References to Fusil

Registration:

• ohloh.net code metrics
• Freshmeat page

News:

• Fusil the fuzzer version 1.0beta3 (2008-09-03) on the Full Disclosure mailing list
• Fusil the fuzzer version 1.0beta3 (2008-09-03) on the pen-test mailing list
• Sortie de Fusil le fuzzer en version 1.0beta3 (2008-09-03)
• Full-disclosure: Fusil the fuzzer version 0.9 released (8 July 2008)
• Fusillez vos applications avec Fusil 0.6 (2007-12-19)
• Blog entry on security-protocols.com (2007-11-27)
• linuxfr.org journal (2007-11-27)

Not posted by haypo:

• Fusil Fuzzer 0.7 - Fuzzing Functions in Python (darknet)

Fuzzer list (non tested)

Last changed in 2007:

• ioctlizer 0.1 (Windows)
• Bunny, last release: 2007-11-06, author: Michal Zalewski, written in C
• Flayer, last release: 2007-08-09, read also paper about Flayer, authors: Will Drewry and Tavis Ormandy
• zzuf: multi-purpose fuzzer, last release: 2007-11-03, author: Sam Hocevar
• Sulley, last change: 2007-08-02, author: Pedram Amini and Aaron Portnoy
• pff (PHP fuzzer), author: calcite, last change: 2007-07-03, rewritten in Fusil: project/php.py
• mangle.c, author: Ilja van Sprundel, rewritten in Fusil: fusil/mangle.py
• sysfuzz.c, rewritten in Fusil: project/linux_syscall.py
• Evolutionary Fuzzing System (EFS), last change: 2007-04-13, written in Python, author: Pedram Amini and Jared DeMott
• Peach, author: Michael Eddington, written in Python, last change: 2007-07-30
• petardfs, FUSE filesystem, last change: 2007-09-19, author: Ben Martin
• Scapy, author: Philippe Biondi, written in Python
• Schemer, last change: 2007, written in C#

Last changed in 2006:

• Autodafe, last change: 2006-08-05, written in C
• fsfuzz, last release: 2006-10-24, author: L.M.H, written in bash (and C for mangle.c)
• dfuz, last release: 2006-06-18, author: Diego Bauche, written in C
• Mistress, last release: 2006-03-02, author: posidron, written in Python
• FileFuzz from iDefense (Windows), last change: 2006-11-15, written in C#

Last changed in 2005:

• PROTOS
• antiparser, last release: 2005-08-17, written in Python

Last changed in 2004:

• Scatch, last change: 2004, written in Python
• SPIKE, last change: 2004, author: Dave Aitel and Dug Song, written in C
• mangleme, HTML manglizer, author: Michal Zalewski, written in C (CGI), last change: 2004-10-18
• ISIC (IP Stack Integrity Checker), last release: 2004-11-11, author: Shu Xiao

Older projects:

• lxapi, last chage: 2003, author: : endee, written in Python
• Advanced Fuzz Experiment (afx), author: Michal Zalewski, last change: 2001-04-21
• fuzz.c, first version: 1989, last changes: 2006, author: Barton Miller, written in C

List of fuzzer list

• http://www.hacksafe.com.au/blog/2006/08/21/fuzz-testing-tools-and-techniques/
• Fuzzing Tools list on secwiki
• Fuzzing on owasp.org

Other fuzzer links

* Automated Whitebox Fuzz Testing (May 2007)

Vulnerabilities publication

• Secunia
  • full-disclosure (@lists.grok.org.uk, mailing list)
• FrSIRT
• heise Security UK
• CERT
• CVE (Common Vulnerabilities and Exposures)
• SecurityFocus
  • BugTraq (@securityfocus.com, full disclosure, mailing list)
• National (USA) Vulerability Database
• SecurityTracker
• OSVDB (Open Source Vulnerability Database)
• netVigilance

Vulnerability labs

• Xforce ISS
• Rapid7
• iDefense (labs)
• GamaSEC (GamaLAB)
• Matousec
• Chris Evans (Software security hole)
• Scanit
• Zero Day Initiative (3COM)

Free software audit

• Open Source Quality Project (OSQ)
• Open source vulnerability database (OSVDB)
• OpenBSD Security Audit
• Gentoo Linux Security Project
• Debian Security Audit
  • Security Audit Bugs
• Ubuntu Security Team
  • Bugs related to Ubuntu Security Team
• Mandriva Security (no audit team?)
• Fedora Security
• Slackware Security

Sell vulnerabilities

• Zero Day Initiative
• iDefense Vulnerability Contributor Program
• WabiSabiLabi