sfuzz [-ORTUVXdelnqrsu] [-D key=val]...
[-b testid] [-t timeout] [-L filename]
-f config [-S host] [-p port]
sfuzz is a generic application input permutation generator. It works by reading the specified configuration file in combination with the command-line options to generate large permutations of patterned data feeding the program's input. sfuzz's behavior is deterministic, and config file driven, making it easy to reproduce bugs and record the steps to reproduce.
sfuzz will parse the file specified, along with the arguments, and connect to a network port sending the data and listening for a response. The relevant behavior will be reported in the standard output as well as the standard error channel, and optionally a specified log file.
- -b Test ID
Begin fuzzing at a particular permutation (test-case ID). sfuzz will skip tests until it gets the test specified.
- -D key=value
Define a key:value pair. This can be repeated any number of times.
Use Unix Datagram sockets NOTE: Support for this is experimental.
Stop fuzzing when an error is detected. Without this option, sfuzz will continue to try and execute test cases. This is useful when certain types of errors are triggered.
- -f filename
Configuration file, which contains the file format to use.
Prints help and exits
- -L filename
Log to the specified file. If filename doesn't exist, it will be created. Otherwise, it will be truncated.
Only include 'literal' fuzz strings (no sequences).
Create a new log file ending with .id where id is the test id executed.
Log to standard output
- -p port
Connect to the port specified at port
Quiet mode (not much information printed to standard out)
Trim newlines when sending data
- -S hostname
Hostname to which sfuzz will connect. This can be an IPv4 address, IPv6 address, or a hostname to be resolved via dns.
Only include 'sequence' fuzz string (no literals).
Use TCP sockets to connect
- -t time in ms
Wait time between test cases, in milli-seconds
Use UDP sockets to 'connect' (send data)
Use Unix stream sockets to connect
Print version and exit
Set output to be VERBOSE
Print responses as ascii-hex
Exit status is zero on normal exit, and -1 if there was an error detected.
See the README file for examples
sfuzz strives to be error free. If you think you've found a bug, please report it to firstname.lastname@example.org.
sfuzz started in 2009 as a small ascii only fuzzer generator in the same style as easy-fuzz. It has since acquired several useful functions, including block based fuzzing and some analysis routines.
Copyright © 2009-2016 Aaron Conole <email@example.com>.
sfuzz and this manual are free software. They come without any warranty, to the extent permitted by applicable law. You can redistribute them and/or modify them under the terms of the 3-Clause BSD license. See LICENSING for more details.
sfuzz's site can be found at http://github.com/orgcandman/Simple-Fuzzer