Boofuzz - Network Protocol Fuzzing for Humans#461
Boofuzz is a fork of and the successor to the venerable Sulley fuzzing
framework. Besides numerous bug fixes, boofuzz aims for extensibility.
The goal: fuzz everything.
Sulley has been the preeminent open source fuzzer for some time, but has
fallen out of maintenance.
Like Sulley, boofuzz incorporates all the critical elements of a fuzzer:
- Easy and quick data generation.
- Instrumentation – AKA failure detection.
- Target reset after failure.
- Recording of test data.
Unlike Sulley, boofuzz also features:
- Online documentation.
- Support for arbitrary communications mediums.
- Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast.
- Better recording of test data -- consistent, thorough, clear.
- Test result CSV export.
- Extensible instrumentation/failure detection.
- Much easier install experience!
- Far fewer bugs.
Sulley is affectionately named after the giant teal and purple creature
from Monsters Inc. due to his fuzziness. Boofuzz is likewise named after
the only creature known to have scared Sulley himself: Boo!
Boo from Monsters Inc
pip install boofuzz
Boofuzz installs as a Python library used to build fuzzer scripts. See
INSTALL.rst for advanced and detailed instructions.
Documentation is available at https://boofuzz.readthedocs.io/, including nifty quickstart guides.
Pull requests are welcome, as boofuzz is actively maintained (at the
time of this writing ;)). See CONTRIBUTING.rst.
For questions that take the form of “How do I… with boofuzz?” or “I got
this error with boofuzz, why?”, consider posting your question on Stack
Overflow. Make sure to use the
If you’ve found a bug, or have an idea/suggestion/request, file an issue
here on GitHub.
For other questions, check out boofuzz on gitter or Google Groups.
For updates, follow @b00fuzz on Twitter.