Fuzz Testing

Updated: 04/26/2017 by Computer Hope

Fuzz testing (monkey testing)Fuzz testing, also known as fuzzing or monkey testing, is a technique used to test software for unknown vulnerabilities. The fuzz testing process is automated by a program known as a fuzzer, which comes up with a large amount of data to send to the target program as input. If the target program crashes or behaves in an undesirable way, the fuzzer makes a log of the input that caused the error.

Hackers often use fuzzers to look for vulnerabilities in software, probing it for weaknesses they can exploit. Software developers can use a fuzzer to anticipate and defend against those types of attacks.

Origin

The first fuzzer was written in the early 1980s by developer Steve Capps to test for weakness in programs for the Macintosh computer. He called his program "The Monkey," referring to the classic adage of a monkey pressing random keys on a typewriter for an infinite amount of time. The theory is that given enough time, the monkey will eventually write the complete works of Shakespeare. Although this approach to software testing is typically called "fuzzing," it is also called "monkey testing" because of Capps' program.

List of Fuzzers

Fuzzing techniques can be used to test any type of software, and many fuzzers exist for specific purposes.

The following is a list of fuzzers, most of them being open-source and many still in active development.

Fuzzer Name/URL Description
Google Sanitizers A group of four data sanitizers developed at Google, which use fuzzing to detect program errors:
  • AddressSanitizer, which detects memory address errors in C and C++ programs
  • LeakSanitizer, which detects memory leaks
  • ThreadSanitizer, which detects race conditions in C++ and Go
  • Memory Sanitizer, which detects uninitialized memory
afl-fuzz American Fuzzy Lop, a tool which uses genetic algorithms to test the security of compiled programs
Backfuzz A protocol fuzzing toolkit
BrundleFuzz A distributed fuzzer for Windows and Linux
CERT FOE Failure Observation Engine, a tool developed by CERT which uses mutational fuzzing to detect vulnerabilities in Windows programs
CERTfuzz The source code of CERT FOE
Choronzon An evolutionary knowledge-based fuzzer
Diffy A tool developed by Twitter to discover vulnerabilities in web services
Dizzy A fuzzing library for Python
dfuzzer A fuzzing tool for testing processes that communicate through the D-Bus IPC and RPC mechanism
dotdotpwn A tool to test web applications for path traversal vulnerabilities
Dranzer A fuzz tester for ActiveX controls
EMFFuzzer An Enhanced Metafile fuzz tester
Exploitable An extension for GDB (the GNU debugger) that analyzes Linux executables and classifies their bugs by severity according to known exploits. Originally developed at CERT
Go-fuzz A fuzz tester for Go programs that populates their objects with random values
grr Translates 32-bit binaries to 64-bit, fuzzing them as part of the process
honggfuzz Evolutionary, feedback-driven fuzzer for hardware and software
HTTP/2 Fuzzer A fuzzer for HTTP/2 applications, still available for download but no longer actively developed
Hodor A "slightly more than totally dumb" (brute force) fuzzer
iFuzzer A fuzzer written in Python which uses Mercurial and Valgrind
KEMUfuzzer A fuzzer for virtual machines running on QEMU, VMware, VirtualBox, or BHOCS emulation platforms
KernelFuzzer A fuzzer for kernel system calls
LibFuzzer A library for in-process, evolutionary, coverage-guided fuzz testing
Netzob A fuzzer for reverse-engineering communications protocols
Neural Fuzzer A fuzzer that uses machine learning (neural networks) to perform its testing
Nightmare A distributed fuzzer with web-based administration tools
Pathgrind Path-based dynamic analysis for 32-bit applications
Perf-fuzzer A fuzzer specifically designed to test the perf_event_open() system call in the Linux kernel
Pulsar A protocol-learning and stateful fuzzer
PyJFuzz A Python JSON fuzzer
QuickFuzz An experimental grammar fuzzer written in Haskell
Radamsa A general-purpose fuzzer
Randy A simple Python fuzzer that generates random input for the tested program
sfuzz Simple fuzz. "Exactly what it sounds like — a simple fuzzer." Included as part of the Kali Linux toolset.
skipfish A web application security scanner developed at Google.
syntribios An automated fuzz tester for web APIs, written in Python and maintained by the OpenStack Security Group.
TriforceAFL A full-system fuzzer that uses QEMU.
Wapiti A web application vulnerability scanner.
Wfuzz A brute-force fuzzer for web applications.
zzuf A deterministic, transparent application input fuzzer that randomly changes bits in a file's input operations.

The following are fuzzing harnesses, or frameworks, which can help you to manage your fuzz testing.

Fuzzing Framework Description
CERTbff The Basic Fuzzing Framework (BFF), developed by CERT, designed to find vulnerabilities in Windows, macOS, and Linux applications.
FuzzFlow A fuzzing framework in AngularJS.
Fuzzinator A framework for random fuzz testing.
Fuzzlabs A general-purpose fuzz testing framework.
Grinder A fuzz testing automator/framework for testing web browsers.
Kitty A fuzz testing framework written in Python.
ofuzz A fuzzing framework written in OCaml.
Nodefuzz A fuzz testing framework for web browsers, written in nodejs.
PassiveFuzzFrameworkOSX A fuzzer for testing vulnerabilities in the OSX kernel
PeachFuzzer A platform for fuzz testing that can "test virtually any system for unknown vulnerabilities."
RamFuzz A fuzzer for testing the individual parameters of object methods
Sulley A "fully-automated and unattended, pure Python" fuzzing framework.
Wadi-fuzzer A Python fuzzing harness for Microsoft Edge browsers running on Windows 10.

Bug, Programming terms, Security terms, Software testing