Module: Ronin::Fuzzing

Defined in:
lib/ronin/fuzzing/fuzzing.rb,
lib/ronin/fuzzing/fuzzer.rb,
lib/ronin/fuzzing/mutator.rb,
lib/ronin/fuzzing/repeater.rb,
lib/ronin/fuzzing/template.rb

Overview

Contains class-methods which generate malicious data for fuzzing.

See Also:

Since:

Defined Under Namespace

Classes: Fuzzer, Mutator, Repeater, Template

Constant Summary

SHORT_LENGTHS =

Short String lengths

Since:

  • 0.4.0

SortedSet[1, 100, 500, 1_000, 10_000]
LONG_LENGTHS =

Long String lengths

Since:

  • 0.4.0

SortedSet[
  128, 255, 256, 257, 511, 512, 513, 1023, 1024, 2048, 2049, 4095,
  4096, 4097, 5_000, 10_000, 20_000, 32762, 32763, 32764, 32765, 32766,
  32767, 32768, 32769,
  0xffff-2, 0xffff-1, 0xffff, 0xffff+1, 0xffff+2,
  99_999, 100_000, 500_000, 1_000_000
]
NULL_BYTES =

Null bytes in various encodings

Since:

  • 0.4.0

['%00', '%u0000', "\x00"]
NEW_LINES =

Newline characters

Since:

  • 0.4.0

["\n", "\r", "\n\r"]
FORMAT_STRINGS =

Format String flags

Since:

  • 0.4.0

['%p', '%s', '%n']

Class Method Summary (collapse)

Class Method Details

+ (Enumerator) [](name)

Returns a fuzzer method.

Raises:

  • (NoMethodError)

    The fuzzing method could not be found.

Since:

  • 0.4.0



66
67
68
69
70
71
72
# File 'lib/ronin/fuzzing/fuzzing.rb', line 66

def self.[](name)
  if (!respond_to?(name) || Module.respond_to?(name))
    raise(NoMethodError,"no such fuzzing method: #{name}")
  end

  return enum_for(name)
end

+ (Object) bad_paths {|path| ... }

Various bad paths and directory traversals.

Yields:

  • (path)

    The given block will be passed each path.

Yield Parameters:

  • path (String)

    A known bad path.

Since:

  • 0.4.0



146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
# File 'lib/ronin/fuzzing/fuzzing.rb', line 146

def bad_paths(&block)
  padding = 'A' * 5_000

  yield "/.:/#{padding}\x00\x00"
  yield "/.../#{padding}\x00\x00"

  yield "\\\\*"
  yield "\\\\?\\"

  yield "/\\" * 5_000
  yield '/.'  * 5_000

  NULL_BYTES.each do |c|
    if c.start_with?('%')
      yield "#{c}/"
      yield "/#{c}"
      yield "/#{c}/"
    end
  end
end

+ (Object) bad_strings {|string| ... }

Various bad-strings.

Yields:

  • (string)

    The given block will be passed each bad-string.

Yield Parameters:

Since:

  • 0.4.0



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# File 'lib/ronin/fuzzing/fuzzing.rb', line 87

def bad_strings(&block)
  yield ''

  chars = [
    'A', 'a', '1', '<', '>', '"', "'", '/', "\\", '?', '=', 'a=', '&',
    '.', ',', '(', ')', ']', '[', '%', '*', '-', '+', '{', '}',
    "\x14", "\xfe", "\xff"
  ]
  
  chars.each do |c|
    LONG_LENGTHS.each { |length| yield c * length }
  end

  yield '!@#$%%^#$%#$@#$%$$@#$%^^**(()'
  yield '%01%02%03%04%0a%0d%0aADSF'
  yield '%01%02%03@%04%0a%0d%0aADSF'

  NULL_BYTES.each do |c|
    SHORT_LENGTHS.each { |length| yield c * length }
  end

  yield "%\xfe\xf0%\x00\xff"
  yield "%\xfe\xf0%\x00\xff" * 20

  SHORT_LENGTHS.each do |length|
    yield "\xde\xad\xbe\xef" * length
  end

  yield "\n\r" * 100
  yield "<>"   * 500
end

+ (Object) bit_fields {|bitfield| ... }

The range of bit-fields.

Yields:

  • (bitfield)

    The given block will be passed each bit-field.

Yield Parameters:

  • bitfield (String)

    A bit-field (8bit - 64bit).

Since:

  • 0.4.0



176
177
178
179
180
181
182
183
# File 'lib/ronin/fuzzing/fuzzing.rb', line 176

def bit_fields(&block)
  ("\x00".."\xff").each do |c|
    yield c
    yield c << c # x2
    yield c << c # x4
    yield c << c # x8
  end
end

+ (Object) format_strings {|fmt_string| ... }

Various format-strings.

Yields:

  • (fmt_string)

    The given block will be passed each format-string.

Yield Parameters:

Since:

  • 0.4.0



128
129
130
131
132
133
134
135
# File 'lib/ronin/fuzzing/fuzzing.rb', line 128

def format_strings(&block)
  FORMAT_STRINGS.each do |fmt|
    yield fmt
    yield fmt * 100
    yield fmt * 500
    yield "\"#{fmt}\"" * 500
  end
end

+ (Object) int16 {|int| ... }

The range of signed 16bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A signed 16bit integer.

Since:

  • 0.4.0



277
278
279
# File 'lib/ronin/fuzzing/fuzzing.rb', line 277

def int16
  int8 { |c| yield c * 2 }
end

+ (Object) int32 {|int| ... }

The range of signed 32bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A signed 32bit integer.

Since:

  • 0.4.0



290
291
292
# File 'lib/ronin/fuzzing/fuzzing.rb', line 290

def int32
  int8 { |c| yield c * 4 }
end

+ (Object) int64 {|int| ... }

The range of signed 64bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A signed 64bit integer.

Since:

  • 0.4.0



303
304
305
# File 'lib/ronin/fuzzing/fuzzing.rb', line 303

def int64
  int8 { |c| yield c * 8 }
end

+ (Object) int8 {|int| ... }

The range of signed 8bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A signed 8bit integer.

Since:

  • 0.4.0



264
265
266
# File 'lib/ronin/fuzzing/fuzzing.rb', line 264

def int8(&block)
  ("\x00".."\x70").each(&block)
end

+ (Object) signed_bit_fields {|bitfield| ... }

The range of signed bit-fields.

Yields:

  • (bitfield)

    The given block will be passed each bit-field.

Yield Parameters:

  • bitfield (String)

    A signed bit-field (8bit - 64bit).

Since:

  • 0.4.0



194
195
196
197
198
199
200
201
# File 'lib/ronin/fuzzing/fuzzing.rb', line 194

def signed_bit_fields(&block)
  ("\x80".."\xff").each do |c|
    yield c
    yield c << c # x2
    yield c << c # x4
    yield c << c # x8
  end
end

+ (Object) sint16 {|int| ... }

The range of negative-signed 16bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A negative-signed 16bit integer.

Since:

  • 0.4.0



329
330
331
# File 'lib/ronin/fuzzing/fuzzing.rb', line 329

def sint16
  sint8 { |c| yield c * 2 }
end

+ (Object) sint32 {|int| ... }

The range of negative-signed 32bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A negative-signed 32bit integer.

Since:

  • 0.4.0



342
343
344
# File 'lib/ronin/fuzzing/fuzzing.rb', line 342

def sint32
  sint8 { |c| yield c * 4 }
end

+ (Object) sint64 {|int| ... }

The range of negative-signed 64bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A negative-signed 64bit integer.

Since:

  • 0.4.0



355
356
357
# File 'lib/ronin/fuzzing/fuzzing.rb', line 355

def sint64
  sint8 { |c| yield c * 8 }
end

+ (Object) sint8 {|int| ... }

The range of negative-signed 8bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A negative-signed 8bit integer.

Since:

  • 0.4.0



316
317
318
# File 'lib/ronin/fuzzing/fuzzing.rb', line 316

def sint8(&block)
  ("\x80".."\xff").each(&block)
end

+ (Object) uint16 {|int| ... }

The range of unsigned 16bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A unsigned 16bit integer.

Since:

  • 0.4.0



225
226
227
# File 'lib/ronin/fuzzing/fuzzing.rb', line 225

def uint16
  uint8 { |c| yield c * 2 }
end

+ (Object) uint32 {|int| ... }

The range of unsigned 32bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A unsigned 32bit integer.

Since:

  • 0.4.0



238
239
240
# File 'lib/ronin/fuzzing/fuzzing.rb', line 238

def uint32
  uint8 { |c| yield c * 4 }
end

+ (Object) uint64 {|int| ... }

The range of unsigned 64bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A unsigned 64bit integer.

Since:

  • 0.4.0



251
252
253
# File 'lib/ronin/fuzzing/fuzzing.rb', line 251

def uint64
  uint8 { |c| yield c * 8 }
end

+ (Object) uint8 {|int| ... }

The range of unsigned 8bit integers.

Yields:

  • (int)

    The given block will be passed each integer.

Yield Parameters:

  • int (String)

    A unsigned 8bit integer.

Since:

  • 0.4.0



212
213
214
# File 'lib/ronin/fuzzing/fuzzing.rb', line 212

def uint8(&block)
  ("\x00".."\xff").each(&block)
end