XDiFF v1.2.0

This is the second release of XDiFF, presented in the Hack in the Box 2018 talk "Exposing Hidden Exploitable Behaviors Using Extended Differential Fuzzing".

Please refer to the documentation or the docs folder included to learn how to use it. To report any bugs or ask for features, feel free to open an issue or contact me at fernando.arnaboldi at ioactive.

Changelog for v1.2:

• Changed main function names in the root directory
• Improved code, documentation, and (most of) the code is now tested. Tons of bugfixes.
• Improved analysis of network connections to test browsers connections
• Added new analysis for error disclosure (analyze_error_disclosure) and path disclosure analysis has been splitted (analyze_path_disclosure_stdout and analyze_path_disclosure_stderr)
• Added new compatibility class (classes.compat) to support Python 3
• Added risk value to the different analytic functions. Print functions based on their rating: ./xdiff_analyze.py -d db.sqlite -r 0/1/2/3
• Added support to test non random filenames in software.ini. Set the second column to Filename = /etc/yourfixedfilename
• Added new parameters in the settings.py class
• Added debug option to xdiff_run.py

XDiFF v1.1.1 (beta)

Several fixes provided by @cclauss post initial release.

XDiFF v1.1.0

This is the first public release of XDiFF, the tool used for the Black Hat Europe 2017 talk "Exposing Hidden Exploitable Behaviors in Programming Languages Using Differential Fuzzing".

Is an open source fuzzing framework written in Python that has been used successfully on Windows, Linux, OSX, and Freebsd to fuzz different types of software.

Please refer to the documentation or the docs folder included to learn how to use it. To report any bugs or ask for features, feel free to open an issue or contact me at fernando.arnaboldi at ioactive.