Tool and Usage
Why this tool?
Boofuzz is a framework written in Python that allows hackers to specify protocol formats and perform fuzzing. It does the heavy lifting of the fuzzing process. It builds on its predecessor Sulley and promises to be much better. Examples include the online documentation, support to extend the tooling, easier installation, and far fewer bugs. It comes with built-in support for serial fuzzing, the ethernet and IP layers, and UDP broadcasts.
How it works
Boofuzz helps the development of a fuzzing engine by allowing to specify a particular protocol and its format. It then generates mutations specific to this particular format.
Boofuzz is a forked project of the Sulley fuzzing tool when it became unmaintained. Its goal is to maintain it and make it a better tool than its predecessor. To achieve this, it aims to solve bugs and reducing them to a minimum while extending the tool with new features. Boofuzz is named after the little girl that scared Sulley, one of the characters in the movie Monsters Inc.
Usage and audience
boofuzz is commonly used for application fuzzing or vulnerability scanning. Target users for this tool are pentesters and security professionals.
- CSV output supported
- Extendable with custom tests and plugins
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + More than 10 contributors
- + The source code of this software is available
History and highlights
- Demo at Black Hat USA 2018 Arsenal
- Demo at DEF CON 26 Demo Labs
Supported operating systems
Boofuzz is known to work on Linux.
Similar tools to boofuzz:
Wfuzz is a security tool to do fuzzing of web applications. It is modular and can be used to discover and exploit web application vulnerabilities. This makes the tool useful for both developers as security professionals.
Kitty is a modular and extensible fuzzing framework written in Python. It is inspired by OpenRCE's Sulley and Michael Eddington's Peach Fuzzer tool.
Fuzzapi is a security tool to test a REST API using fuzzing. It can be used for security assessments and penetration tests.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
- Fuzzing or fuzz testing is a technique to automatically test software. By providing the software unexpected inputs, the stability is tested. Any crashes or unexpected errors can reveal a weakness in the software.