atriage is an extensible triage tool written in Python 3. It currently supports afl-fuzz.
Usage: atriage [OPTIONS] COMMAND [ARGS]... A dumb afl-fuzz triage tool. Options: --help Show this message and exit. Commands: asan Capture ASAN exploitable output of latest... exploitable Capture GDB exploitable output of latest... gather Gather latest triaged crash files. gather-samples Gather all generated samples. info Print information about the provided database... list List latest triaged crash files. triage Triage crash files from afl output directory.
How To Use
We first need to triage the crashes generated by the fuzzer.
Assuming that the fuzzer generates output in
findings, we can run
atriage triage to gather the crashes.
By default, atriage uses the afl-collector to collect samples and would expect
findings to be an afl sync or instance dir. In this scenario, the command to
run will be picked up by atriage automatically from afl's
$ atriage triage findings/ Reading findings... afl-fuzz command: ./harness @@ Parsing fuzzer pkkez-M0... Adding 20 crashes.
Otherwise, an alternative collector needs to be specified. The list of
available collectors can be retrieved using the
$ atriage list-collectors afl-collector (default) flat-dir-collector
findings is simply an ordinary directory with sample files, one can use
flat-dir-collector. Now the command to run also needs to be specified:
$ atriage triage -c flat-dir-collector --command './harness @@' findings/ Reading findings... Adding 20 crashes.
If the command does not contain
@@, it is assumed to accept input through
We can query this data with
atriage info. Each index represents the crashes
collected each time
atriage triage is ran. Only the new crash cases generated
since the last invocation of
atriage triage is collected.
$ atriage info atriage.db Command: ./harness @@ index crashes ------- --------- 0 20 Total crashes: 20
Once the crashes have been triaged. You can use the various commands like
exploitable to gather the ASAN and GDB exploitable outputs
--help for each command individually to find out the various options.