Skip to content

Commit b3f6653

Browse files
akulpillaiakulpillai
committed
Initial import from nccgroup/TriforceAFL
0 parents  commit b3f6653

File tree

15,117 files changed

+4078777
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

15,117 files changed

+4078777
-0
lines changed

Makefile

+146
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,146 @@
1+
#
2+
# american fuzzy lop - makefile
3+
# -----------------------------
4+
#
5+
# Written and maintained by Michal Zalewski <[email protected]>
6+
#
7+
# Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved.
8+
#
9+
# Licensed under the Apache License, Version 2.0 (the "License");
10+
# you may not use this file except in compliance with the License.
11+
# You may obtain a copy of the License at:
12+
#
13+
# http://www.apache.org/licenses/LICENSE-2.0
14+
#
15+
16+
PROGNAME = afl
17+
VERSION = 2.06b
18+
19+
PREFIX ?= /usr/local
20+
BIN_PATH = $(PREFIX)/bin
21+
HELPER_PATH = $(PREFIX)/lib/afl
22+
DOC_PATH = $(PREFIX)/share/doc/afl
23+
MISC_PATH = $(PREFIX)/share/afl
24+
25+
# PROGS intentionally omit afl-as, which gets installed to its own dir.
26+
27+
PROGS = afl-gcc afl-fuzz afl-showmap afl-tmin afl-gotcpu afl-analyze
28+
SH_PROGS = afl-plot afl-cmin afl-whatsup
29+
30+
CFLAGS ?= -O3 -funroll-loops
31+
CFLAGS += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign \
32+
-DAFL_PATH=\"$(HELPER_PATH)\" -DDOC_PATH=\"$(DOC_PATH)\" \
33+
-DBIN_PATH=\"$(BIN_PATH)\" -DVERSION=\"$(VERSION)\"
34+
35+
ifneq "$(filter Linux GNU%,$(shell uname))" ""
36+
LDFLAGS += -ldl
37+
endif
38+
39+
ifeq "$(findstring clang, $(shell $(CC) --version 2>/dev/null))" ""
40+
TEST_CC = afl-gcc
41+
else
42+
TEST_CC = afl-clang
43+
endif
44+
45+
COMM_HDR = alloc-inl.h config.h debug.h types.h
46+
47+
all: test_x86 $(PROGS) afl-as test_build all_done afl-qemu-system-trace afl-qemu-trace
48+
49+
ifndef AFL_NO_X86
50+
51+
test_x86:
52+
@echo "[*] Checking for the ability to compile x86 code..."
53+
@echo 'main() { __asm__("xorb %al, %al"); }' | $(CC) -w -x c - -o .test || ( echo; echo "Oops, looks like your compiler can't generate x86 code."; echo; echo "You can still try using the LLVM or QEMU mode, but see docs/INSTALL first."; echo "To ignore this error, set AFL_NO_X86=1."; echo; exit 1 )
54+
@rm -f .test
55+
@echo "[+] Everything seems to be working, ready to compile."
56+
57+
else
58+
59+
test_x86:
60+
@echo "[!] Note: skipping x86 compilation checks (AFL_NO_X86 set)."
61+
62+
endif
63+
64+
afl-gcc: afl-gcc.c $(COMM_HDR) | test_x86
65+
$(CC) $(CFLAGS) $@.c -o $@ $(LDFLAGS)
66+
set -e; for i in afl-g++ afl-clang afl-clang++; do ln -sf afl-gcc $$i; done
67+
68+
afl-as: afl-as.c afl-as.h $(COMM_HDR) | test_x86
69+
$(CC) $(CFLAGS) $@.c -o $@ $(LDFLAGS)
70+
ln -sf afl-as as
71+
72+
afl-fuzz: afl-fuzz.c $(COMM_HDR) | test_x86
73+
$(CC) $(CFLAGS) $@.c -o $@ $(LDFLAGS)
74+
75+
afl-showmap: afl-showmap.c $(COMM_HDR) | test_x86
76+
$(CC) $(CFLAGS) $@.c -o $@ $(LDFLAGS)
77+
78+
afl-tmin: afl-tmin.c $(COMM_HDR) | test_x86
79+
$(CC) $(CFLAGS) $@.c -o $@ $(LDFLAGS)
80+
81+
afl-analyze: afl-analyze.c $(COMM_HDR) | test_x86
82+
$(CC) $(CFLAGS) $@.c -o $@ $(LDFLAGS)
83+
84+
afl-gotcpu: afl-gotcpu.c $(COMM_HDR) | test_x86
85+
$(CC) $(CFLAGS) $@.c -o $@ $(LDFLAGS)
86+
87+
ifndef AFL_NO_X86
88+
89+
test_build: afl-gcc afl-as afl-showmap
90+
@echo "[*] Testing the CC wrapper and instrumentation output..."
91+
unset AFL_USE_ASAN AFL_USE_MSAN; AFL_QUIET=1 AFL_INST_RATIO=100 AFL_PATH=. ./$(TEST_CC) $(CFLAGS) test-instr.c -o test-instr $(LDFLAGS)
92+
echo 0 | ./afl-showmap -m none -q -o .test-instr0 -- ./test-instr
93+
echo 1 | ./afl-showmap -m none -q -o .test-instr1 -- ./test-instr
94+
@rm -f test-instr
95+
@cmp -s .test-instr0 .test-instr1; DR="$$?"; rm -f .test-instr0 .test-instr1; if [ "$$DR" = "0" ]; then echo; echo "Oops, the instrumentation does not seem to be behaving correctly!"; echo; echo "Please ping <[email protected]> to troubleshoot the issue."; echo; exit 1; fi
96+
@echo "[+] All right, the instrumentation seems to be working!"
97+
98+
else
99+
100+
test_build: afl-gcc afl-as afl-showmap
101+
@echo "[!] Note: skipping build tests (you may need to use LLVM or QEMU mode)."
102+
103+
endif
104+
105+
all_done: test_build
106+
@echo "[+] All done! Be sure to review README - it's pretty short and useful."
107+
@if [ "`uname`" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD. You can also use VirtualBox\n(virtualbox.org) to put AFL inside a Linux or *BSD VM.\n\n"; fi
108+
@! tty <&1 >/dev/null || printf "\033[0;30mNOTE: If you can read this, your terminal probably uses white background.\nThis will make the UI hard to read. See docs/status_screen.txt for advice.\033[0m\n" 2>/dev/null
109+
110+
afl-qemu-system-trace afl-qemu-trace :
111+
cd qemu_mode && ./build_qemu_support.sh
112+
113+
.NOTPARALLEL: clean
114+
115+
clean:
116+
rm -f $(PROGS) afl-as as afl-g++ afl-clang afl-clang++ *.o *~ a.out core core.[1-9][0-9]* *.stackdump test .test test-instr .test-instr0 .test-instr1 qemu_mode/qemu-2.3.0.tar.bz2 afl-qemu-trace
117+
rm -rf out_dir qemu_mode/qemu-2.3.0
118+
$(MAKE) -C llvm_mode clean
119+
120+
install: all
121+
mkdir -p -m 755 $${DESTDIR}$(BIN_PATH) $${DESTDIR}$(HELPER_PATH) $${DESTDIR}$(DOC_PATH) $${DESTDIR}$(MISC_PATH)
122+
rm -f $${DESTDIR}$(BIN_PATH)/afl-plot.sh
123+
install -m 755 $(PROGS) $(SH_PROGS) $${DESTDIR}$(BIN_PATH)
124+
rm -f $${DESTDIR}$(BIN_PATH)/afl-as
125+
if [ -f afl-qemu-trace ]; then install -m 755 afl-qemu-trace $${DESTDIR}$(BIN_PATH); fi
126+
if [ -f afl-clang-fast -a -f afl-llvm-pass.so -a -f afl-llvm-rt.o ]; then set -e; install -m 755 afl-clang-fast $${DESTDIR}$(BIN_PATH); ln -sf afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang-fast++; install -m 755 afl-llvm-pass.so afl-llvm-rt.o $${DESTDIR}$(HELPER_PATH); fi
127+
set -e; for i in afl-g++ afl-clang afl-clang++; do ln -sf afl-gcc $${DESTDIR}$(BIN_PATH)/$$i; done
128+
install -m 755 afl-as $${DESTDIR}$(HELPER_PATH)
129+
ln -sf afl-as $${DESTDIR}$(HELPER_PATH)/as
130+
install -m 644 docs/README docs/ChangeLog docs/*.txt $${DESTDIR}$(DOC_PATH)
131+
cp -r testcases/ $${DESTDIR}$(MISC_PATH)
132+
133+
publish: clean
134+
test "`basename $$PWD`" = "afl" || exit 1
135+
test -f ~/www/afl/releases/$(PROGNAME)-$(VERSION).tgz; if [ "$$?" = "0" ]; then echo; echo "Change program version in Makefile, mmkay?"; echo; exit 1; fi
136+
cd ..; rm -rf $(PROGNAME)-$(VERSION); cp -pr $(PROGNAME) $(PROGNAME)-$(VERSION); \
137+
tar -cvz -f ~/www/afl/releases/$(PROGNAME)-$(VERSION).tgz $(PROGNAME)-$(VERSION)
138+
chmod 644 ~/www/afl/releases/$(PROGNAME)-$(VERSION).tgz
139+
( cd ~/www/afl/releases/; ln -s -f $(PROGNAME)-$(VERSION).tgz $(PROGNAME)-latest.tgz )
140+
cat docs/README >~/www/afl/README.txt
141+
cat docs/status_screen.txt >~/www/afl/status_screen.txt
142+
cat docs/historical_notes.txt >~/www/afl/historical_notes.txt
143+
cat docs/technical_details.txt >~/www/afl/technical_details.txt
144+
cat docs/ChangeLog >~/www/afl/ChangeLog.txt
145+
cat docs/QuickStartGuide.txt >~/www/afl/QuickStartGuide.txt
146+
echo -n "$(VERSION)" >~/www/afl/version.txt

QuickStartGuide.txt

+48
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
=====================
2+
AFL quick start guide
3+
=====================
4+
5+
You should read docs/README. It's pretty short. If you really can't, here's
6+
how to hit the ground running:
7+
8+
1) Compile AFL with 'make'. If build fails, see docs/INSTALL for tips.
9+
10+
2) Find or write a reasonably fast and simple program that takes data from
11+
a file or stdin, processes it in a test-worthy way, then exits cleanly.
12+
If testing a network service, modify it to run in the foreground and read
13+
from stdin. When fuzzing a format that uses checksums, comment out the
14+
checksum verification code, too.
15+
16+
The program must crash properly when a fault is encountered. Watch out for
17+
custom SIGSEGV or SIGABRT handlers and background processes.
18+
19+
3) Compile the program / library to be fuzzed using afl-gcc. A common way to
20+
do this would be:
21+
22+
CC=/path/to/afl-gcc CXX=/path/to/afl-g++ ./configure --disable-shared
23+
make clean all
24+
25+
If program build fails, ping <[email protected]>.
26+
27+
4) Get a small but valid input file that makes sense to the program. When
28+
fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described in
29+
testcases/README.testcases, too.
30+
31+
5) If the program reads from stdin, run 'afl-fuzz' like so:
32+
33+
./afl-fuzz -i testcase_dir -o findings_dir -- \
34+
/path/to/tested/program [...program's cmdline...]
35+
36+
If the program takes input from a file, you can put @@ in the program's
37+
command line; AFL will put an auto-generated file name in there for you.
38+
39+
6) Investigate anything shown in red in the fuzzer UI by promptly consulting
40+
docs/status_screen.txt.
41+
42+
That's it. Sit back, relax, and - time permitting - try to skim through the
43+
following files:
44+
45+
- docs/README - A general introduction to AFL,
46+
- docs/perf_tips.txt - Simple tips on how to fuzz more quickly,
47+
- docs/status_screen.txt - An explanation of the tidbits shown in the UI,
48+
- docs/parallel_fuzzing.txt - Advice on running AFL on multiple cores.

0 commit comments

Comments
 (0)