RE: Looking for a fuzzer/source code analyzer on customer developed code

From: Gadi Evron (ge@linuxbox.org)
Date: Tue Mar 18 2008 - 14:49:54 EST

• Next message: Jamie Riden: "Re: Pentesting tools for Linux IP Tables"
• Previous message: Volker Tanger: "Re: anonymous Zonetransfer (AXFR) exploatation"
• In reply to: Joxean Koret: "RE: Looking for a fuzzer/source code analyzer on customer developed code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 18 Mar 2008, Joxean Koret wrote:
> There are many fuzzers but the most powerfull are
> SPIKE and Sulley. Both of them are Open Source but
> SPIKE is quite old (as the latest version is only
> distributed to paying customers).

If you are looking for open source, there are two routes to go.
1. Specific fuzzer: built from the engine up to fuzz one service or
protocol.
2. Frame-work (my preference is Peach)

A google search should be good enough, e.g. SMTP fuzzer or SMTP fuzzing.
Really.

If you want something specific and still didn't find it, try asking on the
fuzzing mailing list:
http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Jamie Riden: "Re: Pentesting tools for Linux IP Tables"
• Previous message: Volker Tanger: "Re: anonymous Zonetransfer (AXFR) exploatation"
• In reply to: Joxean Koret: "RE: Looking for a fuzzer/source code analyzer on customer developed code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:28 EDT