feroxfuzz
A structure-aware HTTP fuzzing library
APACHE-2.0 License
- libafl now an optional dependency, gated behind the
havocfeature flag - new clippy checks
- updated libafl
- added libafl_bolts (also behind
havoc) - some maintenance on ci/cd pipeline
What's Changed
- Use v2 of
cargo-semver-checks-actionby @mgr0dzicki in https://github.com/epi052/feroxfuzz/pull/24 - Add request to response trait by @epi052 in https://github.com/epi052/feroxfuzz/pull/25
- Make libafl optional by @epi052 in https://github.com/epi052/feroxfuzz/pull/26
New Contributors
- @mgr0dzicki made their first contribution in https://github.com/epi052/feroxfuzz/pull/24
Full Changelog: https://github.com/epi052/feroxfuzz/compare/v1.0.0-rc.10...v1.0.0-rc.12
Published by epi052 over 1 year ago
Replaced async fuzzer's mpsc with mpmc. This dramatically sped up processing time, since the pre-send loop could pretty easily overwhelm the post-send loop. As a result, overall scan time was dramatically reduced as well since we could get into situations where all requests/responses were complete but the single consumer was still processing responses
What's Changed
- Fix error reporting by @epi052 in https://github.com/epi052/feroxfuzz/pull/22
- replaced async fuzzer's mpsc with mpmc by @epi052 in https://github.com/epi052/feroxfuzz/pull/23
Full Changelog: https://github.com/epi052/feroxfuzz/compare/v1.0.0-rc.8...v1.0.0-rc.10
Published by epi052 almost 2 years ago
What's Changed
- schedulers will resume from state::stats::requests when non-zero by @epi052 in https://github.com/epi052/feroxfuzz/pull/20
- overhauled
fuzz_onceinternal design (again); less clones / more speed by @epi052 in https://github.com/epi052/feroxfuzz/pull/20
Full Changelog: https://github.com/epi052/feroxfuzz/compare/v1.0.0-rc.7...v1.0.0-rc.8
Published by epi052 almost 2 years ago
- added
UniqueProductScheduler(most robust for runtime corpus modifications/least efficient) - added
.uniqueto wordlist builder - added
.resetto fuzzer trait - added
.set_(pre|post)_loop_hookmethods to fuzzers - added
.scheduler_mutmethod to fuzzers - fuzzers support being told to skip an item from the scheduler (used in UniqueProductScheduler)
- added ability for
AddToCorpusAction to add single|multiple Data items (used to only grab fuzzable fields from a Request) - added
.total_corpora_lenmethod toSharedState
Published by epi052 almost 2 years ago
What's Changed
- fixed up type oversight in request processor
Full Changelog: https://github.com/epi052/feroxfuzz/compare/v1.0.0-rc.5...v1.0.0-rc.6
Published by epi052 almost 2 years ago
What's Changed
- added dynamic dispatch to Processors by @epi052 in https://github.com/epi052/feroxfuzz/pull/16
- added typesafe builder pattern for fuzzer construction by @epi052 in https://github.com/epi052/feroxfuzz/pull/16
- added pre-loop / post-loop hooks to fuzzers by @epi052 in https://github.com/epi052/feroxfuzz/pull/16
- implemented Named for most components by @epi052 in https://github.com/epi052/feroxfuzz/pull/16
- RandomScheduler can operate on a subset of corpora, instead of only all corpora by @epi052 in https://github.com/epi052/feroxfuzz/pull/16
- SharedState can add a Corpus after being instantiated by @epi052 in https://github.com/epi052/feroxfuzz/pull/16
Full Changelog: https://github.com/epi052/feroxfuzz/compare/v1.0.0-rc.4...v1.0.0-rc.5
Published by epi052 almost 2 years ago
What's Changed
- added action traking in stats by @epi052 in https://github.com/epi052/feroxfuzz/pull/15
Full Changelog: https://github.com/epi052/feroxfuzz/compare/v1.0.0-rc.3...v1.0.0-rc.4
Published by epi052 almost 2 years ago
What's Changed
- fixed http method builder return type by @epi052 in https://github.com/epi052/feroxfuzz/pull/12
- added api calls for multiple methods during HttpMethodsCorpus build by @epi052 in https://github.com/epi052/feroxfuzz/pull/13
- added pub/sub event system by @epi052 in https://github.com/epi052/feroxfuzz/pull/14
Full Changelog: https://github.com/epi052/feroxfuzz/compare/v1.0.0-rc.2...v1.0.0-rc.3
Published by epi052 about 2 years ago
What's Changed
- improved api for malformed urls by @epi052 in https://github.com/epi052/feroxfuzz/pull/11
Full Changelog: https://github.com/epi052/feroxfuzz/compare/v1.0.0-rc.1...v1.0.0-rc.2
Published by epi052 about 2 years ago
What's Changed
- added a Content Length Decider by @iustin24 in https://github.com/epi052/feroxfuzz/pull/5
- added ability to do dynamic dispatch with Deciders by @epi052 in https://github.com/epi052/feroxfuzz/pull/3
- added ability to do dynamic dispatch with Mutators by @epi052 in https://github.com/epi052/feroxfuzz/pull/7
- added ability to use an explicitly empty corpus by @andreademurtas in https://github.com/epi052/feroxfuzz/pull/8
- added an Action to stop fuzzing by @epi052 in https://github.com/epi052/feroxfuzz/pull/10
- fixed version from
0.1.0to1.0.0as when thercstatus is removed, we'll be at1.0.0
New Contributors
- @iustin24 made their first contribution in https://github.com/epi052/feroxfuzz/pull/5
- @andreademurtas made their first contribution in https://github.com/epi052/feroxfuzz/pull/8
Full Changelog: https://github.com/epi052/feroxfuzz/compare/v0.1.0-rc.0...1.0.0-rc.1
Published by epi052 about 2 years ago
initial release candidate 🎉