Netzob documentation

Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be used to simulate realistic and controllable trafic.

The main features of Netzob are:

Vocabulary Inference
Netzob includes a complete model to represents the message format of a protocol (aka its vocabulary). Using specific algorithms, it allows to learn it from provided traces.
Grammar Inference
The state machine of a protocol (aka its grammar) defines the valid sequences of exchanged messages. Netzob allows to learn it semi-automaticaly using specific algorithms.
Protocol simulation
To support the inferring process, a dynamic analysis is perfomed based on simulated actors. These can initiate and take part in a complex communication following the infered protocol.

Contact information

Mailing list:Two lists are available, use the SYMPA web interface to register.
IRC:You can hang-out with us on Freenode’s IRC channel #netzob @
Wiki:Discuss strategy on Netzob’s wiki
Twitter:Follow Netzob’s official accounts (@Netzob)

Netzob Overview

Netzob has been initiated by security auditors of AMOSSYS and the CIDre research team of Supélec to address the reverse engineering of communication protocols. A detailed overview of the project is available here.


Get started with Netzob
The goal of this tutorial is to present the usage of each main component of Netzob (inference of message format, construction of the state machine and generation of traffic) through an undocumented protocol.
Auto-generation of Peach pit files/fuzzers
This tutorial shows how to take advantage of the Peach exporter plugin provided in Netzob to automatically generate Peach pit configuration files, thus allowing to do smart fuzzing on undocumented protocols.
Auto-generation of Wireshark dissectors
This tutorial shows how to leverage Netzob’ format message inference in order to automatically generate Wireshark dissectors for proprietary or undocumented protocols.