boofuzz
CrossHair
boofuzz | CrossHair | |
---|---|---|
1 | 8 | |
1,960 | 948 | |
- | - | |
7.3 | 9.2 | |
10 days ago | 11 days ago | |
Python | Python | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
boofuzz
-
Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021
The one thing that's not really fully encapsulated in a lot of these comment chains below is the role of custom written fuzzers for competitions like this. Frameworks like AFL, BooFuzz, etc. A properly written test file will allow for most of the hunting to happen automagically by tampering with function calls or inputs until something crashes. By configuring an environment appropriately, you can run millions of test cases, and get the crashes logged to parse through later. This allows the researchers/exploit writers to only focus on the exceptions/traces that seem the most fruitful. This is one methodology, it's not the case for everyone, but most codebases are too big to go through the ASM by hand these days.
CrossHair
-
Try CrossHair while working other Python projects
Writing some Python for Hacktoberfest? Try out CrossHair while you do that and get credit for a blog post too! https://github.com/pschanely/CrossHair/issues/173
-
What are some amazing, great python external modules, libraries to explore?
CrossHair, Hypothesis, and Mutmut for advanced testing.
-
Formal Verification Methods in industry
When you say "formal verification methods", what kind of techniques are you interested in? While using interactive theorem provers will most likely not become very widespread, there are plenty of tools that use formal techniques to give more correctness guarantees. These tools might give some guarantees, but do not guarantee complete functional correctness. WireGuard (VPN tunnel) is I think a very interesting application where they verified the protocol. There are also some tools in use, e.g. Mythril and CrossHair, that focus on detecting bugs using symbolic execution. There's also INFER from Facebook/Meta which tries to verify memory safety automatically. The following GitHub repo might also interest you, it lists some companies that use formal methods: practical-fm
-
Klara: Python automatic test generations and static analysis library
The main difference that Klara bring to the table, compared to similar tool like pynguin and Crosshair is that the analysis is entirely static, meaning that no user code will be executed, and you can easily extend the test generation strategy via plugin loading (e.g. the options arg to the Component object returned from function above is not needed for test coverage).
-
Pynguin – Allow developers to generate Python unit tests automatically
Just in case you are looking for an alternative approach: if you write contracts in your code, you might also consider crosshair [1] or icontract-hypothesis [2]. If your function/method does not need any pre-conditions then the the type annotations can be directly used.
(I'm one of the authors of icontract-hypothesis.)
[1] https://github.com/pschanely/CrossHair
[2] https://github.com/mristin/icontract-hypothesis
-
Programming in Z3 by learning to think like a compiler
There's a tool for verification of Python programs based on contracts which uses Z3: https://github.com/pschanely/CrossHair
You can use it as part of your CI or during the development (there's even a neat "watch" mode, akin to auto-correct).
- Diff the behavior of two Python functions
-
Finding Software Bugs Using Symbolic Execution
Looking at some of your SMT-based projects, I'd love to compare your SMT solver notes with my mine from working on https://github.com/pschanely/CrossHair
Sadly, there aren't a lot of resources on how to use SMT solvers well.
What are some alternatives?
American Fuzzy Lop - american fuzzy lop - a security-oriented fuzzer
pynguin - The PYthoN General UnIt Test geNerator is a test-generation tool for Python
libfuzzer - Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.
icontract-hypothesis - Combine contracts and automatic testing.
dirsearch - Web path scanner
angr - A powerful and user-friendly binary analysis platform!
FDsploit - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
alive2 - Automatic verification of LLVM optimizations
netzob - Netzob: Protocol Reverse Engineering, Modeling and Fuzzing
klee - KLEE Symbolic Execution Engine
hypothesis - Hypothesis is a powerful, flexible, and easy to use library for property-based testing.
miasm - Reverse engineering framework in Python