boofuzz

LSE toolsLSE toolsboofuzz (178)boofuzz (178)

Tool and Usage

Project details

License
GPLv2
Programming language
Python
Author
Joshua Pereyda
Latest release
0.4.2
Latest release date

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Boofuzz is a framework written in Python that allows hackers to specify protocol formats and perform fuzzing. It does the heavy lifting of the fuzzing process. It builds on its predecessor Sulley and promises to be much better. Examples include the online documentation, support to extend the tooling, easier installation, and far fewer bugs. It comes with built-in support for serial fuzzing, the ethernet and IP layers, and UDP broadcasts.

How it works

Boofuzz helps the development of a fuzzing engine by allowing to specify a particular protocol and its format. It then generates mutations specific to this particular format.

Background information

Boofuzz is a forked project of the Sulley fuzzing tool when it became unmaintained. Its goal is to maintain it and make it a better tool than its predecessor. To achieve this, it aims to solve bugs and reducing them to a minimum while extending the tool with new features. Boofuzz is named after the little girl that scared Sulley, one of the characters in the movie Monsters Inc.

Usage and audience

boofuzz is commonly used for application fuzzing or vulnerability scanning. Target users for this tool are pentesters and security professionals.

Features

  • CSV output supported
  • Extendable with custom tests and plugins

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

History and highlights

  • Demo at Black Hat USA 2018 Arsenal
  • Demo at DEF CON 26 Demo Labs

Author and Maintainers

Boofuzz is under development by Joshua Pereyda.

Installation

Supported operating systems

Boofuzz is known to work on Linux.

boofuzz alternatives

Similar tools to boofuzz:

60

Wfuzz

Wfuzz is a security tool to do fuzzing of web applications. It is modular and can be used to discover and exploit web application vulnerabilities. This makes the tool useful for both developers as security professionals.

60

Kitty

Kitty is a modular and extensible fuzzing framework written in Python. It is inspired by OpenRCE's Sulley and Michael Eddington's Peach Fuzzer tool.

68

Fuzzapi

Fuzzapi is a security tool to test a REST API using fuzzing. It can be used for security assessments and penetration tests.

All boofuzz alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Definitions

Fuzzing
Fuzzing or fuzz testing is a technique to automatically test software. By providing the software unexpected inputs, the stability is tested. Any crashes or unexpected errors can reveal a weakness in the software.

Compare boofuzz with other tools

Categories

This tool is categorized as a fuzzing framework and fuzzing tool.

Related topics