In the same vein as the Generic Protocol Framework, I've written a really simple to use black box testing suite called Simple Fuzzer (what else would you expect?). The goal is to provide a simple to use, but fairly powerful and flexible black box testing utility. Currently, the "premier" black box testing utility is SPIKE. However, SPIKE has a pretty steep learning curve, which is to be expected with something THAT powerful. For my own use though, I didn't need such power, and it turns out that it can be a detriment as it hoses the ability for others to write and run their own black box tests.
Fuzzers typically provide a means to automate negative (or positive) testing for boundary cases. Simple Fuzzer does the same, but merely tries to keep the configuration requirements low. It's really an engine for building fuzzers.
- Vivek Ramachandran of securitytube.net did a really nice example of using SFuzz 0.2! You can view that here.
- The Grey Corner published a guest entry from Lincoln who describes finding the Big Ant 0-day using Simple Fuzzer 0.5.
The latest SFUZZ development versions are available at:
- http://github.com/orgcandman/Simple-Fuzzer - GitHUB hosted
- git://sfuzz.git.sourceforge.net/gitroot/sfuzz/sfuzz (note: the link goes to an http gitweb front-end).