Skip to content
A pure-python fully automated and unattended fuzzing framework.
Python NSIS HTML
Branch: master
Clone or download

Latest commit

Latest commit bff0dd1 Feb 15, 2019

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs Corrected exception thrown when the wrong value is used. Jun 19, 2015
examples Move archived_fuzzies -> examples Jun 8, 2014
installer initial import from google-code-svn. Apr 3, 2012
requests Rename pedram's XXX: naming scheme to TODO: Jun 10, 2014
sulley Merge pull request #102 from truekonrads/getaddrinfo-af-inet6-support May 14, 2016
unit_tests Fixed primitives "off-by-one" error. This was preventing "full_range"… Jun 16, 2015
utils Rename pedram's XXX: naming scheme to TODO: Jun 10, 2014
.gitignore Corrected exception thrown when the wrong value is used. Jun 19, 2015
AUTHORS.txt Update contributors/authors, and make the session class a bit more re… Sep 16, 2012
CONTRIBUTORS.txt Update contributors/authors, and make the session class a bit more re… Sep 16, 2012
LICENSE.txt Fixed typos created when ^M was removed. May 25, 2012
README.md Update README.md Feb 15, 2019
network_monitor.py network_monitor.py now runs its server in a thread, making Ctrl+C wor… Jun 22, 2015
process_monitor.py process_monitor.py now accepts relative filenames in -c argument. Jun 22, 2015
process_monitor_unix.py declare crashbin argument prior to using it Apr 3, 2014
setup.py Merge branch 'master' of github.com:hdantas/sulley Oct 17, 2016
unit_test.py Removed all ^M characters from all text files. Apr 13, 2012
vmcontrol.py OpenRCE/sulley Issue #79 Changing code and usage string to indicate t… Jun 24, 2015

README.md

Lack of maintenance?

If you're looking for an actively maintained fork of Sulley, take a look at BooFuzz.

What?

Sulley is a fuzzing engine and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and instrumentation. Sulley is affectionately named after the creature from Monsters Inc., because, well, he is fuzzy.

He's also fearless

Clearly he's also fearless.

Why?

Modern day fuzzers are, for the most part, solely focus on data generation. Sulley not only has impressive data generation but has taken this a step further and includes many other important aspects a modern fuzzer should provide. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a known good state using multiple methods. Sulley detects, tracks and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases trigger faults. Sulley does all this, and more, automatically and without attendance. It's not usual for a fuzz to run seamlessly for days at a time, that way you (as the vulnerability researcher) can focus on other areas of exploitation, and come back to Sulley's results when they're convenient for you.

Awesome! Where do I start?

Well a good place to start if you're on windows is the wiki article on Windows setup, and if you're feeling ballsy check out the unstable branch of Sulley If you're on *nix, sit tight, the docs are coming for the installation procedure for that, but if you use *nix, chances are you can probably figure it out on your own.

Some notes

This master branch is considered the 'stable' branch of Sulley 1.0, all the changes that I make are going into Sulley 1.1, which can be found at https://github.com/OpenRCE/sulley/tree/Sulley1.1.

If you have any other questions/improvements/features you'd like to see feel free to email me!

You can’t perform that action at this time.