ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-08 08:11:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Edit README.md and related content

Browse Source
This commit is contained in:
llzmb 2021-09-03 17:08:54 +02:00
parent dc1f93cf8c
commit c206fb319b
2 changed files with 2 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -33,7 +33,7 @@ Here is some information to get you started:
## Building and installing AFL++
To install AFL++ with everything compiled, pull the image directly from the Docker Hub:
To have AFL++ easily available with everything compiled, pull the image directly from the Docker Hub:
```shell
docker pull aflplusplus/aflplusplus
@ -43,7 +43,7 @@ docker run -ti -v /location/of/your/target:/src aflplusplus/aflplusplus
This image is automatically generated when a push to the stable repo happens (see [docs/branches.md](docs/branches.md)).
You will find your target source code in `/src` in the container.
To build AFL++ yourself, continue at [docs/building_installing.md](docs/building_installing.md).
To build AFL++ yourself, continue at [docs/INSTALL.md](docs/INSTALL.md).
## Quick start: Fuzzing with AFL++

25
docs/guided_fuzzing.md
View File

@ -1,25 +0,0 @@
# Challenges of guided fuzzing
Fuzzing is one of the most powerful and proven strategies for identifying
security issues in real-world software; it is responsible for the vast
majority of remote code execution and privilege escalation bugs found to date
in security-critical software.
Unfortunately, fuzzing is also relatively shallow; blind, random mutations
make it very unlikely to reach certain code paths in the tested code, leaving
some vulnerabilities firmly outside the reach of this technique.
There have been numerous attempts to solve this problem. One of the early
approaches - pioneered by Tavis Ormandy - is corpus distillation. The method
relies on coverage signals to select a subset of interesting seeds from a
massive, high-quality corpus of candidate files, and then fuzz them by
traditional means. The approach works exceptionally well but requires such
a corpus to be readily available. In addition, block coverage measurements
provide only a very simplistic understanding of the program state and are less
useful for guiding the fuzzing effort in the long haul.
Other, more sophisticated research has focused on techniques such as program
flow analysis ("concolic execution"), symbolic execution, or static analysis.
All these methods are extremely promising in experimental settings, but tend
to suffer from reliability and performance problems in practical uses - and
currently do not offer a viable alternative to "dumb" fuzzing techniques.