The PASTIS project is a fuzzing framework aiming at combining various software testing techniques within the same workflow to perform collaborative fuzzing also called ensemble fuzzing. At the moment it supports the following fuzzing engines:
- Honggfuzz (greybox fuzzer)
- AFL++ (greybox fuzzer)
- TritonDSE (whitebox fuzzer)
Overview
Note
The video highlight the use-case driven by SAST alerts. However, the
main use-case the standard fuzzing for coverage or bug research.
Quick start
Installation
The PASTIS framework can be installed with:
pip install pastis-frameworkThe pip package will install all dependencies and the tritondse engine.
AFL++
To install AFL++ please refer to the official documentation.
Honggfuzz
Honggfuzz requires a specific build with a patch applied it can be compiled by applying the following steps:
sudo apt-get install binutils-dev libunwind-dev libblocksruntime-dev clang
git clone https://github.com/quarkslab/pastis.git
cd pastis/engines/pastis-honggfuzz/patches
./make_hf.sh
echo "export HFUZZ_PATH=$PWD/honggfuzz-5a504b49" >> ~/.profileUsage
The main component is the broker that will serve the appropriate configurations to fuzzing
engines and that will aggregate results. An example is the following:
tar xvf doc/figs/fsm-demo.tar.gz && cd fsm-demo
make
pastis-broker -b bin -s initial -w outputIt will run the broker using binaries in the bin directory. Initial corpus is initial and the whole output workspace will be save in output. By default it will listen on the local interface on port 5555.
Then fuzzing engines can be launched to start testing the software.
pastis-aflpp online
Or:
pastis-triton online
Full documentation is available: here
Adding a Fuzzer
Integrating a fuzzer requires writing a Python driver using the libpasts library
installed by the package. It requires implementing some callbacks to receive the initial
configuration and also to receive inputs from the broker. Conversely the API enables
sending newly generated inputs to the broker.
The process is further detailed in the documentation.
Note
We warmly welcome any Pull Request to add the support for a new fuzzing engine.
Docker
You can also run PASTIS using Docker:
docker pull ubuntu:22.04
docker build -t pastis-docker .
docker run -v <HOST-WORKSPACE>:/workspace --cap-add=SYS_PTRACE --user $(id -u $USER):$(id -g $USER) -it pastis-dockerTo open another terminal to an already running container:
docker exec -it $(docker ps | grep 'pastis-docker' | awk '{print $1}') /bin/bashThe PASTIS Docker image has already installed all the needed dependencies such as AFL++ and Honggfuzz.
Papers and conference
-
Symbolic Execution the Swiss-Knife of the Reverse Engineer Toolbox
Venue: KLEE Workshop, 2022 [📚 ] [🎥]
Authors: Robin David, Richard Abou Chaaya, Christian Heitman -
From source code to crash test-case through software testing automation
Venue: European Cyber Week, C&ESAR Workshop, 2021 paper slides
Authors: Robin David, Jonathan Salwan, Justin Bourroux
Cite Pastis
soonContributors
Pastis is powered by Quarkslab and initially financed by DGA-MI.