• Stars
    star
    148
  • Rank 249,983 (Top 5 %)
  • Language
    Python
  • License
    BSD 2-Clause "Sim...
  • Created over 5 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The new phuzzing framework!

Phuzzer

This module provides a Python wrapper for interacting with fuzzers, such as AFL (American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/). It supports starting an AFL instance, adding slave workers, injecting and retrieving testcases, and checking various performance metrics. It is based on the module that Shellphish used in Mechanical Phish (our CRS for the Cyber Grand Challenge) to interact with AFL.

Installation

/!\ We recommend installing our Python packages in a Python virtual environment. That is how we do it, and you'll likely run into problems if you do it otherwise.

The fuzzer has some dependencies. First, here's a probably-incomplete list of debian packages that might be useful:

sudo apt-get install build-essential gcc-multilib libtool automake autoconf bison debootstrap debian-archive-keyring libtool-bin
sudo apt-get build-dep qemu

Then, the fuzzer also depends on a few modules: shellphish-afl, driller and tracer.

pip install git+https://github.com/shellphish/shellphish-afl
pip install git+https://github.com/shellphish/driller
pip install git+https://github.com/angr/tracer

That'll pull a ton of other stuff, compile qemu about 4 times, and set everything up. Then, install this fuzzer wrapper:

pip install git+https://github.com/angr/phuzzer

Usage

There are two ways of using this package. The easy way is to use the shellphuzz script, which allows you to specify various options, enable driller, etc. The script has explanations about its usage with --help.

A quick example:

# fuzz with 4 AFL cores
python -m phuzzer -i -c 4 /path/to/binary

# perform symbolic-assisted fuzzing with 4 AFL cores and 2 symbolic tracing (drilling) cores.
python -m phuzzer -i -c 4 -d 2 /path/to/binary

You can also use it programmatically, but we have no documentation for that. For now, import fuzzer or look at the shellphuz script and figure it out ;-)

More Repositories

1

angr

A powerful and user-friendly binary analysis platform!
Python
7,537
star
2

angr-management

The official angr GUI.
Python
892
star
3

angr-doc

Documentation for the angr suite
TeX
837
star
4

rex

Shellphish's automated exploitation engine, originally created for the Cyber Grand Challenge.
Python
634
star
5

angrop

Python
597
star
6

cle

CLE Loads Everything (at least, many binary formats!)
Python
412
star
7

pyvex

Python bindings for Valgrind's VEX IR.
Python
337
star
8

claripy

An abstraction layer for constraint solvers.
Python
286
star
9

patcherex

Shellphish's automated patching engine, originally created for the Cyber Grand Challenge.
Python
249
star
10

heaphopper

HeapHopper is a bounded model checking framework for Heap-implementations
Python
212
star
11

pypcode

Python bindings to Ghidra's SLEIGH library for disassembly and lifting to P-Code IR
C++
179
star
12

angr-dev

Some helper scripts to set up an environment for angr development.
Shell
115
star
13

vex

A patched version of VEX to work with PyVEX.
C
105
star
14

tracer

Utilities for generating dynamic traces
Python
88
star
15

archinfo

Classes with architecture-specific information useful to other projects.
Python
85
star
16

simuvex

[DEPRECATED] A symbolic execution engine for the VEX IR
Python
79
star
17

archr

Target-centric program analysis.
Python
72
star
18

angr-platforms

A collection of extensions to angr to handle new platforms
Python
66
star
19

binaries

A repository with binaries for angr tests and examples.
C
56
star
20

acsac-course

Python
47
star
21

fidget

A tool to add simple inline patches to a binary to rearrange its stack frames, and other things!
Python
45
star
22

pysoot

Python bindings for Shimple/Jimple IR from Soot.
Python
41
star
23

angr-targets

This repository contains the currently implemented angr concrete targets.
Python
32
star
24

ailment

AIL: The angr Intermediate Language.
Python
29
star
25

angr-examples

Example scripts using angr
Python
27
star
26

secdev-course

Python
20
star
27

identifier

[DEPRECATED] Using angr and prebuilt testcases to identify functions in statically-linked binaries.
9
star
28

wheels

Wheels for speeding up builds and helping people out.
7
star
29

angr.github.io

angry website
HTML
6
star
30

nixpkgs

angr related nixpkgs
Nix
4
star
31

flirt_signatures

4
star
32

angr.io

angr.io website source
HTML
3
star
33

syscall-agent

C
2
star
34

ci-settings

Docker image and azure templates for angr's CI
Python
2
star
35

library_docs

1
star
36

azure-runners

Docker stuff for self-hosted azure runners
Shell
1
star