Aplos Fuzzer

A simple straight-to-the-point fuzzer for Windows binaries.

This tool is meant to be an educational tool allowing researchers and security enthusiasts to start playing with fuzzing without having to use their brain. The tool provides an extremely basic interface that takes a target and an initial testcases folder as arguments and starts running a fuzzing campaign.

Why another fuzzer ?

• Aplos fuzzer is meant to be a good reference for people without fuzzing knowledge that want to start playing with fuzzers.
• This documentation is meant to explain the core concepts of fuzzing, allowing researchers to rapidly gain knowledge about the pros and cons of this technique.
• It works, as simple as it sounds, and it matters. Sometimes having to tweak complex tools for hours is blocking newcomers from trying out fuzzing.

Of course, this project has absolutely no pretension to replace any state-of-the-art fuzzer. On the contrary, it should be a solid foundation for you to grasp the core concept of the fuzzing techniques and then start playing with other tools later.

1. Download the latest release.
2. Extract the folder.
3. Profit!

Start the fuzzer using the following syntax:

Aplos.exe -t {TARGET PROGRAM} -i {INPUT FOLDER} -e {EXTENSIONS} -D (OPTIONAL) {DELAY TIMEOUT}`

• -t, --target: The path the target program you want to fuzz.
• -i, --input: The input folder containing your testcases.
• -e, --extension: The extensions your mutated file should use.
• -D, --delay: The delay in ms for the target program to be executed then close (default = 1000).

As explained in this documentation, this tool is meant to be educative and help researchers learn and enjoy playing with fuzzers. Once you feel comfortable, we invite you to try any of those wonderful projects:

• WTF Snapshot fuzzer
• WinAFL
• Jackalope

This project is only possible because of the (great) work other people have provided.

• The mutation engine used: Radamsa
• The CLI argument parser used: CLI11

Any contributions you make are greatly appreciated. If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

That being said, this project will still be improved and modified over time. People are more than welcome to contribute with one very important philosophy: it must stay simple to use.

• Add instrumentation to record coverage.
• Allow persistent mode.
• Integrate AFL like mutation engine. See the open issues for a full list of proposed features (and known issues).

Short (non-exhaustive) list of amazing people and project that inspired me during this project.

• People:
  • @corelanc0d3r
  • @0vercl0k
  • @Richard Johnson
  • @Ivan Fratic
  • @Vanhaussuer-thc
• Projects:
  • Fuzzing.io training
  • Gamozolabs YT channel
  • GynvaelEN YT channel
  • AFL++
  • Domato: DOM Fuzzer

Author: @2ourc3

(back to top)