Expand description
FeroxFuzz is a structure-aware HTTP fuzzing library.
The primary goal in writing FeroxFuzz was to move some core pieces out of feroxbuster and into a place where they
could be generally useful for other folks. In so doing, my hope is that anyone who wants to write web tooling
and/or one-off web fuzzers in Rust, can do so with very little overhead.
FeroxFuzz’s overall design is derived from LibAFL. FeroxFuzz implements most of the components listed in the paper
LibAFL: A Framework to Build Modular and Reusable Fuzzers. When FeroxFuzz deviates, it’s typically due to supporting
async code.
Similar to LibAFL, FeroxFuzz is a composable fuzzing library. However, unlike LibAFL, FeroxFuzz is solely focused
on black box HTTP fuzzing.
Re-exports§
pub use metadata::AsAny;pub use metadata::AsAnyMut;pub use metadata::Metadata;pub use state::RomuDuoJrRand as Rand;
Modules§
- actions
- represents an action that should be performed, typically in response to some event
- client
- Asynchronous and blocking http client traits, with optional implementations using
reqwest - corpora
- Corpora modeled around how the test cases are generated, i.e. from a file/folder etc…
- deciders
- Use data from an
Observerto make a decision about the supplied data - error
- Custom error-type definitions
- events
- subscribable events for introspection into some of the more opaque parts of the fuzzer
- fuzzers
Corpusbased iterators of different flavors- input
- fuzzable and static input data representations
- metadata
- Metadata trait definition for user-defined types that can be added to the
SharedStatead-hoc - mutators
- actions taken against
Datathat change the underlying bytes in some way - observers
- data gathering models that supply one or more
Deciderswith actionable information - prelude
- small collection of widely used core types and traits
- processors
- actions taken after all other processing is complete
- requests
- provides the core
Requesttype and theShouldFuzzdirectives that dictate what parts of aRequestshould be mutated. - responses
- Asynchronous and blocking http response traits, with optional implementations using
reqwest - schedulers
- scheduled access to corpus entries
- state
- fuzzer’s runtime state information
- statistics
Statisticsis the primary data container for allRequest,Response, andTimedstatistics
Macros§
- atomic_
increment - Wrapper
Atomic*.fetch_addto save me from writingOrdering::SeqCsta bajillion times - atomic_
load - Wrapper around
Atomic*.loadto save me from writingOrdering::SeqCsta bajillion times - atomic_
store - Wrapper around
Atomic*.storeto save me from writingOrdering::SeqCsta bajillion times - build_
deciders - Macro creating tuple list values from list of expressions.
- build_
mutators - Macro creating tuple list values from list of expressions.
- build_
observers - Macro creating tuple list values from list of expressions.
- build_
processors - Macro creating tuple list values from list of expressions.
Traits§
- AsBytes
- simple trait to add a
.as_bytes()equivalent to implementors - AsInner
- return reference to inner type
- Deciders
List - Trait providing conversion from tuple list into tuple.
- Into
Inner - convert wrapper into its inner type
- Len
- simple trait to add a
.len()equivalent to implementors - Match
Name - Match for a name and return the value
- Mutators
List - Trait providing conversion from tuple list into tuple.
- Named
- We need fixed names for many parts of this lib.
- Observers
List - Trait providing conversion from tuple list into tuple.
- Processors
List - Trait providing conversion from tuple list into tuple.