Swift-based fuzzing tools for macOS

swiftfuzztools

The Mac is changing. We’ve long had a platform where out-of-the-box we were able to compile and run tools in a variety of languages. Over the years the evolving security posture has us moving from a POSIX-compliant platform capable of being used for widespread security research to a sandboxed operating system. And yet we need to be able to perform basic security research on a machine in an unaltered state.

Many applications now use a web or rest-based exchange of information. However, legacy tools and others still rely on socket comms. Thus we need to be able to interrogate, establish communications, and test the security of those using native Apple technologies. These tools are meant to provide ways for security researchers to borrow components for use in their own tools.

Directories/Files in this project

• Fuzz Xcode Project: Xcode project (w/ swift package) that is the later evolution of the fuzz_SwiftLibrary

• buff Xcode Project: Xcode project (w/ swift package) to send a custom stream (see badchars for ascii)

• Portscan Xcode Project: Xcode project to replicate the built-in stroke functionality in macos

• Tabler Xcode Project: Xcode project to list sqlite tables and their columns from a .db file

• executable binaries: Stand-alone executables that can run from the above projects

• badchars: ascii characters known to break code/stream execution

Related(ish) Projects

Many of these need to be converted/modernized but lay the framework for poking around at this and that, here and there:

https://github.com/krypted/contentblockblock: another project used to test bypassing SFContentBlockerManager

https://github.com/krypted/DisplayPush: another project used to investigate URIs in APNs

• https://github.com/krypted/Word-Replacer-Safari-Extension: another project for Safari Extensions

https://github.com/krypted/JSONhashandvalidate: json hashing services

• https://github.com/krypted/lightweightrecommender: Simple recommender for pipelining fuzzing results to a machine learning framework

• https://github.com/krypted/lightweightcategorizer: Categorizing machine learning sample to pipeline results to/from

• https://github.com/krypted/mobileconfigsigner: Signs mobileconfigs for further localized testing options

https://github.com/krypted/shortcutter: Used to automate iOS “Shortcuts” testing

• https://github.com/krypted/maccvecheck: Lookup cves on a Mac

https://github.com/krypted/looto: Opposite of otool – looks up dependencies

https://github.com/krypted/ipasign: re-signs an .ipa bundle

Assets From Other Developers/Researchers

• https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/big-list-of-naughty-strings.txt Strings for fuzzing that can be dropped in this project

https://www.matteomalvica.com/tutorials/buffer_overflow/ One of many fuzzing journeys using the common python options (shorter than most so thought it might be easier to follow along with)

• Domato: A DOM fuzzer from Google Project Zero https://github.com/googleprojectzero/domato

GitHub

https://github.com/krypted/swiftfuzztools