• Stars
    star
    117
  • Rank 301,828 (Top 6 %)
  • Language
    Python
  • License
    BSD 3-Clause "New...
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A tool for generating worst-case inputs to commonly used algorithms

ACsploit: a tool for generating worst-case inputs for algorithms

By Two Six Technologies

ACsploit is an interactive command-line utility to generate worst-case inputs to commonly used algorithms. These worst-case inputs are designed to result in the target program utilizing a large amount of resources (e.g. time or memory).

ACsploit is designed to be easy to use and contribute to. Future features will include adding arbitrary constraints to inputs, creating an API, and hooking into running programs to feed worst-case input directly to functions of interest.

Join us on the ACsploit Slack here!

Screenshot

Usage

Start ACsploit with python3 acsploit.py. From there, you can use the help command to see what commands are available. You can call help on any of them to learn more about how to use that command, such as help set.

To see the available exploits, use the show command. To stage one for use, use use [exploit_name]. To see a description of the exploit, run info. At any point, you can run options to see the current input, output, and exploit options, and then use set [option_name] [value] to set an option. To see detailed descriptions of the options, use options describe.

Tab completion is enabled for exploit and option names.

Finally, use run to generate output from the exploit.

ACsploit supports abbreviated commands, bash commands using !, CTRL+R history search, and more.

Command-line Options

--load-file SCRIPT runs the commands in SCRIPT as if they had been entered in an interactive ACsploit session and then exits. # can be used for comments as in Python.

--debug enables debug mode, in which ACsploit prints stack-traces when errors occur.

Documentation

Documents are generated using pdoc3 and can be found in the docs directory.

Generating Documents

Run pip3 install pdoc3 to install the documentation dependencies and then run python generate_docs.py

Warning

Caution should be used in generating and accessing ACsploit exploits. Using unreasonable exploit parameters may cause denial of service on generation. Additionally, the canned exploits (e.g. compression bombs) may cause denial of service if accessed by relevant applications.

Tests

Tests for ACsploit can be invoked from inside the acsploit directory by running python -m pytest test. Alternatively, individual tests can be invoked by running python -m pytest test/path/to/test.py.

To run the tests and obtain an HTML coverage report run the following:

python -m pytest --cov=. --cov-report html:cov test/

Finally to run the tests in parellel the -n flag can be used followed by the number of tests to run in parallel. On Linux and Mac the following works:

python -m pytest -n`nproc` --cov=. --cov-report html:cov test/

Contributing to ACsploit

We welcome community contributions to all aspects of ACsploit! For guidelines on contributing, please see CONTRIBUTING.md

License

Acsploit is available under the 3-clause BSD license (see LICENSE)

More Repositories

1

armory

ARMORY Adversarial Robustness Evaluation Test Bed
Python
176
star
2

d3-force-reuse

Faster force-directed graph layouts by reusing force approximations
JavaScript
124
star
3

d3-force-sampled

A fast, simple, memory-efficient graph layout algorithm for visualizing networks in D3
JavaScript
50
star
4

V3SPA

Verification Validation and Visualization of Security Policy Abstractions
CoffeeScript
43
star
5

Escalation

Python
39
star
6

icas-ontology

The unified ICAS ontology designed to describe information-security related information
27
star
7

coffeebreak

Java
25
star
8

magicwand-datatool

Magicwand tool to generate tcp traffic data
Python
24
star
9

PE_for_Android

Privacy Enhancements for Android
13
star
10

armory-example

Example external repository for interacting with armory.
Python
11
star
11

armory-library

Python library for Adversarial ML Evaluation
Python
8
star
12

macrocoaster

HTML
6
star
13

gitlab-ci-scripts

Python
6
star
14

audit-log-detection

Python
6
star
15

breaking_bhad

Code from the Breaking BHAD talk at Black Hat Europe 2016
C
6
star
16

ultrazed_dev

UltraZed Development
C
5
star
17

coq-operads

Coq
5
star
18

ReWire

Haskell
2
star
19

csl

Cooperative Secure Learning
Jupyter Notebook
2
star
20

armory-datasets

Armory ecosystem module for building and integrating custom datasets
1
star
21

gardproject

External facing website for performer work on GARD Project
1
star
22

rust-blog-post

Code examples meant to accompany the blog post Building a Rust Plugin for a C++ SDK
Rust
1
star
23

pcb_structure_matching

Automated structure matching of printed circuit boards and component detection.
Python
1
star