SoftSec-KAIST / Imf
Licence: mit
Inferred Model-based Fuzzer
Stars: ✭ 85
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Imf
Syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+4418.82%)
Mutual labels: fuzzer
Funfuzz
A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine.
Stars: ✭ 559 (+557.65%)
Mutual labels: fuzzer
Afl Utils
Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization
Stars: ✭ 383 (+350.59%)
Mutual labels: fuzzer
Fuzzapi
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
Stars: ✭ 521 (+512.94%)
Mutual labels: fuzzer
Afl Patches
Patches to afl to fix bugs or add enhancements
Stars: ✭ 76 (-10.59%)
Mutual labels: fuzzer
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+943.53%)
Mutual labels: fuzzer
Prjxray
Documenting the Xilinx 7-series bit-stream format.
Stars: ✭ 491 (+477.65%)
Mutual labels: fuzzer
Angora
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Stars: ✭ 669 (+687.06%)
Mutual labels: fuzzer
Vmmfuzzer
A hypervisor or virtual machine monitor (VMM) fuzzer.
Stars: ✭ 83 (-2.35%)
Mutual labels: fuzzer
IMF: Inferred Model-based Fuzzer
IMF is a kernel API fuzzer that leverages an automated API model inferrence techinque proposed in our paper at CCS. IMF currently only supports macOS. To see how to configure and run IMF, see the followings.
Setup
Requirements
- python2.7
- pypy
- clang
How to run
- Generate hooking library for APIs
$ ./gen-hook [output(hooking code) path]
$ clang -Wall -dynamiclib -framework IOKit -framework CoreFoundation -arch i386\
-arch x86_64 hook.c -o hook
- Collect logs
$ DYLD_INSERT_LIBRARIES=[hooking library path] [program path] [program args]
- Filter logs
$ ./filter-log [log dir] [output dir] [# of output(filtered log)] [# of core]
- Infer a model and generate a fuzzer.
$ ./gen-fuzz [filtered logs path] [output(fuzzer code) path] [# of core]
- Compile the fuzzer
$ clang -framework IOKit -framework CoreFoundation -arch i386 fuzz.c -o fuzz
- Run the fuzzer
$ ./fuzz -f [log path] -s [seed] -b [bitlen] -r [rate] -l [# of max loops]
- You may want to run the generated fuzzer within a while loop.
CVEs
- CVE-2017-7159
Authors
This research project has been conducted by SoftSec Lab at KAIST.
Citing IMF
To cite our paper (pdf):
@INPROCEEDINGS{han:ccs2017,
author = {HyungSeok Han and Sang Kil Cha},
title = {Inferred Model-based Fuzzing},
booktitle = {Proceedings of the ACM Conference on Computer and Communications Security},
year = {2017},
pages = {2345--2358}
}
Acknowledgement
The work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT).
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].