dfuzz 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +7 -0
  2. data/.document +5 -0
  3. data/README.rdoc +18 -0
  4. data/Rakefile +40 -0
  5. data/VERSION +1 -0
  6. data/dfuzz.gemspec +57 -0
  7. data/lib/dfuzz.rb +37 -0
  8. data/lib/dfuzz/block.rb +28 -0
  9. data/lib/dfuzz/char.rb +37 -0
  10. data/lib/dfuzz/fudge.rb +22 -0
  11. data/lib/dfuzz/generator.rb +16 -0
  12. data/lib/dfuzz/generator18.rb +385 -0
  13. data/lib/dfuzz/integer.rb +32 -0
  14. data/lib/dfuzz/sequential.rb +26 -0
  15. data/lib/dfuzz/string.rb +35 -0
  16. data/test/helper.rb +9 -0
  17. data/test/test_dfuzz.rb +74 -0
  18. metadata +88 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 9d357bf3301dd7c682ec2da083387fb19ec0b713
4
+ data.tar.gz: a352d7e660207450f6b0062fdb67680dfa255f22
5
+ SHA512:
6
+ metadata.gz: e5c25fc9cda6e3663a8a684c595529a89bab0659b9e4f762252d722a876228d4216962f85ac9fe79d087bc4ddff25db62403dc2c56ee2693c9ddaaca8e5d470f
7
+ data.tar.gz: adc0c2a308b0a1137ed14278beb77d1e499e40c4551b76d6002efc7236fc14d31cdcf768dd7f55109399fcb45668396b9bcba735480ea3030bb15e059004f2fe
data/.document ADDED
@@ -0,0 +1,5 @@
1
+ lib/**/*.rb
2
+ bin/*
3
+ -
4
+ features/**/*.feature
5
+ LICENSE.txt
data/README.rdoc ADDED
@@ -0,0 +1,18 @@
1
+ = dfuzz
2
+
3
+ Description goes here.
4
+
5
+ == Contributing to dfuzz
6
+
7
+ * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
8
+ * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
9
+ * Fork the project
10
+ * Start a feature/bugfix branch
11
+ * Commit and push until you are happy with your contribution
12
+ * Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
13
+ * Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
14
+
15
+ == Copyright
16
+
17
+ Copyright (c) 2005-2008 Dino Dai Zovi
18
+ Copyright (c) 2011-2016 tduehr. See LICENSE.txt for further details.
data/Rakefile ADDED
@@ -0,0 +1,40 @@
1
+ # encoding: utf-8
2
+
3
+ require 'rake'
4
+
5
+ require 'jeweler'
6
+ Jeweler::Tasks.new do |gem|
7
+ # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
8
+ gem.name = "dfuzz"
9
+ gem.homepage = "http://github.com/tduehr/dfuzz"
10
+ gem.summary = %Q{Fuzz generators}
11
+ gem.description = %Q{Fuzzing payload generators for pentesting}
12
+ gem.email = "timur.duehr@nccgroup.trust"
13
+ gem.authors = ["tduehr", "Dino Dai Zovi"]
14
+ gem.add_development_dependency "jeweler", "~> 2.1.2"
15
+ gem.add_development_dependency "yard", "~> 0.9.5"
16
+ end
17
+ Jeweler::RubygemsDotOrgTasks.new
18
+
19
+ require 'rake/testtask'
20
+ Rake::TestTask.new(:test) do |test|
21
+ test.libs << 'lib' << 'test'
22
+ test.pattern = 'test/**/test_*.rb'
23
+ test.verbose = true
24
+ end
25
+
26
+ begin
27
+ require 'rcov/rcovtask'
28
+ Rcov::RcovTask.new do |test|
29
+ test.libs << 'test'
30
+ test.pattern = 'test/**/test_*.rb'
31
+ test.verbose = true
32
+ test.rcov_opts << '--exclude "gems/*"'
33
+ end
34
+ rescue LoadError
35
+ end
36
+
37
+ task :default => :test
38
+
39
+ require 'yard'
40
+ YARD::Rake::YardocTask.new
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.3.0
data/dfuzz.gemspec ADDED
@@ -0,0 +1,57 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
5
+ # stub: dfuzz 0.3.0 ruby lib
6
+
7
+ Gem::Specification.new do |s|
8
+ s.name = "dfuzz"
9
+ s.version = "0.3.0"
10
+
11
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
+ s.require_paths = ["lib"]
13
+ s.authors = ["tduehr", "Dino Dai Zovi"]
14
+ s.date = "2016-11-03"
15
+ s.description = "Fuzzing payload generators for pentesting"
16
+ s.email = "timur.duehr@nccgroup.trust"
17
+ s.extra_rdoc_files = [
18
+ "README.rdoc"
19
+ ]
20
+ s.files = [
21
+ ".document",
22
+ "README.rdoc",
23
+ "Rakefile",
24
+ "VERSION",
25
+ "dfuzz.gemspec",
26
+ "lib/dfuzz.rb",
27
+ "lib/dfuzz/block.rb",
28
+ "lib/dfuzz/char.rb",
29
+ "lib/dfuzz/fudge.rb",
30
+ "lib/dfuzz/generator.rb",
31
+ "lib/dfuzz/generator18.rb",
32
+ "lib/dfuzz/integer.rb",
33
+ "lib/dfuzz/sequential.rb",
34
+ "lib/dfuzz/string.rb",
35
+ "test/helper.rb",
36
+ "test/test_dfuzz.rb"
37
+ ]
38
+ s.homepage = "http://github.com/tduehr/dfuzz"
39
+ s.rubygems_version = "2.5.1"
40
+ s.summary = "Fuzz generators"
41
+
42
+ if s.respond_to? :specification_version then
43
+ s.specification_version = 4
44
+
45
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
46
+ s.add_development_dependency(%q<jeweler>, ["~> 2.1.2"])
47
+ s.add_development_dependency(%q<yard>, ["~> 0.9.5"])
48
+ else
49
+ s.add_dependency(%q<jeweler>, ["~> 2.1.2"])
50
+ s.add_dependency(%q<yard>, ["~> 0.9.5"])
51
+ end
52
+ else
53
+ s.add_dependency(%q<jeweler>, ["~> 2.1.2"])
54
+ s.add_dependency(%q<yard>, ["~> 0.9.5"])
55
+ end
56
+ end
57
+
data/lib/dfuzz.rb ADDED
@@ -0,0 +1,37 @@
1
+ #!/usr/bin/env ruby
2
+ #
3
+ # = fuzz.rb
4
+ #
5
+ # Fuzz Generators
6
+ #
7
+ # Ruby 1.8 Generators use continuations (which are slow) and leak
8
+ # memory like crazy, so use generators.rb from Ruby 1.9.
9
+ #
10
+ # Author:: Dai Zovi, Dino <ddz@theta44.org>
11
+ # License:: Private
12
+ # Revision:: $Id$
13
+ #
14
+
15
+ if RUBY_VERSION < "1.9"
16
+ require 'dfuzz/generator18'
17
+ else
18
+ require 'dfuzz/generator'
19
+ end
20
+
21
+ require 'dfuzz/fudge'
22
+ require 'dfuzz/integer'
23
+ require 'dfuzz/char'
24
+ require 'dfuzz/block'
25
+ require 'dfuzz/sequential'
26
+ require 'dfuzz/string'
27
+
28
+ module DFuzz
29
+ #
30
+ # Modules for higher-level tokens (e-mail addresses, asn1, etc)
31
+ #
32
+ class EmailAddress < Generator
33
+ def initialize()
34
+ end
35
+ end
36
+
37
+ end
data/lib/dfuzz/block.rb ADDED
@@ -0,0 +1,28 @@
1
+ module DFuzz
2
+ # Serially generate each variable in turn (equivalent to
3
+ # recursively nesting generators)
4
+ class Block
5
+ def initialize(defaults, generators)
6
+ @defaults = defaults
7
+ @generators = generators
8
+ end
9
+
10
+ def run(&block)
11
+ generators_index = 0
12
+
13
+ # Baseline
14
+ block.call(@defaults)
15
+
16
+ # Iterate through generators, fully exhausting each and
17
+ # calling the code block with each set of values
18
+ @generators.each { |g|
19
+ values = Array.new(@defaults)
20
+ while (g.next?)
21
+ values[generators_index] = g.next
22
+ block.call(values)
23
+ end
24
+ generators_index += 1;
25
+ }
26
+ end
27
+ end
28
+ end
data/lib/dfuzz/char.rb ADDED
@@ -0,0 +1,37 @@
1
+ module DFuzz
2
+ class Char < Generator
3
+ def initialize(c=:default)
4
+ c = case c
5
+ when :all
6
+ (0..256).map(&:chr)
7
+ when :alpha
8
+ ('A'..'Z').to_a + ('a'..'z').to_a
9
+ when Enumerator
10
+ c
11
+ when ::String
12
+ c.chars
13
+ when :default
14
+ ["A", "0", "~", "`", "!", "@", "#", "$", "%", "^", "&",
15
+ "*", "(", ")", "-", "=", "+", "[", "]", "|",
16
+ ":", "'", "\"", ",", "<", ".", ">", "/",
17
+ " ", "~", "_", "{", "}", "\x7f","\x00",
18
+ "\x88","\x89","\x8f",
19
+ "\x98","\x99","\x9f",
20
+ "\xa8","\xa9","\xaf",
21
+ "\xb8","\xb9","\xbf",
22
+ "\xc8","\xc9","\xcf",
23
+ "\xd8","\xd9","\xdf",
24
+ "\xe8","\xe9","\xef",
25
+ "\xf8","\xf9","\xff"
26
+ ]
27
+ else
28
+ c.to_enum
29
+ end
30
+ super() {|yldr|
31
+ c.each do |char|
32
+ yldr.yield char
33
+ end
34
+ }
35
+ end
36
+ end
37
+ end
data/lib/dfuzz/fudge.rb ADDED
@@ -0,0 +1,22 @@
1
+ require 'dfuzz/generator'
2
+
3
+ module DFuzz
4
+ # Generate Xi-F...Xi+F for each Xi in boundaries and fudge_factor F
5
+ class Fudge < DFuzz::Generator
6
+ def initialize(boundaries, fudge_factor, mask = nil)
7
+ super() { |g|
8
+ boundaries.each {|b|
9
+ 0.upto(fudge_factor) { |f|
10
+ if (mask)
11
+ g.yield((b+f) & mask)
12
+ g.yield((b-f) & mask)
13
+ else
14
+ g.yield b+f
15
+ g.yield b-f
16
+ end
17
+ }
18
+ }
19
+ }
20
+ end
21
+ end
22
+ end
data/lib/dfuzz/generator.rb ADDED
@@ -0,0 +1,16 @@
1
+ module DFuzz
2
+ class Generator < ::Enumerator
3
+ def next?
4
+ begin
5
+ self.peek
6
+ true
7
+ rescue StopIteration
8
+ false
9
+ end
10
+ end
11
+
12
+ # def to_a; self; end
13
+ def shift; next? ? self.next : nil; end
14
+ def empty?; !self.next?; end
15
+ end
16
+ end
data/lib/dfuzz/generator18.rb ADDED
@@ -0,0 +1,385 @@
1
+ #!/usr/bin/env ruby
2
+ #--
3
+ # $Idaemons: /home/cvs/rb/generator.rb,v 1.8 2001/10/03 08:54:32 knu Exp $
4
+ # $RoughId: generator.rb,v 1.10 2003/10/14 19:36:58 knu Exp $
5
+ # $Id: generator.rb,v 1.12 2005/12/31 02:56:46 ocean Exp $
6
+ #++
7
+ #
8
+ # = generator.rb: convert an internal iterator to an external one
9
+ #
10
+ # Copyright (c) 2001,2003 Akinori MUSHA <knu@iDaemons.org>
11
+ #
12
+ # All rights reserved. You can redistribute and/or modify it under
13
+ # the same terms as Ruby.
14
+ #
15
+ # == Overview
16
+ #
17
+ # This library provides the Generator class, which converts an
18
+ # internal iterator (i.e. an Enumerable object) to an external
19
+ # iterator. In that form, you can roll many iterators independently.
20
+ #
21
+ # The SyncEnumerator class, which is implemented using Generator,
22
+ # makes it easy to roll many Enumerable objects synchronously.
23
+ #
24
+ # See the respective classes for examples of usage.
25
+
26
+ module DFuzz
27
+
28
+ #
29
+ # Generator converts an internal iterator (i.e. an Enumerable object)
30
+ # to an external iterator.
31
+ #
32
+ # == Example
33
+ #
34
+ # require 'generator'
35
+ #
36
+ # # Generator from an Enumerable object
37
+ # g = Generator.new(['A', 'B', 'C', 'Z'])
38
+ #
39
+ # while g.next?
40
+ # puts g.next
41
+ # end
42
+ #
43
+ # # Generator from a block
44
+ # g = Generator.new { |g|
45
+ # for i in 'A'..'C'
46
+ # g.yield i
47
+ # end
48
+ #
49
+ # g.yield 'Z'
50
+ # }
51
+ #
52
+ # # The same result as above
53
+ # while g.next?
54
+ # puts g.next
55
+ # end
56
+ #
57
+ class Generator
58
+ include Enumerable
59
+
60
+ # Creates a new generator either from an Enumerable object or from a
61
+ # block.
62
+ #
63
+ # In the former, block is ignored even if given.
64
+ #
65
+ # In the latter, the given block is called with the generator
66
+ # itself, and expected to call the +yield+ method for each element.
67
+ def initialize(enum = nil, &block)
68
+ if enum
69
+ @block = proc{|g| enum.each{|value| g.yield value}}
70
+ else
71
+ @block = block
72
+ end
73
+ @index = 0
74
+ @queue = []
75
+ @main_thread = nil
76
+ @loop_thread.kill if defined?(@loop_thread)
77
+ @loop_thread = Thread.new do
78
+ Thread.stop
79
+ begin
80
+ @block.call(self)
81
+ rescue
82
+ @main_thread.raise $!
83
+ ensure
84
+ @main_thread.wakeup
85
+ end
86
+ end
87
+ Thread.pass until @loop_thread.stop?
88
+ self
89
+ end
90
+
91
+ # Yields an element to the generator.
92
+ def yield(value)
93
+ if Thread.current != @loop_thread
94
+ raise "should be called in Generator.new{|g| ... }"
95
+ end
96
+ Thread.critical = true
97
+ begin
98
+ @queue << value
99
+ @main_thread.wakeup
100
+ Thread.stop
101
+ ensure
102
+ Thread.critical = false
103
+ end
104
+ self
105
+ end
106
+
107
+ # Returns true if the generator has reached the end.
108
+ def end?
109
+ if @queue.empty?
110
+ if @main_thread
111
+ raise "should not be called in Generator.new{|g| ... }"
112
+ end
113
+ Thread.critical = true
114
+ begin
115
+ @main_thread = Thread.current
116
+ @loop_thread.wakeup
117
+ Thread.stop
118
+ rescue ThreadError
119
+ # ignore
120
+ ensure
121
+ @main_thread = nil
122
+ Thread.critical = false
123
+ end
124
+ end
125
+ @queue.empty?
126
+ end
127
+
128
+ # Returns true if the generator has not reached the end yet.
129
+ def next?
130
+ !end?
131
+ end
132
+
133
+ # Returns the current index (position) counting from zero.
134
+ def index
135
+ @index
136
+ end
137
+
138
+ # Returns the current index (position) counting from zero.
139
+ def pos
140
+ @index
141
+ end
142
+
143
+ # Returns the element at the current position and moves forward.
144
+ def next
145
+ raise EOFError.new("no more elements available") if end?
146
+ @index += 1
147
+ @queue.shift
148
+ end
149
+
150
+ # Returns the element at the current position.
151
+ def current
152
+ raise EOFError.new("no more elements available") if end?
153
+ @queue.first
154
+ end
155
+
156
+ # Rewinds the generator.
157
+ def rewind
158
+ initialize(nil, &@block) if @index.nonzero?
159
+ self
160
+ end
161
+
162
+ # Rewinds the generator and enumerates the elements.
163
+ def each
164
+ rewind
165
+ until end?
166
+ yield self.next
167
+ end
168
+ self
169
+ end
170
+ end
171
+
172
+ #
173
+ # SyncEnumerator creates an Enumerable object from multiple Enumerable
174
+ # objects and enumerates them synchronously.
175
+ #
176
+ # == Example
177
+ #
178
+ # require 'generator'
179
+ #
180
+ # s = SyncEnumerator.new([1,2,3], ['a', 'b', 'c'])
181
+ #
182
+ # # Yields [1, 'a'], [2, 'b'], and [3,'c']
183
+ # s.each { |row| puts row.join(', ') }
184
+ #
185
+ class SyncEnumerator
186
+ include Enumerable
187
+
188
+ # Creates a new SyncEnumerator which enumerates rows of given
189
+ # Enumerable objects.
190
+ def initialize(*enums)
191
+ @gens = enums.map { |e| Generator.new(e) }
192
+ end
193
+
194
+ # Returns the number of enumerated Enumerable objects, i.e. the size
195
+ # of each row.
196
+ def size
197
+ @gens.size
198
+ end
199
+
200
+ # Returns the number of enumerated Enumerable objects, i.e. the size
201
+ # of each row.
202
+ def length
203
+ @gens.length
204
+ end
205
+
206
+ # Returns true if the given nth Enumerable object has reached the
207
+ # end. If no argument is given, returns true if any of the
208
+ # Enumerable objects has reached the end.
209
+ def end?(i = nil)
210
+ if i.nil?
211
+ @gens.detect { |g| g.end? } ? true : false
212
+ else
213
+ @gens[i].end?
214
+ end
215
+ end
216
+
217
+ # Enumerates rows of the Enumerable objects.
218
+ def each
219
+ @gens.each { |g| g.rewind }
220
+
221
+ loop do
222
+ count = 0
223
+
224
+ ret = @gens.map { |g|
225
+ if g.end?
226
+ count += 1
227
+ nil
228
+ else
229
+ g.next
230
+ end
231
+ }
232
+
233
+ if count == @gens.size
234
+ break
235
+ end
236
+
237
+ yield ret
238
+ end
239
+
240
+ self
241
+ end
242
+ end
243
+ end
244
+
245
+ if $0 == __FILE__
246
+ eval DATA.read, nil, $0, __LINE__+4
247
+ end
248
+
249
+ __END__
250
+
251
+ require 'test/unit'
252
+
253
+ class TC_Generator < Test::Unit::TestCase
254
+ def test_block1
255
+ g = Generator.new { |g|
256
+ # no yield's
257
+ }
258
+
259
+ assert_equal(0, g.pos)
260
+ assert_raises(EOFError) { g.current }
261
+ end
262
+
263
+ def test_block2
264
+ g = Generator.new { |g|
265
+ for i in 'A'..'C'
266
+ g.yield i
267
+ end
268
+
269
+ g.yield 'Z'
270
+ }
271
+
272
+ assert_equal(0, g.pos)
273
+ assert_equal('A', g.current)
274
+
275
+ assert_equal(true, g.next?)
276
+ assert_equal(0, g.pos)
277
+ assert_equal('A', g.current)
278
+ assert_equal(0, g.pos)
279
+ assert_equal('A', g.next)
280
+
281
+ assert_equal(1, g.pos)
282
+ assert_equal(true, g.next?)
283
+ assert_equal(1, g.pos)
284
+ assert_equal('B', g.current)
285
+ assert_equal(1, g.pos)
286
+ assert_equal('B', g.next)
287
+
288
+ assert_equal(g, g.rewind)
289
+
290
+ assert_equal(0, g.pos)
291
+ assert_equal('A', g.current)
292
+
293
+ assert_equal(true, g.next?)
294
+ assert_equal(0, g.pos)
295
+ assert_equal('A', g.current)
296
+ assert_equal(0, g.pos)
297
+ assert_equal('A', g.next)
298
+
299
+ assert_equal(1, g.pos)
300
+ assert_equal(true, g.next?)
301
+ assert_equal(1, g.pos)
302
+ assert_equal('B', g.current)
303
+ assert_equal(1, g.pos)
304
+ assert_equal('B', g.next)
305
+
306
+ assert_equal(2, g.pos)
307
+ assert_equal(true, g.next?)
308
+ assert_equal(2, g.pos)
309
+ assert_equal('C', g.current)
310
+ assert_equal(2, g.pos)
311
+ assert_equal('C', g.next)
312
+
313
+ assert_equal(3, g.pos)
314
+ assert_equal(true, g.next?)
315
+ assert_equal(3, g.pos)
316
+ assert_equal('Z', g.current)
317
+ assert_equal(3, g.pos)
318
+ assert_equal('Z', g.next)
319
+
320
+ assert_equal(4, g.pos)
321
+ assert_equal(false, g.next?)
322
+ assert_raises(EOFError) { g.next }
323
+ end
324
+
325
+ def test_each
326
+ a = [5, 6, 7, 8, 9]
327
+
328
+ g = Generator.new(a)
329
+
330
+ i = 0
331
+
332
+ g.each { |x|
333
+ assert_equal(a[i], x)
334
+
335
+ i += 1
336
+
337
+ break if i == 3
338
+ }
339
+
340
+ assert_equal(3, i)
341
+
342
+ i = 0
343
+
344
+ g.each { |x|
345
+ assert_equal(a[i], x)
346
+
347
+ i += 1
348
+ }
349
+
350
+ assert_equal(5, i)
351
+ end
352
+ end
353
+
354
+ class TC_SyncEnumerator < Test::Unit::TestCase
355
+ def test_each
356
+ r = ['a'..'f', 1..10, 10..20]
357
+ ra = r.map { |x| x.to_a }
358
+
359
+ a = (0...(ra.map {|x| x.size}.max)).map { |i| ra.map { |x| x[i] } }
360
+
361
+ s = SyncEnumerator.new(*r)
362
+
363
+ i = 0
364
+
365
+ s.each { |x|
366
+ assert_equal(a[i], x)
367
+
368
+ i += 1
369
+
370
+ break if i == 3
371
+ }
372
+
373
+ assert_equal(3, i)
374
+
375
+ i = 0
376
+
377
+ s.each { |x|
378
+ assert_equal(a[i], x)
379
+
380
+ i += 1
381
+ }
382
+
383
+ assert_equal(a.size, i)
384
+ end
385
+ end
data/lib/dfuzz/integer.rb ADDED
@@ -0,0 +1,32 @@
1
+ module DFuzz
2
+ class Integer < Fudge
3
+ def initialize(delta = 0x80)
4
+ super([0, 0x7FFF, 0xFFFF, 0x7FFFFFFF,
5
+ 0x7FFFFFFFFFFFFFFF], delta)
6
+ end
7
+ end
8
+
9
+ class Byte < Integer
10
+ def initialize(delta = 0x10)
11
+ super([0x00, 0x01, 0x7F, 0xFF], delta, 0xFF)
12
+ end
13
+ end
14
+
15
+ class Short < Integer
16
+ def initialize(delta = 0x80)
17
+ super([0x0000, 0x0001, 0x7FFF, 0xFFFF], delta, 0xFFFF)
18
+ end
19
+ end
20
+
21
+ class Long < Integer
22
+ def initialize(delta = 0x10000)
23
+ super([0x00000000, 0x0000001, 0x7FFFFFFF, 0xFFFFFFFF, 0x40000000, 0xC0000000], delta, 0xffffffff)
24
+ end
25
+ end
26
+
27
+ class LongLong < Integer
28
+ def initialize(delta = 100000000)
29
+ super([0x00000000, 0x0000001, 0x7FFFFFFFFFFFFFFF, 0xFFFFFFFF, 0x4000000000000000, 0xC000000000000000], delta, 0xffffffffffffffff)
30
+ end
31
+ end
32
+ end
data/lib/dfuzz/sequential.rb ADDED
@@ -0,0 +1,26 @@
1
+ module DFuzz
2
+ class Sequential < Generator
3
+ def initialize *generators
4
+ super() do |g|
5
+ generators.each do |gen|
6
+ gen.each do |val|
7
+ g.yield val
8
+ end
9
+ end
10
+ end
11
+ end
12
+
13
+ def next?
14
+ begin
15
+ self.peek
16
+ true
17
+ rescue StopIteration
18
+ false
19
+ end
20
+ end
21
+
22
+ def to_a; self; end
23
+ def shift; next? ? self.next : nil; end
24
+ def empty?; !self.next?; end
25
+ end
26
+ end
data/lib/dfuzz/string.rb ADDED
@@ -0,0 +1,35 @@
1
+ module DFuzz
2
+ class String < Generator
3
+ def initialize(lengths = nil, strings = nil, chars = nil)
4
+ super() { |g|
5
+ # Fuzz strings are each of CHARS repeated each of
6
+ # LENGTHS times and each of strings
7
+ lengths ||= [16, 32, 64, 100, 128, 192, 256, 384, 512, 768, 1024, 2048, 3072, 4096, 6000, 8192, 10000, 16000, 20000, 32000, 50000, 64000, 72000, 100000]
8
+ strings ||= [
9
+ "%n%n%n%n%n%n%n%n%n%n", "%252n%252n%252n%252n%252n",
10
+ "%x%x%x%x", "%252x%252x%252x%252x",
11
+ "../../../../../../../../../../../../../etc/passwd",
12
+ "../../../../../../../../../../../../../etc/passwd%00",
13
+ "../../../../../../../../../../../../../boot.ini",
14
+ "../../../../../../../../../../../../../boot.ini%00",
15
+ "..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\boot.ini",
16
+ "..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\boot.ini%00",
17
+ "<script>alert('XSS');</script>",
18
+ "A0`~!@#\$\%^&*()-_=+[]{}\\|;:',.<>/\""
19
+ ]
20
+ chars ||= Char.new()
21
+ while chars.next?
22
+ c = chars.next
23
+
24
+ lengths.each { |l|
25
+ g.yield(c * l)
26
+ }
27
+ end
28
+
29
+ strings.each { |s|
30
+ g.yield(s)
31
+ }
32
+ }
33
+ end
34
+ end
35
+ end
data/test/helper.rb ADDED
@@ -0,0 +1,9 @@
1
+ require 'rubygems'
2
+ require 'test/unit'
3
+
4
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
5
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
6
+ require 'dfuzz'
7
+
8
+ class Test::Unit::TestCase
9
+ end
data/test/test_dfuzz.rb ADDED
@@ -0,0 +1,74 @@
1
+ require 'helper'
2
+
3
+ class TestDfuzz < Test::Unit::TestCase
4
+ def test_integers
5
+ i = 0
6
+ integers = DFuzz::Integer.new()
7
+ while integers.next?
8
+ integers.next
9
+ i += 1
10
+ end
11
+ assert_equal(1290, i)
12
+ end
13
+
14
+ def test_bytes
15
+ i = 0
16
+ bytes = DFuzz::Byte.new()
17
+ while bytes.next?
18
+ bytes.next
19
+ i += 1
20
+ end
21
+ assert_equal(136,i)
22
+ end
23
+
24
+ def test_shorts
25
+ i = 0
26
+ shorts = DFuzz::Short.new()
27
+ while shorts.next?
28
+ shorts.next
29
+ i += 1
30
+ end
31
+ assert_equal(1032, i)
32
+ end
33
+
34
+ def test_longs
35
+ i = 0
36
+ longs = DFuzz::Long.new()
37
+ while longs.next?
38
+ longs.next
39
+ i += 1
40
+ end
41
+ assert_equal(3084, i)
42
+ end
43
+
44
+ def test_chars
45
+ i = 0
46
+ characters = DFuzz::Char.new()
47
+ while characters.next?
48
+ characters.next
49
+ i += 1
50
+ end
51
+ assert_equal(197, i)
52
+ end
53
+
54
+ def test_strings
55
+ i = 0
56
+ strings = DFuzz::String.new([1,2])
57
+ while strings.next?
58
+ strings.next
59
+ i += 1
60
+ end
61
+ assert_equal(406, i)
62
+ end
63
+
64
+ def test_blocks
65
+ require 'pp'
66
+ b = DFuzz::Block.new(["FOO", "BAR"],
67
+ [DFuzz::String.new([1]), DFuzz::String.new([2])])
68
+ i = 0
69
+ b.run() { |a, b|
70
+ i += 1
71
+ }
72
+ assert_equal(419, i)
73
+ end
74
+ end
metadata ADDED
@@ -0,0 +1,88 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: dfuzz
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.3.0
5
+ platform: ruby
6
+ authors:
7
+ - tduehr
8
+ - Dino Dai Zovi
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2016-11-03 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: jeweler
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - "~>"
19
+ - !ruby/object:Gem::Version
20
+ version: 2.1.2
21
+ type: :development
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - "~>"
26
+ - !ruby/object:Gem::Version
27
+ version: 2.1.2
28
+ - !ruby/object:Gem::Dependency
29
+ name: yard
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - "~>"
33
+ - !ruby/object:Gem::Version
34
+ version: 0.9.5
35
+ type: :development
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - "~>"
40
+ - !ruby/object:Gem::Version
41
+ version: 0.9.5
42
+ description: Fuzzing payload generators for pentesting
43
+ email: timur.duehr@nccgroup.trust
44
+ executables: []
45
+ extensions: []
46
+ extra_rdoc_files:
47
+ - README.rdoc
48
+ files:
49
+ - ".document"
50
+ - README.rdoc
51
+ - Rakefile
52
+ - VERSION
53
+ - dfuzz.gemspec
54
+ - lib/dfuzz.rb
55
+ - lib/dfuzz/block.rb
56
+ - lib/dfuzz/char.rb
57
+ - lib/dfuzz/fudge.rb
58
+ - lib/dfuzz/generator.rb
59
+ - lib/dfuzz/generator18.rb
60
+ - lib/dfuzz/integer.rb
61
+ - lib/dfuzz/sequential.rb
62
+ - lib/dfuzz/string.rb
63
+ - test/helper.rb
64
+ - test/test_dfuzz.rb
65
+ homepage: http://github.com/tduehr/dfuzz
66
+ licenses: []
67
+ metadata: {}
68
+ post_install_message:
69
+ rdoc_options: []
70
+ require_paths:
71
+ - lib
72
+ required_ruby_version: !ruby/object:Gem::Requirement
73
+ requirements:
74
+ - - ">="
75
+ - !ruby/object:Gem::Version
76
+ version: '0'
77
+ required_rubygems_version: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - ">="
80
+ - !ruby/object:Gem::Version
81
+ version: '0'
82
+ requirements: []
83
+ rubyforge_project:
84
+ rubygems_version: 2.5.1
85
+ signing_key:
86
+ specification_version: 4
87
+ summary: Fuzz generators
88
+ test_files: []