Codenomicon is a Finland based Information Security company. Recently it has released a universal fuzzer, a fuzz testing solution that combines heuristics and multiple fuzzers with a graphical user interface, automated test executions and reporting features. Fuzzing has been popular between hackers and security researchers to find bugs and0-days in software.This Universal Fuzzer can be used to test everything that can be presented in a file format, such as image files, captured protocol messages, text documents and wireless frames. It creates test cases from sample files, such as pdf-documents, media files and protocol files.

The Universal Fuzzer uses heuristics to determine the structure of the sample files, thus it is able to generate more intelligent, targeted test cases and discover more vulnerabilities. The coverage of the tests is further improved by combining the abilities of 15 different fuzzers. The Universal Fuzzer is an easy and flexible solution for performing fuzzing. It does not require any protocol specific customization. Test cases are automatically generated from sample template files. The key features mentioned are:

* TESTS ANYTHING: If you can present the data in file format, then you can test it with the universal fuzzer. Use the Universal Fuzzer to test image files, captured protocol messages, text documents, wireless frames, etc.
* INTELLIGENT FUZZING: Most fuzzers only perform random mutation fuzzing. The Codenomicon Universal Fuzzer utilizes heuristics to determine data structures, thus it is able to generate more intelligent test cases.
* EASY TO CREATE AND EXECUTE: The Universal Fuzzer does not require any protocol specific customization. Test cases are automatically generated from sample template files.
* BROAD COVERAGE: The Universal Fuzzer utilizes 15 different Fuzzers to generate test cases giving you a broad spread of what types of attacks your software will have to endure.
* CLEAR GUI AND AUTOMATED REPORTING FEATURES: The Universal Fuzzer can be run through the Defensics GUI making it easy to control 15 fuzzers simultaneously. You will also the benefit of Defensics’ automated reporting features: simply click on a link in the report to reproduce test vulnerabilities.
* DIFFERENT TEST EXECUTION METHODS: The test cases can be run directly at the test target, or they can be injected using network connection. The test cases can also be sent using our built-in HTTP server.

The release of this software will help software companies and researchers to perform and ensure quick testing of software for exploits. You can read more about it from here.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.