/Angora

Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
fuzzing security fuzzer afl symbolic-execution
  1. C++ 78.9%
  2. Rust 12.6%
  3. C 4.5%
  4. Python 1.4%
  5. Shell 1.1%
  6. CMake 1.1%
  7. Other 0.4%
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

@spinpx
spinpx fix bad case for cmpfn
Latest commit d8ecf6e Jan 29, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
build Revert build script Jan 20, 2019
common support asan Jan 24, 2019
docs Updated docs on LAVA-M who performance Jan 24, 2019
fuzzer fix bad case for cmpfn Jan 30, 2019
llvm_mode update doc Jan 30, 2019
runtime improve cmpfn Jan 29, 2019
runtime_fast Merge branch 'master' of github.com:AngoraFuzzer/Angora into rust-stable Jan 6, 2019
tests update cmpfn Jan 29, 2019
tools update docs Dec 28, 2018
.cirrus.yml "nigtly" -> "stable" Jan 2, 2019
.gitignore update docs Dec 28, 2018
Cargo.toml release Dec 28, 2018
Dockerfile update dockerfile. Dec 29, 2018
LICENSE release Dec 28, 2018
README.md update doc Jan 30, 2019
angora_fuzzer release Dec 28, 2018
rust-toolchain support rust stable: move thread local out of rust. Jan 2, 2019
rustfmt.toml release Dec 28, 2018

README.md

Angora

License Build Status

Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

Published Work

Arxiv: Angora: Efficient Fuzzing by Principled Search, S&P '2018.

Building Angora

Build Requirements

  • Linux-amd64 (Tested on Ubuntu 16.04/18.04 and Debian Buster)
  • Rust stable, can be obtained using rustup
  • LLVM 4.0.0 : run PREFIX=/path-to-install ./build/llvm.sh.

Environment Variables

Append the following entries in the shell configuration file (~/.bashrc, ~/.zshrc).

export PATH=/path-to-clang/bin:$PATH
export LD_LIBRARY_PATH=/path-to-clang/lib:$LD_LIBRARY_PATH

Fuzzer Compilation

The build script will resolve most dependencies and setup the runtime environment.

./build/build.sh

System Configuration

As with AFL, system core dumps must be disabled.

echo core | sudo tee /proc/sys/kernel/core_pattern

Running Angora

Build Target Program

Angora compiles the program into two separate binaries, each with their respective instrumentation. Using autoconf programs as an example, here are the steps required.

# Use the instrumenting compilers
CC=/path/to/angora/bin/angora-clang \
CXX=/path/to/angora/bin/angora-clang++ \
LD=/path/to/angora/bin/angora-clang \
PREFIX=/path/to/target/directory \
./configure --disable-shared

# Build with taint tracking support 
USE_TRACK=1 make -j
make install

# Save the compiled target binary into a new directory
# and rename it with .taint postfix, such as uniq.taint

# Build with light instrumentation support
make clean
USE_FAST=1 make -j
make install

# Save the compiled binary into the directory previously
# created and rename it with .fast postfix, such as uniq.fast

If you fail to build by this approach, try wllvm and gllvm described in Build a target program.

Fuzzing

./angora_fuzzer -i input -o output -t path/to/taint/program -- path/to/fast/program [argv]

For more information, please refer to the documentation under the docs/ directory.

Angora is maintained by ByteDance AI Lab now.