just wrote a package in Go. it's a link preview library and extracts the components needed for previewing links from a provided URL. It also has a caching feature and customizable user agent.
It's been indexed on official GoDocs site too.
[GitHub Repo] [GoDocs index]
#MyProjects #linkpreview #golang
@Mi_Ra_Ch
go get github.com/AmanuelCh/linkpreview
It's been indexed on official GoDocs site too.
[GitHub Repo] [GoDocs index]
#MyProjects #linkpreview #golang
@Mi_Ra_Ch
🔥5
Mira
just wrote a package in Go. it's a link preview library and extracts the components needed for previewing links from a provided URL. It also has a caching feature and customizable user agent. go get github.com/AmanuelCh/linkpreview It's been indexed on official…
feels great watching your packages making it to the GoDocs 🤗
for my fellow gophers, you can import the package and start using it in your projects when you need it. The README file on the GitHub repo shows you how to use it.
for my fellow gophers, you can import the package and start using it in your projects when you need it. The README file on the GitHub repo shows you how to use it.
🔥10
Fuzzing: The ultimate stress test for your software
What is Fuzzing?
Fuzzing, or fuzz testing, is an automated software testing technique that involves providing a program with invalid, unexpected, or random data as inputs. The goal? To uncover bugs, security vulnerabilities, and other issues that could lead to system crashes or exploits. Imagine throwing a bunch of weird inputs at your software and seeing what breaks—that’s fuzzing in a nutshell!
Why Fuzzing Matter
In today’s digital landscape, security is everything. With cyber threats lurking around every corner, developers need effective ways to identify vulnerabilities before they can be exploited. Fuzzing helps in:
Finding Bugs: It can reveal issues that traditional testing methods might miss, especially edge cases that occur under unusual conditions.
Enhancing Security: By identifying vulnerabilities, fuzzing helps developers patch holes before they can be exploited by malicious actors.
Automating Testing:
Fuzzing can run continuously, making it easier to integrate into CI/CD pipelines, allowing for rapid feedback and quicker fixes.
How Fuzzing Works
Fuzzing can be broken down into a few key steps:
Input Generation: The fuzzer generates a large number of inputs, which can be random or
based on predefined templates. Some fuzzers use smart algorithms to create inputs that are more likely to trigger bugs.
Execution: The generated inputs are fed into the target program. This is where the magic happens—if the program crashes or behaves unexpectedly, that’s a
potential bug!
Monitoring: The fuzzer monitors the program’s behavior during execution. If it detects a crash, it logs this information for further analysis.
Reporting: Finally, the fuzzer compiles a report detailing the inputs that caused
issues, allowing developers to investigate and fix the bugs.
Types of Fuzzing
Black-Box Fuzzing: This approach treats the software as a black box, focusing solely on inputs and outputs without any knowledge of the internal workings. It’s
like throwing spaghetti at the wall to see what sticks.
White-Box Fuzzing: Here, the fuzzer has access to the source code and can generate inputs based on code paths. This method is more efficient but requires more setup.
Grey-Box Fuzzing: A hybrid approach that combines elements of both black-box and white-box fuzzing. It uses some knowledge of the code while still testing the software as a black box.
Popular Fuzzing Tools
There are several fuzzing tools available, each designed for different scenarios. Here are a few heavy hitters in the fuzzing arena:
American Fuzzy Lop (AFL): This is a popular grey-box fuzzer that uses genetic algorithms to
discover new test cases. It’s particularly good at finding memory corruption bugs and is widely used in the security community.
LibFuzzer: Part of the LLVM project, LibFuzzer is a white box fuzzer that performs coverage-guided fuzzing. It’s super effective for testing libraries and can be integrated into existing projects easily.
OSS-Fuzz: A continuous fuzzing service provided by Google for open-source projects. It integrates with other fuzzing tools to continuously test software and
report bugs, helping maintainers keep their projects secure.
Peach Fuzzer: This tool is great for fuzzing network protocols and file formats. It allows testers to define custom data models for generating test inputs, making it highly customizable.
Boofuzz: A fork of the Sulley Fuzzing Framework, Boofuzz is designed for network protocol fuzzing. It’s user-friendly and allows for easy customization
of network protocol specifications.
Real-World Applications of Fuzzing
Fuzzing isn’t just a theoretical exercise; it’s been used in
real-world scenarios to uncover critical vulnerabilities. Here are a couple of notable examples:
Because sometimes, the best way to break things is to break them randomly. -- Me lol
What is Fuzzing?
Fuzzing, or fuzz testing, is an automated software testing technique that involves providing a program with invalid, unexpected, or random data as inputs. The goal? To uncover bugs, security vulnerabilities, and other issues that could lead to system crashes or exploits. Imagine throwing a bunch of weird inputs at your software and seeing what breaks—that’s fuzzing in a nutshell!
Why Fuzzing Matter
In today’s digital landscape, security is everything. With cyber threats lurking around every corner, developers need effective ways to identify vulnerabilities before they can be exploited. Fuzzing helps in:
Finding Bugs: It can reveal issues that traditional testing methods might miss, especially edge cases that occur under unusual conditions.
Enhancing Security: By identifying vulnerabilities, fuzzing helps developers patch holes before they can be exploited by malicious actors.
Automating Testing:
Fuzzing can run continuously, making it easier to integrate into CI/CD pipelines, allowing for rapid feedback and quicker fixes.
How Fuzzing Works
Fuzzing can be broken down into a few key steps:
Input Generation: The fuzzer generates a large number of inputs, which can be random or
based on predefined templates. Some fuzzers use smart algorithms to create inputs that are more likely to trigger bugs.
Execution: The generated inputs are fed into the target program. This is where the magic happens—if the program crashes or behaves unexpectedly, that’s a
potential bug!
Monitoring: The fuzzer monitors the program’s behavior during execution. If it detects a crash, it logs this information for further analysis.
Reporting: Finally, the fuzzer compiles a report detailing the inputs that caused
issues, allowing developers to investigate and fix the bugs.
Types of Fuzzing
Black-Box Fuzzing: This approach treats the software as a black box, focusing solely on inputs and outputs without any knowledge of the internal workings. It’s
like throwing spaghetti at the wall to see what sticks.
White-Box Fuzzing: Here, the fuzzer has access to the source code and can generate inputs based on code paths. This method is more efficient but requires more setup.
Grey-Box Fuzzing: A hybrid approach that combines elements of both black-box and white-box fuzzing. It uses some knowledge of the code while still testing the software as a black box.
Popular Fuzzing Tools
There are several fuzzing tools available, each designed for different scenarios. Here are a few heavy hitters in the fuzzing arena:
American Fuzzy Lop (AFL): This is a popular grey-box fuzzer that uses genetic algorithms to
discover new test cases. It’s particularly good at finding memory corruption bugs and is widely used in the security community.
LibFuzzer: Part of the LLVM project, LibFuzzer is a white box fuzzer that performs coverage-guided fuzzing. It’s super effective for testing libraries and can be integrated into existing projects easily.
OSS-Fuzz: A continuous fuzzing service provided by Google for open-source projects. It integrates with other fuzzing tools to continuously test software and
report bugs, helping maintainers keep their projects secure.
Peach Fuzzer: This tool is great for fuzzing network protocols and file formats. It allows testers to define custom data models for generating test inputs, making it highly customizable.
Boofuzz: A fork of the Sulley Fuzzing Framework, Boofuzz is designed for network protocol fuzzing. It’s user-friendly and allows for easy customization
of network protocol specifications.
Real-World Applications of Fuzzing
Fuzzing isn’t just a theoretical exercise; it’s been used in
real-world scenarios to uncover critical vulnerabilities. Here are a couple of notable examples:
👍1
Google’s OSS-Fuzz Initiative:
Since its launch, Google’s OSS-Fuzz has helped identify over 8,800 vulnerabilities across various open-source projects. By continuously fuzzing these projects, Google has significantly improved the security
posture of many widely-used software applications.
The Month of Kernel Bugs:
This initiative revealed numerous vulnerabilities in the Linux kernel through targeted fuzzing efforts. By focusing on kernel-level code, researchers were able to discover and patch critical flaws that could have been exploited by attackers.
Best Practices for Fuzzing
To get the most out of fuzzing, here are some best practices to keep in mind:
Integrate with CI/CD: Incorporate fuzzing into your continuous integration and delivery pipelines to catch bugs early.
Use Feedback-Based Fuzzing: Leverage tools that provide feedback on code coverage to improve the efficiency of your fuzzing efforts.
Automate Bug Triage: Use automated tools to categorize and prioritize bugs based on their severity, making it easier to manage and address issues.
Document Findings: Keep detailed records of the inputs that caused crashes or unexpected behavior. This will help developers understand and fix the underlying issues.
Concluding Thoughts
Fuzzing is an essential technique in the software testing toolkit, especially in today’s security-conscious environment. By throwing unexpected inputs at your software, you can uncover hidden vulnerabilities and bugs that might otherwise go unnoticed.
#TakeAByte #fuzzing #pentest
@Mi_Ra_Ch
Since its launch, Google’s OSS-Fuzz has helped identify over 8,800 vulnerabilities across various open-source projects. By continuously fuzzing these projects, Google has significantly improved the security
posture of many widely-used software applications.
The Month of Kernel Bugs:
This initiative revealed numerous vulnerabilities in the Linux kernel through targeted fuzzing efforts. By focusing on kernel-level code, researchers were able to discover and patch critical flaws that could have been exploited by attackers.
Best Practices for Fuzzing
To get the most out of fuzzing, here are some best practices to keep in mind:
Integrate with CI/CD: Incorporate fuzzing into your continuous integration and delivery pipelines to catch bugs early.
Use Feedback-Based Fuzzing: Leverage tools that provide feedback on code coverage to improve the efficiency of your fuzzing efforts.
Automate Bug Triage: Use automated tools to categorize and prioritize bugs based on their severity, making it easier to manage and address issues.
Document Findings: Keep detailed records of the inputs that caused crashes or unexpected behavior. This will help developers understand and fix the underlying issues.
Concluding Thoughts
Fuzzing is an essential technique in the software testing toolkit, especially in today’s security-conscious environment. By throwing unexpected inputs at your software, you can uncover hidden vulnerabilities and bugs that might otherwise go unnoticed.
#TakeAByte #fuzzing #pentest
@Mi_Ra_Ch
⚡1
Mira
just wrote a package in Go. it's a link preview library and extracts the components needed for previewing links from a provided URL. It also has a caching feature and customizable user agent. go get github.com/AmanuelCh/linkpreview It's been indexed on official…
at first the goal was to create a site where I can paste a link and get metadata previews especially the image so that when sharing links on telegram I can attach the image. I looked for packages on npm but turns out most of them are hosted on heroku free version back then and don't work anymore. so I wrote a node code that uses puppeteer headless browser and scrapes the site's metadata. but deploying was quite a hustle and decided to write it in Go. the beauty of Go is you don't need extra setups or hosting providers to publish your packages.