Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(324)

Unified Diff: third_party/afl/src/docs/sister_projects.txt

Issue 2075883002: Add American Fuzzy Lop (afl) to third_party/afl/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix nits Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/afl/src/docs/perf_tips.txt ('k') | third_party/afl/src/docs/status_screen.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/afl/src/docs/sister_projects.txt
diff --git a/third_party/afl/src/docs/sister_projects.txt b/third_party/afl/src/docs/sister_projects.txt
new file mode 100644
index 0000000000000000000000000000000000000000..886c2f59fdfa622f7b15b103a0c519511c732fa4
--- /dev/null
+++ b/third_party/afl/src/docs/sister_projects.txt
@@ -0,0 +1,275 @@
+===============
+Sister projects
+===============
+
+ This doc lists some of the projects that are inspired by, derived from,
+ designed for, or meant to integrate with AFL. See README for the general
+ instruction manual.
+
+----------------------------
+Support for other languages:
+----------------------------
+
+Python AFL (Jakub Wilk)
+-----------------------
+
+ Allows fuzz-testing of Python programs. Uses custom instrumentation and its
+ own forkserver.
+
+ http://jwilk.net/software/python-afl
+
+Go-fuzz (Dmitry Vyukov)
+-----------------------
+
+ AFL-inspired guided fuzzing approach for Go targets:
+
+ https://github.com/dvyukov/go-fuzz
+
+afl.rs (Keegan McAllister)
+--------------------------
+
+ Allows Rust features to be easily fuzzed with AFL (using the LLVM mode).
+
+ https://github.com/kmcallister/afl.rs
+
+OCaml support (KC Sivaramakrishnan)
+-----------------------------------
+
+ Adds AFL-compatible instrumentation to OCaml programs.
+
+ https://github.com/ocamllabs/opam-repo-dev/pull/23
+ http://canopy.mirage.io/Posts/Fuzzing
+
+AFL for GCJ Java and other GCC frontends (-)
+--------------------------------------------
+
+ GCC Java programs are actually supported out of the box - simply rename
+ afl-gcc to afl-gcj. Unfortunately, by default, unhandled exceptions in GCJ do
+ not result in abort() being called, so you will need to manually add a
+ top-level exception handler that exits with SIGABRT or something equivalent.
+
+ Other GCC-supported languages should be fairly easy to get working, but may
+ face similar problems. See https://gcc.gnu.org/frontends.html for a list of
+ options.
+
+AFL-style in-process fuzzer for LLVM (Kostya Serebryany)
+--------------------------------------------------------
+
+ Provides an evolutionary instrumentation-guided fuzzing harness that allows
+ some programs to be fuzzed without the fork / execve overhead. (Similar
+ functionality is now available as the "persistent" feature described in
+ ../llvm_mode/README.llvm.)
+
+ http://llvm.org/docs/LibFuzzer.html
+
+AFL fixup shim (Ben Nagy)
+-------------------------
+
+ Allows AFL_POST_LIBRARY postprocessors to be written in arbitrary languages
+ that don't have C / .so bindings. Includes examples in Go.
+
+ https://github.com/bnagy/aflfix
+
+----------------
+Network fuzzing:
+----------------
+
+Preeny (Yan Shoshitaishvili)
+----------------------------
+
+ Provides a fairly simple way to convince dynamically linked network-centric
+ programs to read from a file or not fork. Not AFL-specific, but described as
+ useful by many users. Some assembly required.
+
+ https://github.com/zardus/preeny
+
+-------------------------------------------
+Distributed fuzzing and related automation:
+-------------------------------------------
+
+roving (Richo Healey)
+---------------------
+
+ A client-server architecture for effortlessly orchestrating AFL runs across
+ a fleet of machines. You don't want to use this on systems that face the
+ Internet or live in other untrusted environments.
+
+ https://github.com/richo/roving
+
+Distfuzz-AFL (Martijn Bogaard)
+------------------------------
+
+ Simplifies the management of afl-fuzz instances on remote machines. The
+ author notes that the current implementation isn't secure and should not
+ be exposed on the Internet.
+
+ https://github.com/MartijnB/disfuzz-afl
+
+afl-launch (Ben Nagy)
+---------------------
+
+ Batch AFL launcher utility with a simple CLI.
+
+ https://github.com/bnagy/afl-launch
+
+AFL Utils (rc0r)
+----------------
+
+ Simplifies the triage of discovered crashes, start parallel instances, etc.
+
+ https://github.com/rc0r/afl-utils
+
+afl-fuzzing-scripts (Tobias Ospelt)
+-----------------------------------
+
+ Simplifies starting up multiple parallel AFL jobs.
+
+ https://github.com/floyd-fuh/afl-fuzzing-scripts/
+
+afl-sid (Jacek Wielemborek)
+---------------------------
+
+ Allows users to more conveniently build and deploy AFL via Docker.
+
+ https://github.com/d33tah/afl-sid
+
+-----------------------------------------------------------
+Crash triage, coverage analysis, and other companion tools:
+-----------------------------------------------------------
+
+afl-crash-analyzer (Tobias Ospelt)
+----------------------------------
+
+ Makes it easier to navigate and annotate crashing test cases.
+
+ https://github.com/floyd-fuh/afl-crash-analyzer/
+
+Crashwalk (Ben Nagy)
+--------------------
+
+ AFL-aware tool to annotate and sort through crashing test cases.
+
+ https://github.com/bnagy/crashwalk
+
+afl-cov (Michael Rash)
+----------------------
+
+ Produces human-readable coverage data based on the output queue of afl-fuzz.
+
+ https://github.com/mrash/afl-cov
+
+RecidiVM (Jakub Wilk)
+---------------------
+
+ Makes it easy to estimate memory usage limits when fuzzing with ASAN or MSAN.
+
+ http://jwilk.net/software/recidivm
+
+aflize (Jacek Wielemborek)
+--------------------------
+
+ Automatically build AFL-enabled versions of Debian packages.
+
+ https://github.com/d33tah/aflize
+
+afl-ddmin-mod (Markus Teufelberger)
+-----------------------------------
+
+ A variant of afl-tmin that uses a more sophisticated (but slower)
+ minimization algorithm.
+
+ https://github.com/MarkusTeufelberger/afl-ddmin-mod
+
+-------------------------------
+Narrow-purpose or experimental:
+-------------------------------
+
+Cygwin support (Ali Rizvi-Santiago)
+-----------------------------------
+
+ Pretty self-explanatory. As per the author, this "mostly" ports AFL to
+ Windows. Field reports welcome!
+
+ https://github.com/arizvisa/afl-cygwin
+
+Pause and resume scripts (Ben Nagy)
+-----------------------------------
+
+ Simple automation to suspend and resume groups of fuzzing jobs.
+
+ https://gist.github.com/bnagy/8f0eb29eb125653f73fd
+
+Static binary-only instrumentation (Aleksandar Nikolich)
+--------------------------------------------------------
+
+ Allows black-box binaries to be instrumented statically (i.e., by modifying
+ the binary ahead of the time, rather than translating it on the run). Author
+ reports better performance compared to QEMU, but occasional translation
+ errors with stripped binaries.
+
+ https://github.com/vrtadmin/moflow/tree/master/afl-dyninst
+
+AFL PIN (Parker Thompson)
+-------------------------
+
+ Early-stage Intel PIN instrumentation support (from before we settled on
+ faster-running QEMU).
+
+ https://github.com/mothran/aflpin
+
+AFL-style instrumentation in llvm (Kostya Serebryany)
+-----------------------------------------------------
+
+ Allows AFL-equivalent instrumentation to be injected at compiler level.
+ This is currently not supported by AFL as-is, but may be useful in other
+ projects.
+
+ https://code.google.com/p/address-sanitizer/wiki/AsanCoverage#Coverage_counters
+
+AFL JS (Han Choongwoo)
+----------------------
+
+ One-off optimizations to speed up the fuzzing of JavaScriptCore (now likely
+ superseded by LLVM deferred forkserver init - see llvm_mode/README.llvm).
+
+ https://github.com/tunz/afl-fuzz-js
+
+AFL harness for fwknop (Michael Rash)
+-------------------------------------
+
+ An example of a fairly involved integration with AFL.
+
+ https://github.com/mrash/fwknop/tree/master/test/afl
+
+Building harnesses for DNS servers (Jonathan Foote, Ron Bowes)
+--------------------------------------------------------------
+
+ Two articles outlining the general principles and showing some example code.
+
+ https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop
+ https://goo.gl/j9EgFf
+
+Fuzzer shell for SQLite (Richard Hipp)
+--------------------------------------
+
+ A simple SQL shell designed specifically for fuzzing the underlying library.
+
+ http://www.sqlite.org/src/artifact/9e7e273da2030371
+
+Support for Python mutation modules (Christian Holler)
+------------------------------------------------------
+
+ https://github.com/choller/afl/blob/master/docs/mozilla/python_modules.txt
+
+Support for selective instrumentation (Christian Holler)
+--------------------------------------------------------
+
+ https://github.com/choller/afl/blob/master/docs/mozilla/partial_instrumentation.txt
+
+Kernel fuzzing (Dmitry Vyukov)
+------------------------------
+
+ A similar guided approach as applied to fuzzing syscalls:
+
+ https://github.com/google/syzkaller/wiki/Found-Bugs
+ https://github.com/dvyukov/linux/commit/33787098ffaaa83b8a7ccf519913ac5fd6125931
« no previous file with comments | « third_party/afl/src/docs/perf_tips.txt ('k') | third_party/afl/src/docs/status_screen.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698