Back to Blog

Fuzzing with Radamsa: A Practical Guide to Finding Vulnerabilities

Learn how to use Radamsa, a powerful fuzzing tool, to discover security vulnerabilities in your applications through automated testing.

CyberBros Security Team
8 min read
#fuzzing #security-testing #radamsa #vulnerability-research

Fuzzing is one of the most effective techniques for discovering security vulnerabilities in software. By feeding unexpected, malformed, or random data into applications, we can uncover bugs that might otherwise remain hidden until exploited by attackers. In this guide, we’ll explore Radamsa, a powerful and versatile fuzzing tool that has proven its worth in real-world security testing.

What is Radamsa?

Radamsa is a black-box fuzzer developed by the Oulu University Secure Programming Group. Unlike traditional mutation-based fuzzers that make random changes to input, Radamsa uses intelligent mutations based on patterns it learns from valid input samples. This approach makes it particularly effective at finding edge cases and security vulnerabilities.

What sets Radamsa apart is its simplicity and effectiveness. It requires minimal setup, works with any type of input data, and has been successfully used to discover vulnerabilities in numerous real-world applications, including web browsers, file parsers, and network services.

Installing Radamsa

Installing Radamsa is straightforward on most Unix-like systems. Here’s how to get started:

On Linux/macOS

git clone https://gitlab.com/akihe/radamsa.git
cd radamsa
make
sudo make install

Alternatively, on macOS you can use Homebrew:

brew install radamsa

Verify Installation

radamsa --version

Basic Fuzzing Workflow

The fundamental workflow for fuzzing with Radamsa involves three key steps:

  1. Prepare sample inputs - Create valid input samples that your target application can process
  2. Generate mutated inputs - Use Radamsa to create fuzzed variations of your samples
  3. Test and monitor - Feed the mutated inputs to your application and watch for crashes or unexpected behavior

Practical Examples

Example 1: Fuzzing a Simple Text Parser

Let’s start with a basic example. Suppose you have an application that parses text files. First, create a sample input file:

echo "username:password:email@example.com" > sample.txt

Now, generate 100 fuzzed variations:

radamsa -n 100 -o fuzzed_%n.txt sample.txt

This creates 100 files (fuzzed_0.txt through fuzzed_99.txt) with intelligent mutations of your input. You can then feed these to your parser:

for file in fuzzed_*.txt; do
  ./your_parser "$file" || echo "Crash with $file"
done

Example 2: Fuzzing a Network Service

Radamsa excels at fuzzing network protocols. Here’s how to fuzz a simple HTTP server:

# Create a valid HTTP request
cat > http_request.txt << 'EOF'
GET / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0
Accept: */*

EOF

# Generate and send fuzzed requests
for i in {1..1000}; do
  radamsa http_request.txt | nc localhost 8080
  sleep 0.1
done

Example 3: Fuzzing File Formats

File format parsers are notorious for security vulnerabilities. Here’s how to fuzz an image parser:

# Generate 500 fuzzed PNG files
radamsa -n 500 -o fuzzed_images/test_%n.png sample.png

# Test each one
for img in fuzzed_images/*.png; do
  timeout 2s ./image_parser "$img" 2>&1 | grep -i "error\\|segfault" && \
    echo "Potential issue with $img"
done

Advanced Techniques

Using Multiple Seeds

Radamsa can combine mutations from multiple input samples, increasing the diversity of test cases:

radamsa -n 1000 -o output_%n.dat sample1.dat sample2.dat sample3.dat

Deterministic Fuzzing

For reproducible results, use a fixed seed:

radamsa --seed 12345 -n 100 -o test_%n.txt input.txt

Continuous Fuzzing

For long-running fuzzing campaigns, you can pipe Radamsa’s output directly:

while true; do
  radamsa sample.txt | ./your_application
  if [ $? -ne 0 ]; then
    echo "Crash detected at $(date)" >> crashes.log
  fi
done

Monitoring for Vulnerabilities

Effective fuzzing requires proper monitoring. Here are key indicators to watch for:

  • Segmentation faults - Often indicate memory corruption vulnerabilities
  • Timeouts - May reveal denial-of-service conditions or infinite loops
  • Abnormal exit codes - Unhandled exceptions or assertion failures
  • Memory leaks - Use tools like Valgrind to detect gradual resource exhaustion
  • Unexpected error messages - Can reveal information disclosure vulnerabilities

Integration with Other Tools

Radamsa works exceptionally well with other security testing tools:

Combining with AFL (American Fuzzy Lop)

You can use Radamsa to generate initial corpus for AFL:

radamsa -n 100 -o corpus/seed_%n sample.txt
afl-fuzz -i corpus -o findings ./target_binary @@

Using with Address Sanitizer

Compile your application with AddressSanitizer for better vulnerability detection:

# Compile with ASAN
gcc -fsanitize=address -g -o app_asan app.c

# Fuzz the instrumented binary
radamsa sample.txt | ./app_asan

Real-World Success Stories

Radamsa has been instrumental in discovering numerous security vulnerabilities:

  • Multiple bugs in PDF readers and image processing libraries
  • Buffer overflows in network protocol implementations
  • Parser vulnerabilities in web browsers
  • Memory corruption issues in file format handlers

Best Practices

To maximize the effectiveness of your fuzzing campaigns with Radamsa:

  1. Use diverse input samples - Collect a variety of valid inputs that exercise different code paths
  2. Start simple, then scale - Begin with basic mutations before moving to complex scenarios
  3. Automate everything - Create scripts to handle fuzzing, monitoring, and crash analysis
  4. Triage crashes quickly - Not all crashes are exploitable; focus on unique stack traces
  5. Run long campaigns - Some bugs only appear after millions of iterations
  6. Document your findings - Keep detailed logs of crashes and their triggers

Conclusion

Radamsa is an invaluable tool in any security researcher’s arsenal. Its simplicity, combined with intelligent mutation strategies, makes it perfect for both beginners and experienced testers. Whether you’re testing a new feature before release or hunting for zero-days in existing software, Radamsa can help you uncover vulnerabilities that might otherwise go unnoticed.

Remember that fuzzing is just one component of a comprehensive security testing strategy. Combine it with manual code review, static analysis, and dynamic testing for the best results.

Security Tip: Always perform fuzzing in isolated environments. Crashes can lead to data corruption or system instability, so use virtual machines or containers to protect your development environment.

Ready to start fuzzing? Grab Radamsa and start discovering vulnerabilities today. Want to learn more advanced security testing techniques and fuzzing methodologies? Get in touch with CyberBros Security for expert training and professional upskilling programs.

Want to Learn More?

Get expert cybersecurity training and upskilling programs from CyberBros Security. Master penetration testing, security analysis, and advanced security techniques.

Contact Us
View All Posts