about summary refs log tree commit diff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md29
1 files changed, 19 insertions, 10 deletions
diff --git a/README.md b/README.md
index fcb6b3c9..e0cb4558 100644
--- a/README.md
+++ b/README.md
@@ -80,8 +80,10 @@ Step-by-step quick start:
 1. Compile the program or library to be fuzzed using `afl-cc`. A common way to
    do this would be:
 
-        CC=/path/to/afl-cc CXX=/path/to/afl-c++ ./configure --disable-shared
-        make clean all
+   ```
+   CC=/path/to/afl-cc CXX=/path/to/afl-c++ ./configure --disable-shared
+   make clean all
+   ```
 
 2. Get a small but valid input file that makes sense to the program. When
    fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described in
@@ -89,10 +91,10 @@ Step-by-step quick start:
 
 3. If the program reads from stdin, run `afl-fuzz` like so:
 
-```
+   ```
    ./afl-fuzz -i seeds_dir -o output_dir -- \
-     /path/to/tested/program [...program's cmdline...]
-```
+   /path/to/tested/program [...program's cmdline...]
+   ```
 
    To add a dictionary, add `-x /path/to/dictionary.txt` to afl-fuzz.
 
@@ -100,13 +102,20 @@ Step-by-step quick start:
    command line; AFL will put an auto-generated file name in there for you.
 
 4. Investigate anything shown in red in the fuzzer UI by promptly consulting
-   [docs/status_screen.md](docs/status_screen.md).
+   [docs/afl-fuzz_approach.md#understanding-the-status-screen](docs/afl-fuzz_approach.md#understanding-the-status-screen).
+
+5. Interpret the output, see
+   [docs/afl-fuzz_approach.md#interpreting-output](docs/afl-fuzz_approach.md#interpreting-output).
 
-5. You will find found crashes and hangs in the subdirectories `crashes/` and
+6. You will find found crashes and hangs in the subdirectories `crashes/` and
    `hangs/` in the `-o output_dir` directory. You can replay the crashes by
-   feeding them to the target, e.g.: `cat output_dir/crashes/id:000000,* |
-   /path/to/tested/program [...program's cmdline...]` You can generate cores or
-   use gdb directly to follow up the crashes.
+   feeding them to the target, e.g.:
+
+   ```
+   cat output_dir/crashes/id:000000,* | /path/to/tested/program [...program's cmdline...]
+   ```
+
+   You can generate cores or use gdb directly to follow up the crashes.
 
 ## Contact
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-07-02 21:10:36 +0000