sfuzz Package Description

simple fuzz is exactly what it sounds like – a simple fuzzer. don’t mistake simple with a lack of fuzz capability. this fuzzer has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences.

simple fuzz is built to fill a need – the need for a quickly configurable black box testing utility that doesn’t require intimate knowledge of the inner workings of C or require specialized software rigs. the aim is to just provide a simple interface, clear inputs/outputs, and reusability.


  • simple script language for creating test cases
  • support for repeating strings as well as fixed strings (‘sequences’ vs. ‘literals’)
  • variables within test cases (ex: strings to be replaced with different strings)
  • tcp and udp payload transport (icmp support tbd)
  • binary substitution support (see basic.a11 for more information)
  • plugin support (NEW!) see plugin.txt for more information.
  • previous packet contents inclusion

Source: https://github.com/orgcandman/Simple-Fuzzer
sfuzz Homepage | Kali sfuzz Repo

  • Author: Aaron Conole
  • License: Other

Tools included in the sfuzz package

sfuzz – Black Box testing utilities
root@kali:~# sfuzz -h
        Simple Fuzzer
By:  Aaron Conole
version: 0.7.0
url:     http://aconole.brad-x.com/programs/sfuzz.html
EMAIL:   apconole@yahoo.com
Build-prefix: /usr
    -h   This message.
    -V   Version information.

networking / output:
    -v   Verbose output
    -q   Silent output mode (generally for CLI fuzzing)
    -X   prints the output in hex

    -b   Begin fuzzing at the test specified.
    -e   End testing on failure.
    -t   Wait time for reading the socket
    -S   Remote host
    -p   Port
    -T|-U|-O TCP|UDP|Output mode
    -R   Refrain from closing connections (ie: "leak" them)

    -f   Config File
    -L   Log file
    -n   Create a new logfile after each fuzz
    -r   Trim the tailing newline
    -D   Define a symbol and value (X=y).
    -l   Only perform literal fuzzing
    -s   Only perform sequence fuzzing

sfuzz Usage Example

Fuzz the target server (-S on port 10443 (-p 10443) with TCP output mode (-T), using the basic HTTP config (-f /usr/share/sfuzz/sfuzz-sample/basic.http):

root@kali:~# sfuzz -S -p 10443 -T -f /usr/share/sfuzz/sfuzz-sample/basic.http
[12:53:47] dumping options:
    filename: </usr/share/sfuzz/sfuzz-sample/basic.http>
    state:    <8>
    lineno:   <56>
    literals:  [74]
    sequences: [34]
    symbols: [0]
    req_del:  <200>
    mseq_len: <10024>
    plugin: <none>
    s_syms: <0>
    literal[1] = [AREALLYBADSTRING]