Peach is an easy to use, extensible, fuzzing platform. Peach is capable of fuzzing just about anything you can imagine including network based services, RPC, COM/DCOM, SQL Stored Procedures, file formats, etc.
Peach was originally written while attending ph-neutral 0x7d4.
Peach 2.1 Released
Peach 2.1 has finally been released! The final version of Peach 2.1 contains numerouse bug fixes and improvements from the last beta and all users of Peach should upgrade.
Release Notes
Head here to download.
Peach 2 Training @ BlackHat Vegas 2008
A two day training course in Peach 2 is being offered this year at BlackHat Vegas. This course will cover all of the latest Peach 2 features in a hands on, lab intensive manor. Including the Peach 2 features being released later this year.
The course will cover creating fuzzers for the following:
- State-aware network protocol parsers
- N-tier applications
- Arbitrary APIs
- File parsers
- COM and Active/X components
- Detect non-classic faults in software
- Extend the Peach Fuzzing Platform by creating custom Transformers, Fixups, Publishers, and Monitors.
- Apply these concepts and tools to their unique environment
- Utilize parallel fuzzing to increase fuzzing efficiency
Peach 2.1 BETA4 Released
The fourth beta of Peach 2.1 has been released. This release is largely a bugfix release containing a rollup of all beta3 patches, and other reported issues. In addition there is a new command line parameter to support parallel fuzzing and the inclusion of new mutators.
Release Notes
Head here to download.
Peach 2.1 BETA3 Patch #2
A big thanks to Chris Clark who found the second patch worthy bug. This is a gnarly bug in the Mutator code that would sometimes cause a mutator to get skipped. Chris is also the first to submit a new custom mutator that will be included in next release Peach 2.1. Thanks Chris!
This bug affects all Peach 2.1 BETA3 users, so please apply this patch!
Peach 2.1 BETA3 Patch #1
No good beta release goes with out some bugs being found. The first patch worthy bug was reported by David (thanks!) and a patch was posted out to the list.
This bug affects the use of Number elements with valueType="hex".
Peach 2.1 BETA3 Released
The second beta of Peach 2.1 has been released. This updated beta includes expanded documentation, many bug fixes, expanded support for Linux and OS X, and many more additions and features.
Peach 2.1 BETA3 is now the recommended version of Peach to use superceding the 2.0 release.
Release Notes
Head here to download.
Peach 2.1 BETA3 includes the new Peach Validation UI. This new UI is used to validate your Peach 2 data models and also test mutators.
Peach 2.1 BETA2 Released
The second beta of Peach 2.1 has been released. This updated beta includes expanded documentation, many bug fixes, expanded support for Linux and OS X, and many more additions and features.
Release Notes
Head here to download.
Peach 2.1 BETA1 Released
The first public beta of Peach 2.1 has been released. Peach 2.1 includes a new state machine which allows modeling the state of a protocol at a high level. This makes complex fuzzer creation much easier. Additionally, call based fuzzers such as COM are much easier to fuzz.
Release Notes
Head here to download.
Peach 2.0 Is Here!
Peach 2.0 is finally here! Peach 2.0 is very different from the original Peach. Instead of writing awkward Python code, Peach 2.0 fuzzers are developed by creating a data definition in XML which consumed by the Peach engine to create data mutations.
Peach 2.0 also includes a robust agent monitoring system that allows for such things as attaching debuggers, collecting network captures, etc.
Installation
Peach 2.0 currently requires Windows with ActiveState Python v2.5 (32bit). ActiveState Python can be downloaded from here for free. Once you have ActiveState Python installed you can download and run the Peach installer using the link below.
Peach Builder
Now you can build your fuzzer via the included Peach Builder GUI. Peach Builder lets you build, and test your fuzzer!
Peach 2.0 Tutorial
Check out the Peach 2.0 tutorial to learn how create Peach fuzzers quickly. The tutorial leads you through building a DHCP Request fuzzer and introduces the core concepts of Peach.
