Fusil is a Python library used to write fuzzing programs. It helps to start
process with a prepared environment (limit memory, environment variables,
redirect stdout, etc.), start network client or server, and create mangled
files. Fusil has many probes to detect program crash: watch process exit code,
watch process stdout and syslog for text patterns (eg. "segmentation fault"),
watch session duration, watch cpu usage (process and system load), etc.

Fusil is based on a multi-agent system architecture. It computes a session
score used to guess fuzzing parameters like number of injected errors to input
files.

Available fuzzing projects: ClamAV, Firefox (contains an HTTP server),
gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall,
mplayer, php, poppler, vim, xterm.

Website: http://bitbucket.org/haypo/fusil/wiki/Home


Usage
=====

Fusil is a library and a set of fuzzers called "fusil-...". To run a fuzzer,
call it by its name. Example: ::

    $ fusil-gettext
    Fusil version 0.9.1 -- GNU GPL v2
    http://bitbucket.org/haypo/fusil/wiki/Home
    (...)
    [0][session 13] Start session
    [0][session 13] ------------------------------------------------------------
    [0][session 13] PID: 16989
    [0][session 13] Signal: SIGSEGV
    [0][session 13] Invalid read from 0x0c1086e0
    [0][session 13] - instruction: CMP EDX, [EAX]
    [0][session 13] - mapping: 0x0c1086e0 is not mapped in memory
    [0][session 13] - register eax=0x0c1086e0
    [0][session 13] - register edx=0x00000019
    [0][session 13] ------------------------------------------------------------
    [0][session 13] End of session: score=100.0%, duration=3.806 second
    (...)
    Success 1/1!
    Project done: 13 sessions in 5.4 seconds (414.5 ms per session), total 5.9 seconds, aggresssivity: 19.0%
    Total: 1 success
    Keep non-empty directory: /home/haypo/prog/SVN/fusil/trunk/run-3


Features
========

Why using Fusil instead your own hand made C script?

 * Fusil limits child process environment: limit memory, use timeout, make
   sure that process is killed on session end
 * Fusil waits until system load is load before starting a fuzzing session
 * Fusil creates a session directory used as the process current working
   directory and Fusil only creates files in this directory (and not in /tmp)
 * Fusil stores all actions in fusil.log but also session.log for all
   actions related of a session
 * Fusil has multiple available probes to compute session score: guess if
   a sessions is a succes or not
 * Fusil redirects process output to a file and searchs bug text patterns
   in the stdout/stderr (Fusil contains many text patterns to detect crashes
   and problems)


Installation
============

Read INSTALL documentation file.


Documentation
=============

Read doc/index.rst: documentation index.

