Day 6 - Radamsa

Writer: Rauli Kaksonen

Command-line tool Radamsa is an universal fuzzer created by Aki Helin, originally in OUSPG research group. Radamsa can accept any file(s) as input and produces fuzzed output based on the analysis of the files using a variety of different techniques. Radamsa has been used to found a large number of vulnerabilities from different products and software packages.

See Radamsa home page for more information: https://gitlab.com/akihe/radamsa

Cincan

In the CinCan project, we (some of us work for OUSPG, as well) have dockerized many handy analysis tools including 'radamsa'.

We also created the cincan tool wrapper, which makes it almost as easy to use a dockerized tool as a tool installed natively (without the need to install each tool, of course).

Below we assume that you have installed the cincan tool, but you can use the dockerized tools without it using docker, as well.

Using Radamsa

Below is an example for using Radamsa to fuzz the content of a single file. Here Radamsa reads the file 'hello.txt' and produces 10 fuzzed versions of it into directory fuzzed/:

cincan run --mkdir "fuzzed" cincan/radamsa -n 10 -o "fuzzed/%n" hello.txt

(Cincan tool argument --mkdir fuzzed creates the result directory and avoids uploading possible existing fuzzed files into the container)

Alternatively you can use the docker run command directly. You must mount the working directory to the container to access it. Remember to create the directory fuzzed beforehand.

docker run --rm -v $(pwd):/files cincan/radamsa -n 10 -o "/files/fuzzed/%n" /files/hello.txt

Get Radamsa help

Get command line help of the Radamsa this way:

cincan run cincan/radamsa --help

or using docker directly

docker run --rm cincan/radamsa --help

More

There are many other options in both 'radamsa' and 'cincan' tools. See their respective documentation for more information.

Links:

• https://gitlab.com/akihe/radamsa

• https://gitlab.com/cincan/cincan-command