
|
144
|
+
def next
|
145
|
+
raise EOFError.new("no more elements available") if end?
|
146
|
+
@index += 1
|
147
|
+
@queue.shift
|
148
|
+
end
|
149
|
+
|
150
|
+
# Returns the element at the current position.
|
151
|
+
def current
|
152
|
+
raise EOFError.new("no more elements available") if end?
|
153
|
+
@queue.first
|
154
|
+
end
|
155
|
+
|
156
|
+
# Rewinds the generator.
|
157
|
+
def rewind
|
158
|
+
initialize(nil, &@block) if @index.nonzero?
|
159
|
+
self
|
160
|
+
end
|
161
|
+
|
162
|
+
# Rewinds the generator and enumerates the elements.
|
163
|
+
def each
|
164
|
+
rewind
|
165
|
+
until end?
|
166
|
+
yield self.next
|
167
|
+
end
|
168
|
+
self
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
#
|
173
|
+
# SyncEnumerator creates an Enumerable object from multiple Enumerable
|
174
|
+
# objects and enumerates them synchronously.
|
175
|
+
#
|
176
|
+
# == Example
|
177
|
+
#
|
178
|
+
# require 'generator'
|
179
|
+
#
|
180
|
+
# s = SyncEnumerator.new([1,2,3], ['a', 'b', 'c'])
|
181
|
+
#
|
182
|
+
# # Yields [1, 'a'], [2, 'b'], and [3,'c']
|
183
|
+
# s.each { |row| puts row.join(', ') }
|
184
|
+
#
|
185
|
+
class SyncEnumerator
|
186
|
+
include Enumerable
|
187
|
+
|
188
|
+
# Creates a new SyncEnumerator which enumerates rows of given
|
189
|
+
# Enumerable objects.
|
190
|
+
def initialize(*enums)
|
191
|
+
@gens = enums.map { |e| Generator.new(e) }
|
192
|
+
end
|
193
|
+
|
194
|
+
# Returns the number of enumerated Enumerable objects, i.e. the size
|
195
|
+
# of each row.
|
196
|
+
def size
|
197
|
+
@gens.size
|
198
|
+
end
|
199
|
+
|
200
|
+
# Returns the number of enumerated Enumerable objects, i.e. the size
|
201
|
+
# of each row.
|
202
|
+
def length
|
203
|
+
@gens.length
|
204
|
+
end
|
205
|
+
|
206
|
+
# Returns true if the given nth Enumerable object has reached the
|
207
|
+
# end. If no argument is given, returns true if any of the
|
208
|
+
# Enumerable objects has reached the end.
|
209
|
+
def end?(i = nil)
|
210
|
+
if i.nil?
|
211
|
+
@gens.detect { |g| g.end? } ? true : false
|
212
|
+
else
|
213
|
+
@gens[i].end?
|
214
|
+
end
|
215
|
+
end
|
216
|
+
|
217
|
+
# Enumerates rows of the Enumerable objects.
|
218
|
+
def each
|
219
|
+
@gens.each { |g| g.rewind }
|
220
|
+
|
221
|
+
loop do
|
222
|
+
count = 0
|
223
|
+
|
224
|
+
ret = @gens.map { |g|
|
225
|
+
if g.end?
|
226
|
+
count += 1
|
227
|
+
nil
|
228
|
+
else
|
229
|
+
g.next
|
230
|
+
end
|
231
|
+
}
|
232
|
+
|
233
|
+
if count == @gens.size
|
234
|
+
break
|
235
|
+
end
|
236
|
+
|
237
|
+
yield ret
|
238
|
+
end
|
239
|
+
|
240
|
+
self
|
241
|
+
end
|
242
|
+
end
|
243
|
+
end
|
244
|
+
|
245
|
+
if $0 == __FILE__
|
246
|
+
eval DATA.read, nil, $0, __LINE__+4
|
247
|
+
end
|
248
|
+
|
249
|
+
__END__
|
250
|
+
|
251
|
+
require 'test/unit'
|
252
|
+
|
253
|
+
class TC_Generator < Test::Unit::TestCase
|
254
|
+
def test_block1
|
255
|
+
g = Generator.new { |g|
|
256
|
+
# no yield's
|
257
|
+
}
|
258
|
+
|
259
|
+
assert_equal(0, g.pos)
|
260
|
+
assert_raises(EOFError) { g.current }
|
261
|
+
end
|
262
|
+
|
263
|
+
def test_block2
|
264
|
+
g = Generator.new { |g|
|
265
|
+
for i in 'A'..'C'
|
266
|
+
g.yield i
|
267
|
+
end
|
268
|
+
|
269
|
+
g.yield 'Z'
|
270
|
+
}
|
271
|
+
|
272
|
+
assert_equal(0, g.pos)
|
273
|
+
assert_equal('A', g.current)
|
274
|
+
|
275
|
+
assert_equal(true, g.next?)
|
276
|
+
assert_equal(0, g.pos)
|
277
|
+
assert_equal('A', g.current)
|
278
|
+
assert_equal(0, g.pos)
|
279
|
+
assert_equal('A', g.next)
|
280
|
+
|
281
|
+
assert_equal(1, g.pos)
|
282
|
+
assert_equal(true, g.next?)
|
283
|
+
assert_equal(1, g.pos)
|
284
|
+
assert_equal('B', g.current)
|
285
|
+
assert_equal(1, g.pos)
|
286
|
+
assert_equal('B', g.next)
|
287
|
+
|
288
|
+
assert_equal(g, g.rewind)
|
289
|
+
|
290
|
+
assert_equal(0, g.pos)
|
291
|
+
assert_equal('A', g.current)
|
292
|
+
|
293
|
+
assert_equal(true, g.next?)
|
294
|
+
assert_equal(0, g.pos)
|
295
|
+
assert_equal('A', g.current)
|
296
|
+
assert_equal(0, g.pos)
|
297
|
+
assert_equal('A', g.next)
|
298
|
+
|
299
|
+
assert_equal(1, g.pos)
|
300
|
+
assert_equal(true, g.next?)
|
301
|
+
assert_equal(1, g.pos)
|
302
|
+
assert_equal('B', g.current)
|
303
|
+
assert_equal(1, g.pos)
|
304
|
+
assert_equal('B', g.next)
|
305
|
+
|
306
|
+
assert_equal(2, g.pos)
|
307
|
+
assert_equal(true, g.next?)
|
308
|
+
assert_equal(2, g.pos)
|
309
|
+
assert_equal('C', g.current)
|
310
|
+
assert_equal(2, g.pos)
|
311
|
+
assert_equal('C', g.next)
|
312
|
+
|
313
|
+
assert_equal(3, g.pos)
|
314
|
+
assert_equal(true, g.next?)
|
315
|
+
assert_equal(3, g.pos)
|
316
|
+
assert_equal('Z', g.current)
|
317
|
+
assert_equal(3, g.pos)
|
318
|
+
assert_equal('Z', g.next)
|
319
|
+
|
320
|
+
assert_equal(4, g.pos)
|
321
|
+
assert_equal(false, g.next?)
|
322
|
+
assert_raises(EOFError) { g.next }
|
323
|
+
end
|
324
|
+
|
325
|
+
def test_each
|
326
|
+
a = [5, 6, 7, 8, 9]
|
327
|
+
|
328
|
+
g = Generator.new(a)
|
329
|
+
|
330
|
+
i = 0
|
331
|
+
|
332
|
+
g.each { |x|
|
333
|
+
assert_equal(a[i], x)
|
334
|
+
|
335
|
+
i += 1
|
336
|
+
|
337
|
+
break if i == 3
|
338
|
+
}
|
339
|
+
|
340
|
+
assert_equal(3, i)
|
341
|
+
|
342
|
+
i = 0
|
343
|
+
|
344
|
+
g.each { |x|
|
345
|
+
assert_equal(a[i], x)
|
346
|
+
|
347
|
+
i += 1
|
348
|
+
}
|
349
|
+
|
350
|
+
assert_equal(5, i)
|
351
|
+
end
|
352
|
+
end
|
353
|
+
|
354
|
+
class TC_SyncEnumerator < Test::Unit::TestCase
|
355
|
+
def test_each
|
356
|
+
r = ['a'..'f', 1..10, 10..20]
|
357
|
+
ra = r.map { |x| x.to_a }
|
358
|
+
|
359
|
+
a = (0...(ra.map {|x| x.size}.max)).map { |i| ra.map { |x| x[i] } }
|
360
|
+
|
361
|
+
s = SyncEnumerator.new(*r)
|
362
|
+
|
363
|
+
i = 0
|
364
|
+
|
365
|
+
s.each { |x|
|
366
|
+
assert_equal(a[i], x)
|
367
|
+
|
368
|
+
i += 1
|
369
|
+
|
370
|
+
break if i == 3
|
371
|
+
}
|
372
|
+
|
373
|
+
assert_equal(3, i)
|
374
|
+
|
375
|
+
i = 0
|
376
|
+
|
377
|
+
s.each { |x|
|
378
|
+
assert_equal(a[i], x)
|
379
|
+
|
380
|
+
i += 1
|
381
|
+
}
|
382
|
+
|
383
|
+
assert_equal(a.size, i)
|
384
|
+
end
|
385
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module DFuzz
|
2
|
+
class Integer < Fudge
|
3
|
+
def initialize(delta = 0x80)
|
4
|
+
super([0, 0x7FFF, 0xFFFF, 0x7FFFFFFF,
|
5
|
+
0x7FFFFFFFFFFFFFFF], delta)
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
class Byte < Integer
|
10
|
+
def initialize(delta = 0x10)
|
11
|
+
super([0x00, 0x01, 0x7F, 0xFF], delta, 0xFF)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
class Short < Integer
|
16
|
+
def initialize(delta = 0x80)
|
17
|
+
super([0x0000, 0x0001, 0x7FFF, 0xFFFF], delta, 0xFFFF)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
class Long < Integer
|
22
|
+
def initialize(delta = 0x10000)
|
23
|
+
super([0x00000000, 0x0000001, 0x7FFFFFFF, 0xFFFFFFFF, 0x40000000, 0xC0000000], delta, 0xffffffff)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
class LongLong < Integer
|
28
|
+
def initialize(delta = 100000000)
|
29
|
+
super([0x00000000, 0x0000001, 0x7FFFFFFFFFFFFFFF, 0xFFFFFFFF, 0x4000000000000000, 0xC000000000000000], delta, 0xffffffffffffffff)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module DFuzz
|
2
|
+
class Sequential < Generator
|
3
|
+
def initialize *generators
|
4
|
+
super() do |g|
|
5
|
+
generators.each do |gen|
|
6
|
+
gen.each do |val|
|
7
|
+
g.yield val
|
8
|
+
end
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def next?
|
14
|
+
begin
|
15
|
+
self.peek
|
16
|
+
true
|
17
|
+
rescue StopIteration
|
18
|
+
false
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def to_a; self; end
|
23
|
+
def shift; next? ? self.next : nil; end
|
24
|
+
def empty?; !self.next?; end
|
25
|
+
end
|
26
|
+
end
|
data/lib/dfuzz/string.rb
ADDED
@@ -0,0 +1,35 @@
|
|
1
|
+
module DFuzz
|
2
|
+
class String < Generator
|
3
|
+
def initialize(lengths = nil, strings = nil, chars = nil)
|
4
|
+
super() { |g|
|
5
|
+
# Fuzz strings are each of CHARS repeated each of
|
6
|
+
# LENGTHS times and each of strings
|
7
|
+
lengths ||= [16, 32, 64, 100, 128, 192, 256, 384, 512, 768, 1024, 2048, 3072, 4096, 6000, 8192, 10000, 16000, 20000, 32000, 50000, 64000, 72000, 100000]
|
8
|
+
strings ||= [
|
9
|
+
"%n%n%n%n%n%n%n%n%n%n", "%252n%252n%252n%252n%252n",
|
10
|
+
"%x%x%x%x", "%252x%252x%252x%252x",
|
11
|
+
"../../../../../../../../../../../../../etc/passwd",
|
12
|
+
"../../../../../../../../../../../../../etc/passwd%00",
|
13
|
+
"../../../../../../../../../../../../../boot.ini",
|
14
|
+
"../../../../../../../../../../../../../boot.ini%00",
|
15
|
+
"..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\boot.ini",
|
16
|
+
"..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\boot.ini%00",
|
17
|
+
"<script>alert('XSS');</script>",
|
18
|
+
"A0`~!@#\$\%^&*()-_=+[]{}\\|;:',.<>/\""
|
19
|
+
]
|
20
|
+
chars ||= Char.new()
|
21
|
+
while chars.next?
|
22
|
+
c = chars.next
|
23
|
+
|
24
|
+
lengths.each { |l|
|
25
|
+
g.yield(c * l)
|
26
|
+
}
|
27
|
+
end
|
28
|
+
|
29
|
+
strings.each { |s|
|
30
|
+
g.yield(s)
|
31
|
+
}
|
32
|
+
}
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
data/test/helper.rb
ADDED
data/test/test_dfuzz.rb
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
require 'helper'
|
2
|
+
|
3
|
+
class TestDfuzz < Test::Unit::TestCase
|
4
|
+
def test_integers
|
5
|
+
i = 0
|
6
|
+
integers = DFuzz::Integer.new()
|
7
|
+
while integers.next?
|
8
|
+
integers.next
|
9
|
+
i += 1
|
10
|
+
end
|
11
|
+
assert_equal(1290, i)
|
12
|
+
end
|
13
|
+
|
14
|
+
def test_bytes
|
15
|
+
i = 0
|
16
|
+
bytes = DFuzz::Byte.new()
|
17
|
+
while bytes.next?
|
18
|
+
bytes.next
|
19
|
+
i += 1
|
20
|
+
end
|
21
|
+
assert_equal(136,i)
|
22
|
+
end
|
23
|
+
|
24
|
+
def test_shorts
|
25
|
+
i = 0
|
26
|
+
shorts = DFuzz::Short.new()
|
27
|
+
while shorts.next?
|
28
|
+
shorts.next
|
29
|
+
i += 1
|
30
|
+
end
|
31
|
+
assert_equal(1032, i)
|
32
|
+
end
|
33
|
+
|
34
|
+
def test_longs
|
35
|
+
i = 0
|
36
|
+
longs = DFuzz::Long.new()
|
37
|
+
while longs.next?
|
38
|
+
longs.next
|
39
|
+
i += 1
|
40
|
+
end
|
41
|
+
assert_equal(3084, i)
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_chars
|
45
|
+
i = 0
|
46
|
+
characters = DFuzz::Char.new()
|
47
|
+
while characters.next?
|
48
|
+
characters.next
|
49
|
+
i += 1
|
50
|
+
end
|
51
|
+
assert_equal(197, i)
|
52
|
+
end
|
53
|
+
|
54
|
+
def test_strings
|
55
|
+
i = 0
|
56
|
+
strings = DFuzz::String.new([1,2])
|
57
|
+
while strings.next?
|
58
|
+
strings.next
|
59
|
+
i += 1
|
60
|
+
end
|
61
|
+
assert_equal(406, i)
|
62
|
+
end
|
63
|
+
|
64
|
+
def test_blocks
|
65
|
+
require 'pp'
|
66
|
+
b = DFuzz::Block.new(["FOO", "BAR"],
|
67
|
+
[DFuzz::String.new([1]), DFuzz::String.new([2])])
|
68
|
+
i = 0
|
69
|
+
b.run() { |a, b|
|
70
|
+
i += 1
|
71
|
+
}
|
72
|
+
assert_equal(419, i)
|
73
|
+
end
|
74
|
+
end
|
metadata
ADDED
@@ -0,0 +1,88 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: dfuzz
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.3.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- tduehr
|
8
|
+
- Dino Dai Zovi
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2016-11-03 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: jeweler
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
requirements:
|
18
|
+
- - "~>"
|
19
|
+
- !ruby/object:Gem::Version
|
20
|
+
version: 2.1.2
|
21
|
+
type: :development
|
22
|
+
prerelease: false
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - "~>"
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
version: 2.1.2
|
28
|
+
- !ruby/object:Gem::Dependency
|
29
|
+
name: yard
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - "~>"
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: 0.9.5
|
35
|
+
type: :development
|
36
|
+
prerelease: false
|
37
|
+
version_requirements: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - "~>"
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: 0.9.5
|
42
|
+
description: Fuzzing payload generators for pentesting
|
43
|
+
email: timur.duehr@nccgroup.trust
|
44
|
+
executables: []
|
45
|
+
extensions: []
|
46
|
+
extra_rdoc_files:
|
47
|
+
- README.rdoc
|
48
|
+
files:
|
49
|
+
- ".document"
|
50
|
+
- README.rdoc
|
51
|
+
- Rakefile
|
52
|
+
- VERSION
|
53
|
+
- dfuzz.gemspec
|
54
|
+
- lib/dfuzz.rb
|
55
|
+
- lib/dfuzz/block.rb
|
56
|
+
- lib/dfuzz/char.rb
|
57
|
+
- lib/dfuzz/fudge.rb
|
58
|
+
- lib/dfuzz/generator.rb
|
59
|
+
- lib/dfuzz/generator18.rb
|
60
|
+
- lib/dfuzz/integer.rb
|
61
|
+
- lib/dfuzz/sequential.rb
|
62
|
+
- lib/dfuzz/string.rb
|
63
|
+
- test/helper.rb
|
64
|
+
- test/test_dfuzz.rb
|
65
|
+
homepage: http://github.com/tduehr/dfuzz
|
66
|
+
licenses: []
|
67
|
+
metadata: {}
|
68
|
+
post_install_message:
|
69
|
+
rdoc_options: []
|
70
|
+
require_paths:
|
71
|
+
- lib
|
72
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
77
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - ">="
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0'
|
82
|
+
requirements: []
|
83
|
+
rubyforge_project:
|
84
|
+
rubygems_version: 2.5.1
|
85
|
+
signing_key:
|
86
|
+
specification_version: 4
|
87
|
+
summary: Fuzz generators
|
88
|
+
test_files: []
|