diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/README.md b/README.md index 25e47ef2..9fe1da7e 100644 --- a/README.md +++ b/README.md @@ -70,13 +70,24 @@ When fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described i 3. If the program reads from stdin, run `afl-fuzz` like so: - ./afl-fuzz -i testcase_dir -o findings_dir -- \ - /path/to/tested/program [...program's cmdline...] +``` + ./afl-fuzz -i seeds_dir -o output_dir -- \ + /path/to/tested/program [...program's cmdline...] +``` + + To add a dictionary, add `-x /path/to/dictionary.txt` to afl-fuzz. - If the program takes input from a file, you can put `@@` in the program's command line; AFL will put an auto-generated file name in there for you. + If the program takes input from a file, you can put `@@` in the program's + command line; AFL will put an auto-generated file name in there for you. 4. Investigate anything shown in red in the fuzzer UI by promptly consulting [docs/status_screen.md](docs/status_screen.md). +5. You will find found crashes and hangs in the subdirectories `crashes/` and + `hangs/` in the `-o output_dir` directory. You can replay the crashes by + feeding them to the target, e.g.: + `cat output_dir/crashes/id:000000,* | /path/to/tested/program [...program's cmdline...]` + You can generate cores or use gdb directly to follow up the crashes. + ## Contact Questions? Concerns? Bug reports? @@ -179,4 +190,4 @@ If you use AFL++ in scientific work, consider citing [our paper](https://www.use } ``` -</details> \ No newline at end of file +</details> |