Torment 0.1.0 released

I’m pleased to announce the initial development release of Torment. Torment is an extension for the Ruby programming language designed for development of software assurance tools and utilities. It extends the built-in, and introduces new classes and modules into Ruby instead of specifying or using another language. Therefore, you do not have to learn the syntax and semantics of different languages.

Many of the standard tools yet to be evaluated for inclusion in future releases, such as file format fuzzers, already identified several vulnerabilities in well-known open source and proprietary software.

This version includes a set of standard file format fuzzers for the RPM file format. These fuzzers are being used as part of Red Hat QA and already identified several vulnerabilities within the RPM library.

Using any of the fuzzers is very straightforward. For instance, you can run a fuzzer with the following command:

$ ./rpm_header_skip_tag_and_offset.rb \
      -l '/path/to/logs'/ \
      -o '/path/to/outcomes'/ -p 'rpm -qlp' \
      amanda-client-2.6.1p2-7.el6.x86_64.rpm

The log file and outcomes for this run are saved to ‘/path/to/logs’/ and ‘/path/to/outcomes’/ respectively.

For additional information, refer to documentation.