Technically speaking, SPIKE is actually a fuzzer creation kit, providing an API that allows a user to create their own fuzzers for network based protocols using the C programming language. SPIKE defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service to hopefully induce errors. SPIKE was specifically designed to focus on finding exploitable bugs, so it’s an excellent choice for our purposes.

There are also a number of papers and presentations available on SPIKE, with one of the most interesting being an older presentation from SPIKE author “Daily” Dave Aitel. (This presentation is available here While the presentation is rather lacking in detailed examples, it does outline a lot of the things that make SPIKE such a great fuzzer to use for discovering software vulnerabilities. Let’s discuss some of these features, and see how they might be useful to us.