HexHive / Fuzzan
FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
Stars: ✭ 81
Labels
Projects that are alternatives of or similar to Fuzzan
Elmyr
A utility to make Kotlin/Java tests random yet reproducible
Stars: ✭ 68 (-16.05%)
Mutual labels: fuzzing
Optee fuzzer
This repository contains the code for a fuzzing prototype for the OP-TEE system call interface using AFL.
Stars: ✭ 78 (-3.7%)
Mutual labels: fuzzing
Honeybee
An experimental high performance, fuzzing oriented Intel Processor Trace capture and analysis suite
Stars: ✭ 63 (-22.22%)
Mutual labels: fuzzing
Boofuzz
A fork and successor of the Sulley Fuzzing Framework
Stars: ✭ 1,180 (+1356.79%)
Mutual labels: fuzzing
Awesome Directed Fuzzing
A curated list of awesome directed fuzzing research papers
Stars: ✭ 77 (-4.94%)
Mutual labels: fuzzing
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+1234.57%)
Mutual labels: fuzzing
Testing Distributed Systems
Curated list of resources on testing distributed systems
Stars: ✭ 1,187 (+1365.43%)
Mutual labels: fuzzing
Afl Compiler Fuzzer
Variation of american fuzzy lop for testing compilers for C-like languages, revised by Alex Groce & collaborators to fuzz tools processing source code in C-like languages
Stars: ✭ 47 (-41.98%)
Mutual labels: fuzzing
Brundlefuzz
BrundleFuzz is a distributed fuzzer for Windows and Linux using dynamic binary instrumentation.
Stars: ✭ 78 (-3.7%)
Mutual labels: fuzzing
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+1102.47%)
Mutual labels: fuzzing
Randomjson
Provides a Kotlin/Java library to create a random json string
Stars: ✭ 70 (-13.58%)
Mutual labels: fuzzing
Archeap
ArcHeap: Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
Stars: ✭ 80 (-1.23%)
Mutual labels: fuzzing
Storm
A blackbox mutational fuzzer for detecting critical bugs in SMT solvers
Stars: ✭ 79 (-2.47%)
Mutual labels: fuzzing
Afl Patches
Patches to afl to fix bugs or add enhancements
Stars: ✭ 76 (-6.17%)
Mutual labels: fuzzing
FuZZan
The combination of a fuzzer with ASan is currently the most effective approach to find memory safety violations. However, several of ASan’s design choices conflict with fuzzer executions, increasing the runtime cost and reducing the benefit of combining fuzzing and sanitization. Thus, we propose to use FuZZan, our dynamic metadata structure switching sanitizer, instead of ASan for fuzzing. We design new metadata structures to replace ASan’s rigid shadow memory, reducing the memory management overhead while maintaining the same error detection abilities. Our dynamic metadata structure adaptively selects the most efficient metadata structure for the current fuzzing campaign without manual configuration.
Environment
- Tested on Ubuntu 19.10 64bit
Build FuZZan-enabled LLVM and AFL
- "fuzzan_autosetup.sh" script builds FuZZan-enabled LLVM and AFL
$ git clone [email protected]:HexHive/FuZZan.git
$ cd FuZZan
$ ./fuzzan_autosetup.sh
Build Target Fuzzing Program with FuZZan
- To use FuZZan's dynamic metadata switching mode, you need to build target programs as seven different modes
- ASan-Opt (Mode# is 2)
- FuZZan RBTree-Opt(Mode# is 3)
- FuZZan Min-shadow-Opt 1G (Mode# is 4)
- FuZZan Min-shadow-Opt 4G (Mode# is 5)
- FuZZan Min-shadow-Opt 8G (Mode# is 6)
- FuZZan Min-shadow-Opt 16G (Mode# is 7)
- FuZZan Sampling mode (Mode# is 8)
- Before building each different mode, please rebuild (run
make -j) LLVM and build the target program after resetting the "FUZZAN_MODE" environment variable with target FuZZan mode's number.
- e.g., export FUZZAN_MODE=3 (when you want to use RBTree(#3) mode)
- As an example, please refer to the real-world applications (sample/applications/build.sh) or google-fuzzer-test-suite (sample/google-fts/build.sh) build script.
Run fuzzing
To run the dynamic metadata switching mode, you need to set the environment variables below:
- MINMODE_ON : please set 1 (true), as sampling mode is based on min-shadow mode
- MIN_SCRIPT_PATH : please set libshrink path (e.g., /home/foo/FuZZan/etc/libshrink/)
- SAMPLE_PATH : sampling binary path
- RBTREE_PATH : rbtree binary path
- MINSHADOW_PATH : minshadow (1G) binary path
- MINSHADOW_PATH_4G : minshadow (4G) binary path
- MINSHADOW_PATH_8G : minshadow (8G) binary path
- MINSHADOW_PATH_16G : minshadow (16G) binary path
- ASAN_PATH : asan binary path
- SHM_STR : string to create unique shard-memory key
- SHM_INT : int to create unique shard-memory key
- CHECK_NUM : the number of sampling mode iterations (default: 1)
- As an example, please refer to the real-world application (sample/applications/run.sh) script or google-fuzzer-test-suite (sample/google-fts/base_template/fts-asan/build.sh) script.
Example
Test binutils (c++filt, nm, objdump, and size), libpng (pngfix), tcpdump, and file
See the example application README
Test Google fuzzer test suite
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].