GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → AngoraFuzzer → Angora

AngoraFuzzer / Angora

Licence: apache-2.0
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

Labels

securityfuzzingfuzzersymbolic-execution

Projects that are alternatives of or similar to Angora

Deepstate
A unit test-like interface for fuzzing and symbolic execution
Stars: ✭ 603 (-9.87%)
Mutual labels:  symbolic-execution, fuzzing
crusher
No description or website provided.
Stars: ✭ 21 (-96.86%)
Mutual labels:  symbolic-execution, fuzzing
fuzza
Customizable TCP fuzzing tool to test for remote buffer overflows.
Stars: ✭ 29 (-95.67%)
Mutual labels:  fuzzing, fuzzer
afl-pin
run AFL with pintool
Stars: ✭ 64 (-90.43%)
Mutual labels:  fuzzing, fuzzer
Jsfuzz
coverage guided fuzz testing for javascript
Stars: ✭ 532 (-20.48%)
Mutual labels:  fuzzing, fuzzer
nozaki
HTTP fuzzer engine security oriented
Stars: ✭ 37 (-94.47%)
Mutual labels:  fuzzing, fuzzer
Kirenenko
Super Fast Concolic Execution Engine based on Source Code Taint Tracing
Stars: ✭ 84 (-87.44%)
Mutual labels:  symbolic-execution, fuzzing
HITB2020 FSFUZZER
My Material for the HITB presentation
Stars: ✭ 33 (-95.07%)
Mutual labels:  fuzzing, fuzzer
Crosshair
An analysis tool for Python that blurs the line between testing and type systems.
Stars: ✭ 586 (-12.41%)
Mutual labels:  symbolic-execution, fuzzing
Syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+474.14%)
Mutual labels:  fuzzing, fuzzer
unicorn-fuzzer
expansion of afl-unicorn using c++
Stars: ✭ 25 (-96.26%)
Mutual labels:  fuzzing, fuzzer
Afl Utils
Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization
Stars: ✭ 383 (-42.75%)
Mutual labels:  fuzzing, fuzzer
IEC61850-MMS-Fuzzer
Mutation Based Fuzzer for IEC61850 Server IED'S
Stars: ✭ 20 (-97.01%)
Mutual labels:  fuzzing, fuzzer
doona
Network based protocol fuzzer
Stars: ✭ 64 (-90.43%)
Mutual labels:  fuzzing, fuzzer
afl-dynamorio
run AFL with dynamorio
Stars: ✭ 32 (-95.22%)
Mutual labels:  fuzzing, fuzzer
fuzzuf
Fuzzing Unification Framework
Stars: ✭ 263 (-60.69%)
Mutual labels:  fuzzing, fuzzer
ras-fuzzer
RAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (-93.72%)
Mutual labels:  fuzzing, fuzzer
RTSPhuzz
RTSPhuzz - An RTSP Fuzzer written using the Boofuzz framework
Stars: ✭ 33 (-95.07%)
Mutual labels:  fuzzing, fuzzer
Fuzzdicts
Web Pentesting Fuzz 字典,一个就够了。
Stars: ✭ 4,013 (+499.85%)
Mutual labels:  fuzzing, fuzzer
Pyjfuzz
PyJFuzz - Python JSON Fuzzer
Stars: ✭ 342 (-48.88%)
Mutual labels:  fuzzing, fuzzer
View All Similar Projects ➔

Angora

License Build Status

Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

Published Work

Arxiv: Angora: Efficient Fuzzing by Principled Search, S&P 2018.

Building Angora

Build Requirements

  • Linux-amd64 (Tested on Ubuntu 16.04/18.04 and Debian Buster)
  • Rust stable (>= 1.31), can be obtained using rustup
  • LLVM 4.0.0 - 7.1.0 : run PREFIX=/path-to-install ./build/install_llvm.sh.

Environment Variables

Append the following entries in the shell configuration file (~/.bashrc, ~/.zshrc).

export PATH=/path-to-clang/bin:$PATH
export LD_LIBRARY_PATH=/path-to-clang/lib:$LD_LIBRARY_PATH

Fuzzer Compilation

The build script will resolve most dependencies and setup the runtime environment.

./build/build.sh

System Configuration

As with AFL, system core dumps must be disabled.

echo core | sudo tee /proc/sys/kernel/core_pattern

Test

Test if Angora is builded successfully.

cd /path-to-angora/tests
./test.sh mini

Running Angora

Build Target Program

Angora compiles the program into two separate binaries, each with their respective instrumentation. Using autoconf programs as an example, here are the steps required.

# Use the instrumenting compilers
CC=/path/to/angora/bin/angora-clang \
CXX=/path/to/angora/bin/angora-clang++ \
LD=/path/to/angora/bin/angora-clang \
PREFIX=/path/to/target/directory \
./configure --disable-shared

# Build with taint tracking support 
USE_TRACK=1 make -j
make install

# Save the compiled target binary into a new directory
# and rename it with .taint postfix, such as uniq.taint

# Build with light instrumentation support
make clean
USE_FAST=1 make -j
make install

# Save the compiled binary into the directory previously
# created and rename it with .fast postfix, such as uniq.fast

If you fail to build by this approach, try wllvm and gllvm described in Build a target program.

Also, we have implemented taint analysis with libdft64 instead of DFSan (Use libdft64 for taint tracking).

Fuzzing

./angora_fuzzer -i input -o output -t path/to/taint/program -- path/to/fast/program [argv]

For more information, please refer to the documentation under the docs/ directory.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].