{"id":13787445,"url":"https://github.com/MozillaSecurity/peach","last_synced_at":"2025-05-12T00:31:08.807Z","repository":{"id":33797972,"uuid":"37490954","full_name":"MozillaSecurity/peach","owner":"MozillaSecurity","description":"Peach is a fuzzing framework which uses a DSL for building fuzzers and an observer based architecture to execute and monitor them.","archived":true,"fork":false,"pushed_at":"2020-07-03T12:05:41.000Z","size":2407,"stargazers_count":409,"open_issues_count":4,"forks_count":99,"subscribers_count":28,"default_branch":"master","last_synced_at":"2025-04-02T05:44:22.720Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MozillaSecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-06-15T20:58:45.000Z","updated_at":"2025-03-31T16:09:37.000Z","dependencies_parsed_at":"2022-09-12T23:50:27.186Z","dependency_job_id":null,"html_url":"https://github.com/MozillaSecurity/peach","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MozillaSecurity%2Fpeach","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MozillaSecurity%2Fpeach/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MozillaSecurity%2Fpeach/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MozillaSecurity%2Fpeach/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MozillaSecurity","download_url":"https://codeload.github.com/MozillaSecurity/peach/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253655813,"owners_count":21943069,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T20:00:34.545Z","updated_at":"2025-05-12T00:31:03.785Z","avatar_url":"https://github.com/MozillaSecurity.png","language":"Python","readme":"![Logo](https://github.com/posidron/posidron.github.io/raw/master/static/images/peach.png)\n\nMozPeach is a fork of [Peach v2.7](http://www.peachfuzzer.com) by Mozilla Security. With support from our community and partnerships our goal is to continue to deliver Peach as an open source product with Python compatibility and new features.\n\nOur focus is on usability, speed and fewer dependencies. We have also begun work on Python 3 support, replaced deprecated Python dependencies, switched the XML back-end, added a new configuration system, simplified code and much more.\n\n### Setup\n\n##### Prerequisites for Ubuntu\n```\nsudo apt-get --yes --quiet install libxml2-dev libxslt1-dev lib32z1-dev\n```\n\n##### General\n```bash\npip install virtualenv\npip install virtualenvwrapper\n\ngit clone --depth 1 https://github.com/mozillasecurity/peach\n\ncd peach\ngit clone --depth 1 https://github.com/mozillasecurity/fuzzdata\n\nmkvirtualenv -r requirements.txt peach\n```\n\nor\n\n```bash\nworkon peach\n```\n\n### Fundamentals\nPeach uses XML based \"pits\" as configuration files. There are two types of pits which we will briefly describe here.\n\n**Pit: Data Model**\n\nA data-model pit is an XML description of a specification and is required to parse any kind of input into an in-memory XML tree. Peach then uses that tree to generate fuzzed output.\n\n**Pit: Target**\n\nThe target pit is used to define how the target process will get fuzzed, how it will be monitored for suspicious behavior and how to deal with results.\n\nIt is optional whether you place everything into one pit however not doing so will simplify working with multiple targets, different hosts and reusing pits. Following the data model/target pit practice will allow the reuse of data model pits across projects.\n\n\n### Examples\n\n##### Run\n```bash\n./peach.py -pit Pits/\u003ccomponent\u003e/\u003cformat\u003e/\u003cname\u003e.xml -target Pits/Targets/firefox.xml -run Browser\n```\n\n**HINT**: You can set related configuration values for both pits from the command-line by using the -macros switch.\n\n##### Debug\n```bash\n./peach.py -pit Pits/\u003ccomponent\u003e/\u003cformat\u003e/\u003cname\u003e.xml -1 -debug | less -R\n```\n\n**NOTE**: This will show a very verbose output of the parsing process. To see only the results of the parsing process for each element you can add: \"| grep Rating | less -R\"\n\n\n### Help Menu\n```\n% ./peach.py -h\nusage: peach.py [-h] [-pit path] [-run name]\n                [-analyzer ANALYZER [ANALYZER ...]] [-parser PARSER]\n                [-target TARGET] [-macros MACROS [MACROS ...]] [-seed #]\n                [-debug] [-new] [-1] [-range # #] [-test] [-count] [-skipto #]\n                [-parallel # #] [-agent # #] [-logging #]\n                [-check model samples] [-verbose] [-clean] [-version]\n\nPeach Runtime\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -pit path             pit file\n  -run name             run name\n  -analyzer ANALYZER [ANALYZER ...]\n                        load analyzer.\n  -parser PARSER        use specific parser.\n  -target TARGET        select a target pit.\n  -macros MACROS [MACROS ...]\n                        override configuration macros\n  -seed #               seed\n  -debug                turn on debugging. (default: False)\n  -new                  use new relations.\n  -1                    run single test case.\n  -range # #            run range of test cases.\n  -test                 validate pit file.\n  -count                count test cases for deterministic strategies.\n  -skipto #             skip to a test case number.\n  -parallel # #         use parallelism.\n  -agent # #            start agent.\n  -logging #            verbosity level of logging\n  -check model samples  validate a data model against a set of samples.\n  -verbose              turn verbosity on. (default: False)\n  -clean                remove python object files.\n  -version              show program's version number and exit\n```\n\n### Resources\n\nResources which aid in building a pit based on the grammar of a file format:\n\n    * http://www.sweetscape.com/010editor/templates/\n    * http://www.synalysis.net/formats.xml\n","funding_links":[],"categories":["Tools","Resources","Инструменты"],"sub_categories":["File Format Fuzzers","By Purpose","Fuzzing","API/协议"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMozillaSecurity%2Fpeach","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FMozillaSecurity%2Fpeach","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMozillaSecurity%2Fpeach/lists"}