Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: [tool announcement] tmin - a handy fuzzing test case optimizer

[tool announcement] tmin - a handy fuzzing test case optimizer

From: Michal Zalewski <lcamtuf_at_dione.cc>
Date: Tue, 6 May 2008 14:56:57 +0200 (CEST)

Hi,

I'd like to announce tmin - a free, quick, and handy tool to quickly and
effortlessly minimize the size and syntax of complex test cases in
automated security testing. I found the tool to be remarkably useful, as
it saved me from hours of manual guesswork a number of times already - so
I thought it's good to share.

The tool is related to delta (http://delta.tigris.org), a sophisticated
test case optimizer for well-structured input formats - but tmin is
designed specifically for dealing with unknown or insanely complex data
layouts, including binary files (without the need to encode, tokenize, and
re-serialize testcases), for hands-off detection of common security fault
conditions, and for easy integration with GUI application testing
harnesses.

[ It is also capable of reducing the complexity of alphabets used in
datasets that cannot be further trimmed down in size, which is nice. ]

Download & documentation:

   http://code.google.com/p/tmin

A quick teaser:

$ cat testcase.in
This is a lengthy and annoying hello world testcase.

$ cat testme.sh
#!/bin/bash

grep "el..*wo" || exit 0
exit 1

$ ../tmin -x ./testme.sh
tmin - complex testcase minimizer, version 0.03-beta (lcamtuf_at_google.com)
[*] Stage 0: loading 'testcase.in' and validating fault condition...
[*] Stage 1: recursive truncation (round 1, input = 53/53)
[*] Stage 1: recursive truncation (round 2, input = 27/53)
[*] Stage 1: recursive truncation (round 3, input = 14/53)
[*] Stage 1: recursive truncation (round 4, input = 10/53)
[*] Stage 1: recursive truncation (round 5, input = 8/53)
[*] Stage 1: recursive truncation (round 6, input = 7/53)
[*] Stage 2: block skipping (round 1, input = 7/53)
[*] Stage 2: block skipping (round 2, input = 6/53)
[*] Stage 2: block skipping (round 3, input = 5/53)
[*] Stage 3: alphabet normalization (round 1, charset = 5/5)
[*] Stage 3: alphabet normalization (round 2, charset = 5/5)
[*] Stage 4: character normalization (round 1, characters = 4/5)
[*] All done - writing output to 'testcase.small'...

== Final statistics==
  Original size : 53 bytes
Optimized size : 5 bytes (-90.57%)
Chars replaced : 1 (1.89%)
     Efficiency : 9 good / 49 bad
   Round counts : 1:6 2:3 3:2 4:1

$ cat testcase.small
el0wo

Enjoy,
/mz
Received on May 06 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]