olivierh59500 / afl-crash-analyzer Goto Github PK
View Code? Open in Web Editor NEWThis project forked from floyd-fuh/afl-crash-analyzer
Another crash analyzer tool for the American Fuzzy Lop (AFL) fuzzer
License: GNU General Public License v3.0
This project forked from floyd-fuh/afl-crash-analyzer
Another crash analyzer tool for the American Fuzzy Lop (AFL) fuzzer
License: GNU General Public License v3.0
afl crash analyzer: Another crash analysis and triage tool for American Fuzzy Lop (AFL) results. Goals of this project: - Simple, flexible python scripts for crash analysis, if dependencies allow it the scripts are standalone tools as well (see FileDuplicateFinder.py) - Everything file based (no database) - There is no command line argument parsing planned (except for the standalone tools), but you have to modify the main python script to your preferences Features: 1. Crash input file deduplication (on filesize + md5), renaming of duplicate names (or all files), removing README.txt files. This part is now additionally a standalone command line tool (FileDuplicateFinder.py) that can be used independently from the project 2. Running binary with each crash input file and divide the input file into folders for each signal 3. For crash input files that create signals you are interested in you can: 4. Run the binary and put stdout/stderr into a .txt file next to the crash input file 5. The same for ASAN enabled binaries to get ASAN output 6. Run the binary with gdb in batch mode and a configurable gdb script (for example including the "exploitable" gdb script). Remember: the exploitable gdb plugin lies *a lot*. 7. If you run the exploitable gdb plugin you can divide into subfolders again (EXPLOITABLE, PROBABLY_EXPLOITABLE, etc.) 8. Minimize input crashes with afl-tmin, deduplication on the results and the same procedure again as described in 4.-7. Installation: 0. Install AFL 1. Prepare your linux box, do whatever makes sense for a fuzzing machine, for example: a) sudo apt-get remove whoopsie 2. Install exploitable gdb script if you want to use it 3. Compile binaries (one plain, one ASAN, one instrumented is recommended) if you haven't already (see install.sh files in testcases folder for examples) 4. Start with reading AflCrashAnalyzer.py and configure the CrashAnalysisConfig object in there (examples included and the config has a lot of additional named arguments) 5. Start AflCrashAnalyzer.py with python 2.7 A couple of notes: - If AFL binaries are not /usr/local/bin, configure the path as a named argument to CrashAnalysisConfig - The target binary is started as: /opt/binary-instrumented args_before input-file args_after, no stdin supported at the moment (sorry for that, will do as soon as I get crashes for the first stdin target) - You might want to update the code for all your binaries to the newest developer version before compilation (even if you fuzzed on older version), so you filter out crashes that were fixed by the maintainer in the meantime. Check testcases folder (install.sh) for examples. - You *do* want to run "peruvian were rabbit" on all your crashes (I guess at least one cycle) *before* you feed it into this program. That will help you a lot to determine exploitability. - afl instrumented binary is the minimum, recommend is to also set at least one of the following binaries - target_binary_plain (non-instrumented, with symbols, no ASAN) - target_binary_asan (non-instrumented, with symbols, with ASAN) - To get line numbers for files when running gdb, use clang's ASAN and specify ASAN_SYMBOLIZER_PATH (env configuration option, see AflCrashAnalyzer.py), see https://code.google.com/p/address-sanitizer/wiki/Flags - When you configure the gdb script, DON'T add the "run" command at the beginning and the "quit" command at the end - Again: Don't fully rely on the results of the exploitable gdb plugin. It lies. - The main python file has code that shows how *I* like to run stuff, maybe you have other preferences - Just because you get minimized crash files out of this it doesn't mean you shouldn't check their original version. You might judge differently about their exploitability. Bugs and todo's: - see "TODO" in code License: - GPL version 3
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.