A dumb afl-fuzz triage tool.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
atriage
tests
.gitignore
LICENSE.txt
Pipfile
Pipfile.lock
README.md
setup.py
tox.ini

README.md

atriage

atriage is an extensible triage tool written in Python 3. It currently supports afl-fuzz.

Usage: atriage [OPTIONS] COMMAND [ARGS]...

  A dumb afl-fuzz triage tool.

Options:
  --help  Show this message and exit.

Commands:
  asan            Capture ASAN exploitable output of latest...
  exploitable     Capture GDB exploitable output of latest...
  gather          Gather latest triaged crash files.
  gather_samples  Gather all generated samples.
  info            Print information about the provided database...
  list            List latest triaged crash files.
  triage          Triage crash files from afl output directory.

How To Use

We first need to triage the crashes generated by the fuzzer.

Assuming that the fuzzer generates output in findings, we can run atriage triage to gather the crashes:

$ atriage triage findings/
Reading findings_dir...
afl-fuzz command: ./harness @@
Parsing fuzzer pkkez-M0...
Adding 20 crashes.

We can query this data with atriage info. Each index represents the crashes collected each time atriage triage is ran. Only the new crash cases generated since the last invocation of atriage triage is collected.

$ atriage info atriage.db
Command: ./harness @@

  index    crashes
-------  ---------
      0         20

Total crashes: 20

Once the crashes have been triaged. You can use the various commands like asan and exploitable to gather the ASAN and GDB exploitable outputs respectively.

Check --help for each command individually to find out the various options.