XDiFF is an Extended Differential Fuzzing Framework built to find vulnerabilities. Its goal is to collect as much valuable data as possible and then to infer all potential vulnerabilities in the application/s. Vulnerabilities can either be found in isolated pieces of software or by comparing:
- Different inputs
- Different versions
- Different implementations
- Different operating systems' implementations
It is an open source Python fuzzer able to test multiple pieces of software and inputs in parallel. It can run on multiple OSs (Linux, Windows, OS X, and Freebsd). The fuzzer's main goal is to detect differential issues aided with the extended capabilities, but since will also trigger hangs and crashes is also capable of attaching a debugger to detect memory errors.
Please follow the following steps:
- Install XDiFF
- Define the input
- Define the software
- Run the fuzzer
- Analyze the output
- ...
- Profit!
The tool and the fuzzing process can be susceptible to code execution. Use it at your own risk always inside a VM.
- Fernando Arnaboldi - Initial work
- cclauss
For contributions, please propose a Changelog entry in the pull-request comments.
Thanks Lucas Apa, Tao Sauvage, Scott Headington, Carlos Hollman, Cesar Cerrudo, Federico Muttis, Topo for their feedback and Arlekin for the logo.
This project is licensed under the GNU general public license version 3.
