
Primary LanguageShellGNU General Public License v2.0GPL-2.0

Fuzzing DSL Projects for Fun and Bugs


  1. AFLplusplus


git submodule update --init --recursive
  1. AWK

  2. GAWK

  3. VIM

Experiment Workflow (TODO)

  1. Clone the project
  2. Run cluster fuzzer
  3. Collect result
  • run crashwalker
  • python utils/collect_result
  • python utils/analyze_hang
  1. Manual Analysis

Run in docker

  1. Build the Dockerfile
  2. Enter each project and run build.sh and fuzz.sh, respectively

Data Processing

  1. Collect all the distributed results

ensure dir hang_collect_{package_name}, queue_collect_{package_name} and dir crashes_collect_{package_name} has collected all the related data.

Move all the related subdirs into the corresponding result dir (e.g., {package_name}-1, {package_name}-2)

  1. Gather Data
python collect_result.py
bash gather_result.sh

Reproduce and Triage

  1. AFLPlusplus
docker run -ti --privileged --net=host -v ${SOURCE}:/src aflplusplus/aflplusplus

export CC=afl-clang-fast
sed -i "s/gcc/${CC}/g" makefile
  1. CrashWalk
apt update
apt install golang # important !!

wget https://dl.google.com/go/go1.12.1.linux-amd64.tar.gz
tar -xzf go1.12.1.linux-amd64.tar.gz -C /usr/local

mkdir /go
export GOPATH=/go
export GOROOT=/usr/local/go
export PATH=$GOROOT/bin:$PATH:/go/bin

go get -u github.com/bnagy/crashwalk/cmd/...

mkdir ~/src
git clone https://github.com/jfoote/exploitable.git ~/src/exploitable

cwtriage --root crashes_collect_dir/ -afl > triage.log
  1. GDB

Ensure the source code is compiled properly.

  1. Non Termination Analysis


Records and Progress

Google Sheet

Huntr Link