MozillaSecurity/peach MozillaSecurity/peach

  • This repository has been archived on 03/Jul/2020
  • Stars
    star
    399
  • Rank 107,419 (Top 3 %)
  • Language
    Python
  • License
    Mozilla Public Li...
  • Created over 9 years ago
  • Updated about 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
MozillaSecurity/peach
github

MozillaSecurity

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Peach is a fuzzing framework which uses a DSL for building fuzzers and an observer based architecture to execute and monitor them.

Logo

MozPeach is a fork of Peach v2.7 by Mozilla Security. With support from our community and partnerships our goal is to continue to deliver Peach as an open source product with Python compatibility and new features.

Our focus is on usability, speed and fewer dependencies. We have also begun work on Python 3 support, replaced deprecated Python dependencies, switched the XML back-end, added a new configuration system, simplified code and much more.

Setup

Prerequisites for Ubuntu
sudo apt-get --yes --quiet install libxml2-dev libxslt1-dev lib32z1-dev
General
pip install virtualenv
pip install virtualenvwrapper

git clone --depth 1 https://github.com/mozillasecurity/peach

cd peach
git clone --depth 1 https://github.com/mozillasecurity/fuzzdata

mkvirtualenv -r requirements.txt peach

or

workon peach

Fundamentals

Peach uses XML based "pits" as configuration files. There are two types of pits which we will briefly describe here.

Pit: Data Model

A data-model pit is an XML description of a specification and is required to parse any kind of input into an in-memory XML tree. Peach then uses that tree to generate fuzzed output.

Pit: Target

The target pit is used to define how the target process will get fuzzed, how it will be monitored for suspicious behavior and how to deal with results.

It is optional whether you place everything into one pit however not doing so will simplify working with multiple targets, different hosts and reusing pits. Following the data model/target pit practice will allow the reuse of data model pits across projects.

Examples

Run
./peach.py -pit Pits/<component>/<format>/<name>.xml -target Pits/Targets/firefox.xml -run Browser

HINT: You can set related configuration values for both pits from the command-line by using the -macros switch.

Debug
./peach.py -pit Pits/<component>/<format>/<name>.xml -1 -debug | less -R

NOTE: This will show a very verbose output of the parsing process. To see only the results of the parsing process for each element you can add: "| grep Rating | less -R"

Help Menu

% ./peach.py -h
usage: peach.py [-h] [-pit path] [-run name]
                [-analyzer ANALYZER [ANALYZER ...]] [-parser PARSER]
                [-target TARGET] [-macros MACROS [MACROS ...]] [-seed #]
                [-debug] [-new] [-1] [-range # #] [-test] [-count] [-skipto #]
                [-parallel # #] [-agent # #] [-logging #]
                [-check model samples] [-verbose] [-clean] [-version]

Peach Runtime

optional arguments:
  -h, --help            show this help message and exit
  -pit path             pit file
  -run name             run name
  -analyzer ANALYZER [ANALYZER ...]
                        load analyzer.
  -parser PARSER        use specific parser.
  -target TARGET        select a target pit.
  -macros MACROS [MACROS ...]
                        override configuration macros
  -seed #               seed
  -debug                turn on debugging. (default: False)
  -new                  use new relations.
  -1                    run single test case.
  -range # #            run range of test cases.
  -test                 validate pit file.
  -count                count test cases for deterministic strategies.
  -skipto #             skip to a test case number.
  -parallel # #         use parallelism.
  -agent # #            start agent.
  -logging #            verbosity level of logging
  -check model samples  validate a data model against a set of samples.
  -verbose              turn verbosity on. (default: False)
  -clean                remove python object files.
  -version              show program's version number and exit

Resources

Resources which aid in building a pit based on the grammar of a file format:

* http://www.sweetscape.com/010editor/templates/
* http://www.synalysis.net/formats.xml

More Repositories

1

funfuzz

A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine.
Python
628
star
2

fuzzdata

Fuzzing resources for feeding various fuzzers with input. πŸ”§
HTML
493
star
3

dharma

Generation-based, context-free grammar fuzzer. Refer to https://github.com/posidron/dharma for a maintained version.
Python
475
star
4

grizzly

A cross-platform browser fuzzing framework
Python
301
star
5

FuzzManager

A fuzzing management tools collection
HTML
183
star
6

octo

A fuzzing library in JavaScript. ✨
JavaScript
116
star
7

lithium

Line-based testcase reducer
Python
94
star
8

libfuzzer-python-bridge

A Python3 bridge for implementing custom libFuzzer mutators
C++
74
star
9

orion

CI/CD pipeline for building and publishing multiple 🐳 containers as microservices within a mono repository.
Python
45
star
10

quokka

Quokka is a utility to launch and monitor application for faults.
Python
40
star
11

fuzzfetch

Downloader for Firefox/jsshell builds for fuzzing.
Python
35
star
12

ffpuppet

A Python module that aids in the automation of Firefox at the process level
Python
30
star
13

avalanche

Avalanche is a document generator which uses context-free grammars to generate randomized outputs for fuzz-testing.
Python
29
star
14

laniakea

Laniakea is a utility for managing instances at various cloud providers and aids in setting up a fuzzing cluster.
Python
27
star
15

virgo

Crowdsourced fuzzing cluster. πŸš€
JavaScript
22
star
16

framboise

Framboise is a fuzzer for in-depth testing of WebAPIs.
JavaScript
21
star
17

ec2SpotPrices

[Deprecated and unmaintained] Uses boto to retrieve current spot instance prices on Amazon EC2.
Python
19
star
18

corpus-replicator

A corpus generation tool
Python
18
star
19

domfuzz

DOM fuzzers - not maintained anymore
JavaScript
16
star
20

snapshot-fuzzing

Custom Agent and Tooling for using Nyx with Firefox
C
15
star
21

marifuzz

[Deprecated and unmaintained] A user interaction fuzzer for Firefox OS, based on the Marionette framework.
Python
12
star
22

site-scout

Python
11
star
23

prefpicker

Manage & generate prefs.js files
Python
9
star
24

bugmon

Automatic analysis of SpiderMonkey and Firefox bugs on Bugzilla
Python
9
star
25

openh264fuzz

A lightweight fuzzer for the encoder and decoder of OpenH264
Python
9
star
26

autobisect

Automatic Bisection Firefox and SpiderMonkey Bugs
C++
7
star
27

faulty

Bucket repository of infrastructure and managment scripts for fuzzing IPC Protocol Definition Language (IPDL) protocols.
JavaScript
6
star
28

dolly

A Cookiecutter project template for projects in Python.
Python
5
star
29

orangfuzz

[Deprecated and unmaintained] An experimental UI fuzzer based on the orangutan framework for Firefox OS devices
Python
5
star
30

reachable

Repository for Project Reachable
Python
3
star
31

photon

A utility for managing RAM disks.
Python
3
star
32

hedwig

Hedwig is a commit monitor for GitHub using the GitHub REST API.
Python
3
star
33

hermes

Hermes is the codename for the integrated Message Manager fuzzer in Firefox.
2
star
34

guided-fuzzing-daemon

Python
2
star
35

mozilla-build-configs

Build configurations of Firefox for Fuzzing and Sanitizer builds.
2
star
36

fuzzing-tc

Code for Taskcluster Tasks in Fuzzing
Python
2
star
37

psbootstrap

psbootstrap assists in creating files needed to bootstrap a Windows machine for Mozilla development in EC2.
PowerShell
2
star
38

fuzzpriv

JavaScript
1
star
39

bugmon-tc

Tools for running Bugmon in TaskCluster
Python
1
star