Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aeondave/boofuzz

Name: boofuzz
Author: aeondave

offensive-tools/fuzzing/boofuzz/SKILL.md

npx skillsauth add aeondave/malskill boofuzz

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

boofuzz

Protocol fuzzer framework with request modeling, session graphs, monitors, and structured logging.

Quick Start

pip install boofuzz

from boofuzz import Session, Target, TCPSocketConnection, s_initialize, s_string, s_get

s_initialize("req")
s_string("HELLO", fuzzable=True)

session = Session(target=Target(connection=TCPSocketConnection("127.0.0.1", 9999)))
session.connect(s_get("req"))
session.fuzz()

Operator Flow (Recommended)

Define protocol requests as Request + Block + primitives.
Build realistic session graph via session.connect(...).
Add monitors (process/network/callback) before scaling testcases.
Enable logs and reproduce individual failing testcases from run DB.
Iterate on protocol model quality (field sizes, delimiters, checksums, dependencies).

Best Use Cases

Custom/legacy network protocols.
Stateful handshake + multi-step message flows.
Harnesses requiring explicit restart/monitor logic.

Practical Tricks

Use post_test_case_callbacks for protocol-aware checks instead of only crash/no-crash signals.
Use ProtocolSessionReference when later messages need dynamic data extracted from prior responses.
Keep a strict separation between:
- transport connection behavior,
- protocol message modeling,
- health/monitoring logic.
Prefer deterministic target reset routines in monitor hooks.

Common Pitfalls

Blind mutation of raw bytes without block/field modeling wastes boofuzz strengths.
No monitor/restart chain -> flaky crash attribution.
Overly broad callback side effects -> non-deterministic failures.

Logging & Triage

Use text/CSV/curses loggers via FuzzLogger multiplexer for both operator visibility and artifacts.
Persist each run DB (boofuzz-results/run-*.db) and reopen for post-campaign review.
Keep concise crash synopsis in monitor implementations (get_crash_synopsis).

Resources

https://github.com/jtpereyda/boofuzz
https://boofuzz.readthedocs.io/
https://boofuzz.readthedocs.io/en/stable/user/quickstart.html
https://boofuzz.readthedocs.io/en/stable/user/monitors.html
https://boofuzz.readthedocs.io/en/stable/user/protocol-definition.html

aeondave/boofuzz

offensive-tools/fuzzing/boofuzz/SKILL.md

Auth/lab ref: Python network protocol fuzzing framework (Sulley successor). For stateful TCP/UDP protocol fuzzing, request-graph modeling, monitor-driven crash detection, and reproducible protocol campaign workflows.

4 stars

development

Updated Jun 8, 2026

$ install --global

skillsauth

npx skillsauth add aeondave/malskill boofuzz

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 8, 2026, 3:49 AM116.3s1 file scanned

SKILL.md

name:: boofuzz
description:: Auth/lab ref: Python network protocol fuzzing framework (Sulley successor). For stateful TCP/UDP protocol fuzzing, request-graph modeling, monitor-driven crash detection, and reproducible protocol campaign workflows.
license:: GPL-2.0
compatibility:: Python 3 on Linux/Windows/macOS.
author:: GitHub Copilot
version:: 1.1

boofuzz

Protocol fuzzer framework with request modeling, session graphs, monitors, and structured logging.

Quick Start

pip install boofuzz

from boofuzz import Session, Target, TCPSocketConnection, s_initialize, s_string, s_get

s_initialize("req")
s_string("HELLO", fuzzable=True)

session = Session(target=Target(connection=TCPSocketConnection("127.0.0.1", 9999)))
session.connect(s_get("req"))
session.fuzz()

Operator Flow (Recommended)

Define protocol requests as Request + Block + primitives.
Build realistic session graph via session.connect(...).
Add monitors (process/network/callback) before scaling testcases.
Enable logs and reproduce individual failing testcases from run DB.
Iterate on protocol model quality (field sizes, delimiters, checksums, dependencies).

Best Use Cases

Custom/legacy network protocols.
Stateful handshake + multi-step message flows.
Harnesses requiring explicit restart/monitor logic.

Practical Tricks

Use post_test_case_callbacks for protocol-aware checks instead of only crash/no-crash signals.
Use ProtocolSessionReference when later messages need dynamic data extracted from prior responses.
Keep a strict separation between:
- transport connection behavior,
- protocol message modeling,
- health/monitoring logic.
Prefer deterministic target reset routines in monitor hooks.

Common Pitfalls

Blind mutation of raw bytes without block/field modeling wastes boofuzz strengths.
No monitor/restart chain -> flaky crash attribution.
Overly broad callback side effects -> non-deterministic failures.

Logging & Triage

Use text/CSV/curses loggers via FuzzLogger multiplexer for both operator visibility and artifacts.
Persist each run DB (boofuzz-results/run-*.db) and reopen for post-campaign review.
Keep concise crash synopsis in monitor implementations (get_crash_synopsis).

Resources

https://github.com/jtpereyda/boofuzz
https://boofuzz.readthedocs.io/
https://boofuzz.readthedocs.io/en/stable/user/quickstart.html
https://boofuzz.readthedocs.io/en/stable/user/monitors.html
https://boofuzz.readthedocs.io/en/stable/user/protocol-definition.html

Related Skills

aeondave/vibe-audit-technique

development

VerifiedTrustedCommunity

White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).

4SKILL.mdUpdated Jun 12, 2026

aeondave/vibe-audit-technique

aeondave/source-review-technique

development

VerifiedTrustedCommunity

Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.

4SKILL.mdUpdated Jun 12, 2026

aeondave/source-review-technique

aeondave/hardware-technique

development

VerifiedTrustedCommunity

Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.

4SKILL.mdUpdated Jun 12, 2026

aeondave/hardware-technique

aeondave/container-technique

devops

VerifiedTrustedCommunity

Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.

4SKILL.mdUpdated Jun 12, 2026

aeondave/container-technique

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aeondave/malskill.git

# Copy into Claude Code skills folder (global)
cp -r malskill/offensive-tools/fuzzing/boofuzz ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aeondave/malskill

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT