FFW - Fuzzing For Worms

Fuzzes network servers/services by intercepting valid network communication data, then replay it with some fuzzing.

FFW can fuzz open source applications and supports feedback driven fuzzing by instrumenting honggfuzz, for both open- and closed source apps.

In comparison with the alternatives, FFW is the most advanced, feature-complete and tested network fuzzer.



Presented at security conference Area 41 2018.


Easiest way to start is to use the docker image:

By doing so:

docker run -ti --privileged -lxc-conf="aa_profile=unconfined" dobin/ffw:0.1

Examples are located in /ffw-examples.

Manual Installation


git clone https://github.com/dobin/ffw.git
cd ffw/

Note: Manually installed dependencies are expected to live in the ffw/ directory (e.g. honggfuzz, radamsa).

Install FFW dependencies

If its a fresh Ubuntu, install relevant packages for FFW:

apt-get install python python-pip gdb

For honggfuzz:

apt-get install clang binutils-dev libunwind8-dev

And python dependencies:

pip install -r requirements.txt

Install Radamsa fuzzer

$ git clone https://github.com/aoh/radamsa.git
$ cd radamsa
$ make

Default Radamsa directory specified in ffw is ffw/radamsa.

Setup a project

Steps involved in setting up a fuzzing project:

For a step-by-step guide:

Unit Tests

Test all:

python -m unittest discover

Test a single module:

python -m unittest test.test_interceptor



Available via https://github.com/denandz/fuzzotron. "Fuzzotron is a simple network fuzzer supporting TCP, UDP and multithreading."

Support network fuzzing, also uses Radamsa. Can use coverage data, but it is experimental.



Available via https://github.com/Cisco-Talos/mutiny-fuzzer. "The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer."