Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Looking for a fuzzer/source code analyzer on customer developed code
From: "Marco Crotta" <marco.crotta () gmail com>
Date: Tue, 18 Mar 2008 10:10:40 +0100

Dunno if it's what you really need, but had the same need
time ago.
I solved it with a script that put in parallel many bash scripts
(in Linux off course) that used netcat, dd and a small implemetation
of the mersenne twister random number generator
(http://www.emcy.it/wiki/doku.php?id=prod:produzioni_minori#mtrng)
since /dev/random was not strong/fast enougth

Just fire the generator, put in pipe with dd if you whant to limit the
ammount of data with the count parameter, then pipe to netcat to
connect it to your server

Hope it helps

=M=


2008/3/17, sudhakar () cs princeton edu <sudhakar () cs princeton edu>:


 Hi all,

 I am looking for a good fuzzer, against some custom code developed
 internally. I am looking for a tool to stress test application by:

 - open many netork connections to application
 - throw random data to applications to get them to crash
 - fuzz web services


   Idea is to add a quality gate for developers before they push code out.

 Does anyone have any ideas on how to approach the problem? Any source code
 analyzer out there to do this?


 Thanks in advance for your ideas.


 Regards,
 --Sudhakar



 ------------------------------------------------------------------------
 This list is sponsored by: Cenzic

 Need to secure your web apps NOW?
 Cenzic finds more, "real" vulnerabilities fast.
 Click to try it, buy it or download a solution FREE today!

 http://www.cenzic.com/downloads
 ------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]