diff options
| -rw-r--r-- | docs/custom_mutator.md | 2 | ||||
| -rw-r--r-- | docs/python_mutators.md (renamed from docs/python_mutators.txt) | 24 | ||||
| -rw-r--r-- | examples/README.md (renamed from experimental/README.experiments) | 6 | ||||
| -rw-r--r-- | examples/argv_fuzzing/Makefile (renamed from experimental/argv_fuzzing/Makefile) | 0 | ||||
| -rw-r--r-- | examples/argv_fuzzing/README.md (renamed from experimental/argv_fuzzing/README.md) | 0 | ||||
| -rw-r--r-- | examples/argv_fuzzing/argv-fuzz-inl.h (renamed from experimental/argv_fuzzing/argv-fuzz-inl.h) | 0 | ||||
| -rw-r--r-- | examples/argv_fuzzing/argvfuzz.c (renamed from experimental/argv_fuzzing/argvfuzz.c) | 0 | ||||
| -rwxr-xr-x | examples/asan_cgroups/limit_memory.sh (renamed from experimental/asan_cgroups/limit_memory.sh) | 0 | ||||
| -rw-r--r-- | examples/bash_shellshock/shellshock-fuzz.diff (renamed from experimental/bash_shellshock/shellshock-fuzz.diff) | 0 | ||||
| -rw-r--r-- | examples/canvas_harness/canvas_harness.html (renamed from experimental/canvas_harness/canvas_harness.html) | 0 | ||||
| -rwxr-xr-x | examples/clang_asm_normalize/as (renamed from experimental/clang_asm_normalize/as) | 0 | ||||
| -rwxr-xr-x | examples/crash_triage/triage_crashes.sh (renamed from experimental/crash_triage/triage_crashes.sh) | 0 | ||||
| -rw-r--r-- | examples/custom_mutators/README (renamed from custom_mutators/README) | 0 | ||||
| -rw-r--r-- | examples/custom_mutators/simple_mutator.c (renamed from custom_mutators/simple_mutator.c) | 0 | ||||
| -rwxr-xr-x | examples/distributed_fuzzing/sync_script.sh (renamed from experimental/distributed_fuzzing/sync_script.sh) | 0 | ||||
| -rw-r--r-- | examples/libpng_no_checksum/libpng-nocrc.patch (renamed from experimental/libpng_no_checksum/libpng-nocrc.patch) | 0 | ||||
| -rw-r--r-- | examples/persistent_demo/persistent_demo.c (renamed from experimental/persistent_demo/persistent_demo.c) | 0 | ||||
| -rw-r--r-- | examples/post_library/post_library.so.c (renamed from experimental/post_library/post_library.so.c) | 0 | ||||
| -rw-r--r-- | examples/post_library/post_library_png.so.c (renamed from experimental/post_library/post_library_png.so.c) | 0 | ||||
| -rw-r--r-- | examples/python_mutators/README (renamed from python_mutators/README) | 0 | ||||
| -rw-r--r-- | examples/python_mutators/XmlMutatorMin.py (renamed from python_mutators/XmlMutatorMin.py) | 0 | ||||
| -rw-r--r-- | examples/python_mutators/common.py (renamed from python_mutators/common.py) | 0 | ||||
| -rw-r--r-- | examples/python_mutators/example.py (renamed from python_mutators/example.py) | 0 | ||||
| -rw-r--r-- | examples/python_mutators/simple-chunk-replace.py (renamed from python_mutators/simple-chunk-replace.py) | 0 | ||||
| -rw-r--r-- | examples/python_mutators/wrapper_afl_min.py (renamed from python_mutators/wrapper_afl_min.py) | 0 | ||||
| -rw-r--r-- | examples/socket_fuzzing/Makefile (renamed from experimental/socket_fuzzing/Makefile) | 0 | ||||
| -rw-r--r-- | examples/socket_fuzzing/README.md (renamed from experimental/socket_fuzzing/README.md) | 0 | ||||
| -rw-r--r-- | examples/socket_fuzzing/socketfuzz.c (renamed from experimental/socket_fuzzing/socketfuzz.c) | 0 |
28 files changed, 15 insertions, 17 deletions
diff --git a/docs/custom_mutator.md b/docs/custom_mutator.md index 142396dd..19009f92 100644 --- a/docs/custom_mutator.md +++ b/docs/custom_mutator.md @@ -33,4 +33,4 @@ is not needed. ## 2) Example -A simple example is provided in ../custom_mutators/ +A simple example is provided in ../examples/custom_mutators/ diff --git a/docs/python_mutators.txt b/docs/python_mutators.md index 7fd54547..a7e2c7de 100644 --- a/docs/python_mutators.txt +++ b/docs/python_mutators.md @@ -1,6 +1,4 @@ -================================================== -Adding custom mutators to AFL using Python modules -================================================== +# Adding custom mutators to AFL using Python modules This file describes how you can utilize the external Python API to write your own custom mutation routines. @@ -14,11 +12,10 @@ Adding custom mutators to AFL using Python modules python2 or python3 syntax in your scripts! After a major version upgrade (e.g. 3.7 -> 3.8), a recompilation of afl-fuzz may be needed. - For an example and a template see ../python_mutators/ + For an example and a template see ../examples/python_mutators/ -1) Description and purpose --------------------------- +## 1) Description and purpose While AFLFuzz comes with a good selection of generic deterministic and non-deterministic mutation operations, it sometimes might make sense to extend @@ -40,8 +37,7 @@ See the following information to get a better pictures: https://bugs.chromium.org/p/chromium/issues/detail?id=930663 -2) How the Python module looks like ------------------------------------ +## 2) How the Python module looks like You can find a simple example in pymodules/example.py including documentation explaining each function. In the same directory, you can find another simple @@ -55,8 +51,7 @@ There is also optional support for a trimming API, see the section below for further information about this feature. -3) How to compile AFLFuzz with Python support ---------------------------------------------- +## 3) How to compile AFLFuzz with Python support You must install the python 3 or 2 development package of your Linux distribution before this will work. On Debian/Ubuntu/Kali this can be done @@ -75,8 +70,7 @@ In case your setup is different set the necessary variables like this: PYTHON_INCLUDE=/path/to/python/include LDFLAGS=-L/path/to/python/lib make -4) How to run AFLFuzz with your custom module ---------------------------------------------- +## 4) How to run AFLFuzz with your custom module You must pass the module name inside the env variable AFL_PYTHON_MODULE. @@ -99,8 +93,7 @@ AFL_DEBUG - When combined with AFL_NO_UI, this causes the C trimming code of your custom Python trimmer. Use this to see if it works :) -5) Order and statistics ------------------------ +## 5) Order and statistics The Python stage is set to be the first non-deterministic stage (right before the havoc stage). In the statistics however, it shows up as the third number @@ -108,8 +101,7 @@ under "havoc". That's because I'm lazy and I didn't want to mess with the UI too much ;) -6) Trimming support -------------------- +## 6) Trimming support The generic trimming routines implemented in AFLFuzz can easily destroy the structure of complex formats, possibly leading to a point where you have a lot diff --git a/experimental/README.experiments b/examples/README.md index 06f22ee1..512b03f7 100644 --- a/experimental/README.experiments +++ b/examples/README.md @@ -1,5 +1,11 @@ +# AFL++ Examples + Here's a quick overview of the stuff you can find in this directory: + - custom_mutstors - An example custom mutator + + - python_mutators - Python mutators examples + - argv_fuzzing - a simple wrapper to allow cmdline to be fuzzed (e.g., to test setuid programs). diff --git a/experimental/argv_fuzzing/Makefile b/examples/argv_fuzzing/Makefile index ab16be87..ab16be87 100644 --- a/experimental/argv_fuzzing/Makefile +++ b/examples/argv_fuzzing/Makefile diff --git a/experimental/argv_fuzzing/README.md b/examples/argv_fuzzing/README.md index fa8cad80..fa8cad80 100644 --- a/experimental/argv_fuzzing/README.md +++ b/examples/argv_fuzzing/README.md diff --git a/experimental/argv_fuzzing/argv-fuzz-inl.h b/examples/argv_fuzzing/argv-fuzz-inl.h index 4d880020..4d880020 100644 --- a/experimental/argv_fuzzing/argv-fuzz-inl.h +++ b/examples/argv_fuzzing/argv-fuzz-inl.h diff --git a/experimental/argv_fuzzing/argvfuzz.c b/examples/argv_fuzzing/argvfuzz.c index 4251ca4c..4251ca4c 100644 --- a/experimental/argv_fuzzing/argvfuzz.c +++ b/examples/argv_fuzzing/argvfuzz.c diff --git a/experimental/asan_cgroups/limit_memory.sh b/examples/asan_cgroups/limit_memory.sh index ac3a90fe..ac3a90fe 100755 --- a/experimental/asan_cgroups/limit_memory.sh +++ b/examples/asan_cgroups/limit_memory.sh diff --git a/experimental/bash_shellshock/shellshock-fuzz.diff b/examples/bash_shellshock/shellshock-fuzz.diff index 3fa05bf8..3fa05bf8 100644 --- a/experimental/bash_shellshock/shellshock-fuzz.diff +++ b/examples/bash_shellshock/shellshock-fuzz.diff diff --git a/experimental/canvas_harness/canvas_harness.html b/examples/canvas_harness/canvas_harness.html index a37b6937..a37b6937 100644 --- a/experimental/canvas_harness/canvas_harness.html +++ b/examples/canvas_harness/canvas_harness.html diff --git a/experimental/clang_asm_normalize/as b/examples/clang_asm_normalize/as index 45537cae..45537cae 100755 --- a/experimental/clang_asm_normalize/as +++ b/examples/clang_asm_normalize/as diff --git a/experimental/crash_triage/triage_crashes.sh b/examples/crash_triage/triage_crashes.sh index 6d026d61..6d026d61 100755 --- a/experimental/crash_triage/triage_crashes.sh +++ b/examples/crash_triage/triage_crashes.sh diff --git a/custom_mutators/README b/examples/custom_mutators/README index e83baa67..e83baa67 100644 --- a/custom_mutators/README +++ b/examples/custom_mutators/README diff --git a/custom_mutators/simple_mutator.c b/examples/custom_mutators/simple_mutator.c index bf655679..bf655679 100644 --- a/custom_mutators/simple_mutator.c +++ b/examples/custom_mutators/simple_mutator.c diff --git a/experimental/distributed_fuzzing/sync_script.sh b/examples/distributed_fuzzing/sync_script.sh index c45ae69b..c45ae69b 100755 --- a/experimental/distributed_fuzzing/sync_script.sh +++ b/examples/distributed_fuzzing/sync_script.sh diff --git a/experimental/libpng_no_checksum/libpng-nocrc.patch b/examples/libpng_no_checksum/libpng-nocrc.patch index 0a3793a0..0a3793a0 100644 --- a/experimental/libpng_no_checksum/libpng-nocrc.patch +++ b/examples/libpng_no_checksum/libpng-nocrc.patch diff --git a/experimental/persistent_demo/persistent_demo.c b/examples/persistent_demo/persistent_demo.c index 7d8638fb..7d8638fb 100644 --- a/experimental/persistent_demo/persistent_demo.c +++ b/examples/persistent_demo/persistent_demo.c diff --git a/experimental/post_library/post_library.so.c b/examples/post_library/post_library.so.c index 487b9a6d..487b9a6d 100644 --- a/experimental/post_library/post_library.so.c +++ b/examples/post_library/post_library.so.c diff --git a/experimental/post_library/post_library_png.so.c b/examples/post_library/post_library_png.so.c index 43cb1101..43cb1101 100644 --- a/experimental/post_library/post_library_png.so.c +++ b/examples/post_library/post_library_png.so.c diff --git a/python_mutators/README b/examples/python_mutators/README index 4e7d62bc..4e7d62bc 100644 --- a/python_mutators/README +++ b/examples/python_mutators/README diff --git a/python_mutators/XmlMutatorMin.py b/examples/python_mutators/XmlMutatorMin.py index 058b7e61..058b7e61 100644 --- a/python_mutators/XmlMutatorMin.py +++ b/examples/python_mutators/XmlMutatorMin.py diff --git a/python_mutators/common.py b/examples/python_mutators/common.py index 28b8ee80..28b8ee80 100644 --- a/python_mutators/common.py +++ b/examples/python_mutators/common.py diff --git a/python_mutators/example.py b/examples/python_mutators/example.py index d32a7eb2..d32a7eb2 100644 --- a/python_mutators/example.py +++ b/examples/python_mutators/example.py diff --git a/python_mutators/simple-chunk-replace.py b/examples/python_mutators/simple-chunk-replace.py index 218dd4f8..218dd4f8 100644 --- a/python_mutators/simple-chunk-replace.py +++ b/examples/python_mutators/simple-chunk-replace.py diff --git a/python_mutators/wrapper_afl_min.py b/examples/python_mutators/wrapper_afl_min.py index df09b40a..df09b40a 100644 --- a/python_mutators/wrapper_afl_min.py +++ b/examples/python_mutators/wrapper_afl_min.py diff --git a/experimental/socket_fuzzing/Makefile b/examples/socket_fuzzing/Makefile index 0191ba53..0191ba53 100644 --- a/experimental/socket_fuzzing/Makefile +++ b/examples/socket_fuzzing/Makefile diff --git a/experimental/socket_fuzzing/README.md b/examples/socket_fuzzing/README.md index 79f28bea..79f28bea 100644 --- a/experimental/socket_fuzzing/README.md +++ b/examples/socket_fuzzing/README.md diff --git a/experimental/socket_fuzzing/socketfuzz.c b/examples/socket_fuzzing/socketfuzz.c index 3ec8383b..3ec8383b 100644 --- a/experimental/socket_fuzzing/socketfuzz.c +++ b/examples/socket_fuzzing/socketfuzz.c |