Gfuzz is a web application fuzzing environment which combines fine-grained taint analysis on the server-side (using CORE Grasp) with grammar-based analysis. This allows to perform fuzzing tests and accurately detect attacks feeding the grammar analyzer with the executed SQL queries (on the server side) together with security taint marks for each query.

On the GUI the tester has for each executed SQL query (on the server side):

  • The text of the executed query, with controlled characters hightlighted.
  • Fuzz vector which triggered the query:
    • Attack string submitted.
    • Input point (form input / get parameter) where attack string was submitted.
    • File and line inside the file (remote) where the SQL query was executed.
  • CORE GRASP analysis of the security level of the query.
  • Grammar-based analysis of the security level of the query.

This prototype aids the security tester in the task of determining which alerts raised by the fuzzer are real attacks and for the queries which do not comprise an attack, it allows the tester to reformulate the attack vectors in order to exploit SQL-injection vulnerabilities.


Source Code

gfuzz (0.1), tar.gz file. MD5:19fd07482a3b00d65fd65e98567ee51f



Whether you want to report a bug, collaborate or give some suggestions on this package, drop us a few lines at oss@. To contact me, Ezequiel Gutesman, the author, you can reach me at gutes@. I'm planning a complete rewrite of the tool soon.


Release date: November 2008
License type:  OpenBSD and Apache2

Related information


gFuzz: An Instrumented Web Application Fuzzing Environment

Open Source Project