취약점 분석이나 포렌식, 리버싱 등등 정보보안 분야에서 사용되는 도구들은 대부분 파이썬 언어를 사용하여 작성된다. 이미 오픈소스화된 대부분의 코드들도 파이썬이다. (물론 일부는 C언어 기반으로 코어부분을 작성한 후 파이썬으로 Wrapping하였는데, 이는 성능문제 때문일 것이다.)


아래는 Fuzzing 목적으로 사용하는 도구들을 모아둔 것을 스크랩하였다.

  • afl-python: enables American fuzzy lop fork server and instrumentation for pure-Python code
  • Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components
  • Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing (v2 was written in Python)
  • antiparser: fuzz testing and fault injection API
  • TAOF, (The Art of Fuzzing) including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer
  • untidy: general purpose XML fuzzer
  • Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer)
  • SMUDGE
  • Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns
  • Fuzzbox: multi-codec media fuzzer
  • Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems
  • Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms
  • WSBang: perform automated security testing of SOAP based web services
  • Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner
  • fuzzer.py (feliam): simple fuzzer by Felipe Andres Manzano
  • Fusil: Python library used to write fuzzing programs


출처 : 

https://github.com/dloss/python-pentest-tools

CPUU님의 창작활동을 응원하고 싶으세요?