/\____   ___  zS!
 _/__\__ \_/   \   ___  /\_    ______
/  /  /  /  /  / _/ __\/  /  _/   \_ \/\___
¯\/¯\/__/¯\___/ /  __\/  /__/  /  /  / /  /
                ¯\/   ¯\___/¯\___/¯\_____/

moflow-0.8

This version is compatible with BAP-0.8 which includes x86/x64 target support
BAP-0.8 is included with required modifications to the gentrace tool and bap trace format handling
Note: This version of moflow includes a pintool that requires Linux 3.x kernel
This tool has been developed on Ubuntu 14.04 x64

MOFLOW FRAMEWORK

Moflow is a software security framework containing tools for vulnerability discovery and triage. Moflow is focused on providing automated solutions based upon the latest research to assist in building more secure software. The vulnerability discovery tools include an automated test generation engine based on concolic execution combining dynamic taint tracing and symbolic execution, which is considered state of the art for zero-configuration parser fuzzing. The triage tools include the ability to automatically determine input bytes related to an exception using dynamic trace slicing algorithms as well as a forward symbolic execution based exploitability analysis.

EGAS

EGAS is an automated test generation tool based on concolic execution. EGAS leverages dynamic binary instrumentation to modify ELF binaries to enable dataflow tracking for taint analysis. New tests are generated by analyzing dataflow paths for nearby constraints and solving for new inputs by translating the binary for symbolic execution. This plugin is essentially a clone of Microsoft SAGE.

SLICER

SLICER is a tool that assists with root cause analysis by slicing forward or backward from arbitrary points in a dataflow trace. Graph slicing allows the user to determine dependencies between a selected point of execution and previous or future instructions. This is used in crash analysis to slice from the corrupted value causing an exception back to the specific input bytes that caused the exception, greatly reducing the total number of instructions needed to be analyzed to determine root cause.

---

INSTALL

The preferred install is to use the pre-built docker image available at https://hub.docker.com/r/moflow/moflow-0.8/

docker pull moflow/moflow-0.8  

This image can also be recreated on a local system with the following commands:

git clone https://github.com/moflow/moflow.git  
cd moflow && docker build -t moflow-0.8 .  

This code can also be built from source by executing the following commands.
Note this will not copy built binaries or clean the bap source tree
Follow the instructions in the Dockerfile for a complete install

git clone https://github.com/moflow/moflow.git  
cd moflow  
(cd bap && sudo ./build_bap.sh)  
(cd slicer && make)  
(cd egas && make)  

USAGE

Individual tool usage is documented in the tool subdirectories.

Demos of the EGAS and SLICER tools have been included:

Install:     
    docker pull moflow/moflow-0.8  
    docker run -ti moflow/moflow-0.8  

SLICER demo: 
    ( cd slicer && ./run_demo.sh )  
EGAS demo:   
    ( cd egas && ./run_demo.sh )