A fork and successor of the Sulley Fuzzing Framework
Python Gherkin HTML JavaScript CSS
Clone or download
Failed to load latest commit information.
_static add screenshot to README Aug 8, 2018
boofuzz failure linsk now load content on same page Aug 8, 2018
docs Add Target.recv max_bytes default... Jul 4, 2018
examples Add examples README... Apr 30, 2017
requests Use find_packages() in setup.py Mar 8, 2016
unit_tests unit test fixes Aug 8, 2018
utils Modify exception and thread handling so Ctrl+C works Apr 15, 2017
.gitignore Docs building Feb 25, 2017
.travis.yml Add `--recreate` to tox script in travis.yml... Dec 28, 2017
AUTHORS.txt Oops, forgot to include the actual changes! Jun 12, 2014
CHANGELOG.rst add Session receive_data_after_fuzz Aug 8, 2018
CONTRIBUTING.rst fix backticks in RST docs Jul 29, 2018
CONTRIBUTORS.txt Add Chris Bisnett to CONTRIBUTORS.txt Apr 9, 2017
INSTALL.rst Clean up some install instructions Jun 28, 2018
LICENSE.txt Fixed typos created when ^M was removed. May 25, 2012
MANIFEST.in fix MANIFEST Aug 8, 2018
README.rst fix README RST format typo in link Aug 9, 2018
conftest.py FUZZ-231 Checksum UTs: renamed files; moved fixture to conftest.py. Jan 14, 2016
network_monitor.py Modify exception and thread handling so Ctrl+C works Apr 15, 2017
process_monitor.py merge procmons further Jul 17, 2018
process_monitor_unix.py unix procmon can now attach to processes by name Jul 17, 2018
setup.cfg Add zest.releaser version setting to setup.cfg Apr 7, 2016
setup.py fix pytest to 3.6.4 to mitigate v3.7 bug Aug 8, 2018
tox.ini Use tox 2.4's `extras` feature to avoid duplicate listing extras Aug 8, 2018
unit_test.py Rename unit test 'blocks' to avoid name collision Apr 30, 2017
vmcontrol.py Modify exception and thread handling so Ctrl+C works Apr 15, 2017


boofuzz: Network Protocol Fuzzing for Humans

https://travis-ci.org/jtpereyda/boofuzz.svg?branch=master Documentation Status Join the chat at https://gitter.im/jtpereyda/boofuzz

Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything.

boofuzz screenshot


Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance.


Like Sulley, boofuzz incorporates all the critical elements of a fuzzer:

  • Easy and quick data generation.
  • Instrumentation – AKA failure detection.
  • Target reset after failure.
  • Recording of test data.

Unlike Sulley, boofuzz also features:

  • Online documentation.
  • Support for arbitrary communications mediums.
  • Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast.
  • Better recording of test data -- consistent, thorough, clear.
  • Test result CSV export.
  • Extensible instrumentation/failure detection.
  • Much easier install experience!
  • Far fewer bugs.

Sulley is affectionately named after the giant teal and purple creature from Monsters Inc. due to his fuzziness. Boofuzz is likewise named after the only creature known to have scared Sulley himself: Boo!

Boo from Monsters Inc

Boo from Monsters Inc


pip install boofuzz

Boofuzz installs as a Python library used to build fuzzer scripts. See INSTALL.rst for advanced and detailed instructions.


Documentation is available at http://boofuzz.readthedocs.io/, including nifty quickstart guides.


Pull requests are welcome, as boofuzz is actively maintained (at the time of this writing ;)). See CONTRIBUTING.rst.


For questions that take the form of “How do I… with boofuzz?” or “I got this error with boofuzz, why?”, consider posting your question on Stack Overflow. Make sure to use the fuzzing tag.

If you’ve found a bug, or have an idea/suggestion/request, file an issue here on GitHub.

For other questions, check out boofuzz on gitter or Google Groups.

For updates, follow @b00fuzz on Twitter.