I have created a white-box fuzzer by extending the Crest.
Now, I'm looking for a test suite (a set of c programs with known vulnerabilities) to test the functionality of my tool.
where i can find such benchmarks?
Asked
Active
Viewed 206 times
1 Answers
1
Have you tried the Metasploitable? https://community.rapid7.com/community/metasploit/blog/2009/03/22/vmware-virtual-pc-and-fdcc-images
Also, you could try making your own applications, they aren't difficult to make:
#include <stdio.h>
void call_me()
{
system("/bin/bash");
}
int main(int argc, char **argv)
{
char in[20];
setresuid(5002,5002,5002);
strcpy(in,argv[1]);
return 0;
}
Something like the above is all it takes for application vulnerabilities.
DarkMantis
- 746
- 1
- 7
- 19