{"id":13538971,"url":"https://github.com/mseclab/pyjfuzz","last_synced_at":"2025-04-04T15:10:16.008Z","repository":{"id":62581130,"uuid":"70791871","full_name":"mseclab/PyJFuzz","owner":"mseclab","description":"PyJFuzz - Python JSON Fuzzer","archived":false,"fork":false,"pushed_at":"2023-08-02T07:02:57.000Z","size":1288,"stargazers_count":377,"open_issues_count":7,"forks_count":66,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-03-28T14:07:45.941Z","etag":null,"topics":["crash","fuzzer","fuzzing","json","json-api","json-schema","json-serialization","process-crashes"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mseclab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-10-13T09:40:49.000Z","updated_at":"2024-10-26T00:22:20.000Z","dependencies_parsed_at":"2024-01-16T15:43:14.463Z","dependency_job_id":"9c6ce111-98f7-4553-98ee-b843bc3f238c","html_url":"https://github.com/mseclab/PyJFuzz","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mseclab%2FPyJFuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mseclab%2FPyJFuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mseclab%2FPyJFuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mseclab%2FPyJFuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mseclab","download_url":"https://codeload.github.com/mseclab/PyJFuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247198463,"owners_count":20900080,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crash","fuzzer","fuzzing","json","json-api","json-schema","json-serialization","process-crashes"],"created_at":"2024-08-01T09:01:18.430Z","updated_at":"2025-04-04T15:10:15.990Z","avatar_url":"https://github.com/mseclab.png","language":"Python","readme":"\n[![LOGO](https://s30.postimg.org/iolw8xqn5/logo.png)](https://s30.postimg.org/iolw8xqn5/logo.png)\n=======\n**PyJFuzz** is a small, extensible and ready-to-use framework used to **fuzz JSON inputs**, such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more.\n\n\u003ctable\u003e\n    \u003ctr\u003e\n        \u003cth\u003eVersion\u003c/th\u003e\n        \u003ctd\u003e\n           1.1.0\n        \u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003cth\u003eHomepage\u003c/th\u003e\n        \u003ctd\u003e\u003ca href=\"http://www.mseclab.com/\"\u003ehttp://www.mseclab.com/\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n        \u003cth\u003eGithub\u003c/th\u003e\n        \u003ctd\u003e\u003ca href=\"https://github.com/mseclab/PyJFuzz\"\u003ehttps://github.com/mseclab/PyJFuzz\u003c/a\u003e\u003c/td\u003e\n     \u003ctr/\u003e\n    \u003ctr\u003e\n       \u003cth\u003eAuthor\u003c/th\u003e\n       \u003ctd\u003e\u003ca href=\"http://www.dzonerzy.net\"\u003eDaniele Linguaglossa\u003c/a\u003e (\u003ca href=\"http://twitter.com/dzonerzy\"\u003e@dzonerzy\u003c/a\u003e)\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n        \u003cth\u003eLicense\u003c/th\u003e\n        \u003ctd\u003eMIT - (see LICENSE file)\u003c/td\u003e\n    \u003c/tr\u003e\n\u003c/table\u003e\n\nInstallation\n============\n\n**Dependencies**\n\nIn order to work PyJFuzz need some dependency, **bottle**,**netifaces**,**GitPython** and **gramfuzz**, you can install them from automatic **setup.py** installation.\n\n**Installation**\n\nYou can install PyJFuzz with the following command\n```{r, engine='bash', count_lines}\ngit clone https://github.com/mseclab/PyJFuzz.git \u0026\u0026 cd PyJFuzz \u0026\u0026 sudo python setup.py install\n```\n\nDocumentation and Examples\n==========================\n\n**CLI tool**\n\nOnce installed PyJFuzz will create both a python library and a command-line utility called **pjf** (screenshot below)\n\n[![MENU](https://s17.postimg.org/6gvbyvzpb/cmdline.png)](https://s17.postimg.org/6gvbyvzpb/cmdline.png)\n\n[![PJF](https://s16.postimg.org/rdq1iwwvp/cmdline2.png)](https://s16.postimg.org/rdq1iwwvp/cmdline2.png)\n\n**Library**\n\nPyJFuzz could also work as a library, you can import in your project like following\n\n```python\nfrom pyjfuzz.lib import *\n```\n**Classes**\n\nThe available object/class are the following:\n\n- ***PJFServer*** - User to start and stop built-in HTTP and HTTPS servers\n- ***PJFProcessMonitor*** - Used to monitor process crash, it will automatically restart proccess each time it crash\n- ***PJFTestcaseServer*** - The testcase server is used in conjunction with PJFProcessMonitor, whenever a process crash the testcase server will register and store the JSON which cause the crash\n- ***PJFFactory*** - It's the main object used to do the real fuzz of JSON objects\n- ***PJFConfiguration*** - It's the configuration file for each of the available objects\n- ***PJFExternalFuzzer*** - Used by PJFactory is a auxiliary class which provide an interface to other command line fuzzer such as *radamsa*\n- ***PJFMutation*** - Used by PJFFactory provide all the mutation used during fuzzing session\n- ***PJFExecutor*** - Provides an interface to interact with external process\n\n[![CLASSES](https://s4.postimg.org/7picu4y3h/lib.png)](https://s4.postimg.org/7picu4y3h/lib.png)\n\n**Examples**\n\nBelow some trivial example of how-to implement PyJFuzz powered program\n\n*simple_fuzzer.py*\n```python\nfrom argparse import Namespace\nfrom pyjfuzz.lib import *\n\nconfig = PJFConfiguration(Namespace(json={\"test\": [\"1\", 2, True]}, nologo=True, level=6))\nfuzzer = PJFFactory(config)\nwhile True:\n    print fuzzer.fuzzed\n```\n\n\n*custom_techniques.py*\n```python\nfrom argparse import Namespace\nfrom pyjfuzz.lib import *\n\n# Techniques may be defined by group , or by technique number\n# groups are CHTPRSX , to understand what they are , please run pyjfuzz with -h switch or look at the command line screenshot\n# This below will initalizate a config object which use only the P group attacks where P stay for Path Traversal\nconfig = PJFConfiguration(Namespace(json={\"test\": [\"1\", 2, True]}, nologo=True, level=6, techniques=\"P\"))\n# once a config object is defined you can access to config.techniques to view the selected techniques for your group\nprint(\"Techniques IDs: {0}\".format(str(config.techniques)))\n# you can eventually modify them!\nconfig.techniques = [2]\n# This way only attack number 2 (LFI Attack) will be performed!\nfuzzer = PJFFactory(config)\nwhile True:\n    print fuzzer.fuzzed\n```\n\n*simple_server.py*\n```python\nfrom argparse import Namespace\nfrom pyjfuzz.lib import *\n\nconfig = PJFConfiguration(Namespace(json={\"test\": [\"1\", 2, True]}, nologo=True, level=6, debug=True, indent=True))\nPJFServer(config).run()\n\n```\n\nSometimes you may need to modify standard non customizable settings such as HTTPS or HTTP server port, this can be done in the following way\n\n``` python\nfrom argparse import Namespace\nfrom pyjfuzz.lib import *\n\nconfig = PJFConfiguration(Namespace(json={\"test\": [\"1\", 2, True]}, nologo=True, level=6, indent=True))\nprint config.ports[\"servers\"][\"HTTP_PORT\"]   # 8080\nprint config.ports[\"servers\"][\"HTTPS_PORT\"]  # 8443\nprint config.ports[\"servers\"][\"TCASE_PORT\"]  # 8888\nconfig.ports[\"servers\"][\"HTTPS_PORT\"] = 443  # Change HTTPS port to 443\n```\n**Remember**: *When changing default ports, you should always handle exception due to needed privileges!*\n\nBelow a comprehensive list of all available settings / customization of PJFConfiguration object:\n\n**Configuration table**\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eName\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003ejson\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003edict\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eJSON object to fuzz\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003ejson_file\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003estr\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003ePath to a JSON file\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003eparameters\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003elist\u003c/b\u003e\u0026lt;str\u0026gt;\u003c/td\u003e\n    \u003ctd\u003eList of parameters to fuzz (taken from JSON object)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003etechniques\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003estr\u003c/b\u003e\u0026lt;int\u0026gt;\u003c/td\u003e\n    \u003ctd\u003eString of enable attacks, used to generate fuzzed JSON, such as XSS, LFI etc. ie \"CHPTRSX\" (Look \u003cb\u003etechniques table\u003c/b\u003e)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003elevel\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003eint\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eFuzzing level in the range 0-6\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003eutf8\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003ebool\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eIf true switch from unicode encode to pure byte representation\u003c/td\u003e\n  \u003c/tr\u003e\n \u003ctr\u003e\n    \u003ctd\u003eindent\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003ebool\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eSet whenever to indent the result object\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003eurl_encode\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003ebool\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eSet whenever to URLEncode the result object\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003estrong_fuzz\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003ebool\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eSet whenever to use \u003ci\u003estrong fuzzing\u003c/i\u003e (strong fuzzing will not maintain JSON structure, usefull for parser fuzzing)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003edebug\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003ebool\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eSet whenever to enable debug prints\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003eexclude\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003ebool\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eExclude from fuzzing parameters selected by parameters option\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003enotify\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003ebool\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eSet whenever to notify process monitor when a crash occurs only used with PJFServer\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003ehtml\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003estr\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003ePath to an HTML directory to serve within PJFServer\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003eext_fuzz\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003ebool\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eSet whenever to use binary from \"command\" as an externale fuzzer\u003c/td\u003e\n  \u003c/tr\u003e\n    \u003ctr\u003e\n    \u003ctd\u003ecmd_fuzz\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003ebool\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eSet whenever to use binary from \"command\" as fuzzer target\u003c/td\u003e\n  \u003c/tr\u003e\n    \u003ctr\u003e\n    \u003ctd\u003econtent_type\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003estr\u003c/b\u003e\u003c/td\u003e\n    \u003ctd\u003eSet the content type result of PJFServer (default \u003cb\u003eapplication/json\u003c/b\u003e)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003ecommand\u003c/td\u003e\n    \u003ctd\u003e\u003cb\u003elist\u003c/b\u003e\u0026lt;str\u0026gt;\u003c/td\u003e\n    \u003ctd\u003eCommand to execute each paramester is a list element, you could use \u003cb\u003eshlex.split\u003c/b\u003e from python\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n**Techniques table**\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eIndex\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e0\u003c/td\u003e\n    \u003ctd\u003eXSS injection (Polyglot)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e1\u003c/td\u003e\n    \u003ctd\u003eSQL injection (Polyglot)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e2\u003c/td\u003e\n    \u003ctd\u003eLFI attack\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e3\u003c/td\u003e\n    \u003ctd\u003eSQL injection polyglot (2)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e4\u003c/td\u003e\n    \u003ctd\u003eXSS injection (Polyglot) (2)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e5\u003c/td\u003e\n    \u003ctd\u003eRCE injection (Polyglot)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e6\u003c/td\u003e\n    \u003ctd\u003eLFI attack (2)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e7\u003c/td\u003e\n    \u003ctd\u003eData URI attack\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e8\u003c/td\u003e\n    \u003ctd\u003eLFI and HREF attack\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e9\u003c/td\u003e\n    \u003ctd\u003eHeader injection\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e10\u003c/td\u003e\n    \u003ctd\u003eRCE injection (Polyglot) (2)\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e11\u003c/td\u003e\n    \u003ctd\u003eGeneric templace injection\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e12\u003c/td\u003e\n    \u003ctd\u003eFlask template injection\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e13\u003c/td\u003e\n    \u003ctd\u003eRandom character attack\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\nScreenshots\n===========\n\nBelow some screenshot just to let you know what you should expect from PyJFuzz\n\n[![CLI](https://s18.postimg.org/qu5j9pw09/ext_fuzz.png)](https://s18.postimg.org/qu5j9pw09/ext_fuzz.png)\n\n[![CLI2](https://s11.postimg.org/qtgi9dro3/filefuzz.png)](https://s11.postimg.org/qtgi9dro3/filefuzz.png)\n\n[![CLI3](https://s15.postimg.org/7jn4ktkcb/processm.png)](https://s15.postimg.org/7jn4ktkcb/processm.png)\n\nBuilt-in tool\n===========\nPyJFuzz is shipped with a built-in tool called **PyJFuzz Web Fuzzer**, this tool will provide an automatic fuzzing console via HTTP and HTTPS server, it can be used to easly fuzz almost any web browser even when you can't control the process state!\n\nThere are two switch used to launch this tool (--browser-auto and --fuzz-web), the first one perform automatic browser restart when a crash occur, the other one try to catch when a browser doesn't make requests anymore. Both of them always save the testcases, below some screenshots.\n\n[![FUZZ](https://s18.postimg.org/ulahts5bt/fuzzweb.png)](https://s18.postimg.org/ulahts5bt/fuzzweb.png)\n\n[![FUZZ2](https://s17.postimg.org/74s3qidrj/fuzzweb2.png)](https://s17.postimg.org/74s3qidrj/fuzzweb2.png)\n\n[![BROWSERAUTO](https://s18.postimg.org/j0t67tabt/auto.png)](https://s18.postimg.org/j0t67tabt/auto.png)\n\n[![BROWSERAUTO2](https://s15.postimg.org/qj2o5it2z/auto2.png)](https://s15.postimg.org/qj2o5it2z/auto2.png)\nIssue\n=====\n\nPlease send any issue here via GitHub I'll provide a fix as soon as possible.\n\nResult\n======\n*Below a list of know issue found by PyJFuzz, the list will be updated weekly*\n\n- Double free in cJSON (https://github.com/DaveGamble/cJSON/issues/105)\n- Unhandled exception in picojson (https://github.com/kazuho/picojson/issues/94)\n- Memory leak in simpleJSON (https://github.com/nbsdx/SimpleJSON/issues/8)\n- Stack base buffer overflow in frozen (https://github.com/cesanta/frozen/issues/14)\n- Memory corruption with custom EIP (https://github.com/cesanta/frozen/issues/15)\n\nEnd\n===\n\nThanks for using PyJFuzz!\n\n***Happy Fuzzing*** from mseclab\n","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["功能"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmseclab%2Fpyjfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmseclab%2Fpyjfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmseclab%2Fpyjfuzz/lists"}