Day 6 - Radamsa
Writer: Rauli Kaksonen
Radamsa is an universal fuzzer created by Aki Helin,
OUSPG research group.
Radamsa can accept any file(s) as input and produces fuzzed output based on the
analysis of the files using a variety of different techniques.
Radamsa has been used to found a large number of vulnerabilities from different products
and software packages.
See Radamsa home page for more information: https://gitlab.com/akihe/radamsa
In the CinCan project, we (some of us work for OUSPG, as well) have dockerized many handy analysis tools including 'radamsa'.
We also created the cincan tool wrapper, which makes it almost as easy to use a dockerized tool as a tool installed natively (without the need to install each tool, of course).
Below we assume that you have installed the
but you can use the dockerized tools without it using
docker, as well.
Below is an example for using Radamsa to fuzz the content of a single file.
Here Radamsa reads the file 'hello.txt' and produces 10 fuzzed versions of it into directory
cincan run --mkdir "fuzzed" cincan/radamsa -n 10 -o "fuzzed/%n" hello.txt
(Cincan tool argument
--mkdir fuzzed creates the result directory and avoids uploading
possible existing fuzzed files into the container)
Alternatively you can use the
docker run command directly.
You must mount the working directory to the container to access it.
Remember to create the directory
docker run --rm -v $(pwd):/files cincan/radamsa -n 10 -o "/files/fuzzed/%n" /files/hello.txt
Get Radamsa help
Get command line help of the Radamsa this way:
cincan run cincan/radamsa --help
docker run --rm cincan/radamsa --help
There are many other options in both 'radamsa' and 'cincan' tools. See their respective documentation for more information.