{"id":16387077,"url":"https://github.com/oxagast/ansvif","last_synced_at":"2025-09-19T01:32:49.506Z","repository":{"id":28749788,"uuid":"32271782","full_name":"oxagast/ansvif","owner":"oxagast","description":"A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.","archived":false,"fork":false,"pushed_at":"2021-01-22T17:12:17.000Z","size":47992,"stargazers_count":103,"open_issues_count":1,"forks_count":28,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-12-28T09:33:37.556Z","etag":null,"topics":["exploit","fuzz-testing","fuzzer","fuzzing","pentesting","quality-control","vulnerability"],"latest_commit_sha":null,"homepage":"http://oxagast.github.io/ansvif/","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oxagast.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-03-15T16:47:30.000Z","updated_at":"2024-08-12T19:16:37.000Z","dependencies_parsed_at":"2022-09-05T01:30:22.079Z","dependency_job_id":null,"html_url":"https://github.com/oxagast/ansvif","commit_stats":null,"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxagast%2Fansvif","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxagast%2Fansvif/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxagast%2Fansvif/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxagast%2Fansvif/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oxagast","download_url":"https://codeload.github.com/oxagast/ansvif/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233509951,"owners_count":18687049,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","fuzz-testing","fuzzer","fuzzing","pentesting","quality-control","vulnerability"],"created_at":"2024-10-11T04:24:50.933Z","updated_at":"2025-09-19T01:32:41.229Z","avatar_url":"https://github.com/oxagast.png","language":"C++","readme":"# ansvif\n*A Not So Very Intelligent Fuzzer*\n\nMarshall Whittaker\n\noxagast\n\nmarshallwhittaker@gmail.com\n\n*As the complexity of a system rises, as does the potential for problems within that system.*\n\n*--Whittaker's Law*\n\n\n**Compile Dependancies:**\n\nautomake autoconf-archive zlib1g-dev g++ gcc (and libgtk2.0-dev if you want GTK support)\n\n**Compliation:**\n\n*Linux:*\n```\n$ aclocal \u0026\u0026 autoconf \u0026\u0026 automake -a \u0026\u0026 ./configure \u0026\u0026 make \u0026\u0026 make check\n```\nOr, if you would like to play with the syscall fuzzer:\n```\n$ aclocal \u0026\u0026 autoconf \u0026\u0026 automake -a \u0026\u0026 ./configure --enable-syscalls \u0026\u0026 make \u0026\u0026 make check\n```\nIf you would like to disable the GTK frontend you can do:\n```\n$ aclocal \u0026\u0026 autoconf \u0026\u0026 automake -a \u0026\u0026 ./configure --disable-gtk \u0026\u0026 make \u0026\u0026 make check\n```\n*FreeBSD*\n\nAssuming you installed g++ from ports (as you will need to for C++11):\n\n```\n$ aclocal \u0026\u0026 autoconf \u0026\u0026 automake -a \u0026\u0026 ./configure \u0026\u0026 make \u0026\u0026 make check\n```\n\n*OpenBSD:*\n\nAssuming you installed g++ from ports (as you will need to for C++11):\n\n```\n$ CXX=$(find / -name 'eg++' 2\u003e/dev/null | grep ports | head -n 1) AUTOCONF_VERSION=2.69 AUTOMAKE_VERSION=1.15 autoreconf -fmi\n```\n*Windows:*\n\nWindows binaries are now desgined to be compiled with MinGW-W64 (since we use threading download\na version of MinGW-W64 g++ with seh).\nYou can try compiling after installing MinGW-W64 g++ with seh (only) by clicking on the included make_win.bat script.  If that fails, it is likely due to the environment, so try the below.\n\n(Go to where you installed MinGW-W64 and click mingw-64.bat)\n\n```\nwindres metadata.rc -O coff -o metadata.res\ng++.exe src/common.cpp src/bin2hex.cpp src/popen2.cpp src/main.cpp src/help.cpp src/match_fault.cpp src/sys_string.cpp src/man_read.cpp src/randomizer.cpp src/trash.cpp src/log.cpp metadata.res src/version.h -I./ -I./include -std=c++11 -lstdc++ -lpthread -O2 -o ansvif.exe -static -static-libgcc -static-libstdc++\ngcc src/win/printf.c -o printf.exe\n```\n\n\nNote: cygwin .dll external files are no longer required as we now compile with g++ from MinGW.\nIn Windows 7 Powershell v2 is installed by default, however, this program requires atleast \nPowershell v5.  Windows 10 includes powershell v5.  You can go to Microsoft's site and download\nthe Windows Management Framework (which includes newer Versions of Powershell here: \n\nhttps://www.microsoft.com/en-us/download/details.aspx?id=50395\n\n**Testing:**\n\nIf you would like to try out the example code, you can compile faulty.c with:\n```\n$ gcc faulty.c -o faulty\n```\nYou can also simply run `make check`.\n\n**Useage:**\n\n*Important note: Windows users will have to run ansvif.exe from Powershell for it to work!*\n\n```\n$ ./find_suid /usr/bin/ /bin/ /sbin/\n$ ./ansvif -[tm] [template/manpage] -c /path/to/executable -b buffersize\n```\n**Examples:**\n\n*Linux/BSD:*\n```\n$ ulimit -c unlimited\n$ ./ansvif -m mount -c /bin/mount -e examples/mount_e.txt -x examples/mount_o.txt\\\n-f 8 -b 2048\n$ ./ansvif -t examples/blank.txt -F tmp/tmphtml -x examples/htmltags.txt -c /usr/bin/iceweasel -b\\\n128 -A \"file:///home/username/src/ansvif/tmp/tmphtml\"  -f 2 -n -R \"sleep 3 \u0026\u0026 killall\\\niceweasel\" -S \"\u003e\"\n$ cat examples/linux_syscalls_implemented.list | xargs -P \\\n`cat examples/linux_syscalls_implemented.list | wc -l` -I {calls} ./ansvif -t examples/space.txt \\\n-B \"{calls} \" -c ./syscalls -o syscall_crash -f 1 -z -d -b 16\n```\n\n*Windows:*\n```\nPS C:\\ansvif\\bin\\ansvif_win\u003e .\\ansvif -t ..\\..\\examples\\space -F ..\\..\\tmp\\tmphtml -x `\n..\\..\\examples\\htmltags -c `\n'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe' `\n-b 128 -A \"file:///C:\\\\Users\\marsh\\OneDrive\\Documents\\Code\\ansvif\\tmp\\tmphtml\" `\n-f 2 -n -S \"\u003e\" -R \"sleep 2 ; Stop-Process -Name chrome\"\n```\n\n**Options:**\n\nansvif\n\n```\n  -t This file should hold line by line command arguments as shown in the example file.\n  -e This file should hold line by line environment variables as shown in the example\n     file.  You can usually get these by doing something like:\n     $ strings /bin/mount | perl -ne 'print if /[A-Z]=$/' \u003e mount_envs\n  -c Specifies the command path.\n  -p Specifies the manpage location (as an integer, usually 1 or 8)\n  -m Specifies the commands manpage.\n  -D Dumps whats found in the manpage.\n  -f Number of threads to use.  Default is 2.\n  -b Specifies the buffer size to fuzz with.  256-2048 Is usually sufficient.\n  -r Uses only random garbage data.\n  -o Writes output to log file.\n  -z Randomize the buffer size from 1 to what is specified by -b.\n  -x Other junk to put in.  Usernames and such can go here.\n  -S Seperator between options.\n  -s Omitted character specification.  Defaults are \u003c\u003e\\\\n |\u0026\\[]\\()\\{}:;\\ and newline is mandatory.\n  -T Timeout for threads.\n  -W Timeout for threads.\n  -L Unpriviledged user to run as if root.\n  -A Always put whats after this after command to run.\n  -B Always put whats after this before the command to run.\n  -F File to feed into the program that -x along with normal fuzzing data will be put in.\n  -n Never use random data in the fuzz.\n  -R Run this command after each fuzz.\n  -C A Non standard error code to detect.\n  -V Use Valgrind if installed.\n  -1 Try to make it fault once, if it doesn't happen, throw error code 64.  Useful for scripting.\n  -P Use % to represent binary in fuzz.\n  -M Max arguments to use in the fuzz.\n  -y Short for -b 0 and usually only useful with -A or -B.\n  -K Keep fuzzing after a crash in the target.\n  -E A command to be run before the fuzzed program.\n  -0 No NULL characters in the fuzz.\n  -N Shorthand for -R \"pkill prog\".\n  -v Verbose.\n  -d Debug data.\n  -h Shows the help page.\n  -i Prints version information.\n```\nansvif_gtk\n\n```\n  -l Shortcut for -p ./ansvif\n  -p The location of the ansvif binary\n```\n\n**Recommendations:**\nIt is recommended that if you are doing long fuzzes or file fuzzing, if possible\nput the files (including the binary you are fuzzing if possible) in memory.\nThis means, put them somewhere like /var/run/shm where disk thrash will be\nminimal, and fuzzing will be somewhat faster, especially if large files are being\nhandled.  Be warned however: You will lose your fuzzed files if they are in shm\nand you reboot the machine!\n\n**DO NOT RUN THIS CODE IN A PRODUCTION ENVIRONMENT!**\nIf you try setting faulty.c's output to suid(0) then *PLEASE* do it in a virtual machine.\nor atleast a machine that you don't care about.\nOther than that, just play around and have fun!\n\n\n**Notes:**\n\nWindows users must have ansvif running from Powershell.\nLinux and Windows code should be relatively stable.\nSyscall fuzzing under linux is under heavy development.\n\n\n**Thanks**\n\nThanks to dll999 for syscall fuzzing ideas.\nThanks to moo from #2600 on 2600net for a few recommendations on the wiki writeup.\nThanks to god knows how many people on IRC and StackOverflow.\nThanks to DarkSt0rm for fixing a bug in the Makefile.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxagast%2Fansvif","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foxagast%2Fansvif","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxagast%2Fansvif/lists"}