주요 내용으로 건너뛰기

파이썬 Fuzzing Tools

Python Fuzzing tools for Software testers

취약점 분석이나 포렌식, 리버싱 등등 정보보안 분야에서 사용되는 도구들은 대부분 파이썬 언어를 사용하여 작성된다. 이미 오픈소스화된 대부분의 코드들도 파이썬이다. (물론 일부는 C언어 기반으로 코어부분을 작성한 후 파이썬으로 Wrapping하였는데, 이는 성능문제 때문일 것이다.)


아래는 Fuzzing 목적으로 사용하는 도구들을 모아둔 것을 스크랩하였다.

  • afl-python: enables American fuzzy lop fork server and instrumentation for pure-Python code
  • Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components
  • Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing (v2 was written in Python)
  • antiparser: fuzz testing and fault injection API
  • TAOF, (The Art of Fuzzing) including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer
  • untidy: general purpose XML fuzzer
  • Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer)
  • SMUDGE
  • Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns
  • Fuzzbox: multi-codec media fuzzer
  • Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems
  • Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms
  • WSBang: perform automated security testing of SOAP based web services
  • Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner
  • fuzzer.py (feliam): simple fuzzer by Felipe Andres Manzano
  • Fusil: Python library used to write fuzzing programs


출처 : 

https://github.com/dloss/python-pentest-tools

정보보안에 관심이 많은 대학원생, 소프트웨어 엔지니어/서버관리자

CPUU 님의 창작활동을 응원하고 싶으세요?

댓글