The core fuzzer code is pretty basic and contained in a single 10kb source file. It should serve you well if you want to get started with fuzzing by looking at some example code and/or modify it to suit your specific needs.
You can buy a license for the non-exclusive use of this fuzzer for as little as
100€ at https://license.
Once you have paid for the license, you can download the source in a .zip file from a link in the license details. this download contains the main Python class and the four Python scripts described below.
Please read the full license before downloading the fuzzer source.
cRegExpFuzzer2 is the main Python class; instances of this class can be used
to generate regular expression strings like so:
oRegExpFuzzer2 = cRegExpFuzzer2("ECMAScript"); # Or "Perl" sPattern = oRegExpFuzzer2.
fsGeneratePattern(); print repr(sPattern); sFlags = oRegExpFuzzer2. fsGenerateFlags(); print repr(sFlags);
The above code will output a randomly generated regular expression that adheres
randomly selected flags for the engine, such as
g for global search and
for case insensitive.
I've added four Python scripts that serve as examples of how to use this fuzzer to test the regular expression engines of various scripting engines. When run, these scripts generate test code and write it to a script file. This script file can then be run in the target scripting engine to test the regular expression engine. For instance, to test the Python regular expression engine, you can run the following two commands:
py python repro. py
The first command will generate a file
repro. that contains a number of
tests. The second command will execute these tests.
To test Perl, execute the following two commands:
py perl repro. pl
Similarly, you can test JScript and VBScript with the following commands:
py cscript /nologo repro. js python GenerateVBScriptTestCode. py cscript /nologo repro. vbs
Obviously, you can run these scripting engines under BugId to detect any crashes found while running the test.
To show what kind of output you can expect from this fuzzer, I've generated test code for four scripting engines, which you can download here.
If you have any further questions, please send an email to