[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0805061432100.3790@dione.cc>
Date: Tue, 6 May 2008 14:56:57 +0200 (CEST)
From: Michal Zalewski <lcamtuf@...ne.cc>
To: bugtraq@...urityfocus.com
Subject: [tool announcement] tmin - a handy fuzzing test case optimizer
Hi,
I'd like to announce tmin - a free, quick, and handy tool to quickly and
effortlessly minimize the size and syntax of complex test cases in
automated security testing. I found the tool to be remarkably useful, as
it saved me from hours of manual guesswork a number of times already - so
I thought it's good to share.
The tool is related to delta (http://delta.tigris.org), a sophisticated
test case optimizer for well-structured input formats - but tmin is
designed specifically for dealing with unknown or insanely complex data
layouts, including binary files (without the need to encode, tokenize, and
re-serialize testcases), for hands-off detection of common security fault
conditions, and for easy integration with GUI application testing
harnesses.
[ It is also capable of reducing the complexity of alphabets used in
datasets that cannot be further trimmed down in size, which is nice. ]
Download & documentation:
http://code.google.com/p/tmin
A quick teaser:
$ cat testcase.in
This is a lengthy and annoying hello world testcase.
$ cat testme.sh
#!/bin/bash
grep "el..*wo" || exit 0
exit 1
$ ../tmin -x ./testme.sh
tmin - complex testcase minimizer, version 0.03-beta (lcamtuf@...gle.com)
[*] Stage 0: loading 'testcase.in' and validating fault condition...
[*] Stage 1: recursive truncation (round 1, input = 53/53)
[*] Stage 1: recursive truncation (round 2, input = 27/53)
[*] Stage 1: recursive truncation (round 3, input = 14/53)
[*] Stage 1: recursive truncation (round 4, input = 10/53)
[*] Stage 1: recursive truncation (round 5, input = 8/53)
[*] Stage 1: recursive truncation (round 6, input = 7/53)
[*] Stage 2: block skipping (round 1, input = 7/53)
[*] Stage 2: block skipping (round 2, input = 6/53)
[*] Stage 2: block skipping (round 3, input = 5/53)
[*] Stage 3: alphabet normalization (round 1, charset = 5/5)
[*] Stage 3: alphabet normalization (round 2, charset = 5/5)
[*] Stage 4: character normalization (round 1, characters = 4/5)
[*] All done - writing output to 'testcase.small'...
== Final statistics==
Original size : 53 bytes
Optimized size : 5 bytes (-90.57%)
Chars replaced : 1 (1.89%)
Efficiency : 9 good / 49 bad
Round counts : 1:6 2:3 3:2 4:1
$ cat testcase.small
el0wo
Enjoy,
/mz
Powered by blists - more mailing lists