Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzing based testing #2134

Closed
baudehlo opened this issue Sep 28, 2017 · 4 comments
Closed

Fuzzing based testing #2134

baudehlo opened this issue Sep 28, 2017 · 4 comments
Labels
help wanted Idea needs tests Security

Comments

@baudehlo
Copy link
Collaborator

Create a fuzzing based test that stress tests Haraka's SMTP parsing engine to see if we can crash it.

This is a hacktoberfest ticket, so do not submit PRs until Oct 1st.

https://en.wikipedia.org/wiki/Fuzzing - for details on what fuzzing is.

In order to build this you will need to spin up an instance of Haraka and wait for the "Listening" line in the output, and then start sending fuzzed SMTP commands.

There's a ruby based SMTP fuzzer here that might be a useful starting point: https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb
@ems316
Copy link

ems316 commented Oct 3, 2017

Can I claim this?

@msimerson
Copy link
Member

Yes you can.

@ghost
Copy link

ghost commented Oct 3, 2017

FEEL FREE TO IGNORE THIS COMMENT
I was bored and wanted to try this, so I reimplemented the mentioned Ruby script to Python with PWN tools.
Probably will not be of any use. But it is pretty easy to implement using Python and the PWN toolkit.
https://gist.github.com/PSSGCSim/db8a5ec165d00608415dafa9106b57f4

@msimerson
Copy link
Member

moved to wiki

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Idea needs tests Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msimerson @baudehlo @ems316