OLD | NEW |
(Empty) | |
| 1 Here's a quick overview of the stuff you can find in this directory: |
| 2 |
| 3 - argv_fuzzing - a simple wrapper to allow cmdline to be fuzzed |
| 4 (e.g., to test setuid programs). |
| 5 |
| 6 - asan_cgroups - a contributed script to simplify fuzzing ASAN |
| 7 binaries with robust memory limits on Linux. |
| 8 |
| 9 - bash_shellshock - a simple hack used to find a bunch of |
| 10 post-Shellshock bugs in bash. |
| 11 |
| 12 - canvas_harness - a test harness used to find browser bugs with a |
| 13 corpus generated using simple image parsing |
| 14 binaries & afl-fuzz. |
| 15 |
| 16 - clang_asm_normalize - a script that makes it easy to instrument |
| 17 hand-written assembly, provided that you have clang. |
| 18 |
| 19 - crash_triage - a very rudimentary example of how to annotate crashes |
| 20 with additional gdb metadata. |
| 21 |
| 22 - distributed_fuzzing - a sample script for synchronizing fuzzer instances |
| 23 across multiple machines (see parallel_fuzzing.txt). |
| 24 |
| 25 - instrumented_cmp - an experiment showing how a custom memcmp() or |
| 26 strcmp() can be used to work around one of the |
| 27 limitations of afl-fuzz. |
| 28 |
| 29 - libpng_no_checksum - a sample patch for removing CRC checks in libpng. |
| 30 |
| 31 - persistent_demo - an example of how to use the LLVM persistent process |
| 32 mode to speed up certain fuzzing jobs. |
| 33 |
| 34 - post_library - an example of how to build postprocessors for AFL. |
| 35 |
| 36 Note that the minimize_corpus.sh tool has graduated from the experimental/ |
| 37 directory and is now available as ../afl-cmin. The LLVM mode has likewise |
| 38 graduated to ../llvm_mode/*. |
| 39 |
| 40 Most of the tools in this directory are meant chiefly as examples that need to |
| 41 be tweaked for your specific needs. They come with some basic documentation, |
| 42 but are not necessarily production-grade. |
OLD | NEW |