manul

manul copied to clipboard

Attempting to use manul as a blackbox network fuzzer requires the user to specify a target_binary argument even though it's not really necessary. It doesn’t appear to matter what binary is provided to manul (I used /bin/cat) as long as it can be found and launched by manul. Provided the remote side blackbox end is up and running manul will continue sending the fuzzed data until the remote side crashes. Please change the behavior so that the user does not need to provide a target_binary when a blackbox fuzzer mode is in use.

My example setup has a simple python http server on a remote system.

Local Fuzzer System: $ python3 manul.py -s -i IN -o OUT --target_ip_port 10.0.0.1:8888 --target_protocol=tcp "/bin/cat"

Remote Blackbox System: $ python -m SimpleHTTPServer 8888