diff options
| author | van Hauser <vh@thc.org> | 2022-12-20 14:31:09 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-20 14:31:09 +0100 |
| commit | 60dc37a8cf09f8e9048e4b6a2204d6c90b27655a (patch) | |
| tree | ab66c723be9ccadde42329cc85de1c141f8bddcd /docs | |
| parent | 8cdc48f73a17ddd557897f2098937a8ba3bfe184 (diff) | |
| parent | 0165ca8c6c485e36fe8e5fc6182ebeba2100932b (diff) | |
| download | afl++-60dc37a8cf09f8e9048e4b6a2204d6c90b27655a.tar.gz | |
Merge pull request #1592 from AFLplusplus/dev
Dev
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/Changelog.md | 3 | ||||
| -rw-r--r-- | docs/env_variables.md | 8 | ||||
| -rw-r--r-- | docs/fuzzing_in_depth.md | 7 | ||||
| -rw-r--r-- | docs/third_party_tools.md | 2 |
4 files changed, 16 insertions, 4 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index c5eb6be3..4df47645 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,6 +9,9 @@ send fuzz data to the target as you need, e.g. via IPC. - cmplog mode now has -l R option for random colorization, thanks to guyf2010 for the PR! + - queue statistics are written every 30 minutes to + out/NAME/queue_data - likely this will be moved to a debug flag + in the future. - afl-showmap/afl-cmin - -t none now translates to -t 120000 (120 seconds) - unicorn_mode updated diff --git a/docs/env_variables.md b/docs/env_variables.md index d1c13e15..22a5c386 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -378,10 +378,10 @@ checks or alter some of the more exotic semantics of the tool: valid terminal was detected (for virtual consoles). - Setting `AFL_FORKSRV_INIT_TMOUT` allows you to specify a different timeout - to wait for the forkserver to spin up. The default is the `-t` value times - `FORK_WAIT_MULT` from `config.h` (usually 10), so for a `-t 100`, the - default would wait for `1000` milliseconds. Setting a different time here is - useful if the target has a very slow startup time, for example, when doing + to wait for the forkserver to spin up. The specified value is the new timeout, in milliseconds. + The default is the `-t` value times `FORK_WAIT_MULT` from `config.h` (usually 10), so for a `-t 100`, the default would wait for `1000` milliseconds. + The `AFL_FORKSRV_INIT_TMOUT` value does not get multiplied. It overwrites the initial timeout afl-fuzz waits for the target to come up with a constant time. + Setting a different time here is useful if the target has a very slow startup time, for example, when doing full-system fuzzing or emulation, but you don't want the actual runs to wait too long for timeouts. diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index a0bf1566..87f31a58 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -900,6 +900,13 @@ then color-codes the input based on which sections appear to be critical and which are not; while not bulletproof, it can often offer quick insights into complex file formats. +`casr-afl` from [CASR](https://github.com/ispras/casr) tools provides +comfortable triaging for crashes found by AFL++. Reports are clustered and +contain severity and other information. +```shell +casr-afl -i /path/to/afl/out/dir -o /path/to/casr/out/dir +``` + ## 5. CI fuzzing Some notes on continuous integration (CI) fuzzing - this fuzzing is different to diff --git a/docs/third_party_tools.md b/docs/third_party_tools.md index 1175d9e5..97f2c362 100644 --- a/docs/third_party_tools.md +++ b/docs/third_party_tools.md @@ -62,3 +62,5 @@ generates builds of debian packages suitable for AFL. * [afl-fid](https://github.com/FoRTE-Research/afl-fid) - a set of tools for working with input data. +* [CASR](https://github.com/ispras/casr) - a set of tools for crash triage and + analysis. |