Fuzzinator: Random Testing Framework
Fuzzinator is a fuzzing framework that helps you to automate tasks usually needed during a fuzz session:
- run your favorite test generator and feed the test cases to the system-under-test,
- catch and save the unique issues,
- reduce the failing test cases,
- ease the reporting of issues in bug trackers (e.g., Bugzilla or GitHub),
- regularly update SUTs if needed, and
- schedule multiple SUTs and generators without overloading your workstation.
All the above features are fully customizable either by writing a simple config file or by implementing Python snippets to cover special needs. Check out some slides about Fuzzinator for a general overview, or see the Tutorial for a detailed walk-through on the config files.
To help tracking the progress of the fuzzing, Fuzzinator provides two interfaces:
- an interactive TUI (supported on Linux and Mac OS X) that gives a continuously updated overview about the currently running tasks, statistics about the efficacy of the test generators, and the found issues (and also supports reporting them); and
- a dump-mode (supported on every platform) that displays the news on line-based consoles.
Although Fuzzinator itself doesn't come with test generators (except for an example random character sequence generator), you can find a list of useful generators in the wiki.
- Python >= 3.4
- pip and setuptools Python packages (the latter is automatically installed by pip)
- MongoDB >= 3.6 (either local installation or access to remote database)
The quick way:
pip install fuzzinator
Alternatively, by cloning the project and running setuptools:
python setup.py install
A common form of Fuzzinator's usage:
fuzzinator --tui --utf8 <path/to/the/config.ini>
Fuzzinator was tested on:
- Linux (Ubuntu 14.04 / 16.04 / 18.04)
- Mac OS X (El Capitan 10.11 / Sierra 10.12 / High Sierra 10.13 / Mojave 10.14)
The authors are immensely grateful to Dr. Heinz Doofenshmirtz for the continuous inspiration.
Background on Fuzzinator is published in (R. Hodovan, A. Kiss: "Fuzzinator: An Open-Source Modular Random Testing Framework", ICST 2018).
Licensed under the BSD 3-Clause License.