| Index: third_party/afl/src/docs/sister_projects.txt
|
| diff --git a/third_party/afl/src/docs/sister_projects.txt b/third_party/afl/src/docs/sister_projects.txt
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..886c2f59fdfa622f7b15b103a0c519511c732fa4
|
| --- /dev/null
|
| +++ b/third_party/afl/src/docs/sister_projects.txt
|
| @@ -0,0 +1,275 @@
|
| +===============
|
| +Sister projects
|
| +===============
|
| +
|
| + This doc lists some of the projects that are inspired by, derived from,
|
| + designed for, or meant to integrate with AFL. See README for the general
|
| + instruction manual.
|
| +
|
| +----------------------------
|
| +Support for other languages:
|
| +----------------------------
|
| +
|
| +Python AFL (Jakub Wilk)
|
| +-----------------------
|
| +
|
| + Allows fuzz-testing of Python programs. Uses custom instrumentation and its
|
| + own forkserver.
|
| +
|
| + http://jwilk.net/software/python-afl
|
| +
|
| +Go-fuzz (Dmitry Vyukov)
|
| +-----------------------
|
| +
|
| + AFL-inspired guided fuzzing approach for Go targets:
|
| +
|
| + https://github.com/dvyukov/go-fuzz
|
| +
|
| +afl.rs (Keegan McAllister)
|
| +--------------------------
|
| +
|
| + Allows Rust features to be easily fuzzed with AFL (using the LLVM mode).
|
| +
|
| + https://github.com/kmcallister/afl.rs
|
| +
|
| +OCaml support (KC Sivaramakrishnan)
|
| +-----------------------------------
|
| +
|
| + Adds AFL-compatible instrumentation to OCaml programs.
|
| +
|
| + https://github.com/ocamllabs/opam-repo-dev/pull/23
|
| + http://canopy.mirage.io/Posts/Fuzzing
|
| +
|
| +AFL for GCJ Java and other GCC frontends (-)
|
| +--------------------------------------------
|
| +
|
| + GCC Java programs are actually supported out of the box - simply rename
|
| + afl-gcc to afl-gcj. Unfortunately, by default, unhandled exceptions in GCJ do
|
| + not result in abort() being called, so you will need to manually add a
|
| + top-level exception handler that exits with SIGABRT or something equivalent.
|
| +
|
| + Other GCC-supported languages should be fairly easy to get working, but may
|
| + face similar problems. See https://gcc.gnu.org/frontends.html for a list of
|
| + options.
|
| +
|
| +AFL-style in-process fuzzer for LLVM (Kostya Serebryany)
|
| +--------------------------------------------------------
|
| +
|
| + Provides an evolutionary instrumentation-guided fuzzing harness that allows
|
| + some programs to be fuzzed without the fork / execve overhead. (Similar
|
| + functionality is now available as the "persistent" feature described in
|
| + ../llvm_mode/README.llvm.)
|
| +
|
| + http://llvm.org/docs/LibFuzzer.html
|
| +
|
| +AFL fixup shim (Ben Nagy)
|
| +-------------------------
|
| +
|
| + Allows AFL_POST_LIBRARY postprocessors to be written in arbitrary languages
|
| + that don't have C / .so bindings. Includes examples in Go.
|
| +
|
| + https://github.com/bnagy/aflfix
|
| +
|
| +----------------
|
| +Network fuzzing:
|
| +----------------
|
| +
|
| +Preeny (Yan Shoshitaishvili)
|
| +----------------------------
|
| +
|
| + Provides a fairly simple way to convince dynamically linked network-centric
|
| + programs to read from a file or not fork. Not AFL-specific, but described as
|
| + useful by many users. Some assembly required.
|
| +
|
| + https://github.com/zardus/preeny
|
| +
|
| +-------------------------------------------
|
| +Distributed fuzzing and related automation:
|
| +-------------------------------------------
|
| +
|
| +roving (Richo Healey)
|
| +---------------------
|
| +
|
| + A client-server architecture for effortlessly orchestrating AFL runs across
|
| + a fleet of machines. You don't want to use this on systems that face the
|
| + Internet or live in other untrusted environments.
|
| +
|
| + https://github.com/richo/roving
|
| +
|
| +Distfuzz-AFL (Martijn Bogaard)
|
| +------------------------------
|
| +
|
| + Simplifies the management of afl-fuzz instances on remote machines. The
|
| + author notes that the current implementation isn't secure and should not
|
| + be exposed on the Internet.
|
| +
|
| + https://github.com/MartijnB/disfuzz-afl
|
| +
|
| +afl-launch (Ben Nagy)
|
| +---------------------
|
| +
|
| + Batch AFL launcher utility with a simple CLI.
|
| +
|
| + https://github.com/bnagy/afl-launch
|
| +
|
| +AFL Utils (rc0r)
|
| +----------------
|
| +
|
| + Simplifies the triage of discovered crashes, start parallel instances, etc.
|
| +
|
| + https://github.com/rc0r/afl-utils
|
| +
|
| +afl-fuzzing-scripts (Tobias Ospelt)
|
| +-----------------------------------
|
| +
|
| + Simplifies starting up multiple parallel AFL jobs.
|
| +
|
| + https://github.com/floyd-fuh/afl-fuzzing-scripts/
|
| +
|
| +afl-sid (Jacek Wielemborek)
|
| +---------------------------
|
| +
|
| + Allows users to more conveniently build and deploy AFL via Docker.
|
| +
|
| + https://github.com/d33tah/afl-sid
|
| +
|
| +-----------------------------------------------------------
|
| +Crash triage, coverage analysis, and other companion tools:
|
| +-----------------------------------------------------------
|
| +
|
| +afl-crash-analyzer (Tobias Ospelt)
|
| +----------------------------------
|
| +
|
| + Makes it easier to navigate and annotate crashing test cases.
|
| +
|
| + https://github.com/floyd-fuh/afl-crash-analyzer/
|
| +
|
| +Crashwalk (Ben Nagy)
|
| +--------------------
|
| +
|
| + AFL-aware tool to annotate and sort through crashing test cases.
|
| +
|
| + https://github.com/bnagy/crashwalk
|
| +
|
| +afl-cov (Michael Rash)
|
| +----------------------
|
| +
|
| + Produces human-readable coverage data based on the output queue of afl-fuzz.
|
| +
|
| + https://github.com/mrash/afl-cov
|
| +
|
| +RecidiVM (Jakub Wilk)
|
| +---------------------
|
| +
|
| + Makes it easy to estimate memory usage limits when fuzzing with ASAN or MSAN.
|
| +
|
| + http://jwilk.net/software/recidivm
|
| +
|
| +aflize (Jacek Wielemborek)
|
| +--------------------------
|
| +
|
| + Automatically build AFL-enabled versions of Debian packages.
|
| +
|
| + https://github.com/d33tah/aflize
|
| +
|
| +afl-ddmin-mod (Markus Teufelberger)
|
| +-----------------------------------
|
| +
|
| + A variant of afl-tmin that uses a more sophisticated (but slower)
|
| + minimization algorithm.
|
| +
|
| + https://github.com/MarkusTeufelberger/afl-ddmin-mod
|
| +
|
| +-------------------------------
|
| +Narrow-purpose or experimental:
|
| +-------------------------------
|
| +
|
| +Cygwin support (Ali Rizvi-Santiago)
|
| +-----------------------------------
|
| +
|
| + Pretty self-explanatory. As per the author, this "mostly" ports AFL to
|
| + Windows. Field reports welcome!
|
| +
|
| + https://github.com/arizvisa/afl-cygwin
|
| +
|
| +Pause and resume scripts (Ben Nagy)
|
| +-----------------------------------
|
| +
|
| + Simple automation to suspend and resume groups of fuzzing jobs.
|
| +
|
| + https://gist.github.com/bnagy/8f0eb29eb125653f73fd
|
| +
|
| +Static binary-only instrumentation (Aleksandar Nikolich)
|
| +--------------------------------------------------------
|
| +
|
| + Allows black-box binaries to be instrumented statically (i.e., by modifying
|
| + the binary ahead of the time, rather than translating it on the run). Author
|
| + reports better performance compared to QEMU, but occasional translation
|
| + errors with stripped binaries.
|
| +
|
| + https://github.com/vrtadmin/moflow/tree/master/afl-dyninst
|
| +
|
| +AFL PIN (Parker Thompson)
|
| +-------------------------
|
| +
|
| + Early-stage Intel PIN instrumentation support (from before we settled on
|
| + faster-running QEMU).
|
| +
|
| + https://github.com/mothran/aflpin
|
| +
|
| +AFL-style instrumentation in llvm (Kostya Serebryany)
|
| +-----------------------------------------------------
|
| +
|
| + Allows AFL-equivalent instrumentation to be injected at compiler level.
|
| + This is currently not supported by AFL as-is, but may be useful in other
|
| + projects.
|
| +
|
| + https://code.google.com/p/address-sanitizer/wiki/AsanCoverage#Coverage_counters
|
| +
|
| +AFL JS (Han Choongwoo)
|
| +----------------------
|
| +
|
| + One-off optimizations to speed up the fuzzing of JavaScriptCore (now likely
|
| + superseded by LLVM deferred forkserver init - see llvm_mode/README.llvm).
|
| +
|
| + https://github.com/tunz/afl-fuzz-js
|
| +
|
| +AFL harness for fwknop (Michael Rash)
|
| +-------------------------------------
|
| +
|
| + An example of a fairly involved integration with AFL.
|
| +
|
| + https://github.com/mrash/fwknop/tree/master/test/afl
|
| +
|
| +Building harnesses for DNS servers (Jonathan Foote, Ron Bowes)
|
| +--------------------------------------------------------------
|
| +
|
| + Two articles outlining the general principles and showing some example code.
|
| +
|
| + https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop
|
| + https://goo.gl/j9EgFf
|
| +
|
| +Fuzzer shell for SQLite (Richard Hipp)
|
| +--------------------------------------
|
| +
|
| + A simple SQL shell designed specifically for fuzzing the underlying library.
|
| +
|
| + http://www.sqlite.org/src/artifact/9e7e273da2030371
|
| +
|
| +Support for Python mutation modules (Christian Holler)
|
| +------------------------------------------------------
|
| +
|
| + https://github.com/choller/afl/blob/master/docs/mozilla/python_modules.txt
|
| +
|
| +Support for selective instrumentation (Christian Holler)
|
| +--------------------------------------------------------
|
| +
|
| + https://github.com/choller/afl/blob/master/docs/mozilla/partial_instrumentation.txt
|
| +
|
| +Kernel fuzzing (Dmitry Vyukov)
|
| +------------------------------
|
| +
|
| + A similar guided approach as applied to fuzzing syscalls:
|
| +
|
| + https://github.com/google/syzkaller/wiki/Found-Bugs
|
| + https://github.com/dvyukov/linux/commit/33787098ffaaa83b8a7ccf519913ac5fd6125931
|
|
|
Chromium Code Reviews
Issue 2075883002:
Add American Fuzzy Lop (afl) to third_party/afl/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master