Giter Site home page Giter Site logo

container.aflplusplus.template's Introduction

Intro

What

This project aims to guide security researchers along the journey of squeezing out as much capability of AFL++ as possible for any engagement where fuzzing is desired.

Why

To paraphrase what a wise meme on the Internet once said...
WiseMeme

How

This project accomplishes this goal by:

  • Leveraging a good balance of AFL++'s advanced capbilities, including those that further advance AFL++'s advanced capbilities :) Examples include:
  • Providing guidance around instrumenting binaries with AFL++ "Persistence Mode" with functions such as __AFL_FUZZ_INIT(), __AFL_INIT(), && __AFL_LOOP()
  • Supports the ability to spin up a "main" fuzzer with multiple "secondaries"
  • Enabling the Creation of test cases for a given target
  • Cranking out as many mutations / second as possible
  • Aiding researchers in discovering .so files loaded via dlopen (which can be appended to AFL_PRELOAD at runtime)

Installation / Usage

  1. Clone the repo:
$ cd /opt
$ sudo git clone https://github.com/0dayInc/container.aflplusplus.template
$ sudo chown -R $USER:$USER container.aflplusplus.template
  1. Review Usage:
$ cd container.aflplusplus.template
$ ./AFLplusplus_template.sh -h
USAGE:
./AFLplusplus_template.sh
    -h                     # Display USAGE

    -T <TARGET CMD/FLAGS>  # REQUIRED
                           # TARGET CMD / FLAGS of the target binary
                           # to be fuzzed. It must reside in the
                           # TARGET prefix (i.e. /fuzz_session/TARGET)

    -m <main || secondary> # REQUIRED
                           # afl++ Mode 

    -r <src dir name>      # REQUIRED
                           # Name of the source code folder
                           # residing in ./TARGET_SRC to build

    -P                     # OPTIONAL / main MODE ONLY
                           # Preload target specific, colon delimited
                           # list of .so files to append to AFL_PRELOAD

    -c                     # OPTIONAL / main MODE ONLY
                           # Nuke contents of TARGET prefix
                           # (i.e. /fuzz_session/TARGET)
                           # which is tmpfs and LOST AFTER REBOOT
                           # OF HOST OS

    -n                     # OPTIONAL / main MODE ONLY
                           # Nuke contents of multi-sync (New afl++ Session)
                           # (i.e. /fuzz_session/AFLplusplus/multi_sync)
                           # which is tmpfs and LOST AFTER REBOOT
                           # OF HOST OS

    -t                     # OPTIONAL / main MODE ONLY
                           # Nuke contents of input (afl++ Test Cases)
                           # (i.e. /fuzz_session/AFLplusplus/input)
                           # which is tmpfs and LOST AFTER REBOOT
                           # OF HOST OS

    -D                     # OPTIONAL
                           # Enable Debugging
  1. Clone the Target Source Code Repo:
$ cd TARGET_SRC
$ git clone <TARGET_GIT_REPO>
  1. Instrument your target function(s) w/ __AFL_INIT &&__AFL_LOOP:
$ vi <TARGET_GIT_REPO>/<TARGET_SRC_FILE_TO_INSTRUMENT_W __AFL_INIT && __AFL_LOOP>
  1. Sanity check instrumentation_globals.sh && build_target.sh scripts
$ cd ..
$ vi TARGET/instrumentation_globals.sh
$ vi TARGET/build_target.sh

  1. Add your own test cases as single files in the ./TARGET/test_cases directory. From there, they'll be copied into /fuzz_session/AFLplusplus/input once fuzzing begins.

  2. Begin Fuzzing (Example Usage):

$ tmux new -s afl_main
$ ./AFLplusplus_template.sh \
  -m main \
  -r <src_folder_name> \
  -T "target_bin --flags"
  1. add another CPU core into the fuzzing mix:
$ tmux new -s afl_sec1
$ ./AFLplusplus_template.sh \
  -m secondary \
  -r <src_folder_name> \
  -T "target_bin --flags"

Happy Fuzzing!

Keep Us Caffeinated

If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:

Coffee

0x004D65726368

PWN Sticker

Coffee Mug

Mouse Pad

0day Inc.

Black Fingerprint Hoodie

container.aflplusplus.template's People

Contributors

ninp0 avatar

Watchers

avatar avatar

Forkers

ninp0

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.