bionic (1) fuzz.1.gz

Provided by: fuzz_0.6-15_amd64 bug

NAME
       fuzz - stress test programs


SYNOPSIS
       fuzz  [-t|--timeout  timeinsecs]  [-p|--printable]  [-n|--newlines  N] [-l|--length totlen] [-m|--maxline
       maxlinelen]  [-r|--runcount  numruns]  [-b|--bytes]  [-c|--chroot]   [-u|--user   username]   [-a|--args]
       [-o|--omitdata]  [-e|--execute  filename]  [-x|--maxargs  numargs] [-d|--dontask] [-y|--mararglen arglen]
       [-V|--version] [-i|--priority] target targetarg...


DESCRIPTION
       fuzz is a program designed to find bugs in other programs. It does this by doing  a  form  of  black  box
       testing. It does this by running the target program multiple times and passing it random input. Right now
       this can come from one of two places, stdin and the command line arguments.  Testing  completes  whenever
       the program either the requested number of runs finishes successufully or the program crashes.

       Any arguments following the target program are passed directly to the target program.

       NOTE: If the program is not in PATH, it must be referred to using absolute path.

   OPTIONS
       -a, --args
              In addition to passing random data via stdin, pass random command line arguments. This simply sets
              the number or random arguments to be passed to 256. See the BUGS section.

       -b, --bytes
              In addition to counting through the number of runs. Count through the  bytes  being  sent  through
              stdin to the program. This option really serves no purpose other than making something interesting
              to watch.

       -c, --chroot
              Since there is no telling what a program will do when given random input. this allows a program to
              be  sort  of caged while it is run so that the damage that it may be able to do is minimized. This
              requires that the fuzz be run as root. It will drop privlages before it  runs  the  test  program.
              This  option  is best used in conjunction with the --user option. This often times requires that a
              program is statically linked.

       -d, --dontask
              In the cases where the target program is for sure part of a package and the packaging  information
              will provide the needed version information then you can use this option to avoid being asked what
              the version is.

       -i, --priority
              Run at a specified priority.

       -l, --length LENGTH
              The length in bytes of the data stream to pass through stdin into the target program. The  default
              length is 100K.

       -m, --maxline MAXLINELEN
              Specify the maximum line length within the random data stream passed into stdin.

       -n, --newlines N
              Include random N newlines in the input stream.

       -o, --omitdata
              Some  programs  don't take input from stdin. They only take input from the command line arguments.
              If this is the case simply use the --omitdata option.

       -p, --printable
              This limits both the stdin and the command line arguments to only printable characters. By default
              fuzz passes fully random bytes into the target program.

       -r, --runcount RUNCOUNT
              The number of times to run the target program. The default is 10,000.

       -t, --timeout TIME
              This  sets  the  number of seconds that the fuzz will wait for the other program before it assumes
              that the program is hung. The default value is 120 seconds. This is sensing of when a  program  is
              hung is not entirely reliable. See the BUGS section.

       -u, --user USERNAME
              Since there is no telling what a program will do when given random input, this specifies what user
              the target program will be run as so that it is easy to find and repair  anything  that  may  have
              been scribbled across your file system. This option was designed to be used in conjuntion with the
              --chroot option and will only work if fuzz is run as root.

       -V, --version
              Print the version of fuzz and exit.

       -x. --maxargs NUMARGS
              This is to set the maximum number of arguments that are passed to each invocation  of  the  target
              program.

       -y, --maxarglen ARGLEN
              Sets the maximum length of an arguments passed to the target program.


EXAMPLES
       Check grep:

              fuzz grep foo

       Run program with different user:

              fuzz --chroot --user nobody cpio -i

       When program is not in path, use absolute patch to access it:

              fuzz ./src/myprogram


BUGS
       The  random  arg  functions doesn't work very well right now. The arguments passed are so random that the
       program usually just prints out the usage message and then terminates. This will become much more  useful
       later when we are mating data sets with the intention of maximizing code coverage.


AUTHORS
       Ben Woodard <ben@valinux.com>