{"id":21469901,"url":"https://github.com/dobin/ffw","last_synced_at":"2026-03-17T16:16:09.364Z","repository":{"id":41384225,"uuid":"98238873","full_name":"dobin/ffw","owner":"dobin","description":"A fuzzing framework for network servers","archived":false,"fork":false,"pushed_at":"2018-10-22T12:10:42.000Z","size":528,"stargazers_count":118,"open_issues_count":8,"forks_count":25,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-04-08T23:53:37.290Z","etag":null,"topics":["fuzzer","network","server"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dobin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-24T22:05:20.000Z","updated_at":"2024-11-11T12:20:43.000Z","dependencies_parsed_at":"2022-09-12T04:10:31.425Z","dependency_job_id":null,"html_url":"https://github.com/dobin/ffw","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dobin/ffw","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fffw","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fffw/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fffw/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fffw/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dobin","download_url":"https://codeload.github.com/dobin/ffw/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dobin%2Fffw/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30626950,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-17T14:16:03.965Z","status":"ssl_error","status_checked_at":"2026-03-17T14:16:03.380Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzer","network","server"],"created_at":"2024-11-23T09:19:21.451Z","updated_at":"2026-03-17T16:16:09.327Z","avatar_url":"https://github.com/dobin.png","language":"Python","funding_links":[],"categories":["Tools","Python"],"sub_categories":["Network Protocol Fuzzers"],"readme":"# FFW - Fuzzing For Worms\n\nFuzzes network servers/services by intercepting valid network\ncommunication data, then replay it with some fuzzing.\n\nFFW can fuzz open source applications and supports feedback driven fuzzing\nby instrumenting honggfuzz, for both open- and closed source apps.\n\nIn comparison with the alternatives, FFW is the most advanced,\nfeature-complete and tested network fuzzer.\n\nFeatures:\n* Fuzzes all kind of network protocol (HTTP, MQTT, SMTP, you name it)\n* No modification of the fuzzing target needed (at all)\n* Has feedback-driven fuzzing (with compiler support, or hardware based)\n* Can fuzz network clients too (wip)\n* Fast fuzzing setup (no source code changes or protocol reversing needed!)\n* Reasonable fuzzing performance\n\n# Presentation \n\nPresented at security conference Area 41 2018. \n* (Fuzzing For Worms Slides)[https://docs.google.com/presentation/d/1tLELphbkh2bVLyIedagNoFKBn_DEYv29RskZY4u-szA/edit?usp=sharing]\n* (Youtube)[https://www.youtube.com/watch?v=akpk9hrizc4]\n\n\n# Docker\n\nEasiest way to start is to use the docker image:\n* https://github.com/dobin/ffw-docker\n\nBy doing so:\n```\ndocker run -ti --privileged -lxc-conf=\"aa_profile=unconfined\" dobin/ffw:0.1\n```\n\nExamples are located in `/ffw-examples`.\n\n\n# Manual Installation\n\n## Get FFW\n\n```\ngit clone https://github.com/dobin/ffw.git\ncd ffw/\n```\n\nNote: Manually installed dependencies are expected to live in\nthe `ffw/` directory (e.g. honggfuzz, radamsa).\n\n\n## Install FFW dependencies\n\nIf its a fresh Ubuntu, install relevant packages for FFW:\n```\napt-get install python python-pip gdb\n```\n\nFor honggfuzz:\n```\napt-get install clang binutils-dev libunwind8-dev\n```\n\nAnd python dependencies:\n```\npip install -r requirements.txt\n```\n\n## Install Radamsa fuzzer\n\n```\n$ git clone https://github.com/aoh/radamsa.git\n$ cd radamsa\n$ make\n```\n\nDefault Radamsa directory specified in ffw is `ffw/radamsa`.\n\n# Setup a project\n\nSteps involved in setting up a fuzzing project:\n\n* Create directory structure for that fuzzing project by copying template folder\n* Copy target binary to bin/\n* Specify all necessary information in the config file fuzzing.py\n* Start interceptor-mode to record traffic\n* Start test-mode to verify recorded traffic (optional)\n* Start fuzz-mode to fuzz\n* Start verify-mode to verify crashed from the fuzz mode (optional)\n* Start upload-mode to upload verified crashes to the web (optional)\n\n\nFor a step-by-step guide:\n* [Setup the sample project tutorial](https://github.com/dobin/ffw/blob/master/docs/tutorial-sample-project.md)\n* [Setup the feedback-driven fuzzing project tutorial](https://github.com/dobin/ffw/blob/master/docs/tutorial-honggmode.md)\n* [Some fuzzing help and infos](https://github.com/dobin/ffw/blob/master/docs/notes.md)\n\n\n# Unit Tests\n\nTest all:\n\n```\npython -m unittest discover\n```\n\nTest a single module:\n```\npython -m unittest test.test_interceptor\n```\n\n# Alternatives\n\n## Fuzzotron\n\nAvailable via https://github.com/denandz/fuzzotron. \"Fuzzotron is a simple network fuzzer supporting TCP, UDP and multithreading.\"\n\nSupport network fuzzing, also uses Radamsa. Can use coverage data, but it is experimental.\n\nCon's:\n* Does not restart target server\n* Unreliable crash detection\n* Experimental code coverage\n\n## Mutiny\n\nAvailable via https://github.com/Cisco-Talos/mutiny-fuzzer. \"The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer.\"\n\nCon's:\n* No code coverage\n* Only one commit (no development?)\n* Rudimentary crash detection\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdobin%2Fffw","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdobin%2Fffw","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdobin%2Fffw/lists"}