Giter VIP home page Giter VIP logo

python-afl's Introduction

This is experimental module that enables American Fuzzy Lop fork server and instrumentation for pure-Python code.

HOWTO

  • Add this code (ideally, after all other modules are already imported) to the target program:

    import afl
afl.init()

  • The instrumentation is currently implemented with a trace function, which is called whenever a new local scope is entered. You might need to wrap the code of the main program in a function to get it instrumented correctly.

  • Optionally, add this code at the end of the target program:

    os._exit(0)

    This should speed up fuzzing considerably, at the risk of not catching bugs that could happen during normal exit.

  • For persistent mode, wrap the tested code in this loop:

    while afl.loop(N):
   ...

    where N is the number of inputs to process before restarting.

    You shouldn't call afl.init() in this case.

    If you read input from sys.stdin, you must rewind it in every loop iteration:

    sys.stdin.seek(0)

    afl-fuzz ≥ 1.82b is required for this feature.

  • Use py-afl-fuzz instead of afl-fuzz:

    $ py-afl-fuzz [options] -- /path/to/fuzzed/python/script [...]

  • The instrumentation is a bit slow at the moment, so you might want to enable the dumb mode (-n), while still leveraging the fork server.

    afl-fuzz ≥ 1.95b is required for this feature.

Environment variables

The following environment variables affect python-afl behavior:

PYTHON_AFL_SIGNAL

If this variable is set, python-afl installs an exception hook that kills the current process with the selected signal. That way afl-fuzz can treat unhandled exceptions as crashes.

By default, py-afl-fuzz, py-afl-showmap, python-afl-cmin, and py-afl-tmin set this variable to SIGUSR1.

You can set PYTHON_AFL_SIGNAL to another signal; or set it to 0 to disable the exception hook.

PYTHON_AFL_PERSISTENT

Persistent mode is enabled only if this variable is set.

py-afl-fuzz sets this variable automatically, so there should normally no need to set it manually.

PYTHON_AFL_TSTL
TSTL test harness code is ignored if this variable is set; relevant only to users of TSTL interface to python-afl.

Bugs

Multi-threaded code is not supported.

Further reading

Prerequisites

To build the module, you will need:

  • Python 2.6+ or 3.2+
  • Cython ≥ 0.19 (only at build time)

py-afl-fuzz requires AFL proper to be installed.

python-afl's People

Contributors

agroce avatar alex avatar jwilk avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.