Home

Awesome

rusty-radamsa

Radamsa ported to rust lang

Rusty Radamsa is a general purpose fuzzer. It modifies given sample data in ways, which might expose errors in programs intended to process the data. For more information, read the fine manual page, or visit https://gitlab.com/akihe/radamsa.

Rusty Radamsa was written by Amanda Rousseau (malwareunicorn), based on Radamsa by Aki Helin, initially at OUSPG.

Requirements:

Supported operating systems:

Software requirments:

Building Radamsa

git clone <GitLink>
cd rusty-radamsa
cargo build

Usage:

rustyradamsa.exe [OPTIONS] [FILE]... [COMMAND]

Commands:

  list
          list mutations, patterns and generators
  help
          Print this message or the help of the given subcommand(s)

Arguments:

  [FILE]...
          file or directory as generator input. example: "./input/* test.bin"

Options:

-s, --seed <SEED>
          random seed (u64, default random)

  -n, --count <COUNT>
          how many outputs to generate (u64)

  -H, --hash <HASH>
          hash algorithm for uniqueness checks (default sha256)

  -p, --patterns <PATTERNS>
          which mutation patterns to use (use list command to see all hashes)

  -m, --mutations <MUTATIONS>
          which mutations to use (use list command to see all mutations)

  -g, --generators <GENERATORS>
          which data generators to use (use list command to see all generators)

  -o, --output <OUTPUT>...
          output pattern

  -C, --checksums <CHECKSUMS>
          maximum number of checksums in uniqueness filter (0 disables)

          [default: 10000]

  -d, --delay <DELAY>
          sleep for n milliseconds between outputs

          [default: 0]

  -T, --truncate <TRUNCATE>
          take only first n bytes of each output (mainly intended for UDP). if truncate is zero, no truncation happens

          [default: 0]

  -S, --seek <SEEK>
          start from given testcase

          [default: 0]

  -v, --verbose
          show progress during generation

  -h, --help
          Print help (see a summary with '-h')

  -V, --version
          Print version

MUTATIONS:

DEFAULT: ft=2,fo=2,fn,num=5,ld,lds,lr2,li,ls,lp,lr,sr,sd,bd,bf,bi,br,bp,bei,bed,ber,uw,ui=2

idcompletedesc
abenhance silly issues in ASCII string data handling
bddrop a byte
beddecrement a byte by one
beiincrement a byte by one
berswap a byte with a random one
bfflip one bit
biinsert a random byte
bppermute some bytes
brrepeat a byte
fnlikely clone data between similar positions
fofuse previously seen data elsewhere
ftjump to a similar position in block
lddelete a line
ldsdelete many lines
licopy a line closeby
lisinsert a line from elsewhere
lpswap order of lines
lrrepeat a line
lr2duplicate a line
lrsreplace a line with one from elsewhere
lsswap two lines
nopdo nothing (debug/test)
numtry to modify a textual number
sddelete a sequence of bytes
srrepeat a sequence of bytes
strtry to modify a string
tddelete a node
trrepeat a path of the parse tree
tr2duplicate a node
ts1swap one node with another one
ts2swap two nodes pairwise
uiinsert funny unicode
uwtry to make a code point too wide
wordtry to play with what look like n-byte words or values
xptry to parse XML and mutate it

GENERATORS:

DEFAULT: random,buffer,file=1000,jump=200,stdin=10000

idcomepletedesc
stdinGenerator to read data from stdin
fileGenerator to read data from a file
tcpGenerator to read data from a tcp port
udpGenerator to read data from a udp port
bufferGenerator to read data from buffer
jumpGenerator jump streamer
randomGenerator to make random bytes
pcapngGenerator to generate pcapng data

PATTERNS:

DEFAULT: od,nd=2,bu

idcompletedesc
odMutate once
ndMutate possibly many times
buMake several mutations closeby once

HASHES:

DEFAULT: sha256

idcompletedesc
shaDefault Hash Sha-256
sha256Hash Sha-256
sha512Hash Sha-512
crcDefault CRC-64/CKSUM
crc32CRC-32/CKSUM
crc64CRC-64/REDIS
crc82CRC-82/DARC

OUTPUTS:

DEFAULT: -

idcompletedesc
fileWrite output data to a binary file
tcpserverWrite output data to a tcp port as server
tcpclientWrite output data to a tcp port as client
udpserverWrite output data to a udp port as server
udpclientWrite output data to a udp port as client
bufferWrite output data to a buffer address or vector
hashWrite output variations or a hashing directory using %n and %s as in the template path (i.e. /tmp/fuzz-%n.%s)
templateOutput template. %f is fuzzed data. e.g. "<html>%f</html>"

Lib Examples

use std::boxed::Box;
extern crate rusty_radamsa;
let data = Box::<[u8]>::from("Hello World 12345689\n".as_bytes());
let mut out_buffer = Box::<[u8]>::from(vec![0u8; 2048]);
let max_len = out_buffer.len(); //aka truncate
let seed: u64 = 42;
let _len = rusty_radamsa::radamsa(&data, data.len(), &mut out_buffer, max_len, seed);

Check out the examples folder for more implementations

Command Line Examples

List all generators, mutators, patterns, hashes, and outputs options.

rustyradamsa.exe list -a

Mutate mutiple files using the num mutator for 100 unique mutations to stdout.

rustyradamsa.exe -g file -m num -n 100 ./tests/hello*

Mutate stdin to an out put file.

echo "hello 12345" | rustyradamsa.exe -o file output.bin

Generate random data and pipe to a bin file.

rustyradamsa.exe -g random > some.bin

Get data from TCP Stream using the num mutator.

rustyradamsa.exe -m num -g tcp "127.0.0.1:6666"

Send data to TCP Stream using the random generator.

rustyradamsa.exe -g random -o tcpclient "127.0.0.1:6666"

Send data to UDP server.

rustyradamsa.exe -g random -T 30 -o udpclient 127.0.0.1:8888,127.0.0.1:8000 -v

Generate from UDP input.

rustyradamsa.exe -m num -g udp 0.0.0.0:8888 -v

TODOs:

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.