Crate feroxfuzz

source ·
Expand description

FeroxFuzz is a structure-aware HTTP fuzzing library.

The primary goal in writing FeroxFuzz was to move some core pieces out of feroxbuster and into a place where they could be generally useful for other folks. In so doing, my hope is that anyone who wants to write web tooling and/or one-off web fuzzers in Rust, can do so with very little overhead.

FeroxFuzz’s overall design is derived from LibAFL. FeroxFuzz implements most of the components listed in the paper LibAFL: A Framework to Build Modular and Reusable Fuzzers. When FeroxFuzz deviates, it’s typically due to supporting async code.

Similar to LibAFL, FeroxFuzz is a composable fuzzing library. However, unlike LibAFL, FeroxFuzz is solely focused on black box HTTP fuzzing.

Re-exports

pub use metadata::AsAny;
pub use metadata::AsAnyMut;
pub use metadata::Metadata;

Modules

actions
represents an action that should be performed, typically in response to some event
client
Asynchronous and blocking http client traits, with optional implementations using reqwest
corpora
Corpora modeled around how the test cases are generated, i.e. from a file/folder etc…
deciders
Use data from an Observer to make a decision about the supplied data
error
Custom error-type definitions
events
subscribable events for introspection into some of the more opaque parts of the fuzzer
fuzzers
Corpus based iterators of different flavors
input
fuzzable and static input data representations
metadata
Metadata trait definition for user-defined types that can be added to the SharedState ad-hoc
mutators
actions taken against Data that change the underlying bytes in some way
observers
data gathering models that supply one or more Deciders with actionable information
prelude
small collection of widely used core types and traits
processors
actions taken after all other processing is complete
requests
provides the core Request type and the ShouldFuzz directives that dictate what parts of a Request should be mutated. Additionally, a URL Encoder is provided by default, while other encoders are available on an opt-in basis via feature flags
responses
Asynchronous and blocking http response traits, with optional implementations using reqwest
schedulers
scheduled access to corpus entries
state
fuzzer’s runtime state information
statistics
Statistics is the primary data container for all Request, Response, and Timed statistics

Macros

atomic_increment
Wrapper Atomic*.fetch_add to save me from writing Ordering::SeqCst a bajillion times
atomic_load
Wrapper around Atomic*.load to save me from writing Ordering::SeqCst a bajillion times
atomic_store
Wrapper around Atomic*.store to save me from writing Ordering::SeqCst a bajillion times
build_deciders
Macro creating tuple list values from list of expressions.
build_mutators
Macro creating tuple list values from list of expressions.
build_observers
Macro creating tuple list values from list of expressions.
build_processors
Macro creating tuple list values from list of expressions.

Traits

AsBytes
simple trait to add a .as_bytes() equivalent to implementors
AsInner
return reference to inner type
DecidersList
Trait providing conversion from tuple list into tuple.
IntoInner
convert wrapper into its inner type
Len
simple trait to add a .len() equivalent to implementors
MatchName
Match for a name and return the value
MutatorsList
Trait providing conversion from tuple list into tuple.
Named
We need fixed names for many parts of this lib.
ObserversList
Trait providing conversion from tuple list into tuple.
ProcessorsList
Trait providing conversion from tuple list into tuple.
Rand
Ways to get random around here. Please note that these are not cryptographically secure. Or, even if some might be by accident, at least they are not seeded in a cryptographically secure fashion.