sfuzz

sfuzz(1)                    General Commands Manual                   sfuzz(1)



NAME
       sfuzz - Simple Fuzzer

SYNOPSIS
       sfuzz [-ORTUVXdelnqrsu] [-D key=val]...
                   [-b testid] [-t timeout] [-L filename]
                   -f config [-S host] [-p port]
       sfuzz -h
       sfuzz -V

DESCRIPTION
       sfuzz is a generic application input permutation generator. It works by
       reading the specified configuration file in combination with the
       command-line options to generate large permutations of patterned data
       feeding the program's input.  sfuzz's behavior is deterministic, and
       config file driven, making it easy to reproduce bugs and record the
       steps to reproduce.

USAGE
       sfuzz will parse the file specified, along with the arguments, and
       connect to a network port sending the data and listening for a
       response. The relevant behavior will be reported in the standard output
       as well as the standard error channel, and optionally a specified log
       file.

OPTIONS
       -b Test ID
              Begin fuzzing at a particular permutation (test-case ID). sfuzz
              will skip tests until it gets the test specified.

       -D key=value
              Define a key:value pair. This can be repeated any number of
              times.

       -d     Use Unix Datagram sockets NOTE: Support for this is
              experimental.

       -e     Stop fuzzing when an error is detected. Without this option,
              sfuzz will continue to try and execute test cases. This is
              useful when certain types of errors are triggered.

       -f filename
              Configuration file, which contains the file format to use.

       -h     Prints help and exits

       -L filename
              Log to the specified file. If filename doesn't exist, it will be
              created.  Otherwise, it will be truncated.

       -l     Only include 'literal' fuzz strings (no sequences).

       -n     Create a new log file ending with .id where id is the test id
              executed.

       -O     Log to standard output

       -p port
              Connect to the port specified at port

       -q     Quiet mode (not much information printed to standard out)

       -R     Leak connections

       -r     Trim newlines when sending data

       -S hostname
              Hostname to which sfuzz will connect. This can be an IPv4
              address, IPv6 address, or a hostname to be resolved via dns.

       -s     Only include 'sequence' fuzz string (no literals).

       -T     Use TCP sockets to connect

       -t time in ms
              Wait time between test cases, in milli-seconds

       -U     Use UDP sockets to 'connect' (send data)

       -u     Use Unix stream sockets to connect

       -V     Print version and exit

       -v     Set output to be VERBOSE

       -X     Print responses as ascii-hex

DIAGNOSTICS
       Exit status is zero on normal exit, and -1 if there was an error
       detected.

EXAMPLES
       See the README file for examples

BUGS
       sfuzz strives to be error free. If you think you've found a bug, please
       report it to sfuzz-devel@googlegroups.com.

HISTORY
       sfuzz started in 2009 as a small ascii only fuzzer generator in the
       same style as easy-fuzz. It has since acquired several useful
       functions, including block based fuzzing and some analysis routines.

AUTHOR
       Copyright © 2009-2016 Aaron Conole <apconole@yahoo.com>.

       sfuzz and this manual are free software. They come without any
       warranty, to the extent permitted by applicable law. You can
       redistribute them and/or modify them under the terms of the 3-Clause
       BSD license. See LICENSING for more details.

       sfuzz's site can be found at http://github.com/orgcandman/Simple-Fuzzer



sfuzz                             2016-02-17                          sfuzz(1)