Kleefl Save
Seeding fuzzers with symbolic execution
Project README
KleeFL - Seeding Fuzzers With Symbolic Execution
HowTo ...
Prepare dependencies or simply grab the provisioned vagrant box
http://bit.ly/download_kleefl_box
Vagrant box
- Download the package.box file.
- Install vagrant (if not already installed)
sudo apt-get install vagrant - Add the package.box file to vagrant
vagrant box add kleefl package.box - Initialize the vagrant box (kleefl)
vagrant init kleefl - Bring the box up
vagrant up - SSH to the box
vagrant ssh
Setup a project structure like this:
mkdir project_xyz
cd project_xyz
python /vagrant/tools/kleefl_init -- sets up two directories called 'klee' and 'fuzz' in your root project directory
Select your source code, e.g.:
cp -r /vagrant/example source
Build source using wllvm & afl-clang
cd source
/vagrant/tools/kleefl_build_make make
Choose & set up a target binary for evaluation
./kleefl_pick target_binary_name
Generate the test cases for AFL (KLEE symbolic execution)
The previous script will add a file called app.bc within the klee directory.
Change into the klee folder and run:
./run_klee.sh
Prepare klee's findings for afl-fuzz
python /vagrant/tools/kleefl_prepare_afl
Finally: Fuzz, fuzz, fuzz!
../fuzz/run_afl.sh
Analyze findings
./kleefl_crash_inspector fuzz/out
(fuzz/out is the afl sync dir, report saved by default in vagrant shared dir /vagrant/crash_report/)
Analyze coverage & generate report
python kleefl_cov_inspector {make, binary fuzz/sync_dir}
zcov genhtml coverage.zcov cov_report
Further details can found in the project report or check out our beautiful USENIX poster
Open Source Agenda is not affiliated with "Kleefl" Project. README Source: julieeen/kleefl
Stars
197
Open Issues
0
Last Commit
6 years ago
Repository
License
Open Source Agenda Badge
