updated readme, added control char attack dir and some null byte representations

2024-11-10 13:34:12 +00:00 · 2010-07-09 21:28:39 +00:00 · 2010-07-09 21:28:39 +00:00 · dcfaaa730c
commit dcfaaa730c
parent 199a79b70b
2 changed files with 81 additions and 49 deletions
--- a/_readme.txt
+++ b/_readme.txt
@ -1,7 +1,6 @@
 fuzzdb: Web Fuzzing Discovery and Attack Pattern Database
-adam muntner [unix23 (at) gmail . com]

-Introduction
+****Introduction

 Too much new software is vulnerable to the attack sequences of yesteryear. This suggests a testing approach: a comprehensive set of known attack pattern sequences can be leveraged for use in targeted fuzzing when testing for exploitable conditions in new applications.

@ -12,9 +11,13 @@ This approach is also useful for targeted use of brute force for discovery using
 Primary sources used for attack pattern research:

 -researching old web exploits for repeatable attack strings
+-penetration tests i've performed in the past
 -scraping scanner patterns from my own http logs
 -various books, articles, blog posts
 -documentation for popular applications
+-analysis of default application installs
+
+notable sources and other contributors:
 -metasploit wmap http://www.metasploit.com/redmine/projects/framework/wiki/WMAP
 -dirb http://www.open-labs.org/
 -jbrofuzz http://www.owasp.org/index.php/Category:OWASP_JBroFuzz
@ -22,15 +25,17 @@ Primary sources used for attack pattern research:
 -rsnake's xss and rfi files http://ha.ckers.org/
 -michael daw's web shell archive http://michaeldaw.org/
 -joseph giron (joseph.giron13 (at) gmail.com)
+-ron gutierrez - html tags and javascript events
 -analysis of default app installs
 -lists already submitted to OWASP Fuzzing Code DB by Wagner Elias, Eduardo Neves, Ulisses Castro, Adam Muntner http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=News
-Some files are derived primarily from other fuzzers, and are credited in the files with comments formatted like:
+
+Some files are derived primarily from other fuzzers, and are credited in the files with comments formatted like:

 # This file is primarily derived from source xyz

 Others have additional instructions for payload use in a similar comment format at the top of the file

-Download
+****Download

 Check out via svn:

@ -42,8 +47,18 @@ Tarballs are available for download, but may not be as fresh as what's in the sv

 Browse the repo http://code.google.com/p/fuzzdb/source/browse/#svn/trunk

-Who

-This SVN repository and the files were assembled by Adam Muntner (unix23 @ gmail.com) He is the Managing Partner of QuietMove, Inc. http://www.quietmove.com - a firm that specializes in web application penetration testing and developer training.
+****Usage
+
+I primarily use fuzzdb in the Intruder module of Portswigger's excellent Burp Suite Pro (http://portswigger.net/suite/), however, it can be used in any fuzzer or for manual testing. Fuzzdb also makes an interesting source of test cases for fuzzing binary applications with. 


+****Who
+
+This SVN repository and the files were assembled by Adam Muntner, a researcher and consultant at Gotham Digital Science (GDS). 
+
+GDS is an international security services company with offices in New York City and London. GDS security specialists work with clients to assess risk and design, build, and maintain secure applications and networks.
+
+http://www.gdssecurity.com
+
+amuntner (@) gdssecurity.com
--- a/attack-payloads/control-chars/null.fuzz
+++ b/attack-payloads/control-chars/null.fuzz
@ -0,0 +1,17 @@
+%00
+\x00
+\u0000
+\0
+\00
+\000
+\z
+NUL
+NULL
+0x00
+%00%00
+\x00\x00
+\u0000\u0000
+\0\0
+%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00
+NULL
+0x00