{"id":15116442,"url":"https://github.com/ernw/dizzy-legacy","last_synced_at":"2025-09-27T22:30:40.660Z","repository":{"id":75026094,"uuid":"45178546","full_name":"ernw/dizzy-legacy","owner":"ernw","description":"Network and USB protocol fuzzing toolkit.","archived":false,"fork":false,"pushed_at":"2017-07-27T12:31:20.000Z","size":42,"stargazers_count":34,"open_issues_count":2,"forks_count":10,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-09-26T01:51:51.373Z","etag":null,"topics":["fuzzing","fuzzing-framework","network","python","usb"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ernw.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2015-10-29T11:19:51.000Z","updated_at":"2022-10-19T11:38:44.000Z","dependencies_parsed_at":"2024-01-29T09:19:12.709Z","dependency_job_id":"39e3cb04-4b80-45f3-867b-5f80387f5f0c","html_url":"https://github.com/ernw/dizzy-legacy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ernw%2Fdizzy-legacy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ernw%2Fdizzy-legacy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ernw%2Fdizzy-legacy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ernw%2Fdizzy-legacy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ernw","download_url":"https://codeload.github.com/ernw/dizzy-legacy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234461946,"owners_count":18837206,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzing","fuzzing-framework","network","python","usb"],"created_at":"2024-09-26T01:44:21.964Z","updated_at":"2025-09-27T22:30:35.389Z","avatar_url":"https://github.com/ernw.png","language":"Python","funding_links":[],"categories":["Python","Secure Programming"],"sub_categories":["Fuzzing"],"readme":"Intoduction to *dizzy*\n======================\n\nStructure of *.dizz* files\n--------------------------\n\nA single packet is described by a so called *.dizz* file. Some example files can be found in the [dizzfiles](https://github.com/ernw/dizzfiles) repository. These files are Python code, so they have to be written in proper Python syntax. They consist of three variables which need to be defined. The first variable is the **name** of\nthe packet:\n\n```python\nname = \"test\"\n```\n\nThe second variable is called **objects** and describes the packet fields. It's a Python list with all the fields listed:\n\n```python\nobjects = [\n    ...\n]\n```\n\nInside of that list you can use some pre-defined functions which generate the actual data during parsing. the functions are called *field()*, *list()*, *rand()* and *link()*. they take different arguments, as listed below:\n\n  * The *field()* function takes 4 arguments, which are: the **name** of the field [a string], the **length** of the field (in bits!) [an int] OR *None* for a field with variable length, the default **value** for that field [a string] and the fuzzing **mode** for that field [can be *none* for not fuzzing that field at all, *std* for fuzzing some values on the upper and lower value border, and *full* for fuzzing all possible values].\n\n    ```python\n    objects = [\n        field(\"len\", 8, \"\\x00\", none),\n        ...\n    ]\n    ```\n\n  * The *list()* function takes 3 arguments: the **name** of the field [a string], the default **value** of the field [a string] and the **path** to a file, containing possible values for that field (one value per line, all values will be inserted while fuzzing).\n\n    ```python\n    objects = [\n        field(\"len\", 8, \"\\x00\", none),\n        list(\"test4\", \"happens?\", \"lib/test.txt\"),\n        ...\n    ]\n    ```\n\n  * The *rand()* function takes 2 arguments: the **name** of the field [a string] and the **length** of the field (in bits!) [an int]. The value of that field will be a new random on, each time a packet is generated.\n\n    ```python\n    objects = [\n        field(\"len\", 8, \"\\x00\", none),\n        list(\"test4\", \"happens?\", \"lib/test.txt\"),\n        rand(\"random\", 12),\n        ...\n    ]\n    ```\n\n  * The *link()* function takes 2 arguments: the **name** of the field [a string] and the **name** of an other (previous defined) field. The value of that field will always be the same as the source field, also the length will always be the same.\n\n    ```python\n    objects = [\n        field(\"len\", 8, \"\\x00\", none),\n        list(\"test4\", \"happens?\", \"lib/test.txt\"),\n        rand(\"random\", 12),\n        link(\"same_random\", \"random\"),\n        ...\n    ]\n    ```\n    \nThe third variable is called **functions** and it is also a Python list. It represents a set of functions that are called against the generated raw packet, before it is sent out. Currently the functions *length()*, *lambda\\_legth()*, *csum()*, *lambda\\_csum()* and *lambda2_csum()* are available.\n\n  * The *length()* function takes 3 argument: the name of the **destination** field, where the value should be updated with the calculated length [a string], the name of the **first** field, that should be in the length calculation (the starting point) [a string] and the name of the **last** field, that should be in the length calculation (the end point).\n\n    ```python\n    functions = [\n        length(\"len\", \"test4\", \"same_random\"),\n        ...\n    ]\n    ```\n\n  * The *lambda\\_length()* function takes 4 arguments: the name of the **destination** field, where the value should be updated with the calculated length [a string], the name of the **first** field, that should be in the length calculation (the starting point) [a string], the name of the **last** field, that should be in the length calculation (the end point) and a function, which will be called after the length is calculated, with the length as an argument [int].\n\n    ```python\n    functions = [\n        length(\"len\", \"align-mod\", \"value\"),\n        lambda_length(\"len2\", \"align-nomod\", \"align-mod\", lambda x: x + 2),\n        ...\n    ]\n    ```\n\n  * The *csum()* function takes 4 arguments: the name of the **destination** field, which value should be updated with the calculated checksum [a string], the name of the **first** field, that should be the input of the checksum calculation (the starting point) [a string], the name of the **last** field, that should be the input of the checksum calculation (the end point) [a string] and the name of the **checksum** [a string], were currently only 'inet' (rfc1071) is implemented.\n\n    ```python\n    functions = [  \n        length(\"len\", \"align-mod\", \"value\"),\n        lambda_length(\"len2\", \"align-nomod\", \"align-mod\", lambda x: x + 2),\n        csum(\"csum\", \"align-mod\", \"value\", \"inet\"),\n        ...\n    ]\n    ```\n\n*Note*: There are some weird looking *.dizz* files, which are auto-generated from an old dizzy version. They are working and will be replaced by more readable ones in the future.\n\n\nStructure of *.act* files\n-------------------------\n\nOnce you want to get stateful, you need to write interaction in *.act* files. These file are Python code as well. they also got 3 variables, **name** for the name of the interaction [a string], **objects** which is a Python list of dizzes (you can use a pre-defined function here as well) and **functions**, which also is a Python list.\n\n  * The *dizz()* function takes 2 arguments: the **name** of the paket [a string] and the **path** of the *.dizz* file [a string]. These are the single packets of the interaction.\n\n    ```python\n    objects = [\n        dizz(\"test_dizz\", \"dizzes/test.dizz\"),\n        dizz(\"2nd step\", \"dizzes/example.dizz\"),\n        ...\n    ]\n    ```\n\nThere is a **functions** variable as well, which contains either *copy()* or *adv\\_copy()* functions:\n\n  * The *copy()* function takes 4 arguments: the **step** in which the function should be executed (1=on recv after the first packet [.dizz file], 2=on recv after the second, ...) [an int], the name of the **destination** field in the second dizz [a string] and two offsets, the **start** and the **end** point of the data that should be copied [ints]. These offsets are byte offsets inside of the received data (depending on the used session the received data starts at the ethernet dst [L2] or the tcp/udp/sctp payload [L4]).\n\n    ```python\n    functions = [\n        copy(1, \"TEID\", 4, 8),\n        ...\n    ]\n    ```\n\n  * The *adv\\_copy()* function takes 2 arguments: the **step** in which the function should be executed [int] and a function **reference**. The function given will be called with the received data and the dizz of the next step (this should not be used without deep knowledge of the dizzy code ;)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fernw%2Fdizzy-legacy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fernw%2Fdizzy-legacy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fernw%2Fdizzy-legacy/lists"}