GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sslab-gatech → Qsym

sslab-gatech / Qsym

Licence: other
QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

Labels

fuzzingbinary

Projects that are alternatives of or similar to Qsym

ronin-support
A support library for Ronin. Like activesupport, but for hacking!
Stars: ✭ 23 (-94.99%)
Mutual labels:  binary, fuzzing
Snodge
Randomly mutate JSON, XML, HTML forms, text and binary data for fuzz testing
Stars: ✭ 121 (-73.64%)
Mutual labels:  binary, fuzzing
Formatfuzzer
FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs.
Stars: ✭ 117 (-74.51%)
Mutual labels:  binary, fuzzing
e9afl
AFL binary instrumentation
Stars: ✭ 234 (-49.02%)
Mutual labels:  binary, fuzzing
Binjs Ref
Reference implementation for the JavaScript Binary AST format
Stars: ✭ 399 (-13.07%)
Mutual labels:  binary
Awesome Fuzzing
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.
Stars: ✭ 3,867 (+742.48%)
Mutual labels:  fuzzing
Kitty
Fuzzing framework written in python
Stars: ✭ 358 (-22%)
Mutual labels:  fuzzing
Pyjfuzz
PyJFuzz - Python JSON Fuzzer
Stars: ✭ 342 (-25.49%)
Mutual labels:  fuzzing
Nar
node.js application archive - create self-contained binary like executable applications that are ready to ship and run
Stars: ✭ 428 (-6.75%)
Mutual labels:  binary
Dharma
Generation-based, context-free grammar fuzzer.
Stars: ✭ 416 (-9.37%)
Mutual labels:  fuzzing
Grinder
Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
Stars: ✭ 393 (-14.38%)
Mutual labels:  fuzzing
Ceras
Universal binary serializer for a wide variety of scenarios https://discord.gg/FGaCX4c
Stars: ✭ 374 (-18.52%)
Mutual labels:  binary
Awesome Fuzzing
A curated list of awesome Fuzzing(or Fuzz Testing) for software security
Stars: ✭ 399 (-13.07%)
Mutual labels:  fuzzing
Binarycodable
Swift Codable-like interfaces for binary representations.
Stars: ✭ 359 (-21.79%)
Mutual labels:  binary
Frida Fuzzer
This experimetal fuzzer is meant to be used for API in-memory fuzzing.
Stars: ✭ 415 (-9.59%)
Mutual labels:  fuzzing
Vault
swiss army knife for hackers
Stars: ✭ 346 (-24.62%)
Mutual labels:  fuzzing
0day Security Software Vulnerability Analysis Technology
0day安全_软件漏洞分析技术
Stars: ✭ 393 (-14.38%)
Mutual labels:  binary
Go Fuzz
Randomized testing for Go
Stars: ✭ 4,218 (+818.95%)
Mutual labels:  fuzzing
Execa
Process execution for humans
Stars: ✭ 4,318 (+840.74%)
Mutual labels:  binary
Afl Utils
Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization
Stars: ✭ 383 (-16.56%)
Mutual labels:  fuzzing
View All Similar Projects ➔

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

Environment

  • Tested on Ubuntu 14.04 64bit and 16.04 64bit

Installation

# disable ptrace_scope for PIN
$ echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope

# install z3 and system deps
$ ./setup.sh

# install using virtual env
$ virtualenv venv
$ source venv/bin/activate
$ pip install .

Installation using Docker

# disable ptrace_scope for PIN
$ echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope

# build docker image
$ docker build -t qsym ./

# run docker image
$ docker run --cap-add=SYS_PTRACE -it qsym /bin/bash

Installation using vagrant

Since QSYM is dependent on underlying kernel because of its old PIN, we decided to provide a convenient way to install QSYM with VM. Please take a look our vagrant directory.

Run hybrid fuzzing with AFL

# require to set the following environment variables
#   AFL_ROOT: afl directory (http://lcamtuf.coredump.cx/afl/)
#   INPUT: input seed files
#   OUTPUT: output directory
#   AFL_CMDLINE: command line for a testing program for AFL (ASAN + instrumented)
#   QSYM_CMDLINE: command line for a testing program for QSYM (Non-instrumented)

# run AFL master
$ $AFL_ROOT/afl-fuzz -M afl-master -i $INPUT -o $OUTPUT -- $AFL_CMDLINE
# run AFL slave
$ $AFL_ROOT/afl-fuzz -S afl-slave -i $INPUT -o $OUTPUT -- $AFL_CMDLINE
# run QSYM
$ bin/run_qsym_afl.py -a afl-slave -o $OUTPUT -n qsym -- $QSYM_CMDLINE

Run for testing

$ cd tests
$ python build.py
$ python -m pytest -n $(nproc)

Troubleshooting

If you find that you can't get QSYM to work and you get the undefined symbol: Z3_is_seq_sort error in pin.log file, please make sure that you compile and make the target when you're in the virtualenv (env) environment. When you're out of this environment and you compile the target, QSYM can't work with the target binary and issues the mentioned error in pin.log file. This will save your time a lot to compile and make the target from env and then run QSYM on the target, then QSYM will work like a charm!

Authors

Publications

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

@inproceedings{yun:qsym,
  title        = {{QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing}},
  author       = {Insu Yun and Sangho Lee and Meng Xu and Yeongjin Jang and Taesoo Kim},
  booktitle    = {Proceedings of the 27th USENIX Security Symposium (Security)},
  month        = aug,
  year         = 2018,
  address      = {Baltimore, MD},
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].