clif: simple command-line application fuzzer

clif is a command-line application fuzzer, pretty much what a wfuzz or ffuf are for web. It was inspired by sudo vulnerability CVE-2021-3156 and the fact that, for some reasons, Google's alf-fuzz doesn't allow for unlimited argument or option specification. Since I try to practice my Rust whenever there's an opportunity to develop something that I actually might use, I decided to create my own fuzzer.

Here are a few examples of what it can do:

# throw wordlist.txt as input
clif -e my_program -w wordlist.txt 

# throw wordlist.txt as -p argument
clif -e my_program -w wordlist.txt -a "-p FUZZ" 

# throw numbers from range 100..100000000 as the first argument
clif -e my_program -n 100..100000000 -a "-n FUZZ" 

# throw a string with length from range 10..100 as the first argument
clif -e my_program -s 10..100

For more details, head to the GitHub repo.

Andy Codes

clif: simple command-line application fuzzer

Here's a quick demo