clif - simple command-line application fuzzer


clif is a command-line application fuzzer, pretty much what a wfuzz or ffuf are for web. It was inspired by sudo vulnerability CVE-2021-3156 and the fact that, for some reasons, Google's alf-fuzz doesn't allow for unlimited argument or option specification. Since I try to practice my Rust whenever there's an opportunity to develop something that I actually might use, I decided to create my own fuzzer.

Here are a few examples of what it can do:


                        # throw wordlist.txt as input
                        clif -e my_program -w wordlist.txt 

                        # throw wordlist.txt as -p argument
                        clif -e my_program -w wordlist.txt -a "-p FUZZ" 

                        # throw numbers from range 100..100000000 as the first argument
                        clif -e my_program -n 100..100000000 -a "-n FUZZ" 

                        # throw a string with length from range 10..100 as the first argument
                        clif -e my_program -s 10..100
                        

For more details, head to the GitHub repo.

Here's a quick demo:


0x4ndy:~