ansvif – An advanced cross platform fuzzing framework designed to find vulnerabilities

ansvif, written primarily in C++, is designed to find code bugs by throwing garbage input at programs to see how they react. This is great for finding bugs, because not every type of input is always handled, and buffers are not always checked, etc. It also comes in handy when writing (and protecting against), buffer overflow exploitation, as well as string input validation vulnerabilities (the %s bug).

ansvif v1.6.2 — A Not So Very Intelligent Fuzzer

Dependancies:
– automake autoconf-archive zlib1g-dev g++ gcc crypto++

Usage and install from source:

Install Dependencies:
sudo apt-get install libcrypto++-dev libcrypto++-doc libcrypto++-utils automake autoconf-archive zlib1g-dev g++ gcc

git clone https://github.com/oxagast/ansvif && cd ansvif
aclocal && autoconf && automake -a && ./configure --enable-syscalls && make

Fuzzing /bin/mount (a suid 0 process) example:
./ansvif -m mount -c /bin/mount -e examples/mount_e.txt -x examples/mount_o.txt\ -f 8 -b 2048

Iceweasel (Firefox) fuzzing example:
./ansvif -t examples/blank.txt -F tmp/tmphtml -x examples/htmltags.txt -c /usr/bin/iceweasel -b\ 128 -A "file:///home/username/src/ansvif/tmp/tmphtml"  -f 2 -n -R "sleep 3 && killall\ iceweasel" -S ">"

Syscall fuzzing example:
cat examples/linux_syscalls_implemented.list | xargs -P \ `cat examples/linux_syscalls_implemented.list | wc -l` -I {calls} ./ansvif -t examples/space.txt \ -B "{calls} " -c ./syscalls -o syscall_crash -f 1 -z -d -b 16

Source: http://oxagast.github.io/ansvif/

Source: Security List Network™ @ February 25, 2017 at 09:20AM

0
Share