A professional-grade DICOM fuzzing tool for healthcare security testing
Project description
DICOM Fuzzer
A security testing tool for fuzzing DICOM medical imaging implementations.
Overview
DICOM Fuzzer identifies vulnerabilities in medical imaging systems, PACS servers, and medical device software through mutation-based fuzzing.
Features:
- Mutation-based fuzzing of DICOM metadata, headers, and pixel data
- Directory input with recursive scanning for batch fuzzing
- Synthetic DICOM generation (no PHI concerns)
- GUI application testing mode for DICOM viewers
- Coverage-guided fuzzing with code coverage tracking
- Crash intelligence with automated triage, minimization, and stability tracking
- 3D series fuzzing for CT/MRI multi-slice data
- Production stability with resource management and error recovery
Installation
pip install dicom-fuzzer
Or from source:
git clone https://github.com/Dashtid/dicom-fuzzer.git
cd dicom-fuzzer
pip install -e .
Quick Start
Command Line
# Generate 100 fuzzed files from a single DICOM
dicom-fuzzer input.dcm -c 100 -o ./output
# Fuzz all files in a directory
dicom-fuzzer ./dicom_folder/ -c 10 -o ./output
# Recursive directory scan
dicom-fuzzer ./data/ --recursive -c 5 -o ./output
# Test a DICOM viewer
dicom-fuzzer input.dcm -c 500 -t ./viewer.exe --stop-on-crash
# Test GUI applications (viewers that don't exit)
dicom-fuzzer input.dcm -c 20 -t ./Affinity.exe --gui-mode --timeout 5
Generate Synthetic Test Data
# Generate 10 synthetic CT images (no PHI)
dicom-fuzzer samples --generate -c 10 -m CT -o ./samples
# Generate a series of 20 MR slices
dicom-fuzzer samples --generate --series -c 20 -m MR -o ./samples
# List public DICOM sample sources
dicom-fuzzer samples --list-sources
Python API
from dicom_fuzzer.core.mutator import DicomMutator
import pydicom
dataset = pydicom.dcmread("sample.dcm")
mutator = DicomMutator()
for i in range(100):
fuzzed = mutator.apply_mutations(dataset, num_mutations=5)
fuzzed.save_as(f"output/fuzzed_{i:04d}.dcm")
Documentation
Safety
This tool is for authorized security testing only.
- Only test systems you own or have permission to test
- Use anonymized or synthetic test data
- Comply with HIPAA, GDPR, and applicable regulations
- See SECURITY.md for vulnerability reporting
Contributing
See CONTRIBUTING.md for development setup and guidelines.
License
MIT License - see LICENSE.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dicom_fuzzer-1.3.0.tar.gz.
File metadata
- Download URL: dicom_fuzzer-1.3.0.tar.gz
- Upload date:
- Size: 1.0 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6adebc348f2f2abcb9f099569027682219f17e99d6bc36852c68fbc5f5701a96
|
|
| MD5 |
8bcb20e03a649d9034993b3db0bf6f0e
|
|
| BLAKE2b-256 |
9dff59a83a860922f277130c24c45f3bbeb7d2faa229daa83fb204d7fd1676f7
|
File details
Details for the file dicom_fuzzer-1.3.0-py3-none-any.whl.
File metadata
- Download URL: dicom_fuzzer-1.3.0-py3-none-any.whl
- Upload date:
- Size: 305.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
664c45d89a0036b05b11c11df4d74563ab8792cf9c6750343037194fb14fddd1
|
|
| MD5 |
6d2b7c643e6377753e684a4bd19d9f12
|
|
| BLAKE2b-256 |
3d64a41c1393191c64ecf59916b15566bc6b0fee570f2e4fd76e41fda0fd92fb
|
