Brute Force Binary Tester

Description: The Brute Force Binary Tester checks for command line and environment variable overflows by throwing large inputs at the binary under test.

The BFBTester is a simple command line C utility that can check single binaries or whole directories for simple overflow vulnerabilities. The latest version can also watch for tempfile creation and warn of unsafe tempfile names. This tool is still in its beta stages, and failed to make on the reviewer's Red Hat 6.0 system.

BFBTester is being developed on FreeBSD.

URL: http://my.ispchannel.com/~mheffner/bfbtester/

Pros:

Black box--does not require source code or modeling.
Has the potential to find unknown vulnerabilities.

Cons:

Very beta.

Rating: Recommended as reference. BFBTester is a good idea, but it lacks the support to become a usable tool in the near future.

Classification:
Static vs. Dynamic: Dynamic
Library vs. Instrumenting: Library
Testing vs. Production: Testing
Opaque vs. Clear: Opaque
List vs. Heuristic: Heuristic
Conservative vs. Liberal: Liberal
Concurrent vs. Single Program: Single programs.
Alert vs. Fix: Alert

Evaluated by Homer Briggs on 8/21/2000