Skip to content
Fuzz testing framework for security research
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
alf
doc
lib
projects
LICENSE
README.md
requirements.txt

README.md

ALF

ALF is a framework created for software developers, testers and security researchers for testing their software through fuzzing. This release includes the API for creating a fuzzer and running it locally. Other components include a client/server distribution system for maintaining a fuzzing cloud, and a web-based triage workflow for logging results in external bug trackers.

The API includes functions for mutation and generation of testcases, and debugging using WinDBG or GDB.

Concepts

ALF uses the concept of a fuzzing iteration as the central unit of work. A fuzzer usually has a setup operation, many fuzzing iterations, and a final cleanup operation. Each stage consists of the following steps (some may not apply in all situations):

Setup

  • Read in a template testcase (for mutation)
  • Initialize the target

Iteration

  • Return the target to a known state
  • Create a fuzzed testcase using either mutation or generation
  • Run the target against the testcase
  • Monitor for crash (and record)

Cleanup

  • Close the target
  • Delete any temporary files

This structure has an emphasis on simplicity (for maintenance) and self-containment (for running in a cloud).

Installation

pip install -r requirements.txt
git clone https://github.com/jfoote/exploitable.git
cd exploitable
sudo gdb -batch -ex 'py sys.argv=["","install"]' -ex 'py execfile("setup.py")'

We do the exploitable install this way to install the plugin in GDB's data directory using the python interpreter GDB is linked against.

License

This software is available under the Apache 2.0 License

Disclaimer

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.