1sfuzz(1) General Commands Manual sfuzz(1)
2
6 sfuzz - Simple Fuzzer
7
9 sfuzz [-ORTUVXdelnqrsu] [-D key=val]...
10 [-b testid] [-t timeout] [-L filename]
11 -f config [-S host] [-p port]
12 sfuzz -h
13 sfuzz -V
14
16 sfuzz is a generic application input permutation generator. It works by
17 reading the specified configuration file in combination with the com‐
18 mand-line options to generate large permutations of patterned data
19 feeding the program's input. sfuzz's behavior is deterministic, and
20 config file driven, making it easy to reproduce bugs and record the
21 steps to reproduce.
22
24 sfuzz will parse the file specified, along with the arguments, and con‐
25 nect to a network port sending the data and listening for a response.
26 The relevant behavior will be reported in the standard output as well
27 as the standard error channel, and optionally a specified log file.
28
30 -b Test ID
31 Begin fuzzing at a particular permutation (test-case ID). sfuzz
32 will skip tests until it gets the test specified.
33 -D key=value
35 Define a key:value pair. This can be repeated any number of
36 times.
37 -d Use Unix Datagram sockets NOTE: Support for this is experimen‐
39 tal.
40 -e Stop fuzzing when an error is detected. Without this option,
42 sfuzz will continue to try and execute test cases. This is use‐
43 ful when certain types of errors are triggered.
44 -f filename
46 Configuration file, which contains the file format to use.
47 -h Prints help and exits
49 -L filename
51 Log to the specified file. If filename doesn't exist, it will be
52 created. Otherwise, it will be truncated.
53 -l Only include 'literal' fuzz strings (no sequences).
55 -n Create a new log file ending with .id where id is the test id
57 executed.
58 -O Log to standard output
60 -p port
62 Connect to the port specified at port
63 -q Quiet mode (not much information printed to standard out)
65 -R Leak connections
67 -r Trim newlines when sending data
69 -S hostname
71 Hostname to which sfuzz will connect. This can be an IPv4
72 address, IPv6 address, or a hostname to be resolved via dns.
73 -s Only include 'sequence' fuzz string (no literals).
75 -T Use TCP sockets to connect
77 -t time in ms
79 Wait time between test cases, in milli-seconds
80 -U Use UDP sockets to 'connect' (send data)
82 -u Use Unix stream sockets to connect
84 -V Print version and exit
86 -v Set output to be VERBOSE
88 -X Print responses as ascii-hex
90
92 Exit status is zero on normal exit, and -1 if there was an error
93 detected.
94
96 See the README file for examples
97
99 sfuzz strives to be error free. If you think you've found a bug, please
100 report it to sfuzz-devel@googlegroups.com.
101
103 sfuzz started in 2009 as a small ascii only fuzzer generator in the
104 same style as easy-fuzz. It has since acquired several useful func‐
105 tions, including block based fuzzing and some analysis routines.
106
108 Copyright © 2009-2016 Aaron Conole <apconole@yahoo.com>.
109 sfuzz and this manual are free software. They come without any war‐
111 ranty, to the extent permitted by applicable law. You can redistribute
112 them and/or modify them under the terms of the 3-Clause BSD license.
113 See LICENSING for more details.
114 sfuzz's site can be found at http://github.com/orgcandman/Simple-Fuzzer
116sfuzz 2016-02-17 sfuzz(1)