Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.

Fusil is based on a multi-agent system architecture. It computes a session score used to guess fuzzing parameters like number of injected errors to input files.

Available fuzzing projects: ClamAV, Firefox (contains an HTTP server), gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall, mplayer, php, poppler, vim, xterm.

Fusil is an opensource project (contribute!) written in Python under GNU GPLv2 license.

Download and try Fusil

Download

Stable version:

• Download fusil-1.1.tar.gz (MD5: e7dfc39fd169e8ba72b0aeb304acb25b)
• Debian: Fusil Debian package (Lenny: 0.8, Sid: 0.9.1, Exp: 1.0).
• Ubuntu: Fusil in Intrepid. WARNING: Fusil package 0.8 depends on python-ptrace but dependency is missing!
• Mandriva: Fusil Mandriva package (Cookier: 1.0.0)
• OpenEmbedded: Fusil entry in the bug tracker (see also the recipe in git)
• Arch Linux: python-fusil package
• MacPort: Fusil MacPort
• Gentoo: Bugzilla Bug 247893
• See also Fusil on Python Package Index (PyPi) where you can download eggs
• Fusil 1.1 depends on python-ptrace 0.4.2

Read INSTALL for the installation procedure.

Download the last version (developer version) with subversion:

svn co http://fusil.hachoir.org/svn/trunk fusil

You can also browse Fusil source code.

Try fusil

Version 1.0 and newer

You can use Fusil without installation by changing PYTHONPATH: Fusil module have to be part of PYTHONPATH. Go to Fusil parent directory and type:

export PYTHONPATH=$PYTHONPATH:$PWD

Then you can use any fuzzer, eg. :

./fuzzers/fusil-xterm

Version 0.9.1 and older

You can use Fusil without installation, go to Fusil parent directory and type:

$ ./run_fusil.sh -p projects/xterm.py

There are many other available projects, list projects/ directory.

Status

Read the TODO list and ideas for new fuzzing projects.

Documentation

Browse doc/ directory from source code.

Pages

• Fuzzing projects
• List of crashed programs!
• Tested programs
• Idea of new projects
• How aggressivity agent works
• Contact Fusil author

See also:

• Links
• Old fusil versions
• Notes

News

• 2008-10-22: Release of Fusil 1.1, read the ChangeLog
• 2008-09-13: Release of Fusil 1.0 final, read the ChangeLog
  • Create zzuf and vlc fuzzers
  • Replace replay.sh and gdb.sh by replay.py which has many more options (eg. --valgrind or --user)
  • Basic Windows support
• 2008-09-03: Release of Fusil 1.0beta3, read the ChangeLog
• 2008-09-01: Publication of an article about Fusil in the french magazine MISC (#39)
• 2008-08-28: Release of Fusil 1.0beta2, read the ChangeLog
• 2008-08-23: Release of Fusil 1.0beta1, read the ChangeLog
• 2008-07-25: Release of Fusil 0.9.1 (bugfix version), read the ChangeLog.
• 2008-07-08: Release of Fusil 0.9
  • Support PyPy (Python interpreter)
  • Create Python fuzzer
  • Improve logging: copy log to project directory, use shorter prefix including the number of success
  • Improve IncrMange: faster and more accurate
  • Read README to see all changes
• 2008-03-26: Release of Fusil 0.8
  • Support Mac OS X (fix FileWatch)
  • Write new mangle algorithm: IncrMangle (incremental)
  • Use locateProgram() to avoid full program path (eg. replace "/usr/bin/mplayer" by "mplayer")
  • Use python-ptrace module (but don't use the debugger)
• 2008-03-07: Publication of the article Comment réaliser un fuzzer ? in the french magazine MISC
• 2008-02-25: Fusil accepted in Debian for my birthday!

Fusil in the press

• Pratiquer le fuzzing avec Fusil in french MISC magazine (pages 38-41)