forked from pvi44/fuzzer
-
Notifications
You must be signed in to change notification settings - Fork 1
/
fuzzer_exam.py
76 lines (57 loc) · 2 KB
/
fuzzer_exam.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/usr/bin/python
# 5-line fuzzer below is from Charlie Miller's
# "Babysitting an Army of Monkeys":
# Part 1 - http://www.youtube.com/watch?v=Xnwodi2CBws
# Part 2 - http://www.youtube.com/watch?v=lK5fgCvS2N
import math
import random
import string
import subprocess
import time
import os
content = """
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Phasellus sollicitudin condimentum libero,
sit amet ultrices lacus faucibus nec.
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Cum sociis natoque penatibus et magnis dis parturient montes,
nascetur ridiculus mus. Cras nulla nisi, accumsan gravida commodo et,
venenatis dignissim quam. Mauris rutrum ullamcorper consectetur.
Nunc luctus dui eu libero fringilla tempor. Integer vitae libero purus.
Fusce est dui, suscipit mollis pellentesque vel, cursus sed sapien.
Duis quam nibh, dictum ut dictum eget, ultrices in tortor.
In hac habitasse platea dictumst. Morbi et leo enim.
Aenean ipsum ipsum, laoreet vel cursus a, tincidunt ultrices augue.
Aliquam ac erat eget nunc lacinia imperdiet vel id nulla."""
# defined app
app = [
"\Program Files\Microsoft Office\Office14\WINWORD.EXE"
]
fuzz_output = "fuzz.txt"
FuzzFactor = 244
num_tests = 10000
########### end configuration ##########
crashes = {}
for i in range(num_tests):
buf = bytearray(content)
# start Charlie Miller code
numwrites=random.randrange(math.ceil((float(len(buf)) / FuzzFactor)))+1
for j in range(numwrites):
rbyte = random.randrange(256)
rn = random.randrange(len(buf))
buf[rn] = "%c"%(rbyte)
#end Charlie Miller code
with open(fuzz_output, "w") as f:
f.write(buf)
print "Opening file with app '%s', %d bytes changed" % (app, numwrites)
p = subprocess.Popen([app, fuzz_output])
time.sleep(3)
crashed = p.poll()
if not crashed:
p.terminate()
else:
crashes[app] += 1
print "Test summary"
print "=" * 40
for app, count in crashes.items():
print "App '%s' crashed %d times." % (app, count)