r0fuzz

Overview

Finding security flaws effectively and efficiently in Industrial Control Systems is of great importance as such systems are used in various important industries like nuclear power plants. r0fuzz aims to find security flaws in the hardware network protocols like MODBUS, DNP3 etc.

Table of Contents

• 1. Architecture
• 2. Installation
• 3. Usage
• 4. Demos
• 5. Features
• 6. References

1. Architecture

2. Installation

• Python virtual environment

git clone https://github.com/traboda/r0fuzz.git
cd r0fuzz


pip install virtualenv 
virtualenv fuzz_env
source fuzz_env/bin/activate
pip install -r requirements.txt

3. Usage

usage: r0fuzz.py [-h] -t TARGET [-v] [-i IP] [-p PORT] {dumb,mutate,generate} ...

positional arguments:
  {dumb,mutate,generate}
    dumb                Apply dumb fuzzing technique
    mutate              Apply mutation based fuzzing technique
    generate            Apply generation based fuzzing technique

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        target protocol
  -v, --verbosity       Log level
  -i IP, --ip IP        Target IP Address
  -p PORT, --port PORT  Target Port

4. Demos

You can find the demos here.

5. Features:

• Mutation based fuzzing
• Generation-based fuzzing
• Driver module for the collaboration between mutation and generation based fuzzing. (WIP)
• Incorporate other ICS protocols support. (WIP)
• Fuzzing Using Hardware breakpoints. (Work in progress)

6. References

• This project is an extension of our old project
• boofuzz
• radasma