Skip to content

Latest commit

 

History

History
276 lines (235 loc) · 8.63 KB

README.md

File metadata and controls

276 lines (235 loc) · 8.63 KB

rusty-radamsa

Radamsa ported to rust lang

Rusty Radamsa is a general purpose fuzzer. It modifies given sample data in ways, which might expose errors in programs intended to process the data. For more information, read the fine manual page, or visit https://gitlab.com/akihe/radamsa.

Rusty Radamsa was written by Amanda Rousseau (malwareunicorn), based on Radamsa by Aki Helin, initially at OUSPG.

Requirements:

Supported operating systems:

  • GNU/Linux
  • OpenBSD
  • FreeBSD
  • Mac OS X
  • Windows

Software requirments:

  • Rustlang 1.66
  • Cargo

Building Radamsa

git clone <GitLink>
cd rusty-radamsa
cargo build

Usage:

rustyradamsa.exe [OPTIONS] [FILE]... [COMMAND]

Commands:

  list
          list mutations, patterns and generators
  help
          Print this message or the help of the given subcommand(s)

Arguments:

  [FILE]...
          file or directory as generator input. example: "./input/* test.bin"

Options:

-s, --seed <SEED>
          random seed (u64, default random)

  -n, --count <COUNT>
          how many outputs to generate (u64)

  -H, --hash <HASH>
          hash algorithm for uniqueness checks (default sha256)

  -p, --patterns <PATTERNS>
          which mutation patterns to use (use list command to see all hashes)

  -m, --mutations <MUTATIONS>
          which mutations to use (use list command to see all mutations)

  -g, --generators <GENERATORS>
          which data generators to use (use list command to see all generators)

  -o, --output <OUTPUT>...
          output pattern

  -C, --checksums <CHECKSUMS>
          maximum number of checksums in uniqueness filter (0 disables)

          [default: 10000]

  -d, --delay <DELAY>
          sleep for n milliseconds between outputs

          [default: 0]

  -T, --truncate <TRUNCATE>
          take only first n bytes of each output (mainly intended for UDP). if truncate is zero, no truncation happens

          [default: 0]

  -S, --seek <SEEK>
          start from given testcase

          [default: 0]

  -v, --verbose
          show progress during generation

  -h, --help
          Print help (see a summary with '-h')

  -V, --version
          Print version

MUTATIONS:

DEFAULT: ft=2,fo=2,fn,num=5,ld,lds,lr2,li,ls,lp,lr,sr,sd,bd,bf,bi,br,bp,bei,bed,ber,uw,ui=2

id complete desc
ab enhance silly issues in ASCII string data handling
bd drop a byte
bed decrement a byte by one
bei increment a byte by one
ber swap a byte with a random one
bf flip one bit
bi insert a random byte
bp permute some bytes
br repeat a byte
fn likely clone data between similar positions
fo fuse previously seen data elsewhere
ft jump to a similar position in block
ld delete a line
lds delete many lines
li copy a line closeby
lis insert a line from elsewhere
lp swap order of lines
lr repeat a line
lr2 duplicate a line
lrs replace a line with one from elsewhere
ls swap two lines
nop do nothing (debug/test)
num try to modify a textual number
sd delete a sequence of bytes
sr repeat a sequence of bytes
str try to modify a string
td delete a node
tr repeat a path of the parse tree
tr2 duplicate a node
ts1 swap one node with another one
ts2 swap two nodes pairwise
ui insert funny unicode
uw try to make a code point too wide
word try to play with what look like n-byte words or values
xp try to parse XML and mutate it

GENERATORS:

DEFAULT: random,buffer,file=1000,jump=200,stdin=10000

id comeplete desc
stdin Generator to read data from stdin
file Generator to read data from a file
tcp Generator to read data from a tcp port
udp Generator to read data from a udp port
buffer Generator to read data from buffer
jump Generator jump streamer
random Generator to make random bytes
pcapng Generator to generate pcapng data

PATTERNS:

DEFAULT: od,nd=2,bu

id complete desc
od Mutate once
nd Mutate possibly many times
bu Make several mutations closeby once

HASHES:

DEFAULT: sha256

id complete desc
sha Default Hash Sha-256
sha256 Hash Sha-256
sha512 Hash Sha-512
crc Default CRC-64/CKSUM
crc32 CRC-32/CKSUM
crc64 CRC-64/REDIS
crc82 CRC-82/DARC

OUTPUTS:

DEFAULT: -

id complete desc
file Write output data to a binary file
tcpserver Write output data to a tcp port as server
tcpclient Write output data to a tcp port as client
udpserver Write output data to a udp port as server
udpclient Write output data to a udp port as client
buffer Write output data to a buffer address or vector
hash Write output variations or a hashing directory using %n and %s as in the template path (i.e. /tmp/fuzz-%n.%s)
template Output template. %f is fuzzed data. e.g. "%f"

Lib Examples

use std::boxed::Box;
extern crate rusty_radamsa;
let data = Box::<[u8]>::from("Hello World 12345689\n".as_bytes());
let mut out_buffer = Box::<[u8]>::from(vec![0u8; 2048]);
let max_len = out_buffer.len(); //aka truncate
let seed: u64 = 42;
let _len = rusty_radamsa::radamsa(&data, data.len(), &mut out_buffer, max_len, seed);

Check out the examples folder for more implementations

Command Line Examples

List all generators, mutators, patterns, hashes, and outputs options.

rustyradamsa.exe list -a

Mutate mutiple files using the num mutator for 100 unique mutations to stdout.

rustyradamsa.exe -g file -m num -n 100 ./tests/hello*

Mutate stdin to an out put file.

echo "hello 12345" | rustyradamsa.exe -o file output.bin

Generate random data and pipe to a bin file.

rustyradamsa.exe -g random > some.bin

Get data from TCP Stream using the num mutator.

rustyradamsa.exe -m num -g tcp "127.0.0.1:6666"

Send data to TCP Stream using the random generator.

rustyradamsa.exe -g random -o tcpclient "127.0.0.1:6666"

Send data to UDP server.

rustyradamsa.exe -g random -T 30 -o udpclient 127.0.0.1:8888,127.0.0.1:8000 -v

Generate from UDP input.

rustyradamsa.exe -m num -g udp 0.0.0.0:8888 -v

TODOs:

  • Seek to test case
  • Templated filenames for output
  • Template output (--output-template)
  • Delay between mutations (--delay)
  • Pcapng generator (pcapng)
  • Jump generator (jump)
  • Saving metadata (--meta)
  • Mutator: Xml (xp)
  • Mutator: Byte inversion
  • Mutator: Even powers of two
  • Mutator: Add/subtract a random value from 0..16
  • Mutator: Overwrite contents with zero bytes
  • Fix generic mutators to be stateful
  • Make the mutation hash global for external use

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.