Home

Awesome

Peach Fuzz - Vulnerability Scanning Framework

This tool aims to look through files in a given directory to detect any unsafe, vulnerable, or dangerous function calls. It is designed to be extensible and easy to understand; you can "plug-and-play" modules that specify criteria on which types of files will trigger what 'scans,' in which you determine what action it should take to find and report dangerous content within each file.

Also, it may be run as an experimental automated fuzzing tool. Given effective modules, the framework can be adapted to automatically fuzz executables. You may implement fuzzers using the generic fuzz.fuzzer.Fuzzer class. WARNING: this is a subclass of scan.scanner.Scanner, but will EXECUTE all files with executable permission! Be careful!

Usage

$ ./peach.py -h
usage: peach.py [-h] [-s] [-f] [--follow] [-c CONFIG] [-o OUTPUT] [-sh] [-nh]
                paths [paths ...]

positional arguments:
  paths                 files and directories to scan

optional arguments:
  -h, --help            show this help message and exit
  -s, --scan            use configuration file for vulnerability scanning
                        (vulnscan.json).
  -f, --fuzz            use configuration file for automated fuzzing
                        (fuzzing.json).
  --follow              follow symbolic links when scanning directories
  -c CONFIG, --config CONFIG
                        specify a custom configuration file (default:
                        vulnscan.json)
  -o OUTPUT, --output OUTPUT
                        output results to the specified JSON file
  -sh, --scan-hidden    Scan hidden files and directories (default)
  -nh, --no-hidden      Do not scan hidden files and directories

File & Directory Information

That's it! The idea behind the tool is simple; the real power comes from building scanners to detect and report any mischievous content or code in large amounts of unknown data. So add your own scanner!

Note

You may need to increase the maximum number of open files on your system in order to use all the fuzzers provided with this tool. Due to the fuzzers being run simultaneously, a large number of open files quickly accrues. On most modern systems, the limit is placed at 1024, which will cause a "Out of files" (EMFILE) error. Increasing the max open file count for your system should solve the problem.