Peach is an easy to use, extensible, fuzzing platform. Peach is capable of fuzzing just about anything you can imagine including network based services, RPC, COM/DCOM, SQL Stored Procedures, file formats, etc.
Peach was originally written while attending ph-neutral 0x7d4.
Peach 2 Training @ BlackHat Vegas
A two day training course in Peach 2 is being offered this year at BlackHat Vegas. This course will cover all of the latest Peach 2 features in a hands on, lab intensive manor. Including the Peach 2 features being released later this year.
The course will cover creating fuzzers for the following:
- State-aware network protocol parsers
- N-tier applications
- Arbitrary APIs
- File parsers
- COM and Active/X components
- Detect non-classic faults in software
- Extend the Peach Fuzzing Platform by creating custom Transformers, Generators, Publishers, and Monitors.
- Apply these concepts and tools to their unique environment
- Utilize parallel fuzzing to increase fuzzing efficiency
Peach 2.1 BETA2 Released
The second beta of Peach 2.1 has been released. This updated beta includes expanded documentation, many bug fixes, expanded support for Linux and OS X, and many more additions and features.
Peach 2.1 BETA2 is now the recommended version of Peach to use superceding the 2.0 release.
Head here to download. Then check out the included readme.html and tutorial.
Peach 2.1 BETA1 Released
The first public beta of Peach 2.1 has been released. Peach 2.1 includes a new state machine which allows modeling the state of a protocol at a high level. This makes complex fuzzer creation much easier. Additionally, call based fuzzers such as COM are much easier to fuzz.
Head here to download. Then check out the included readme.html and tutorial.
Peach 2.0 Is Here!
Peach 2.0 is finally here! Peach 2.0 is very different from the original Peach. Instead of writing awkward Python code, Peach 2.0 fuzzers are developed by creating a data definition in XML which consumed by the Peach engine to create data mutations.
Peach 2.0 also includes a robust agent monitoring system that allows for such things as attaching debuggers, collecting network captures, etc.
Installation
Peach 2.0 currently requires Windows with ActiveState Python v2.5 (32bit). ActiveState Python can be downloaded from here for free. Once you have ActiveState Python installed you can download and run the Peach installer using the link below.
Peach Builder
Now you can build your fuzzer via the included Peach Builder GUI. Peach Builder lets you build, and test your fuzzer!
Peach 2.0 Tutorial
Check out the Peach 2.0 tutorial to learn how create Peach fuzzers quickly. The tutorial leads you through building a DHCP Request fuzzer and introduces the core concepts of Peach.
Peach Roadmap
Peach is under active development, the next milestones for Peach are as follows:
- 2.1, May '08
- 2.2, June '08
