If I had a pound for everytime I have said "it's all about your inputs, never trust your inputs" then I'd probably be chillin' out on some beach in Hawaii right now. But anyway...
The guys over at Krakow Labs have put together a little bit of goodness in relation to fuzzing, more importantly, application fuzzing. It's name? 4f... (you see what they did... they used the four F's and... anyway...)
How is 4f different? Well it's purpose is to find vulnerabilities in code that parses file formats including configuration files, think ./omghi2u "-c omg.conf" here.
4f uses specialised modules for fuzzing code that interprets file formats. Several modules are included and more can be written to follow other formats. A custom debugger is also thrown in which will log all the crucial goodness on a crash.
Grab it here. Read more about it here.
Usage
USAGE: ./4f <-T /usr/bin/target> <-M #> [-N fuzz.conf]
[-A ARGS] [-R /output] [-L log.txt] [-C] [-D]
INFO: [-O Fuzzing Oracle] [-S Modules Available]