shellphish/fuzzer shellphish/fuzzer

  • This repository has been archived on 01/May/2019
  • Stars
    star
    632
  • Rank 69,546 (Top 2 %)
  • Language
    Python
  • License
    BSD 2-Clause "Sim...
  • Created almost 8 years ago
  • Updated about 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
shellphish/fuzzer
github

shellphish

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Python interface to AFL, allowing for easy injection of testcases and other functionality.

Fuzzer

This module provides a Python wrapper for interacting with AFL (American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/). It supports starting an AFL instance, adding slave workers, injecting and retrieving testcases, and checking various performance metrics. Shellphish used it in Mechanical Phish (our CRS for the Cyber Grand Challenge) to interact with AFL.

Installation

/!\ We recommend installing our Python packages in a Python virtual environment. That is how we do it, and you'll likely run into problems if you do it otherwise.

The fuzzer has some dependencies. First, here's a probably-incomplete list of debian packages that might be useful:

sudo apt-get install build-essential gcc-multilib libtool automake autoconf bison debootstrap debian-archive-keyring libtool-bin
sudo apt-get build-dep qemu

Then, the fuzzer also depends on shellphish-afl, which is a pip package that actually includes AFL:

pip install git+https://github.com/shellphish/shellphish-afl

That'll pull a ton of other stuff, compile qemu about 4 times, and set everything up. Then, install this fuzzer wrapper:

pip install git+https://github.com/shellphish/fuzzer

Usage

There are two ways of using this package. The easy way is to use the shellphuzz script, which allows you to specify various options, enable driller, etc. The script has explanations about its usage with --help.

A quick example:

# fuzz with 4 AFL cores
shellphuzz -i -c 4 /path/to/binary

# perform symbolic-assisted fuzzing with 4 AFL cores and 2 symbolic tracing (drilling) cores.
shellphuzz -i -c 4 -d 2 /path/to/binary

You can also use it programmatically, but we have no documentation for that. For now, import fuzzer or look at the shellphuz script and figure it out ;-)

More Repositories

1

how2heap

A repository for learning various heap exploitation techniques.
C
6,585
star
2

driller

Driller: augmenting AFL with symbolic execution!
Python
850
star
3

ictf-framework

The iCTF Framework, presented by Shellphish!
Python
330
star
4

afl-other-arch

AFL, with scripts to support other architectures.
C
94
star
5

shellphish-afl

A pip wrapper around AFL.
Python
81
star
6

driller-afl

A version of AFL tailored for Driller's use in analyzing CGC binaries.
C
77
star
7

shellphish-qemu

A pip wrapper around our ridiculous amount of qemu forks.
Python
44
star
8

patcherex

please go to angr/patcherex instead of this!
C
23
star
9

puppeteer

Python
23
star
10

ictf-2020-challs-public

Python
11
star
11

writeups

JavaScript
9
star
12

ctf-writeups

CTF writeups from Shellphish
2
star
13

shellphish.github.io

Shellphish web site
HTML
1
star
14

ictf

The International Capture The Flag Competition website
HTML
1
star