Bugtraq mailing list archives
[tool announcement] tmin - a handy fuzzing test case optimizer
From: Michal Zalewski <lcamtuf () dione cc>
Date: Tue, 6 May 2008 14:56:57 +0200 (CEST)
Hi,I'd like to announce tmin - a free, quick, and handy tool to quickly and effortlessly minimize the size and syntax of complex test cases in automated security testing. I found the tool to be remarkably useful, as it saved me from hours of manual guesswork a number of times already - so I thought it's good to share.
The tool is related to delta (http://delta.tigris.org), a sophisticated test case optimizer for well-structured input formats - but tmin is designed specifically for dealing with unknown or insanely complex data layouts, including binary files (without the need to encode, tokenize, and re-serialize testcases), for hands-off detection of common security fault conditions, and for easy integration with GUI application testing harnesses.
[ It is also capable of reducing the complexity of alphabets used in datasets that cannot be further trimmed down in size, which is nice. ]
Download & documentation: http://code.google.com/p/tmin A quick teaser: $ cat testcase.in This is a lengthy and annoying hello world testcase. $ cat testme.sh #!/bin/bash grep "el..*wo" || exit 0 exit 1 $ ../tmin -x ./testme.sh tmin - complex testcase minimizer, version 0.03-beta (lcamtuf () google com) [*] Stage 0: loading 'testcase.in' and validating fault condition... [*] Stage 1: recursive truncation (round 1, input = 53/53) [*] Stage 1: recursive truncation (round 2, input = 27/53) [*] Stage 1: recursive truncation (round 3, input = 14/53) [*] Stage 1: recursive truncation (round 4, input = 10/53) [*] Stage 1: recursive truncation (round 5, input = 8/53) [*] Stage 1: recursive truncation (round 6, input = 7/53) [*] Stage 2: block skipping (round 1, input = 7/53) [*] Stage 2: block skipping (round 2, input = 6/53) [*] Stage 2: block skipping (round 3, input = 5/53) [*] Stage 3: alphabet normalization (round 1, charset = 5/5) [*] Stage 3: alphabet normalization (round 2, charset = 5/5) [*] Stage 4: character normalization (round 1, characters = 4/5) [*] All done - writing output to 'testcase.small'... == Final statistics== Original size : 53 bytes Optimized size : 5 bytes (-90.57%) Chars replaced : 1 (1.89%) Efficiency : 9 good / 49 bad Round counts : 1:6 2:3 3:2 4:1 $ cat testcase.small el0wo Enjoy, /mz
Current thread:
- [tool announcement] tmin - a handy fuzzing test case optimizer Michal Zalewski (May 06)