about summary refs log tree commit diff
path: root/dictionaries/README.dictionaries
diff options
context:
space:
mode:
Diffstat (limited to 'dictionaries/README.dictionaries')
-rw-r--r--dictionaries/README.dictionaries43
1 files changed, 43 insertions, 0 deletions
diff --git a/dictionaries/README.dictionaries b/dictionaries/README.dictionaries
new file mode 100644
index 00000000..ea319733
--- /dev/null
+++ b/dictionaries/README.dictionaries
@@ -0,0 +1,43 @@
+================
+AFL dictionaries
+================
+
+  (See ../docs/README for the general instruction manual.)
+
+This subdirectory contains a set of dictionaries that can be used in
+conjunction with the -x option to allow the fuzzer to effortlessly explore the
+grammar of some of the more verbose data formats or languages. The basic
+principle behind the operation of fuzzer dictionaries is outlined in section 9
+of the "main" README for the project.
+
+Custom dictionaries can be added at will. They should consist of a
+reasonably-sized set of rudimentary syntax units that the fuzzer will then try
+to clobber together in various ways. Snippets between 2 and 16 bytes are usually
+the sweet spot.
+
+Custom dictionaries can be created in two ways:
+
+  - By creating a new directory and placing each token in a separate file, in
+    which case, there is no need to escape or otherwise format the data.
+
+  - By creating a flat text file where tokens are listed one per line in the
+    format of name="value". The alphanumeric name is ignored and can be omitted,
+    although it is a convenient way to document the meaning of a particular
+    token. The value must appear in quotes, with hex escaping (\xNN) applied to
+    all non-printable, high-bit, or otherwise problematic characters (\\ and \"
+    shorthands are recognized, too).
+
+The fuzzer auto-selects the appropriate mode depending on whether the -x
+parameter is a file or a directory.
+
+In the file mode, every name field can be optionally followed by @<num>, e.g.:
+
+  keyword_foo@1 = "foo"
+
+Such entries will be loaded only if the requested dictionary level is equal or
+higher than this number. The default level is zero; a higher value can be set
+by appending @<num> to the dictionary file name, like so:
+
+  -x path/to/dictionary.dct@2
+
+Good examples of dictionaries can be found in xml.dict and png.dict.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-09-13 22:00:02 +0000