bruteforcing one byte at a time

matrix.py

#!/usr/bin/python

#################################################################################################
# Bruteforcing One byte at a time 								#
#												#
# Usage: matrix.py SEEDFILE START_INDEX END_INDEX START_BYTE END_BYTE PATH_TO_SAVE FILE_FORMAT  #
# Example: matrix.py foo.pdf 11 1111 7f ff test/fuzzzed-1- pdf					#
#	Tips: you can use stat --printf=%s in your shell script to get the size and then fuzz :)#
#################################################################################################



import os
import sys
import struct



def fuzz(i,fuzzbyte,buff):
	s = buff
	s1 = s[0:i]
	s2=struct.pack('B',fuzzbyte);
	s3 = s[i+1:]
	return s1+s2+s3

def main(args):
	
	index=0;
	eof=0;
	start = 0
	end = 256
	f = file(args[0],"rb");
	buf = f.read();
	
	if(args[1]):
		index = int(args[1]);

	if(args[2]):
		eof=int(args[2]);
	else:
		eof=len(buf);


#	print index;
#	print eof;
	if(args[3]):
		start = int(args[3],16);
	
	if(args[4]):
		end = int(args[4],16);
#	print start
#	print end
	if(start > end):
		print '[*] Error start > end'
		exit(0);
	

	n=0;
	for i in range(index,eof):
		for j in range(start,end):
			fuzzedbuf = fuzz(i,j,buf)
			print args[5]+str(n)+'.'+args[6]
			f1 = file(args[5]+str(n)+'.'+args[6],"wb");
			n+=1;
			f1.write(fuzzedbuf)
			f1.close()





if __name__ == '__main__':
	main(sys.argv[1:]);