bfbtester - Brute Force Binary Tester
] [-d level
] [-o out-file
] [-x max-execs
] files ...
BFBTester is great for doing quick, proactive, security checks of binary
programs. BFBTester will perform checks of single and multiple argument
command line overflows as well as environment variable overflows. BFBTester
can also watch for tempfile creation activity to alert the user of any
programs using unsafe tempfile names. While BFBTester can not test all
overflows in software, it is useful for detecting initial mistakes that can
red flag dangerous software.
You must specify one or more of the following tests:
- Single Argument Test.
- Multiple Argument Test.
- Environment Variable Test.
- Selects all tests
- Print help.
- Enable tempfile monitoring.
- Print version string.
- -d level
- Set debug level (default = 0, max = 2).
- -r rejects
- Comma separated list of binaries to skip.
- -o out-file
- Output to out-file rather than stdout.
- -x max-execs
- Set maximum executables to run in parallel (default =
- Specific binary or a directory of binaries to test.
You must specify at least one test to run and you must specify either a binary
or a directory.
Executable selection is now done in one of several ways:
If the executable filename is specified with a leading slash (an absolute path),
no selection is used and the supplied absolute filename is used.
If there is no leading slash in the filename the selection is made in one of two
ways (in this order):
1) Prepend file name with $PWD and test accesiblity
2) Search through $PATH and find first accessible executable The first one to
succeed is the executable choosen.
If the filename found is a directory, we walk the directory (one level deep)
looking for executable binaries.
Symbolic links are followed.
You can specify binaries to skip (useful when loading a whole directory) by
using the -r option.
The following is a crash report:
*** Crash </usr/bin/patch> ***
args: -D 
Signal: 11 ( Segmentation fault )
This means "/usr/bin/patch" crashed when fed with an "-D"
and a word 5,120 characters long:
$ /usr/bin/patch -D AAA...5,120 characters...AAA
(Numbers in brackets mean replace with a word that many characters long)
BFBTester is very CPU intensive, and will open many files, so you probably don't
want to run it on a production machine during it's busiest period. Just a
- bfbtester -s /usr/bin
- Run the single argument test on all binaries in folder
- bfbtester -ta patch traceroute
- Run all tests against patch and traceroute and run the
- bfbtester -a ./bfbtester
- Tests bfbtester (provided it's in the same directory).
- bfbtester -r kill /usr/bin/kill
- Does nothing.
This manual page was written by Karl Soderstrom <email@example.com>, for the
Debian GNU/Linux system (but may be used by others).