PyJFuzz - an automatic json fuzzer framework.

PyJFuzz – an automatic json fuzzer framework.

PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs, such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more.

The available object/class are the following:
+ PJFServer – User to start and stop built-in HTTP and HTTPS servers
+ PJFProcessMonitor – Used to monitor process crash, it will automatically restart proccess each time it crash
+ PJFTestcaseServer – The testcase server is used in conjunction with PJFProcessMonitor, whenever a process crash the testcase server will register and store the JSON which cause the crash
+ PJFFactory – It’s the main object used to do the real fuzz of JSON objects
+ PJFConfiguration – It’s the configuration file for each of the available objects
+ PJFExternalFuzzer – Used by PJFactory is a auxiliary class which provide an interface to other command line fuzzer such as radamsa
+ PJFMutation – Used by PJFFactory provide all the mutation used during fuzzing session
+ PJFExecutor – Provides an interface to interact with external process

PyJFuzz – Python JSON Fuzzer

Features:
* JSON object to fuzz
* Fuzzing level in the range 0-6
* Set whenever to use binary from “command” as an externale fuzzer
* Command to execute each paramester is a list element, you could use shlex.split from python
* Techniques “CHPTRSX”
C – Command Execution
H – Header Injection
P – Path Traversal
T – Template Injection
R – Random Characters
S – SQL Injection
X – XSS
* automatic browser fuzzing session.
* automatic web fuzzing session.

Usage and install:

Source: https://github.com/mseclab