FrontPage

Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.

Peach requires the creation of PeachPit files that define the structure, type information, and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run including selecting a data transport (Publisher), logging interface, etc.

Peach has been under active development for five years and is in its second major version. Peach was created and is actively developed by Michael Eddington of Leviathan Security Group, Inc.

News

Peach v2.3 Released

Peach v2.3 has finally been released after adding more features than intended

• Data Analyzers feature added

• Mutation Strategies feature added

• XmlElement, XmlAttribute data elements added

• Asn1Type data element added

• NumericalString hint added

• Binary analyzer added

• StringToken analyzer added

• XML analyzer added

• ASN.1 analyzer added

• Random Mutation Strategy added
• Real Unicode support added to Strings
• Unicode mutators added
• Complex native structure support for shared library/com fuzzing

  • Pointer support (to any depth)

• Data elements can now populate arrays

• Data elements can now select from Choice statements

• Constraint python expressions can be specified for data elements

• Improved support for file fuzzing

Peach Training @ Blackhat Vegas 2009

A two day hands on training class on Peach is being offered at Blackhat Vegas 2009.

Course information and registration.

Peach and bang-exploitable (!exploitable) Support

I'm happy to announce Peach v2.3 has full support for the Microsoft !exploitable windbg module. Just drop the extension DLL into your "winexts" folder and Peach will automatically use it to perform crash analysis. Support in all v2.3 releases including BETA 1.

More information about !exploitable can be found here.

Peach v2.3 BETA 1 Released

The first beta of Peach v2.3 has been released! This version includes a number of new features and lots of bug fixes and speed improvements.

Peach Training @ CanSecWest 2009 in Vancouver, CA

A two day Peach training class is being offered at CanSecWest 2009 in Vancouver, CA. For additional information please see the course description here.

Peach 2.2 Released

Peach 2.2 has finally gone golden! Head over to PeachInstallation for download links and installation instructions.

Whats new:

• Win32: Binary distribution with no dependencies
• State model paths
• Enable/disable mutations by node
• Offset support via:
  • Offset-of relation
  • Seek element
  • Placement element
• Peach Validator hex view
• Updated and new mutators
• Improved App Verifier support
  • Exclude specific stop codes
  • Custom check model list
• Major speed improvements
• New/updated supporting tools:
  • minset - Find the minimum set of files
  • missing - Gap analysis between files and pit
  • struct2peach - Convert 010 Templates to Peach
• Numerouse bug fixes

Peach 2.2 BETA 2 Released

I'm pleased to announce the release of Peach 2.2 BETA2, hopefully the last release before Peach 2.2 is released. This release contains numerous bug fixes from beta 1, along with a few new features such as the Hex view in the Peach Validation UI. Is it strongly suggested that all users of Peach 2.2 BETA1 upgrade to BETA2.

Please report any bugs directly to myself or the Peach mailing list.

Download from here

Peach Training @ PacSec 2008 in Tokyo, JP

A two day Peach training class is being offered at PacSec 2008 in Tokyo, JP. This will be the first time Peach training has been offered in Asia. For additional information please see the course description here.

Peach Training @ BA-Con 2008 in Buenos Aires, AR

The two day Peach 101 training is being offered at BA-Con in Buenos Aires, AR. We are happy to be a part of this new South American security conference. For additional information please see the course description here.