Your company here — click to reach over 10,000 unique daily visitors

sfuzz - Man Page

Simple Fuzzer


sfuzz [-ORTUVXdelnqrsu] [-D key=val]...
           [-b testid] [-t timeout] [-L filename]
           -f config [-S host] [-p port]
sfuzz -h
sfuzz -V


sfuzz is a generic application input permutation generator. It works by reading the specified configuration file in combination with the command-line options to generate large permutations of patterned data feeding the program's input. sfuzz's behavior is deterministic, and config file driven, making it easy to reproduce bugs and record the steps to reproduce.


sfuzz will parse the file specified, along with the arguments, and connect to a network port sending the data and listening for a response. The relevant behavior will be reported in the standard output as well as the standard error channel, and optionally a specified log file.


-b Test ID

Begin fuzzing at a particular permutation (test-case ID). sfuzz will skip tests until it gets the test specified.

-D key=value

Define a key:value pair. This can be repeated any number of times.


Use Unix Datagram sockets NOTE: Support for this is experimental.


Stop fuzzing when an error is detected. Without this option, sfuzz will continue to try and execute test cases. This is useful when certain types of errors are triggered.

-f filename

Configuration file, which contains the file format to use.


Prints help and exits

-L filename

Log to the specified file. If filename doesn't exist, it will be created. Otherwise, it will be truncated.


Only include 'literal' fuzz strings (no sequences).


Create a new log file ending with .id where id is the test id executed.


Log to standard output

-p port

Connect to the port specified at port


Quiet mode (not much information printed to standard out)


Leak connections


Trim newlines when sending data

-S hostname

Hostname to which sfuzz will connect. This can be an IPv4 address, IPv6 address, or a hostname to be resolved via dns.


Only include 'sequence' fuzz string (no literals).


Use TCP sockets to connect

-t time in ms

Wait time between test cases, in milli-seconds


Use UDP sockets to 'connect' (send data)


Use Unix stream sockets to connect


Print version and exit


Set output to be VERBOSE


Print responses as ascii-hex


Exit status is zero on normal exit, and -1 if there was an error detected.


See the README file for examples


sfuzz strives to be error free. If you think you've found a bug, please report it to sfuzz-devel@googlegroups.com.


sfuzz started in 2009 as a small ascii only fuzzer generator in the same style as easy-fuzz. It has since acquired several useful functions, including block based fuzzing and some analysis routines.


Copyright © 2009-2016 Aaron Conole <apconole@yahoo.com>.

sfuzz and this manual are free software. They come without any warranty, to the extent permitted by applicable law. You can redistribute them and/or modify them under the terms of the 3-Clause BSD license. See LICENSING for more details.

sfuzz's site can be found at http://github.com/orgcandman/Simple-Fuzzer