julieeen / Kleefl
Licence: mit
Seeding fuzzers with symbolic execution
Stars: ✭ 172
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Kleefl
Crosshair
An analysis tool for Python that blurs the line between testing and type systems.
Stars: ✭ 586 (+240.7%)
Mutual labels: symbolic-execution, fuzzing
Kirenenko
Super Fast Concolic Execution Engine based on Source Code Taint Tracing
Stars: ✭ 84 (-51.16%)
Mutual labels: symbolic-execution, fuzzing
Deepstate
A unit test-like interface for fuzzing and symbolic execution
Stars: ✭ 603 (+250.58%)
Mutual labels: symbolic-execution, fuzzing
crusher
No description or website provided.
Stars: ✭ 21 (-87.79%)
Mutual labels: symbolic-execution, fuzzing
Angora
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Stars: ✭ 669 (+288.95%)
Mutual labels: symbolic-execution, fuzzing
Snodge
Randomly mutate JSON, XML, HTML forms, text and binary data for fuzz testing
Stars: ✭ 121 (-29.65%)
Mutual labels: fuzzing
Cfb
Canadian Furious Beaver is a tool for hijacking IRPs handler in Windows drivers, and facilitating the process of analyzing Windows drivers for vulnerabilities
Stars: ✭ 146 (-15.12%)
Mutual labels: fuzzing
Rest Api Fuzz Testing
REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows
Stars: ✭ 119 (-30.81%)
Mutual labels: fuzzing
Fuzzing Survey
The Art, Science, and Engineering of Fuzzing: A Survey
Stars: ✭ 116 (-32.56%)
Mutual labels: fuzzing
Fuddly
Fuzzing and Data Manipulation Framework (for GNU/Linux)
Stars: ✭ 156 (-9.3%)
Mutual labels: fuzzing
Janus
Janus: a state-of-the-art file system fuzzer on Linux
Stars: ✭ 139 (-19.19%)
Mutual labels: fuzzing
Mythril
Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
Stars: ✭ 1,968 (+1044.19%)
Mutual labels: symbolic-execution
Triton
Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings.
Stars: ✭ 1,934 (+1024.42%)
Mutual labels: symbolic-execution
Aflplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Stars: ✭ 2,319 (+1248.26%)
Mutual labels: fuzzing
Formatfuzzer
FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs.
Stars: ✭ 117 (-31.98%)
Mutual labels: fuzzing
Sys
Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code
Stars: ✭ 149 (-13.37%)
Mutual labels: symbolic-execution
KleeFL - Seeding Fuzzers With Symbolic Execution
HowTo ...
Prepare dependencies or simply grab the provisioned vagrant box
http://bit.ly/download_kleefl_box
Vagrant box
- Download the package.box file.
- Install vagrant (if not already installed)
sudo apt-get install vagrant
- Add the package.box file to vagrant
vagrant box add kleefl package.box
- Initialize the vagrant box (kleefl)
vagrant init kleefl
- Bring the box up
vagrant up
- SSH to the box
vagrant ssh
Setup a project structure like this:
mkdir project_xyz
cd project_xyz
python /vagrant/tools/kleefl_init -- sets up two directories called 'klee' and 'fuzz' in your root project directory
Select your source code, e.g.:
cp -r /vagrant/example source
Build source using wllvm & afl-clang
cd source
/vagrant/tools/kleefl_build_make make
Choose & set up a target binary for evaluation
./kleefl_pick target_binary_name
Generate the test cases for AFL (KLEE symbolic execution)
The previous script will add a file called app.bc within the klee directory.
Change into the klee folder and run:
./run_klee.sh
Prepare klee's findings for afl-fuzz
python /vagrant/tools/kleefl_prepare_afl
Finally: Fuzz, fuzz, fuzz!
../fuzz/run_afl.sh
Analyze findings
./kleefl_crash_inspector fuzz/out
(fuzz/out is the afl sync dir, report saved by default in vagrant shared dir /vagrant/crash_report/)
Analyze coverage & generate report
python kleefl_cov_inspector {make, binary fuzz/sync_dir}
zcov genhtml coverage.zcov cov_report
project report or check out our beautiful USENIX poster
Further details can found in theNote that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].