Michal Zalewski has released Bunny the Fuzzer which is an open source general purpose closed loop protocol blind fuzzer. Bunny uses automatically generated C-level instrumentation to focus on runtime inputs observed to trigger new control flow paths or interesting parameter variations - and to bail out early on dead-end fuzzing routes.
This notably improves flow path coverage and overall quality of the fuzzing process. The tool is designed to maintain a near-native execution speed, and requires virtually no setup, even when dealing with complex and large code bases. This is probably a major improvement over previous closed loop solutions. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
Bunny is currently known to support Linux, FreeBSD, and Cygwin on IA32 systems.
If you found any flaws using bunny, post a comment here. Also, the name of this fuzzer kind of reminds me of Fluffy Bunny. The guy who was hacking all kinds of crazy sites and leaving that funny pink bunny on the sites he owned. Good times…
You can find the documentation here:
http://code.google.com/p/bunny-the-fuzzer/wiki/BunnyDoc
Download the current version here:
http://code.google.com/p/bunny-the-fuzzer/
