run of the program into
zzuf
as a command-line parameter after we have told
zzuf
what to do. You’ll notice that we immediately start getting errors. In this case, we get a
stack trace, showing us details about the program. As it’s a Python script and the
source is available, this isn’t a big problem, but this is an error that the program isn’t
directly handling.
Example 4-11. Fuzzing pdf-parser with zzuf
root@rosebud:~# zzuf -s 0:10 -c -C
0
-T
3
pdf-parser -a fuzzing.pdf
Traceback
(
most recent call last
)
:
File
"/usr/bin/pdf-parser"
, line 1417, in
Main
()
File
"/usr/bin/pdf-parser"
, line 1274, in Main
object
=
oPDFParser.GetObject
()
File
"/usr/bin/pdf-parser"
, line 354, in GetObject
self.objectId
=
eval
(
self.token
[
1
])
File
""
, line 1
1
On the command line for
zzuf
, we are telling it to use seed values (
-s
) and to fuzz
input only on the command line. Any program that reads in configuration files for its
operation wouldn’t have those configuration files altered in the course of running.
We’re looking to alter only the input from the file we are specifying. Specifying
-C 0
tells
zzuf
not to stop after the first crash. Finally,
-T 3
says we should timeout after 3
seconds so as not to get the testing hung up.
Using a tool like this can provide a lot of potential for identifying bugs in applications
that read and process files. As a general-purpose program,
zzuf
has potential even
beyond the limited capacities shown here. Beyond file fuzzing, it can be used for net‐
work fuzzing. If you are interested in locating vulnerabilities, a little time using
zzuf
could be well spent.
Summary
Vulnerabilities are the potentially open doors that attacks can come through by using
exploits. Identifying vulnerabilities is an important task for someone doing security
testing, since remediating vulnerabilities is an important element in an organization’s
security program. Here are some ideas to take away:
• A vulnerability is a weakness in a piece of software or a system. A vulnerability is
a bug, but a bug may not be a vulnerability.
• An exploit is a means of taking advantage of a vulnerability to obtain something
the attacker shouldn’t have access to.
• OpenVAS is an open source vulnerability scanner that can be used to scan for
both remote vulnerabilities and local vulnerabilities.