Sfuzz is a simple fuzzer which can be used for quick and dirty fuzzing experiments, where ones does not need a very advanced functionality or flexibility, like in the SPIKE fuzzer. Though, Sfuzz is in no way a replacement for SPIKE, once can very quickly hack together simple fuzzing tests .

It  is exactly what it sounds like – a simple fuzzer. don’t mistake simple with a lack of fuzz capability. this fuzzer has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences.


-v	 Verbose output
-q	 Silent output mode (generally for CLI fuzzing)
-X	 prints the output in hex
-b	 Begin fuzzing at the test specified.
-e	 End testing on failure.
-t	 Wait time for reading the socket
-S	 Remote host
-p	 Port
-T|-U|-O TCP|UDP|Output mode
-R	 Refrain from closing connections (ie: "leak" them)
-f	 Config File
-L	 Log file
-n	 Create a new logfile after each fuzz
-r	 Trim the tailing newline
-D	 Define a symbol and value (X=y).
-l	 Only perform literal fuzzing
-s	 Only perform sequence fuzzing


cyborg@cyborg:~$ sudo sfuzz -S -p 8888 -l -T -f /pentest/fuzzers/sfuzz/sfuzz-sample/basic.http
[12:57:25] dumping options:
	filename:  </pentest/fuzzers/sfuzz/sfuzz-sample/basic.http>
	state:     <8>
	lineno:    <56>
	literals:  [74]
	sequences: [34]
	symbols:   [0]
	req_del:   <200>
	mseq_len:  <10024>
	plugin:    <none>
	s_syms:    <0>
	literal[1]  = [AREALLYBADSTRING]
	literal[2]  = [oaiwrlkjgaoiul;234987 103984a;lk-814 1]
	literal[3]  = [�]
	literal[4]  = [�]
	literal[5]  = [�]
	literal[6]  = [%n]
	literal[7]  = [%#123456x]
	literal[8]  = [%s]
	literal[9]  = [%%s]
	literal[10] = [%20s]
	literal[11] = [%%20s]
	literal[12] = [%20x]
	literal[13] = [%%20x]

Leave a reply


We're are building as a community and a team. Be a part of it.


©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?