Fuzzing and Data Manipulation Framework (for GNU/Linux)
Clone or download


fuddly: a fuzzing and data manipulation framework


List of features

  • Graph-based data model that enables:
    • to represent complex data formats and also to mix them
    • complex data manipulations
    • to dissect/absorb existing data
    • generation & mutation fuzzing strategy
  • Fuzzing automation framework:
    • target abstraction
    • monitoring means based on independant probes
    • replay & logging
    • data manipulation based on disruptors (objects that implement specific data transformation)
    • scenario infrastructure (for modeling protocol logic)
    • virtual operators
  • and so on...

What's still missing

  • Refer to TODO file

About documentation

  • Documentation is available here.
  • In order to generate the documentation from the source, follow these steps:
    1. go to the folder docs/
    2. execute make html to generate HTML documentation
    3. execute make latexpdf to generate PDF documentation
    4. generated documentation is located in docs/build/

Launch fuddly test cases

The package test include all unit & integration test cases of fuddly itself. Usage is as follows:

  • To launch all the tests, issue the command:

    >> python -m test -a
  • To launch all the tests but the longer ones, issue the command:

    >> python -m test
  • To avoid data model specific test cases use the option --ignore-dm-specifics

  • To launch a specific test category issue the following command:

    >> python -m test test.<test_package>.<test_module>.<Test_Class>.<test_method>


  • Don't forget to populate ~/fuddly_data/imported_data/ with sample files for data models that need it


  • Compatible with Python2 and Python3
  • Mandatory:
    • six: Python 2/3 compatibility
    • sqlite3: SQLite3 data base
  • Optional:
    • xtermcolor: Terminal color support
    • graphviz: For graphic visualization (e.g., scenario display)
    • paramiko: Python implementation of the SSHv2 protocol
    • serial: For serial port access
    • cups: Python bindings for libcups
    • rpyc: Remote Python Call (RPyC), a transparent and symmetric RPC library
  • For testing:
    • ddt: Used for data-driven tests
    • mock: Used for mocking (only needed in Python2)
  • For documentation generation:
    • sphinx: sphinx >= 1.3 (with builtin napoleon extension)
    • texlive (optional): Needed to generate PDF documentation
    • readthedocs theme (optional): Privileged html theme for sphinx