Its Peach time again guys! Mr. Michael Eddington has released version 2.3.1 of Peach. It is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.
It is a SmartFuzzer because it tries to understand the type information in the data that is being mutated while fuzzing. In generation based fuzzing you build the data being sent to the fuzzer, based on a data model. For mutation based fuzzing, a well known data chunk is used and worked upon.
Peach was started as a Python framework some 5 years ago. So, in addition to running on 32-bit & 64-bit Windows OS’es, it will also work on most Unix & OS X platforms. Not only is it good fuzzing files, it can even fuzz complex state based protocols and both stream based fuzzing (files and sockets), call based fuzzing (COM/DCOM, RPC, etc.)! All you need to do is write a corresponding XML file (called the PeachPit) that contain all of the information needed for Peach to perform a fuzzing run.
Installation is pretty simple on all platforms. All you need is Python 2.5. There are a few more applications that need to be installed on Windows. An easy to follow guide to download and install Peach can be found here.
Related External Links
If you enjoyed this article, you might also like:
- April 26, 2010 -- UPDATE: Peach v2.3.6!
Two Peach releases in a month! We actually missed out posting about version 2.3.5. We wrote about Pe... - April 10, 2010 -- UPDATE: Peach v2.3.4!
We wrote about Peach here. Now, it has been updated! Peach version 2.3.4 is out now!"Peach is a ... - August 8, 2010 -- iKAT: The Interactive Kiosk Attack Tool for all!
Designed as a SaaS, iKAT features many methods of escaping out of a browser jailed environment and g... - July 29, 2010 -- FuzzDiff : Tool for crash analysis during fuzz testing
A simple tool designed to help out with crash analysis during fuzz testing. It selectively "un-fuzze... - July 12, 2010 -- UPDATE: fuzzdb v1.08!
We have talked about fuzzdb in detail here. Now, it has been updated to version 1.08! fuzzdb helps ... - July 1, 2010 -- UPDATE: JBroFuzz 2.3!
OWASP has yet again updated and released the newest version of their fine tool – JBroFuzz. The curr... - June 4, 2010 -- Spiderpig: A PDF JavaScript Fuzzer!
Adobe and Portable Document Format (PDF) vendors use JavaScript in their PDF formats to enhance stan... - May 13, 2010 -- KHOBE: The Kernel HOok Bypassing Engine!
Today's security software have a prime task of protecting computers against malware and hacker attac... - April 29, 2010 -- fuzzdb: Attack and Discover Pattern Databases for Web Application Fuzz Testing!
A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force ...
Tagged as: Fuzzer, Peach
You must log in to post a comment.