On Mon, Feb 11, 2008 at 01:08:38PM +0100, Guus Sliepen wrote: > The description is very unclear to me. After looking at the Fusil > website, I have some understanding of what fusil does. It is not a > stand-alone program like fuzz or zzuf that work directly with any > program. It rather is a framework that allows you to write Python > scripts that specifically target a certain program. You should mention > that in the long description. > > The part about the implementation being based on a multi-agent system > architecture is not useful information. "multi-agent" is a bit of a > buzzword that can mean many things. Furthermore, it is not useful for a > user of a program to know whether it is implemented in C, with a > multi-agent system or with bananas. > > The list of programs and libraries that Fusil can crash will change over > time, since the whole point of Fusil is to find bugs so one can fix > them. If you want to mention it, change the sentence to the past or > perfect tense, like "Fusil was able to..." or "Fusil has been used > to...". >
Right, the previous description was not clear. I have reworded it, from the README file, and from the author description: Fusil is a fuzzing framework designed to expose bugs in software by changing random bits of its input. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc. . Fusil is based on a modular architecture. It computes a session score used to guess fuzzing parameters like number of injected errors to input files. . Available fuzzing projects: ClamAV, Firefox (contains an HTTP server), gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall, mplayer, php, poppler, vim, xterm. Regards, Pierre -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
