bfuzz.sh

1. #!/bin/bash
2. # ./bfuzz.sh (basic bash fuzzer)
3. # Israel Torres hakin9@israeltorres.org
4. # Mon May 30 15:54:33 PDT 2011
5. # "from-fuzz-to-sploit"
6. # demo to:
7. # 1. fuzz a executable file using a pattern, sequence, interaction type
8. # executable pattern max_sequence type_of_interaction stop_on_err_#_of_x
9. #
10. # use in bash prompt:
11. # ./bfuzz.sh 'executable' 'pattern' 'maxseq' 'i|n' 'error#oftimes'
12. #
13. if [ ! $# -lt 5 ]; then
14.     testapp=$1
15.     tempvar=$2
16.     testmax=$3
17.     testype=$4
18.     testerr=$5
19.     testvar=$tempvar
20.     for ((i=1;i<=testmax;i++)); do
21.         if [ $testype == "i" ]; then
22.         rslt=$(echo $testvar | $testapp); lastrtn=$?
23.         fi 
24.         if [ $testype == "n" ]; then
25.         rslt=$($testapp $testvar); lastrtn=$?
26.         fi
27.         echo -e "seq:\t$i\texec:$testapp\tlastrtn:$lastrtn"
28.         if [ $lastrtn -ne 0 ] ; then
29.             pwn=$(echo -n $testvar | xxd -p)
30.             echo -e "pwn:\t0x$pwn"
31.             echo -e "pwn:\t$testvar"
32.             errcnt=$((errcnt+1))
33.             if [ $testerr == $errcnt ]; then
34.             break;
35.             fi
36.         fi
37.         testvar="${testvar}$tempvar"
38.     done
39.  
40. else
41.     echo "usage: $0 'executable' 'pattern' 'maxseq' 'i|n' '#'"
42.     echo "example: $0 ./demo-vuln-64 A 50 i 5"
43. fi
44.  
45. #EOF