Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update of README_ch.md #89

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

update of README_ch.md #89

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1a2a880
Update READ_ch.md
PolluxAvenger Jun 9, 2022
1e9999c
Merge remote-tracking branch 'upstream/master'
PolluxAvenger Apr 3, 2024
5201726
update of README_ch.md
PolluxAvenger Apr 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
85 changes: 67 additions & 18 deletions README_ch.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,15 +33,15 @@ Awesome Fuzzing Resources

*关于 fuzzing 的书籍*

+ [Fuzzing: Brute Force Vulnerability Discovery](https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119) 作者: Michael Sutton, Adam Greene, Pedram Amini
- [Fuzzing: Brute Force Vulnerability Discovery](https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119) 作者: Michael Sutton, Adam Greene, Pedram Amini

+ [Fuzzing for Software Security Testing and Quality Assurance ](https://www.amazon.com/Fuzzing-Software-Security-Assurance-Information/dp/1596932147) 作者: Ari Takanen, Charles Miller, Jared D Demott
- [Fuzzing for Software Security Testing and Quality Assurance ](https://www.amazon.com/Fuzzing-Software-Security-Testing-Assurance/dp/1608078507) 作者: Ari Takanen, Charles Miller, Jared D Demott

+ [Open Source Fuzzing Tools](https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950) 作者: Gadi Evron, Noam Rathaus
- [Open Source Fuzzing Tools](https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950) 作者: Gadi Evron, Noam Rathaus

+ [Gray Hat Python](https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921) 作者: Justin Seitz
- [Gray Hat Python](https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921) 作者: Justin Seitz

+ [The Fuzzing Book](https://www.fuzzingbook.org/) 作者: Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, Christian Holler.
- [The Fuzzing Book](https://www.fuzzingbook.org/) 作者: Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, Christian Holler.


> **Note:** 下列书籍中的部分章节也描述了 fuzzing
Expand All @@ -68,18 +68,24 @@ Awesome Fuzzing Resources

[Modern Binary Exploitation ( RPISEC ) - Chapter 15 ](https://github.com/RPISEC/MBE) - RPISEC 出品

[Offensive Computer Security - Week 6](http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) - W. Owen Redwood 和 Prof. Xiuwen Liu 出品
[Offensive Computer Security - Week 6](https://web.archive.org/web/20200414165953/https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) - W. Owen Redwood 和 Prof. Xiuwen Liu 出品

<a name="paid" />

### 付费

[Offensive Security, Cracking The Perimeter ( CTP ) and Advanced Windows Exploitation ( AWE )](https://www.offensive-security.com/information-security-training/)

[SANS 660/760 Advanced Exploit Development for Penetration Testers](https://www.sans.org/course/advanced-exploit-development-penetration-testers)
[SANS 660/760 渗透测试人员的高级漏洞利用开发课](https://www.sans.org/course/advanced-exploit-development-penetration-testers)

[Exodus Intelligence - 漏洞挖掘大师级课程](https://blog.exodusintel.com/2016/05/18/exodus-intelligence-2016-training-course/)

[Ada Logics - 应用源码 Fuzzing](https://adalogics.com/training-source-fuzz)

[FuzzingLabs 学院(C/C++、Rust、Go)](https://academy.fuzzinglabs.com/)

[Signal Labs - 漏洞研究与 Fuzzing](https://signal-labs.com/trainings/vulnerability-research-fuzzing/)

<a name="videos" />

## 视频
Expand Down Expand Up @@ -121,9 +127,21 @@ Awesome Fuzzing Resources

*解释 fuzzing 方法、技术与最佳实践的教程与博客*

[Fuzzing Closed Source PDF Viewers](https://www.gosecure.net/blog/2019/07/30/fuzzing-closed-source-pdf-viewers/)
[ARMored CoreSight: 面向纯二进制的高效 Fuzzing](https://ricercasecurity.blogspot.com/2021/11/armored-coresight-towards-efficient.html)

[使用 Virtual Channels 对微软 RDP 客户端进行模糊测试](https://thalium.github.io/blog/posts/fuzzing-microsoft-rdp-client-using-virtual-channels/)

[Fuzzing 闭源 PDF 阅读器](https://www.gosecure.net/blog/2019/07/30/fuzzing-closed-source-pdf-viewers/)

[Fuzzing Windows 图片解析一:颜色配置](https://www.mandiant.com/resources/fuzzing-image-parsing-in-windows-color-profiles)

[Fuzzing Windows 图片解析二:未初始化的内存](https://www.mandiant.com/resources/fuzzing-image-parsing-in-windows-uninitialized-memory)

[Effective File Format Fuzzing](https://j00ru.vexillium.org/slides/2016/blackhat.pdf) - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London
[Fuzzing Windows 图片解析三:RAW 与 HEIF](https://www.mandiant.com/resources/fuzzing-image-parsing-three)

[Fuzzing Office 生态](https://research.checkpoint.com/2021/fuzzing-the-office-ecosystem/)

[有效的文件 Fuzzing](https://j00ru.vexillium.org/slides/2016/blackhat.pdf) - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London

[A year of Windows kernel font fuzzing Part-1 the results](https://googleprojectzero.blogspot.com/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html) - Google Zero 项目的最佳论文,描述了如何进行 fuzzing 以及如何构建一个 fuzzer

Expand All @@ -138,11 +156,12 @@ Awesome Fuzzing Resources
[15 分钟介绍 fuzzing](https://www.mwrinfosecurity.com/our-thinking/15-minute-guide-to-fuzzing/) - MWR Security 出品

> **Note:** Folks at fuzzing.info 收集了很多非常有用的链接,我没有重复他们的工作,我只是整理了 2015 年到 2016 年间他们没有收录的文章
[Fuzzing Papers](https://fuzzing.info/papers/) - fuzzing.info 出品
[Fuzzing Papers](https://fuzzinginfo.wordpress.com/papers/) - fuzzing.info 出品

[Fuzzing 博客](https://fuzzing.info/resources/) - fuzzing.info 出品
[Fuzzing 博客](https://fuzzinginfo.wordpress.com/resources/) - fuzzing.info 出品

[Root Cause Analysis of the Crash during Fuzzing](https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/) - Corelan Team 出品

[Root cause analysis of integer flow](https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/) - Corelan Team 出品

[Creating custom peach fuzzer publishers](http://blog.opensecurityresearch.com/2014/01/creating-custom-peach-fuzzer-publishers.html) - Open Security Research 出品
Expand All @@ -158,8 +177,11 @@ Awesome Fuzzing Resources
##### Peach Fuzzer 相关教程

[Peach 上手指南](http://community.peachfuzzer.com/v2/PeachQuickstart.html)

[使用 Peach 进行 Fuzzing Part 1](http://www.flinkd.org/2011/07/fuzzing-with-peach-part-1/) - Jason Kratzer of corelan team 出品

[使用 Peach 进行 Fuzzing Part 2](http://www.flinkd.org/2011/11/fuzzing-with-peach-part-2-fixups-2/) - Jason Kratzer of corelan team 出品

[Peach pit 文件的自动生成](http://doc.netzob.org/en/latest/tutorials/peach.html) - Frédéric Guihéry, Georges Bossert 出品

##### AFL Fuzzer 相关教程
Expand Down Expand Up @@ -212,6 +234,8 @@ Awesome Fuzzing Resources

##### honggfuzz 相关教程

[Fuzzing ImageIO](https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html)

[如何使用 honggfuzz 发现 VLC 中的 Double-Free RCE 漏洞](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/)

##### Spike Fuzzer 相关教程
Expand All @@ -224,7 +248,6 @@ Awesome Fuzzing Resources

[Fuzzing with FOE](https://samsclass.info/127/proj/p16-fuzz.htm) - Samclass.info 出品


##### SMT/SAT 求解器教程

[Z3 - A guide](https://rise4fun.com/z3/tutorial/guide) - Z3 快速上手指南
Expand All @@ -246,25 +269,29 @@ Awesome Fuzzing Resources

[Cloudfuzzer](https://github.com/ouspg/cloudfuzzer) - 在云环境中自动、便易地进行云 Fuzzing 的框架

[ClusterFuzzer](https://google.github.io/clusterfuzz/) - ClusterFuzzer 可扩展的开源 Fuzzing 框架,Google 为 Chrome 浏览器开发

[Fuzzit](https://fuzzit.dev) - Fuzzit 是一个 Fuzzing 即服务的平台,被 systemd, radare2 等多个开源\闭源项目使用,想加入请联系 oss@fuzzit.dev

### 文件格式 Fuzzer

*那些帮助对像 pdf, mp3, swf 等文件格式进行 fuzzing 的 Fuzzers*

[Jackalope](https://github.com/googleprojectzero/Jackalope)

[Rehepapp](https://github.com/FoxHex0ne/Rehepapp)

[Newer version of Rehepapp](https://github.com/FoxHex0ne/Rehepapp)

[针对 PE 文件进行静态二进制插桩辅助、结合 WinAFL 的 Fuzzer](https://github.com/wmliang/pe-afl)

[MiniFuzz](https://www.microsoft.com/en-sg/download/details.aspx?id=21769) - Microsoft 出品的基础文件格式 fuzzing 工具
[MiniFuzz](https://web.archive.org/web/20140512203517/http://download.microsoft.com/download/D/6/E/D6EDC908-A1D7-4790-AB0B-66A8B35CD931/MiniFuzzSetup.msi) - Microsoft 出品的基础文件格式 fuzzing 工具

[BFF from CERT](https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=507974) - 基础文件格式 fuzzing 框架

[AFL Fuzzer (Linux only)]( http://lcamtuf.coredump.cx/afl/) - Michal Zalewski aka lcamtuf 开发的 Fuzzer

[Win AFL](https://github.com/ivanfratric/winafl) - Ivan Fratic 开发的针对 Windows 二进制程序 fuzzing 的 AFL 分支版本
[Win AFL](https://github.com/googleprojectzero/winafl) - 针对 Windows 二进制程序 fuzzing 的 AFL 分支版本

[Shellphish Fuzzer](https://github.com/shellphish/fuzzer) - 一个操纵 AFL 的 Python 接口,可以简单的写入测试用例与其他功能

Expand All @@ -274,7 +301,7 @@ Awesome Fuzzing Resources

[Peach Fuzzer](https://sourceforge.net/projects/peachfuzz/) - 帮助创建传统 dumb 以及小型 fuzzer 的框架

[MozPeach](https://github.com/MozillaSecurity/peac://github.com/MozillaSecurity/peach) - 由 Mozilla Security 开发基于 peach 2.7 版本的分支版本
[MozPeach](https://github.com/MozillaSecurity/peach) - 由 Mozilla Security 开发基于 peach 2.7 版本的分支版本

[Failure Observation Engine (FOE)](https://vuls.cert.org/confluence/display/tools/CERT+FOE+-+Failure+Observation+Engine) - 基于畸形文件的 Windows 程序 Fuzzing 工具

Expand All @@ -290,6 +317,10 @@ Awesome Fuzzing Resources

[grammarinator](https://github.com/renatahodovan/grammarinator) - 基于 ANTLR v4 语法的文件格式模糊测试工具(ANTLR 项目已有大量的语法)

[Sloth](https://github.com/ant4g0nist/sloth) - Sloth 是基于覆盖度的 Fuzzing 框架,使用 libFuzzer 和 QEMU 对安卓原生库进行 Fuzzing

[ManuFuzzer](https://github.com/ant4g0nist/ManuFuzzer) - 使用 libFuzzer 与 LLVM 开发、基于覆盖度的 macOS 二进制 fuzzer

<a name="network-protocol-fuzzers" />

### 网络协议 Fuzzer
Expand Down Expand Up @@ -320,9 +351,15 @@ Awesome Fuzzing Resources

[AFLNet](https://github.com/aflnet/aflnet) - 用于网络协议的灰盒 Fuzzer(AFL 的扩展)

[Pulsar](https://github.com/hgascon/pulsar) - 协议模拟、有状态 Fuzzer

### 浏览器Fuzzer

[BFuzz](https://github.com/RootUp/BFuzz) - An input based, browser fuzzing framework.
[BFuzz](https://github.com/RootUp/BFuzz) - 浏览器 Fuzzing 框架

[Fuzzinator](https://github.com/renatahodovan/fuzzinator) - Fuzzinator 是随机测试框架

[Grizzly](https://github.com/MozillaSecurity/grizzly) - 跨平台浏览器 Fuzzing 框架

<a name="Misc" />

Expand Down Expand Up @@ -350,6 +387,16 @@ Awesome Fuzzing Resources

[go-fuzz](https://github.com/dvyukov/go-fuzz) - 覆盖度指导的 go 包模糊测试

[FExM](https://github.com/fgsect/fexm) - 自动化大规模 Fuzzing 框架

[Jazzer](https://github.com/CodeIntelligenceTesting/jazzer) - 基于 libFuzzer、基于覆盖度的 JVM 模糊测试框架

[cifuzz](https://github.com/CodeIntelligenceTesting/cifuzz) - 支持多语言的、基于覆盖度的命令行 Fuzzing 工具

[WebGL Fuzzer](https://github.com/ant4g0nist/webgl-fuzzer) - 针对 WebGL 的 Fuzzer

[fast-check](https://fast-check.dev/) - TypeScript 开发的、针对非预期 JavaScript 代码的 fuzzer

<a name="taint-analysis" />

### 流分析(用户输入如何影响执行)
Expand All @@ -366,9 +413,11 @@ Awesome Fuzzing Resources

### 符号执行 + SAT/SMT 求解器

[Z3](https://github.com/Z3Prover/z3)
[Z3](https://github.com/Z3Prover/z3) - 微软研究的约束求解器

[SMT-LIB](http://smtlib.cs.uiowa.edu/) - 旨在促进 SMT 理论的研究

[SMT-LIB](http://smtlib.cs.uiowa.edu/)
[使用 KLEE 进行符号执行](https://adalogics.com/blog/symbolic-execution-with-klee) - 四个介绍 KLEE 的教学视频,介绍如何开始使用 KLEE 并在实际代码中发现内存损坏漏洞

### 参考

Expand Down