kedarbellare/pdf_fuzz.py

## pdf_fuzz.py
file_list = ["10.1.1.111.1781.pdf", "10.1.1.111.5264.pdf", "10.1.1.39.1596.pdf",  "10.1.1.41.8589.pdf",  "10.1.1.42.5619.pdf"]

apps = [
    "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/MacOS/AdobeReader",
    "/Applications/Adobe Reader.app/Contents/MacOS/AdobeReader",
    "/Applications/Preview.app/Contents/MacOS/Preview"]

fuzz_output = "fuzz.pdf"

FuzzFactor = 250
num_tests = 100

import math
import random
import string
import subprocess
import time

for i in xrange(num_tests):
    file_choice = random.choice(file_list)
    app = random.choice(apps)
    buf = bytearray(open(file_choice, 'rb').read())

    # start Charlie Miller code (modified)
    numwrites = random.randrange(math.ceil(((float(len(buf)))/FuzzFactor)))+1
    fuzz_choice = random.choice(['start', 'end', 'middle', 'random'])
    begin = None
    if fuzz_choice == 'start': begin = 0
    if fuzz_choice == 'end': begin = len(buf)-numwrites-1
    if fuzz_choice == 'middle': begin = random.randrange(len(buf)-numwrites)
    for j in xrange(numwrites):
        rbyte = random.randrange(256)
        if begin is None:
            rn = random.randrange(len(buf))
        else:
            rn = begin
            begin += 1
        buf[rn] = "%c"%(rbyte)
    # end Charlie Miller code (modified)

    open(fuzz_output, 'wb').write(buf)

    print "Using app: %s orig_file: %s fuzz_type: %s #writes=%d" % (app, file_choice, fuzz_choice, numwrites)
    process = subprocess.Popen([app, fuzz_output])

    time.sleep(1)
    crashed = process.poll()
    if not crashed:
        process.terminate()
	file_list = ["10.1.1.111.1781.pdf", "10.1.1.111.5264.pdf", "10.1.1.39.1596.pdf", "10.1.1.41.8589.pdf", "10.1.1.42.5619.pdf"]

	apps = [
	"/Applications/Adobe Reader 9/Adobe Reader.app/Contents/MacOS/AdobeReader",
	"/Applications/Adobe Reader.app/Contents/MacOS/AdobeReader",
	"/Applications/Preview.app/Contents/MacOS/Preview"]

	fuzz_output = "fuzz.pdf"

	FuzzFactor = 250
	num_tests = 100

	import math
	import random
	import string
	import subprocess
	import time

	for i in xrange(num_tests):
	file_choice = random.choice(file_list)
	app = random.choice(apps)
	buf = bytearray(open(file_choice, 'rb').read())

	# start Charlie Miller code (modified)
	numwrites = random.randrange(math.ceil(((float(len(buf)))/FuzzFactor)))+1
	fuzz_choice = random.choice(['start', 'end', 'middle', 'random'])
	begin = None
	if fuzz_choice == 'start': begin = 0
	if fuzz_choice == 'end': begin = len(buf)-numwrites-1
	if fuzz_choice == 'middle': begin = random.randrange(len(buf)-numwrites)
	for j in xrange(numwrites):
	rbyte = random.randrange(256)
	if begin is None:
	rn = random.randrange(len(buf))
	else:
	rn = begin
	begin += 1
	buf[rn] = "%c"%(rbyte)
	# end Charlie Miller code (modified)

	open(fuzz_output, 'wb').write(buf)

	print "Using app: %s orig_file: %s fuzz_type: %s #writes=%d" % (app, file_choice, fuzz_choice, numwrites)
	process = subprocess.Popen([app, fuzz_output])

	time.sleep(1)
	crashed = process.poll()
	if not crashed:
	process.terminate()