Tuesday, December 21, 2010

Introducing Fuzzex, Generating Random Data From Regexes

Fuzzex produces sequences of random bytes using a generation language that is similar to that commonly used by regular expressions for parsing data. This similarity enables testers who are familiar with regular expressions to produce test data that can satisfy an application's superficial input validation and parsing without getting bogged down in specialized frameworks such as Sulley or Peach.

In situations where the regular expressions used for parsing and validation are available, Fuzzex enables using these expressions directly to develop tests that demonstrate potential weaknesses and exercise internal surfaces.

Example, a Very Permissive Email Address Regex:

>>> fuzzex.generate( '[^@]+@([^.]+)([.][^.]+)+' )
'\x07m\x10@\x0cI\x12%.\x1a.f.:'