lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0805061432100.3790@dione.cc>
Date: Tue, 6 May 2008 14:56:57 +0200 (CEST)
From: Michal Zalewski <lcamtuf@...ne.cc>
To: bugtraq@...urityfocus.com
Subject: [tool announcement] tmin - a handy fuzzing test case optimizer

Hi,

I'd like to announce tmin - a free, quick, and handy tool to quickly and 
effortlessly minimize the size and syntax of complex test cases in 
automated security testing. I found the tool to be remarkably useful, as 
it saved me from hours of manual guesswork a number of times already - so 
I thought it's good to share.

The tool is related to delta (http://delta.tigris.org), a sophisticated 
test case optimizer for well-structured input formats - but tmin is 
designed specifically for dealing with unknown or insanely complex data 
layouts, including binary files (without the need to encode, tokenize, and 
re-serialize testcases), for hands-off detection of common security fault 
conditions, and for easy integration with GUI application testing 
harnesses.

[ It is also capable of reducing the complexity of alphabets used in 
datasets that cannot be further trimmed down in size, which is nice. ]

Download & documentation:

   http://code.google.com/p/tmin

A quick teaser:

$ cat testcase.in
This is a lengthy and annoying hello world testcase.

$ cat testme.sh
#!/bin/bash

grep "el..*wo" || exit 0
exit 1

$ ../tmin -x ./testme.sh
tmin - complex testcase minimizer, version 0.03-beta (lcamtuf@...gle.com)
[*] Stage 0: loading 'testcase.in' and validating fault condition...
[*] Stage 1: recursive truncation (round 1, input = 53/53)
[*] Stage 1: recursive truncation (round 2, input = 27/53)
[*] Stage 1: recursive truncation (round 3, input = 14/53)
[*] Stage 1: recursive truncation (round 4, input = 10/53)
[*] Stage 1: recursive truncation (round 5, input = 8/53)
[*] Stage 1: recursive truncation (round 6, input = 7/53)
[*] Stage 2: block skipping (round 1, input = 7/53)
[*] Stage 2: block skipping (round 2, input = 6/53)
[*] Stage 2: block skipping (round 3, input = 5/53)
[*] Stage 3: alphabet normalization (round 1, charset = 5/5)
[*] Stage 3: alphabet normalization (round 2, charset = 5/5)
[*] Stage 4: character normalization (round 1, characters = 4/5)
[*] All done - writing output to 'testcase.small'...

== Final statistics==
  Original size : 53 bytes
Optimized size : 5 bytes (-90.57%)
Chars replaced : 1 (1.89%)
     Efficiency : 9 good / 49 bad
   Round counts : 1:6 2:3 3:2 4:1

$ cat testcase.small
el0wo

Enjoy,
/mz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ