improving fuzzy fuzzy !!

import subprocess

import random

import string

import sys

 

def random_string(length, special=False):

    if special:

        # Generate a string that might include problematic characters

        characters = '\x00' + '\xFF' * 10 + string.printable

    else:

        characters = string.ascii_letters + string.digits + string.punctuation

    return ''.join(random.choice(characters) for i in range(length))

 

def fuzz(target_binary, max_length=150):

    crash_inputs = []

 

    # Test with exactly boundary size and just over the boundary

    test_lengths = [99, 100, 101, 102]  # near the buffer limit and just over it

 

    for length in test_lengths:

        # First test with normal random strings

        input_string = random_string(length)

        print(f"Testing with input length: {length} (normal)")

        test_input(target_binary, length, input_string, crash_inputs)

 

        # Then test with special characters

        special_input_string = random_string(length, special=True)

        print(f"Testing with input length: {length} (special chars)")

        test_input(target_binary, length, special_input_string, crash_inputs)

 

    if crash_inputs:

        with open("crash_inputs.log", "w") as log_file:

            for length, input_data, code in crash_inputs:

                log_file.write(f"Input length {length} causing crash (exit code {code}): {input_data}\n")

        print("Crashes logged to crash_inputs.log")

    else:

        print("No crashes detected.")

 

def test_input(target_binary, length, input_string, crash_inputs):

    try:

        result = subprocess.run(

            [target_binary],

            input=input_string.encode(),

            stdout=subprocess.PIPE,

            stderr=subprocess.PIPE,

            timeout=5,

            check=True  # Raises CalledProcessError on non-zero exit codes

        )

    except subprocess.CalledProcessError as e:

        print(f"Input length {length} causing crash (exit code {e.returncode})\n")

        crash_inputs.append((length, input_string, e.returncode))

    except subprocess.TimeoutExpired:

        print(f"Timeout expired for input length: {length}, potentially causing a hang. Logging input.")

        crash_inputs.append((length, input_string, "Timeout"))

 

if __name__ == "__main__":

    if len(sys.argv) != 2:

        print("Usage: python fuzz.py <target_binary>")

    else:

        target_binary = sys.argv[1]

        fuzz(target_binary)