-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blog about GramTest, afl, and other fuzzifiers #46
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Running fuzzers to find bugsNOTE: The comparison does not focus so much on how fuzzers work, which one is best than the other, etc. It looks only into its advertised features, whether it is maintained by a group or individual (bus factor is always important), and the license. Fuzzifying is a technique used in automated tests to find bugs in programs with unexpected data. fuzzer is the name given to the program used for running these tests. Some fuzzers also generate random data used for the tests. This technique is useful as programmers do not always write the code worrying about what if a user inputs binary data into a field that is expecting the name of a user? Crashes in programs due to unexpected data are used in security attacks. Even though the technique is not so new, due to security issues found with these tools it has gained more popularity in the past few years. Google offers OSS-Fuzz, a project that offers infrastructure for any Open Source project that is considered important to be tested. This project is extremely useful, as running fuzzers is something that normally takes days or weeks. So you would need either a server or leave your computer running for a long time. And if you use SSD disks, it may reduce the life span of your disk. NOTE: In this Wikipedia page you can read more about fuzzers, and the types of fuzzers. Or this other article from Johan Engelen which has a great introduction, and also talks about LLVM libFuzzer project, not mentioned in this post. Comparing a few fuzzersThe most well-known fuzzer is probably But there are fuzzers with integration with build tools, other fuzzers that use neural networks, some are created specifically to be run against a certain tool or programming language. Most of these fuzzers listed here appeared in issues in projects that I monitor, such as projects from Jenkins, Apache Software Foundation, Mozilla, and others. I use aflhttp://lcamtuf.coredump.cx/afl/
Probably the most famous. Used to find issues in programming languages, browsers, and many famous projects. Written in C++, and applies genetic algorithms for the data generation. Licensed under the Apache License, maintained by one person. Code shared as a GramTesthttps://github.com/codelion/gramtest
Learned about GramTest in an Apache Commons Validator issue. It is interesting that you can define how your program expects the inputs to be via a BNF grammar.
The grammar is then used to generate the random data fed into the program under test. The project has two contributors in GitHub, 60 stars, and is licensed under the Apache License. RamFuzzhttps://github.com/dekimir/RamFuzz#ramfuzz-combining-unit-tests-fuzzing-and-ai
Learned about this one after a post on Hacker News. It appears to be limited to C++, as it parses the source code to create random objects and data (i.e. it reads the class, structs, variables, etc). Has one contributor, 267 stars, and is licensed under the Apache License. Javan Warty Pighttps://github.com/cretz/javan-warty-pig
Java only. You write a test in Java, importing the classes from One maintainer, 31 stars, licensed under the MIT License. Kelincihttps://github.com/isstac/kelinci
Learned about this one from an Apache Commons Imaging issue. You must install Two contributors, 92 stars, licensed under the Apache License. sandsifterhttps://github.com/Battelle/sandsifter
Useful for searching bugs in the processor, not so much for common libraries and applications I reckon. One contributor, 201 stars, licensed under the BSD-3 license. jFuzzhttps://ntrs.nasa.gov/search.jsp?R=20100024457
I could not easily find the code. It looks like I would have to search by the code of PathFinder. And I could not find any of these in NASA's GitHub. But appears to have good features, and to be built for Java. Would be nice to see some of its features compared (and maybe contributed) to other tools. KiFhttps://dl.acm.org/citation.cfm?id=1326313
Could not find the source code (common for some papers unfortunately). It seems to have a grammar too, like GramTest. zzufhttps://github.com/samhocevar/zzuf
Has an extensive list of bugs found in many applications, like Eight contributors, 261 stars, licensed under the Do What The F*ck You Want To Public License. ConclusionThere are several different fuzzers, many more than the ones listed here. I will keep using Other links |
The text was updated successfully, but these errors were encountered: