3. AFL (American fuzzy lop)
American fuzzy lop – security-oriented fuzzer that employs a novel type of
compile-time instrumentation and genetic algorithms [2]
AFL found vulnerabilities and other bugs in:
tcpdump, ffmpeg, VLC, OpenCV, MySQL, SQLite, PuTTY, wireshark, radare2,
tmux, X.Org Server, PHP, OpenSSL, pngcrush, bash, Firefox, BIND, Qt etc.
5. Simple test
import os
import sys
def main():
data = sys.stdin.read()
if len(data) == 2 and data[0] == '1' and data[1] == '2':
raise Exception('BUG!')
os._exit(0)
if __name__ == '__main__':
import afl
afl.start()
main()
6. AFL config and run
# echo core > /proc/sys/kernel/core_pattern
Maybe skip CPU freq is required: AFL_SKIP_CPUFREQ=1 or update CPUFREQ
settings for CPUs:
# echo performance | tee
/sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
$ py-afl-fuzz -m 500 -t 2000 -i in -o out -- python test.py