Fuzz Testing

Updated: 01/24/2018 by Computer Hope
Fuzz testing (monkey testing)

Fuzz testing, also known as fuzzing or monkey testing, is a technique used to test software for unknown vulnerabilities. The fuzz testing process is automated by a program known as a fuzzer, which comes up with a large amount of data to send to the target program as input. If the target program crashes or behaves in an undesirable way, the fuzzer makes a log of the input that caused the error.

Hackers often use fuzzers to look for vulnerabilities in software, probing it for weaknesses they can exploit. Software developers can use a fuzzer to anticipate and defend against those types of attacks.

Origin

The first fuzzer was written in the early 1980s by developer Steve Capps to test for weakness in programs for the Macintosh computer. He called his program "The Monkey," referring to the classic adage of a monkey pressing random keys on a typewriter for an infinite amount of time. The theory is that given enough time, the monkey will eventually write the complete works of Shakespeare. Although this approach to software testing is often called "fuzzing," it is also called "monkey testing" because of Capps' program.

List of Fuzzers

Fuzzing techniques can be used to test software, and many fuzzers exist for specific purposes.

The following is a list of fuzzers, most of them being open-source and many still in active development.

Fuzzer Name/URL Description
Google Sanitizers A group of four data sanitizers developed at Google, which use fuzzing to detect program errors:
  • AddressSanitizer, which detects memory address errors in C and C++ programs.
  • LeakSanitizer, which detects memory leaks.
  • ThreadSanitizer, which detects race conditions in C++ and Go.
  • Memory Sanitizer, which detects uninitialized memory.
afl-fuzz American Fuzzy Lop, a tool which uses genetic algorithms to test the security of compiled programs.
Backfuzz A protocol fuzzing toolkit.
BrundleFuzz A distributed fuzzer for Windows and Linux.
CERT FOE Failure Observation Engine, a tool developed by CERT which uses mutational fuzzing to detect vulnerabilities in Windows programs.
CERTfuzz The source code of CERT FOE.
Choronzon An evolutionary knowledge-based fuzzer.
Diffy A tool developed by Twitter to discover vulnerabilities in web services.
Dizzy A fuzzing library for Python
dfuzzer A fuzzing tool for testing processes that communicate through the D-Bus IPC and RPC mechanism.
dotdotpwn A tool to test web applications for path traversal vulnerabilities.
Dranzer A fuzz tester for ActiveX controls.
EMFFuzzer An Enhanced Metafile fuzz tester.
Exploitable An extension for GDB (the GNU debugger) that analyzes Linux executables and classifies their bugs by severity according to known exploits. Originally developed at CERT.
Go-fuzz A fuzz tester for Go programs that populates their objects with random values.
grr Translates 32-bit binaries to 64-bit, fuzzing them as part of the process.
honggfuzz Evolutionary, feedback-driven fuzzer for hardware and software.
HTTP/2 Fuzzer A fuzzer for HTTP/2 applications, still available for download but no longer actively developed.
Hodor A "slightly more than totally dumb" (brute force) fuzzer.
iFuzzer A fuzzer written in Python which uses Mercurial and Valgrind.
KEMUfuzzer A fuzzer for virtual machines running on QEMU, VMware, VirtualBox, or BHOCS emulation platforms.
KernelFuzzer A fuzzer for kernel system calls
LibFuzzer A library for in-process, evolutionary, coverage-guided fuzz testing.
Netzob A fuzzer for reverse-engineering communications protocols.
Neural Fuzzer A fuzzer that uses machine learning (neural networks) to perform its testing.
Nightmare A distributed fuzzer with web-based administration tools.
Pathgrind Path-based dynamic analysis for 32-bit applications.
Perf-fuzzer A fuzzer specifically designed to test the perf_event_open() system call in the Linux kernel.
Pulsar A fuzzer which "learns" protocols.
PyJFuzz A Python JSON fuzzer.
QuickFuzz An experimental grammar fuzzer written in Haskell.
Radamsa A general-purpose fuzzer.
Randy A simple Python fuzzer that generates random input for the tested program.
sfuzz Simple fuzz. "Exactly what it sounds like — a simple fuzzer." Included as part of the Kali Linux toolset.
skipfish A web application security scanner developed at Google.
syntribios An automated fuzz tester for web APIs, written in Python and maintained by the OpenStack Security Group.
TriforceAFL A full-system fuzzer that uses QEMU.
Wapiti A web application vulnerability scanner.
Wfuzz A brute-force fuzzer for web applications.
zzuf A deterministic, transparent application input fuzzer that randomly changes bits in a file's input operations.

The following are fuzzing harnesses, or frameworks, which can help you to manage your fuzz testing.

Fuzzing Framework Description
CERT BFF The BFF (Basic Fuzzing Framework), developed by CERT, designed to find vulnerabilities in Windows, macOS, and Linux applications.
FuzzFlow A fuzzing framework in AngularJS.
Fuzzinator A framework for random fuzz testing.
FuzzLabs A general-purpose fuzz testing framework.
Grinder A fuzz testing automator/framework for testing web browsers.
Kitty A fuzz testing framework written in Python.
ofuzz A fuzzing framework written in OCaml.
Nodefuzz A fuzz testing framework for web browsers, written in nodejs.
PassiveFuzzFrameworkOSX A fuzzer for testing vulnerabilities in the macOS kernel.
Peach Fuzzer A platform for fuzz testing that can "test virtually any system for unknown vulnerabilities."
RamFuzz A fuzzer for testing the individual parameters of object methods.
Sulley A "fully-automated and unattended, pure Python" fuzzing framework.
FunFuzzer A Python fuzzing harness for JavaScript engines and DOM renderers, by Mozilla.

Bug, Programming terms, Security terms, Software testing