mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-09 00:31:33 +00:00

History

* afl++ -> AFL++

* update readme

* more debug

* slightly different weighting algo (#1719)

* better seed selection

* slightly different weighting calculation

* remove unnecessary memset

* Add "Hangs saved" to afl-whatsup (#1717)

The hangs could show long or infinite loops. This is important.

Co-authored-by: van Hauser <vh@thc.org>

* nits

* afl-showmap: Start a only a single fork server (#1718)

A forkserver is started by afl_fsrv_get_mapsize() when dynamically
finding the map size.  When an input directory option is specified a
second fork server was also started.  This commit re-arranges the inits
for several forkserver struct members so that we can re-use the server
started by the get_mapsize() call when not in coresight/qemu/unicorn
modes and just start the server otherwise.

* Source Code Coverage support for Nyx (Part 1) (#1720)

* Additional source code reformatting in afl-compiler-rt

* Add source code coverage support to afl-compiler-rt (for use with Nyx)

* doc, code format

* llvm 17 changes

* more llvm 17

* add frida mode tutorial

* fix effector map

* docs

* Should memset EFF_ALEN(len) of eff_map (#1722)

* fix reallocs

* fix afl-system-config for macos

* afl-fuzz.c: Document -i - in --help (#1725)

afl-fuzz.c: Document `-i -` in `--help`, to write that `-i` can be passed '-' to resume the prior fuzzing job. Also reference AFL_AUTORESUME so users know they can set that parameter to sidestep the issue entirely.

* tritondse custom mutator attempt

* tritondse fixes

* update libnyx (#1727)

* GNUmakefile: Update LLVM instructions (#1728)

Update LLVM instructions, because versions higher than 14 are supported and to be explicit that LLD is also required

* disable macos in the ci, works fine for me

* fix makefile

* better tritondse support

* next steps for tritondse

* qemuafl: Persistent mode for PPC32 targets

* update qemu_mode

* afl-clang-lto incomptable with -flto=thin

* add @responsefile support for afl-cc

---------

Co-authored-by: fxlb <devel.fx.lebail@orange.fr>
Co-authored-by: Nick Potenski <nick.potenski@garmin.com>
Co-authored-by: Christian Holler (:decoder) <choller@mozilla.com>
Co-authored-by: lazymio <mio@lazym.io>
Co-authored-by: Moshe Kaplan <me@moshekaplan.com>
Co-authored-by: Sergej Schumilo <sergej@schumilo.de>
Co-authored-by: Dominik Maier <domenukk@gmail.com>

2023-05-15 10:51:37 +02:00

aflpp_tritondse

push to stable (#1734 )

2023-05-15 10:51:37 +02:00

atnwalk

makefile for atwalk

2023-04-24 19:20:52 +02:00

autotokens

nits

2023-02-23 15:26:41 +01:00

examples

fix custom mutator C examples

2023-04-15 10:12:20 +02:00

gramatron

welcome 2023

2023-01-03 09:38:07 +01:00

grammar_mutator

welcome 2023

2023-01-03 09:38:07 +01:00

honggfuzz

remove symlinks

2023-04-25 14:55:31 +02:00

libafl_base

LibAFL custom mutator: unused variables with underscores

2023-01-05 11:49:58 +00:00

libfuzzer

Add missing blank lines and remove double blank lines

2021-12-04 22:28:05 +01:00

libprotobuf-mutator-example

Removed unused byte in allocation

2022-01-13 10:12:23 +01:00

radamsa

remove symlinks

2023-04-25 14:55:31 +02:00

rust

rust custom mutator: mark external fns unsafe

2023-01-05 12:25:02 +00:00

symcc

code format

2022-04-18 13:14:20 +02:00

Android.bp

android: support host and target 32bit build

2021-03-25 20:40:31 +08:00

README.md

code format

2023-04-22 11:39:44 +02:00

README.md

Custom Mutators

Custom mutators enhance and alter the mutation strategies of AFL++. For further information and documentation on how to write your own, read the docs.

Examples

The ./examples folder contains examples for custom mutators in python and C.

Rust

In ./rust, you will find rust bindings, including a simple example in ./rust/example and an example for structured fuzzing, based on lain, in./rust/example_lain.

Production-Ready Custom Mutators

This directory holds ready to use custom mutators. Just type "make" in the individual subdirectories.

Use with e.g.

AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/radamsa/radamsa-mutator.so afl-fuzz ....

and add AFL_CUSTOM_MUTATOR_ONLY=1 if you only want to use the custom mutator.

Multiple custom mutators can be used by separating their paths with : in the environment variable.

The AFL++ grammar agnostic grammar mutator

In ./autotokens you find a token-level fuzzer that does not need to know anything about the grammar of an input as long as it is in ascii and allows whitespace. It is very fast and effective.

If you are looking for an example of how to effectively create a custom mutator take a look at this one.

The AFL++ Grammar Mutator

If you use git to clone AFL++, then the following will incorporate our excellent grammar custom mutator:

git submodule update --init

Read the README in the Grammar-Mutator repository on how to use it.

Note that this custom mutator is not very good though!

Other Mutators

atnwalk and gramatron are grammar custom mutators. Example grammars are provided.

honggfuzz, libfuzzer and libafl are partial implementations based on the mutator implementations of the respective fuzzers. More for playing than serious usage.

radamsa is slow and not very good.

3rd Party Custom Mutators

Superion Mutators

Adrian Tiron ported the Superion grammar fuzzer to AFL++, it is WIP and requires cmake (among other things): https://github.com/adrian-rt/superion-mutator

libprotobuf Mutators

There are two WIP protobuf projects, that require work to be working though:

transforms protobuf raw: https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator

has a transform function you need to fill for your protobuf format, however needs to be ported to the updated AFL++ custom mutator API (not much work): https://github.com/thebabush/afl-libprotobuf-mutator

same as above but is for current AFL++: https://github.com/P1umer/AFLplusplus-protobuf-mutator