mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-09 08:41:32 +00:00
8b7a7b29c6
* sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name <you@example.com> * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name <you@example.com> * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name <you@example.com> * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name <you@example.com> * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name <you@example.com> * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com> * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name <you@example.com> * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name <you@example.com> * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name <you@example.com> * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name <you@example.com> * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation Co-authored-by: Dominik Maier <domenukk@gmail.com> Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name <you@example.com> Co-authored-by: Dmitry Zheregelya <zheregelya.d@gmail.com> Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com> Co-authored-by: hexcoder- <heiko@hexco.de> Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com> Co-authored-by: David CARLIER <devnexen@gmail.com> Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev <SecNotice@ya.ru>
194 lines
5.6 KiB
Bash
Executable File
194 lines
5.6 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# american fuzzy lop++ - Advanced Persistent Graphing
|
|
# -------------------------------------------------
|
|
#
|
|
# Originally written by Michal Zalewski
|
|
# Based on a design & prototype by Michael Rash.
|
|
#
|
|
# Copyright 2014, 2015 Google Inc. All rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at:
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
|
|
get_abs_path() {
|
|
echo $(cd "`dirname "$1"`" && pwd)/"`basename "$1"`"
|
|
}
|
|
|
|
echo "progress plotting utility for afl-fuzz by Michal Zalewski"
|
|
echo
|
|
|
|
if [ ! "$#" = "2" ]; then
|
|
|
|
cat 1>&2 <<_EOF_
|
|
$0 afl_state_dir graph_output_dir
|
|
|
|
This program generates gnuplot images from afl-fuzz output data. Usage:
|
|
|
|
The afl_state_dir parameter should point to an existing state directory for any
|
|
active or stopped instance of afl-fuzz; while graph_output_dir should point to
|
|
an empty directory where this tool can write the resulting plots to.
|
|
|
|
The program will put index.html and three PNG images in the output directory;
|
|
you should be able to view it with any web browser of your choice.
|
|
_EOF_
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
inputdir=`get_abs_path "$1"`
|
|
outputdir=`get_abs_path "$2"`
|
|
|
|
#if [ "$AFL_ALLOW_TMP" = "" ]; then
|
|
#
|
|
# echo "$inputdir" | grep -qE '^(/var)?/tmp/'
|
|
# T1="$?"
|
|
#
|
|
# echo "$outputdir" | grep -qE '^(/var)?/tmp/'
|
|
# T2="$?"
|
|
#
|
|
# if [ "$T1" = "0" -o "$T2" = "0" ]; then
|
|
#
|
|
# echo "[-] Error: this script shouldn't be used with shared /tmp directories." 1>&2
|
|
# exit 1
|
|
#
|
|
# fi
|
|
#
|
|
#fi
|
|
|
|
if [ ! -f "$inputdir/plot_data" ]; then
|
|
|
|
echo "[-] Error: input directory is not valid (missing 'plot_data')." 1>&2
|
|
exit 1
|
|
|
|
fi
|
|
|
|
LINES=`cat "$inputdir/plot_data" | wc -l`
|
|
|
|
if [ "$LINES" -lt 3 ]; then
|
|
|
|
echo "[-] Error: plot_data carries too little data, let it run longer." 1>&2
|
|
exit 1
|
|
|
|
fi
|
|
|
|
BANNER="`cat "$inputdir/fuzzer_stats" 2> /dev/null | grep '^afl_banner ' | cut -d: -f2- | cut -b2-`"
|
|
|
|
test "$BANNER" = "" && BANNER="(none)"
|
|
|
|
GNUPLOT=`command -v gnuplot 2>/dev/null`
|
|
|
|
if [ "$GNUPLOT" = "" ]; then
|
|
|
|
echo "[-] Error: can't find 'gnuplot' in your \$PATH." 1>&2
|
|
exit 1
|
|
|
|
fi
|
|
|
|
mkdir "$outputdir" 2>/dev/null
|
|
|
|
if [ ! -d "$outputdir" ]; then
|
|
|
|
echo "[-] Error: unable to create the output directory - pick another location." 1>&2
|
|
exit 1
|
|
|
|
fi
|
|
|
|
rm -f "$outputdir/high_freq.png" "$outputdir/low_freq.png" "$outputdir/exec_speed.png" "$outputdir/edges.png"
|
|
mv -f "$outputdir/index.html" "$outputdir/index.html.orig" 2>/dev/null
|
|
|
|
echo "[*] Generating plots..."
|
|
|
|
(
|
|
|
|
cat <<_EOF_
|
|
set terminal png truecolor enhanced size 1000,300 butt
|
|
|
|
set output '$outputdir/high_freq.png'
|
|
|
|
#set xdata time
|
|
#set timefmt '%s'
|
|
#set format x "%b %d\n%H:%M"
|
|
set tics font 'small'
|
|
unset mxtics
|
|
unset mytics
|
|
|
|
set grid xtics linetype 0 linecolor rgb '#e0e0e0'
|
|
set grid ytics linetype 0 linecolor rgb '#e0e0e0'
|
|
set border linecolor rgb '#50c0f0'
|
|
set tics textcolor rgb '#000000'
|
|
set key outside
|
|
|
|
set autoscale xfixmin
|
|
set autoscale xfixmax
|
|
|
|
set xlabel "all times in UTC" font "small"
|
|
|
|
plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'total paths' linecolor rgb '#000000' fillstyle transparent solid 0.2 noborder, \\
|
|
'' using 1:3 with filledcurve x1 title 'current path' linecolor rgb '#f0f0f0' fillstyle transparent solid 0.5 noborder, \\
|
|
'' using 1:5 with lines title 'pending paths' linecolor rgb '#0090ff' linewidth 3, \\
|
|
'' using 1:6 with lines title 'pending favs' linecolor rgb '#c00080' linewidth 3, \\
|
|
'' using 1:2 with lines title 'cycles done' linecolor rgb '#c000f0' linewidth 3
|
|
|
|
set terminal png truecolor enhanced size 1000,200 butt
|
|
set output '$outputdir/low_freq.png'
|
|
|
|
plot '$inputdir/plot_data' using 1:8 with filledcurve x1 title '' linecolor rgb '#c00080' fillstyle transparent solid 0.2 noborder, \\
|
|
'' using 1:8 with lines title ' uniq crashes' linecolor rgb '#c00080' linewidth 3, \\
|
|
'' using 1:9 with lines title 'uniq hangs' linecolor rgb '#c000f0' linewidth 3, \\
|
|
'' using 1:10 with lines title 'levels' linecolor rgb '#0090ff' linewidth 3
|
|
|
|
set terminal png truecolor enhanced size 1000,200 butt
|
|
set output '$outputdir/exec_speed.png'
|
|
|
|
plot '$inputdir/plot_data' using 1:11 with filledcurve x1 title '' linecolor rgb '#0090ff' fillstyle transparent solid 0.2 noborder, \\
|
|
'$inputdir/plot_data' using 1:11 with lines title ' execs/sec' linecolor rgb '#0090ff' linewidth 3 smooth bezier;
|
|
|
|
set terminal png truecolor enhanced size 1000,300 butt
|
|
set output '$outputdir/edges.png'
|
|
|
|
plot '$inputdir/plot_data' using 1:13 with lines title ' edges' linecolor rgb '#0090ff' linewidth 3
|
|
|
|
_EOF_
|
|
|
|
) | gnuplot
|
|
|
|
if [ ! -s "$outputdir/exec_speed.png" ]; then
|
|
|
|
echo "[-] Error: something went wrong! Perhaps you have an ancient version of gnuplot?" 1>&2
|
|
exit 1
|
|
|
|
fi
|
|
|
|
echo "[*] Generating index.html..."
|
|
|
|
cat >"$outputdir/index.html" <<_EOF_
|
|
<table style="font-family: 'Trebuchet MS', 'Tahoma', 'Arial', 'Helvetica'">
|
|
<tr><td style="width: 18ex"><b>Banner:</b></td><td>$BANNER</td></tr>
|
|
<tr><td><b>Directory:</b></td><td>$inputdir</td></tr>
|
|
<tr><td><b>Generated on:</b></td><td>`date`</td></tr>
|
|
</table>
|
|
<p>
|
|
<img src="edges.png" width=1000 height=300>
|
|
<img src="high_freq.png" width=1000 height=300><p>
|
|
<img src="low_freq.png" width=1000 height=200><p>
|
|
<img src="exec_speed.png" width=1000 height=200>
|
|
|
|
_EOF_
|
|
|
|
# Make it easy to remotely view results when outputting directly to a directory
|
|
# served by Apache or other HTTP daemon. Since the plots aren't horribly
|
|
# sensitive, this seems like a reasonable trade-off.
|
|
|
|
chmod 755 "$outputdir"
|
|
chmod 644 "$outputdir/high_freq.png" "$outputdir/low_freq.png" "$outputdir/exec_speed.png" "$outputdir/edges.png" "$outputdir/index.html"
|
|
|
|
echo "[+] All done - enjoy your charts!"
|
|
|
|
exit 0
|