GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ChengyuSong → Kirenenko

ChengyuSong / Kirenenko

Licence: Apache-2.0 License
Super Fast Concolic Execution Engine based on Source Code Taint Tracing

Programming Languages

C++
36643 projects - #6 most used programming language
c
50402 projects - #5 most used programming language
assembly
5116 projects
CMake
9771 projects
python
139335 projects - #7 most used programming language
shell
77523 projects

Labels

securitysymbolic-executionfuzzing

Projects that are alternatives of or similar to Kirenenko

Deepstate
A unit test-like interface for fuzzing and symbolic execution
Stars: ✭ 603 (+617.86%)
Mutual labels:  symbolic-execution, fuzzing
crusher
No description or website provided.
Stars: ✭ 21 (-75%)
Mutual labels:  symbolic-execution, fuzzing
Angora
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Stars: ✭ 669 (+696.43%)
Mutual labels:  symbolic-execution, fuzzing
Crosshair
An analysis tool for Python that blurs the line between testing and type systems.
Stars: ✭ 586 (+597.62%)
Mutual labels:  symbolic-execution, fuzzing
Kleefl
Seeding fuzzers with symbolic execution
Stars: ✭ 172 (+104.76%)
Mutual labels:  symbolic-execution, fuzzing
doona
Network based protocol fuzzer
Stars: ✭ 64 (-23.81%)
Mutual labels:  fuzzing
binary-decompilation
Extracting high level semantic information from binary code
Stars: ✭ 55 (-34.52%)
Mutual labels:  symbolic-execution
Fragscapy
Fragscapy is a command-line tool to fuzz network protocols by automating the modification of outgoing network packets. It can run multiple successive tests to determine which options can be used to evade firewalls and IDS.
Stars: ✭ 52 (-38.1%)
Mutual labels:  fuzzing
symbooglix
Symbolic Execution Engine for Boogie
Stars: ✭ 24 (-71.43%)
Mutual labels:  symbolic-execution
healer
Kernel fuzzer inspired by Syzkaller.
Stars: ✭ 194 (+130.95%)
Mutual labels:  fuzzing
sandsifter
The x86 processor fuzzer
Stars: ✭ 21 (-75%)
Mutual labels:  fuzzing
AEGPaper
Automatic Exploit Generation Paper
Stars: ✭ 30 (-64.29%)
Mutual labels:  fuzzing
lagopus
Distributed fuzzing platform
Stars: ✭ 28 (-66.67%)
Mutual labels:  fuzzing
dizzy-legacy
Network and USB protocol fuzzing toolkit.
Stars: ✭ 35 (-58.33%)
Mutual labels:  fuzzing
TRACER
TRACER Symbolic Execution Tool
Stars: ✭ 23 (-72.62%)
Mutual labels:  symbolic-execution
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+503.57%)
Mutual labels:  fuzzing
nozaki
HTTP fuzzer engine security oriented
Stars: ✭ 37 (-55.95%)
Mutual labels:  fuzzing
evine
Interactive CLI Web Crawler
Stars: ✭ 140 (+66.67%)
Mutual labels:  fuzzing
katnip
Extension library for the Kitty fuzzing framework
Stars: ✭ 73 (-13.1%)
Mutual labels:  fuzzing
LuckyCAT
A distributed fuzzing management framework
Stars: ✭ 55 (-34.52%)
Mutual labels:  fuzzing
View All Similar Projects ➔

Kirenenko

License

STILL IN DEVELOPMENT

I'm really bad at naming so we probably will change it. I don't have much time to code so progress will slowdown.

Building

Build Requirements

  • Linux-amd64 (Tested on Ubuntu 18.04)
  • LLVM 4.0.0 - 7.1.0 : run sudo apt install clang or PREFIX=/path-to-install ./build/install_llvm.sh.

Environment Variables

If installed from source, append the following entries in the shell configuration file (~/.bashrc, ~/.zshrc).

export PATH=/path-to-clang/bin:$PATH
export LD_LIBRARY_PATH=/path-to-clang/lib:$LD_LIBRARY_PATH

Compilation

The build script will resolve most dependencies and setup the runtime environment.

./build/build.sh

System Configuration

As with AFL, system core dumps must be disabled.

echo core | sudo tee /proc/sys/kernel/core_pattern

Test

Running test from Angora

cd /path-to-angora/tests/mini
../../bin/ko-clang mini.c -o mini.taint
python -c "print('A'*20)" > i
TAINT_OPTIONS="taint_file=i" ./mini.taint i
./mini.taint id-0-0-0

It doesn't support input growth yet so we need to use a large enough seed input. It also lacks a driver yet, so we need to manually run the newly generated test case(s).

Currently I've tested with bitflip, call_fn, call_fn2, call_fn3, cf1, context, gep, gep2, if_eq, infer_type, memcmp, mini, pointer, shift_and, sign, strcmp, strcmp2, switch and switch2.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].