Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/microsoft/rusty-radamsa
Radamsa fuzzer ported to rust lang
https://github.com/microsoft/rusty-radamsa
Last synced: about 1 month ago
JSON representation
Radamsa fuzzer ported to rust lang
- Host: GitHub
- URL: https://github.com/microsoft/rusty-radamsa
- Owner: microsoft
- License: mit
- Created: 2023-06-15T18:13:38.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-10-11T19:13:10.000Z (about 1 year ago)
- Last Synced: 2024-08-02T17:39:37.321Z (4 months ago)
- Language: Rust
- Size: 184 KB
- Stars: 136
- Watchers: 10
- Forks: 13
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-rainmana - microsoft/rusty-radamsa - Radamsa fuzzer ported to rust lang (Rust)
README
# rusty-radamsa
Radamsa ported to rust langRusty Radamsa is a general purpose fuzzer. It modifies given sample data
in ways, which might expose errors in programs intended to process
the data. For more information, read the fine manual page, or visit
https://gitlab.com/akihe/radamsa.Rusty Radamsa was written by Amanda Rousseau (malwareunicorn), based on Radamsa by Aki Helin, initially at OUSPG.
## Requirements:
Supported operating systems:
* GNU/Linux
* OpenBSD
* FreeBSD
* Mac OS X
* WindowsSoftware requirments:
* Rustlang 1.66
* Cargo## Building Radamsa
```text
git clone
cd rusty-radamsa
cargo build
```## Usage:
```text
rustyradamsa.exe [OPTIONS] [FILE]... [COMMAND]
```## Commands:
```text
list
list mutations, patterns and generators
help
Print this message or the help of the given subcommand(s)
```## Arguments:
```text
[FILE]...
file or directory as generator input. example: "./input/* test.bin"
```## Options:
```text
-s, --seed
random seed (u64, default random)-n, --count
how many outputs to generate (u64)-H, --hash
hash algorithm for uniqueness checks (default sha256)-p, --patterns
which mutation patterns to use (use list command to see all hashes)-m, --mutations
which mutations to use (use list command to see all mutations)-g, --generators
which data generators to use (use list command to see all generators)-o, --output ...
output pattern-C, --checksums
maximum number of checksums in uniqueness filter (0 disables)[default: 10000]
-d, --delay
sleep for n milliseconds between outputs[default: 0]
-T, --truncate
take only first n bytes of each output (mainly intended for UDP). if truncate is zero, no truncation happens[default: 0]
-S, --seek
start from given testcase[default: 0]
-v, --verbose
show progress during generation-h, --help
Print help (see a summary with '-h')-V, --version
Print version
```## MUTATIONS:
**DEFAULT:** `ft=2,fo=2,fn,num=5,ld,lds,lr2,li,ls,lp,lr,sr,sd,bd,bf,bi,br,bp,bei,bed,ber,uw,ui=2`| id |complete | desc |
|---|---|---|
|`ab`|✓|enhance silly issues in ASCII string data handling|
|`bd`|✓|drop a byte|
|`bed`|✓|decrement a byte by one|
|`bei`|✓|increment a byte by one|
|`ber`|✓|swap a byte with a random one|
|`bf`|✓| flip one bit|
|`bi`|✓| insert a random byte|
|`bp`|✓| permute some bytes|
|`br`|✓| repeat a byte|
|`fn`|✓| likely clone data between similar positions|
|`fo`|✓| fuse previously seen data elsewhere|
|`ft`|✓| jump to a similar position in block|
|`ld`|✓| delete a line|
|`lds`|✓|delete many lines|
|`li`|✓| copy a line closeby|
|`lis`|✓|insert a line from elsewhere|
|`lp`|✓| swap order of lines|
|`lr`|✓| repeat a line|
|`lr2`|✓|duplicate a line|
|`lrs`|✓|replace a line with one from elsewhere|
|`ls`|✓| swap two lines|
|`nop`|✓|do nothing (debug/test)|
|`num`|✓|try to modify a textual number|
|`sd`|✓| delete a sequence of bytes|
|`sr`|✓| repeat a sequence of bytes|
|str|✗|try to modify a string|
|`td`|✓| delete a node|
|`tr`|✓| repeat a path of the parse tree|
|`tr2`|✓|duplicate a node|
|`ts1`|✓|swap one node with another one|
|`ts2`|✓|swap two nodes pairwise|
|`ui`|✓| insert funny unicode|
|`uw`|✓| try to make a code point too wide|
|word|✗| try to play with what look like n-byte words or values|
|xp|✗| try to parse XML and mutate it|
---
## GENERATORS:
**DEFAULT:** `random,buffer,file=1000,jump=200,stdin=10000`| id | comeplete | desc |
|---|---|---|
|`stdin` |✓| Generator to read data from stdin|
|`file` |✓| Generator to read data from a file|
|`tcp`|✓|Generator to read data from a tcp port|
|`udp`|✓|Generator to read data from a udp port|
|`buffer`|✓| Generator to read data from buffer|
|`jump` |✗|Generator jump streamer|
|`random` |✓|Generator to make random bytes|
|`pcapng` |✗|Generator to generate pcapng data|
---
## PATTERNS:
**DEFAULT:** `od,nd=2,bu`| id | complete| desc |
|---|---|---|
|`od`|✓| Mutate once
|`nd`|✓| Mutate possibly many times
|`bu`|✓| Make several mutations closeby once
---
## HASHES:
**DEFAULT:** `sha256`| id | complete |desc |
|---|---|---|
|`sha`|✓|Default Hash Sha-256
|`sha256` |✓|Hash Sha-256
|`sha512` |✓|Hash Sha-512
|`crc`|✓|Default CRC-64/CKSUM
|`crc32` |✓|CRC-32/CKSUM
|`crc64` |✓|CRC-64/REDIS
|`crc82` |✓|CRC-82/DARC
---
## OUTPUTS:
**DEFAULT:** `-`| id | complete | desc |
|---|---|---|
|`file`| ✓ | Write output data to a binary file
|`tcpserver`|✗| Write output data to a tcp port as server
|`tcpclient`|✓| Write output data to a tcp port as client
|`udpserver` |✗| Write output data to a udp port as server
|`udpclient` |✓| Write output data to a udp port as client
|`buffer`|✓| Write output data to a buffer address or vector
|`hash`|✗| Write output variations or a hashing directory using %n and %s as in the template path (i.e. /tmp/fuzz-%n.%s)
|`template` |✗| Output template. %f is fuzzed data. e.g. "%f"
---## Lib Examples
```
use std::boxed::Box;
extern crate rusty_radamsa;
let data = Box::<[u8]>::from("Hello World 12345689\n".as_bytes());
let mut out_buffer = Box::<[u8]>::from(vec![0u8; 2048]);
let max_len = out_buffer.len(); //aka truncate
let seed: u64 = 42;
let _len = rusty_radamsa::radamsa(&data, data.len(), &mut out_buffer, max_len, seed);
```
> Check out the examples folder for more implementations
## Command Line Examples
List all generators, mutators, patterns, hashes, and outputs options.
```text
rustyradamsa.exe list -a
```
Mutate mutiple files using the num mutator for 100 unique mutations to stdout.
```text
rustyradamsa.exe -g file -m num -n 100 ./tests/hello*
```
Mutate stdin to an out put file.
```text
echo "hello 12345" | rustyradamsa.exe -o file output.bin
```
Generate random data and pipe to a bin file.
```text
rustyradamsa.exe -g random > some.bin
```
Get data from TCP Stream using the num mutator.
```text
rustyradamsa.exe -m num -g tcp "127.0.0.1:6666"
```
Send data to TCP Stream using the random generator.
```text
rustyradamsa.exe -g random -o tcpclient "127.0.0.1:6666"
```
Send data to UDP server.
```text
rustyradamsa.exe -g random -T 30 -o udpclient 127.0.0.1:8888,127.0.0.1:8000 -v
```
Generate from UDP input.
```text
rustyradamsa.exe -m num -g udp 0.0.0.0:8888 -v
```## TODOs:
* Seek to test case
* Templated filenames for output
* Template output (--output-template)
* Delay between mutations (--delay)
* Pcapng generator (pcapng)
* Jump generator (jump)
* Saving metadata (--meta)
* Mutator: Xml (xp)
* Mutator: Byte inversion
* Mutator: Even powers of two
* Mutator: Add/subtract a random value from 0..16
* Mutator: Overwrite contents with zero bytes
* Fix generic mutators to be stateful
* Make the mutation hash global for external use## Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [[email protected]](mailto:[email protected]) with any additional questions or comments.## Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft
trademarks or logos is subject to and must follow
[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
Any use of third-party trademarks or logos are subject to those third-party's policies.