google / Clusterfuzz Tools
Licence: apache-2.0
Bugs are inevitable. Suffering is optional.
Stars: ✭ 111
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Clusterfuzz Tools
Syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+3360.36%)
Mutual labels: fuzzing, fuzzer
Jsfuzz
coverage guided fuzz testing for javascript
Stars: ✭ 532 (+379.28%)
Mutual labels: fuzzing, fuzzer
fuzza
Customizable TCP fuzzing tool to test for remote buffer overflows.
Stars: ✭ 29 (-73.87%)
Mutual labels: fuzzing, fuzzer
Afl Patches
Patches to afl to fix bugs or add enhancements
Stars: ✭ 76 (-31.53%)
Mutual labels: fuzzing, fuzzer
Dharma
Generation-based, context-free grammar fuzzer.
Stars: ✭ 416 (+274.77%)
Mutual labels: fuzzing, fuzzer
unicorn-fuzzer
expansion of afl-unicorn using c++
Stars: ✭ 25 (-77.48%)
Mutual labels: fuzzing, fuzzer
Fisy Fuzz
This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.
Stars: ✭ 110 (-0.9%)
Mutual labels: fuzzing, fuzzer
Afl Utils
Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization
Stars: ✭ 383 (+245.05%)
Mutual labels: fuzzing, fuzzer
IEC61850-MMS-Fuzzer
Mutation Based Fuzzer for IEC61850 Server IED'S
Stars: ✭ 20 (-81.98%)
Mutual labels: fuzzing, fuzzer
Angora
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Stars: ✭ 669 (+502.7%)
Mutual labels: fuzzing, fuzzer
Crlf Injection Scanner
Command line tool for testing CRLF injection on a list of domains.
Stars: ✭ 91 (-18.02%)
Mutual labels: fuzzing, fuzzer
ClusterFuzz Reproduce Tool for Chrome
This tool is deprecated in favor of the reproduce.sh script in the main clusterfuzz repository. Please follow the new instructions in each ClusterFuzz report to reproduce.
The reproduce tool helps you to reproduce a crash locally that is found by ClusterFuzz infrastructure.
Currently the reproduce tool is supported on:
-
Plaforms: Linux and Android only.
- For reproducing crashes on Windows and Mac:
- For
libFuzzer
andAFL
testcases, please use the manual instructions here. - For others, please use the testcase report page to download the testcase first and
then use the command-line and environment options provided in the
crash stacktrace
section to run the testcase against the target (e.g. chrome, content_shell, d8, etc).
- For
- For reproducing crashes on Windows and Mac:
-
Sanitizers: ASan, LSan, TSan and UBSan only.
- For reproducing crashes found with MSan:
- Follow the same manual steps cited for Windows and Mac above.
- To run the target, please use the manual instructions provided here.
- For reproducing crashes found with MSan:
Requirements
- gsutil
-
blackbox
andxdotool
; these can be installed withapt-get
.
Installation
ClusterFuzz tools is a single binary file built with Pex. Therefore, you can simply copy the binary and run it.
For Goobuntu:
- Run
prodaccess
. - Run
/google/data/ro/teams/clusterfuzz-tools/releases/clusterfuzz reproduce -h
.
For others:
- Download the latest stable version.
- Run
clusterfuzz-<version>.pex reproduce -h
.
Usage
See <binary> reproduce --help
. Run it using <binary> reproduce [testcase-id]
.
Here's the recommended workflow for fixing a bug:
- Run
<binary> reproduce [testcase-id]
. - Make a new branch and make a code change.
- Run against the code change with
<binary> reproduce [testcase-id] --current
. - If the crash doesn’t occur anymore, it means your code change fixes the crash.
Here are some other useful options:
-h, --help show this help message and exit
-c, --current Use the current tree; On the other hand, without
--current, the Chrome repository will be switched to
the commit specified in the testcase.
-b {download,chromium,standalone}, --build {download,chromium,standalone}
Select which type of build to run the testcase
against.
--disable-goma Disable GOMA when building binaries locally.
-j GOMA_THREADS, --goma-threads GOMA_THREADS
Manually specify the number of concurrent jobs for a
ninja build.
-l GOMA_LOAD, --goma-load GOMA_LOAD
Manually specify maximum load average for a ninja
build.
-i ITERATIONS, --iterations ITERATIONS
Specify the number of times to attempt reproduction.
-dx, --disable-xvfb Disable running testcases in a virtual frame buffer.
--target-args TARGET_ARGS
Additional arguments for the target (e.g. chrome).
--edit-mode Edit args.gn before building and target arguments
before running.
--skip-deps Skip installing dependencies: gclient sync, gclient
runhooks, install-build-deps.sh, and etc.
--enable-debug Build Chrome with full debug symbols by injecting
`sanitizer_keep_symbols = true` and `is_debug = true`
to args.gn. Ready to debug with GDB.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].