about summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/Changelog.md10
-rw-r--r--docs/INSTALL.md10
-rw-r--r--docs/env_variables.md8
-rw-r--r--docs/tutorials.md6
4 files changed, 29 insertions, 5 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index b18bf30f..737df7fa 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -8,8 +8,8 @@
 Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
-### Version ++4.01a (dev)
-  - fix */build_...sh scripts to work outside of git
+### Version ++4.01c (release)
+  - fixed */build_...sh scripts to work outside of git
   - new custom_mutator: libafl with token fuzzing :)
   - afl-fuzz:
     - when you just want to compile once and set CMPLOG, then just
@@ -17,6 +17,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
       CMPLOG.
     - new commandline options -g/G to set min/max length of generated
       fuzz inputs
+    - you can set the time for syncing to other fuzzer now with
+      AFL_SYNC_TIME
     - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow
       persistent mode and manual forkserver support if these are not
       in the target binary (e.g. are in a shared library)
@@ -28,6 +30,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
       kept), unless AFL_KEEP_TIMEOUTS are set
     - AFL never implemented auto token inserts (but user token inserts,
       user token overwrite and auto token overwrite), added now!
+    - fixed a mutation type in havoc mode
     - Mopt fix to always select the correct algorithm
     - fix effector map calculation (deterministic mode)
     - fix custom mutator post_process functionality
@@ -41,6 +44,9 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - update to new frida release, handles now c++ throw/catch
   - unicorn_mode:
     - update unicorn engine, fix C example
+  - utils:
+    - removed optimin because it looses coverage due to a bug and is
+      unmaintained :-(
 
 
 ### Version ++4.00c (release)
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 01343b7f..41ec8561 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -8,16 +8,22 @@ hence afl-clang-lto is available) or just pull directly from the Docker Hub
 (for x86_64 and arm64):
 
 ```shell
-docker pull aflplusplus/aflplusplus
+docker pull aflplusplus/aflplusplus:
 docker run -ti -v /location/of/your/target:/src aflplusplus/aflplusplus
 ```
 
-This image is automatically generated when a push to the stable repo happens.
+This image is automatically generated when a push to the stable branch happens.
 You will find your target source code in `/src` in the container.
 
+Note: you can also pull `aflplusplus/aflplusplus:dev` which is the most current
+development state of AFL++.
+
 If you want to build AFL++ yourself, you have many options. The easiest choice
 is to build and install everything:
 
+NOTE: depending on your Debian/Ubuntu/Kali/... version replease `-12` with
+whatever llvm version is available!
+
 ```shell
 sudo apt-get update
 sudo apt-get install -y build-essential python3-dev automake cmake git flex bison libglib2.0-dev libpixman-1-dev python3-setuptools
diff --git a/docs/env_variables.md b/docs/env_variables.md
index fe9c6e07..0598a809 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -517,6 +517,10 @@ checks or alter some of the more exotic semantics of the tool:
     (empty/non present) will add no tags to the metrics. For more information,
     see [rpc_statsd.md](rpc_statsd.md).
 
+  - `AFL_SYNC_TIME` allows you to specify a different minimal time (in minutes)
+    between fuzzing instances synchronization. Default sync time is 30 minutes,
+    note that time is halved for -M main nodes.
+
   - Setting `AFL_TARGET_ENV` causes AFL++ to set extra environment variables for
     the target binary. Example: `AFL_TARGET_ENV="VAR1=1 VAR2='a b c'" afl-fuzz
     ... `. This exists mostly for things like `LD_LIBRARY_PATH` but it would
@@ -615,6 +619,10 @@ The QEMU wrapper used to instrument binary-only code supports several settings:
     emulation" variables (e.g., `QEMU_STACK_SIZE`), but there should be no
     reason to touch them.
 
+  - Normally a `README.txt` is written to the `crashes/` directory when a first
+    crash is found. Setting `AFL_NO_CRASH_README` will prevent this. Useful when
+    counting crashes based on a file count in that directory.
+
 ## 7) Settings for afl-frida-trace
 
 The FRIDA wrapper used to instrument binary-only code supports many of the same
diff --git a/docs/tutorials.md b/docs/tutorials.md
index 64d2b376..477ff98b 100644
--- a/docs/tutorials.md
+++ b/docs/tutorials.md
@@ -1,5 +1,9 @@
 # Tutorials
 
+If you are a total newbie, try this guide:
+
+* [https://github.com/alex-maleno/Fuzzing-Module](https://github.com/alex-maleno/Fuzzing-Module)
+
 Here are some good write-ups to show how to effectively use AFL++:
 
 * [https://aflplus.plus/docs/tutorials/libxml2_tutorial/](https://aflplus.plus/docs/tutorials/libxml2_tutorial/)
@@ -17,7 +21,7 @@ training, then we can highly recommend the following:
 * [https://github.com/antonio-morales/Fuzzing101](https://github.com/antonio-morales/Fuzzing101)
 
 If you are interested in fuzzing structured data (where you define what the
-structure is), these links have you covered:
+structure is), these links have you covered (some are outdated though):
 
 * libprotobuf for AFL++:
   [https://github.com/P1umer/AFLplusplus-protobuf-mutator](https://github.com/P1umer/AFLplusplus-protobuf-mutator)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-29 06:38:14 +0000