reddit hackernews mail facebook facebook linkedin
sulley

sulley

A pure-python fully automated and unattended fuzzing framework.

Sulley is a fuzzing engine and fuzz testing framework consisting of multiple extensible components. Sulley exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and instrumentation.

Modern day fuzzers are, for the most part, solely focus on data generation. Sulley not only has impressive data generation but has taken this a step further and includes many other important aspects a modern fuzzer should provide. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a known good state using multiple methods. Sulley detects, tracks and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases trigger faults. Sulley does all this, and more, automatically and without attendance. It's not usual for a fuzz to run seamlessly for days at a time, that way you (as the vulnerability researcher) can focus on other areas of exploitation, and come back to Sulley's results when they're convenient for you.