GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → moshekaplan → FuzzImageMagick

moshekaplan / FuzzImageMagick

Licence: other
Sample files for fuzzing ImageMagick

Programming Languages

python
139335 projects - #7 most used programming language

Labels

imagemagickfuzzingaflfuzz

Projects that are alternatives of or similar to FuzzImageMagick

Aflplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Stars: ✭ 2,319 (+15360%)
Mutual labels:  fuzzing, afl
afl-pin
run AFL with pintool
Stars: ✭ 64 (+326.67%)
Mutual labels:  fuzzing, afl
Winafl
A fork of AFL for fuzzing Windows binaries
Stars: ✭ 1,826 (+12073.33%)
Mutual labels:  fuzzing, afl
afl-cygwin
AFL "mostly" ported to cygwin
Stars: ✭ 24 (+60%)
Mutual labels:  fuzzing, afl
afl-dynamorio
run AFL with dynamorio
Stars: ✭ 32 (+113.33%)
Mutual labels:  fuzzing, afl
fuzzing
Easy fuzzing with go-fuzz
Stars: ✭ 15 (+0%)
Mutual labels:  fuzzing, fuzz
LibAFL
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
Stars: ✭ 1,348 (+8886.67%)
Mutual labels:  fuzzing, afl
Intruderpayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
Stars: ✭ 2,779 (+18426.67%)
Mutual labels:  fuzzing, fuzz
StochFuzz
Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
Stars: ✭ 165 (+1000%)
Mutual labels:  fuzzing, afl
AndroidFuzz
JavaFuzz 4 Android
Stars: ✭ 27 (+80%)
Mutual labels:  fuzzing, fuzz
fuzzing
🐰 Tool set for fuzz and stress testing your functions!
Stars: ✭ 22 (+46.67%)
Mutual labels:  fuzzing, fuzz
unicorn-fuzzer
expansion of afl-unicorn using c++
Stars: ✭ 25 (+66.67%)
Mutual labels:  fuzzing, fuzz
fuzzuf
Fuzzing Unification Framework
Stars: ✭ 263 (+1653.33%)
Mutual labels:  fuzzing, afl
UltimateCMSWordlists
📚 An ultimate collection wordlists of the best-known CMS
Stars: ✭ 54 (+260%)
Mutual labels:  fuzzing, fuzz
Grammar-Mutator
A grammar-based custom mutator for AFL++
Stars: ✭ 133 (+786.67%)
Mutual labels:  fuzzing, afl
afl-dyninst
American Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries
Stars: ✭ 65 (+333.33%)
Mutual labels:  fuzzing, afl
kbdysch
A collection of user-space Linux kernel specific guided fuzzers based on LKL
Stars: ✭ 62 (+313.33%)
Mutual labels:  fuzzing, afl
e9afl
AFL binary instrumentation
Stars: ✭ 234 (+1460%)
Mutual labels:  fuzzing, afl
PersonalStuff
This is a repo is to upload files done during my research.
Stars: ✭ 94 (+526.67%)
Mutual labels:  fuzzing
foundry
Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
Stars: ✭ 4,623 (+30720%)
Mutual labels:  fuzzing
View All Similar Projects ➔

FuzzImageMagick

Full setup for fuzzing ImageMagick. Currently (2016-02-07) covers over 30% of the codebase.

1. Download ImageMagick

git clone https://github.com/ImageMagick/ImageMagick.git --depth 1

2. Build ImageMagick

Vanilla Build:

CC=afl-clang-fast CXX=afl-clang-fast++ ./configure && make

Minimize Shared libraries + AFL_HARDEN

AFL_HARDEN=1 CC=afl-clang-fast CXX=afl-clang-fast++ ./configure --with-bzlib=no --with-djvu=no --with-dps=no --with-fftw=no --with-fpx=no --with-fontconfig=no --with-freetype=no --with-gvc=no --with-jbig=no --with-jpeg=no --with-lcms=no --with-lqr=no --with-lzma=no --with-openexr=no --with-openjp2=no --with-pango=no --with-png=no --with-tiff=no --with-raqm=no --with-webp=no --with-wmf=no --with-x=no --with-xml=no --with-zlib=no --enable-hdri=no --enable-shared=no && AFL_HARDEN=1 make

3. Fuzz with AFL

afl-fuzz -m none -i "samples" -o "imagemagick_fuzz_results" magick @@ /dev/null

Additional Notes:

Cleaning temporary files

ImageMagick creates temporary files while running. If ImageMagick crashes, the temporary files are not cleaned up. To prevent the fuzzing machine's hard disk from filling up, you can create a cron job to run rm /tmp/magick-* every hour. For more discussion about this issue, see this bug report.

Limiting number of threads

http://www.imagemagick.org/discourse-server/viewtopic.php?t=20756#p83480

Via arguments: -limit thread 1 , via env vars: MAGICK_THREAD_LIMIT=1

Avoid Fuzzing Delegates

Remove all delegates from: config/delegates.xml.in before running ./configure

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].