{"id":17219340,"url":"https://github.com/andreafioraldi/superion","last_synced_at":"2025-09-26T14:02:36.944Z","repository":{"id":86885270,"uuid":"232293810","full_name":"andreafioraldi/Superion","owner":"andreafioraldi","description":"A backup of the Superion fuzzer cause the original repo (https://github.com/zhunki/Superion) was deleted","archived":false,"fork":false,"pushed_at":"2020-01-07T09:51:31.000Z","size":9981,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-26T14:02:10.877Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andreafioraldi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-01-07T09:49:52.000Z","updated_at":"2023-10-12T09:40:33.000Z","dependencies_parsed_at":"2023-05-29T17:15:11.424Z","dependency_job_id":null,"html_url":"https://github.com/andreafioraldi/Superion","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/andreafioraldi/Superion","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2FSuperion","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2FSuperion/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2FSuperion/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2FSuperion/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andreafioraldi","download_url":"https://codeload.github.com/andreafioraldi/Superion/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2FSuperion/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277088744,"owners_count":25758766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-26T02:00:09.010Z","response_time":78,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T03:49:40.160Z","updated_at":"2025-09-26T14:02:36.939Z","avatar_url":"https://github.com/andreafioraldi.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Superion\n\nSuperion is a fuzzer which extends the famous AFL (http://lcamtuf.coredump.cx/afl/) to support structured inputs such as JavaScript and XML. The paper \"Superion: Grammar-Aware Greybox Fuzzing\" is accepted by ICSE 2019 (https://2019.icse-conferences.org/track/icse-2019-Technical-Papers#event-overview). \n\nSuperion mainly adds a mutation strategy to AFL. The mutation strategy first parses an input into Abstract Syntax Tree(AST)  and then randomly choose another input from AFL’s queue and also parse it into AST. A sub tree of the target input can be replaced by another sub tree either from target input itself or randomly chosen supplementary sample. Therefore, hundreds of new samples are generated and executed to find a new path in tested programs.\n\nThe parsing ability of Superion is provided by ANTLR (https://www.antlr.org/), which can automatically generate a parser given the grammar file. \n\n\n## Building Superion\n\nThe following build instructions are tested on Ubuntu 16.04 with gcc-5.4.0 and clang-3.8.\n\n### Build ANTLR runtime\n\nTo build Superion, we first need to build the ANTLR runtime. The ANTLR runtime is located in tree_mutation folder.\n\n```\ncd /path_to_Superion/tree_mutation/\ncmake ./\nmake\n```\n\nIf a missing uuid error is raised, you need to install uuid first.\n\n```\nsudo apt-get install uuid-dev\n```\n\n### Generate Lexer, Parser, Visitor automatically (Optional)\n\nThe project already included xml and javascript parsers generated as follows. If you need to support other input grammar, you caan refer to the following instructions.\n\nadd antlr-4.7-complete.jar to classpath\n\nxml:\n```\njava -jar antlr-4.7-complete.jar -o path -visitor -no-listener -Dlanguage=Cpp XMLLexer.g4 \njava -jar antlr-4.7-complete.jar -o path -visitor -no-listener -Dlanguage=Cpp XMLParser.g4\n```\n\njavascript:\n```\njava -jar antlr-4.7-complete.jar -o path -visitor -no-listener -Dlanguage=Cpp ECMAScript.g4 \n```\n\n\n### Build tree mutator\n\nThe JS parser is located in tree_mutation/js_parser folder. Besides, we also have an xml_parser, vbs_parser there.\n\n```\ncd /path_to_Superion/tree_mutation/js_parser\n\nfor f in *.cpp; do g++ -I ../runtime/src/ -c $f -fPIC -std=c++11; done\n\ng++ -shared -std=c++11 *.o ../dist/libantlr4-runtime.a  -o libTreeMutation.so\n```\n\n### Build AFL\n\nTo compile afl-clang-fast and afl-clang-fast++, which are used to instrument fuzzing targets.\n```\ncd /path_to_Superion/llvm_mode/\nLLVM_CONFIG=llvm-config-3.8 CXXFLAGS=\"-DLLVM38\" make\n\ncd /path_to_Superion/\nmake\n```\n\n## Fuzzing WebKit\n\nWebkit is one of our fuzzing targets. Its source code can be found in https://github.com/WebKit/webkit. The initial seeds we used is obtained from https://github.com/WebKit/webkit/tree/master/JSTests/stress.\n\nTo download WebKit source code:\n\n```\nsvn checkout https://svn.webkit.org/repository/webkit/trunk WebKit\n```\n\nTo fuzz it using AFL or Superion, we first need to instrument the executable. \n\n```\nexport CC=~/path_to_Superion/afl-clang-fast\nexport CXX=~/path_to_Superion/afl-clang-fast++\nexport AFL_HARDEN=1\n./Tools/Scripts/build-jsc --jsc-only --j14\n```\n\nIn the experiments, we fuzzed it using four processes.\n\n```\n./afl-fuzz -M f1 -m 1G -t 100+ -i ~/stress/ -o ~/jscout/ ~/webkit/WebKitBuild/Release/bin/jsc @@\n./afl-fuzz -S f2 -m 1G -t 100+ -i ~/stress/ -o ~/jscout/ ~/webkit/WebKitBuild/Release/bin/jsc @@\n./afl-fuzz -S f3 -m 1G -t 100+ -i ~/stress/ -o ~/jscout/ ~/webkit/WebKitBuild/Release/bin/jsc @@\n./afl-fuzz -S f4 -m 1G -t 100+ -i ~/stress/ -o ~/jscout/ ~/webkit/WebKitBuild/Release/bin/jsc @@\n```\n\n## Fuzzing JerryScript:\n\n```\nexport CC=~/path_to_Superion/afl-gcc\nexport CXX=~/path_to_Superion/afl-g++\n\npython ./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer --compile-flag=-fno-common --jerry-libc=off --static-link=off --lto=off --error-message=on --system-allocator=on\n\n./afl-fuzz -M f1 -x ~/path_to_Superion/dictionaries/js.dict -t 40+ -m 2000 -i ~/jerry_seeds/ -o ~/jerry_out/ ~/jerryscript/build/bin/jerry @@\n./afl-fuzz -S f2 -t 40+ -m 2000 -i ~/jerry_seeds/ -o ~/jerry_out/ ~/jerryscript/build/bin/jerry @@\n./afl-fuzz -S f3 -t 40+ -m 2000 -i ~/jerry_seeds/ -o ~/jerry_out/ ~/jerryscript/build/bin/jerry @@\n```\n\n## Fuzzing PhP:\n```\nwget https://github.com/php/php-src/archive/master.zip\nexport CC=~/path_to_Superion/afl-gcc\nexport CXX=~/path_to_Superion/afl-g++\nexport AFL_HARDEN=1\n./buildconf\n./configure\nmake\n\nconfigure: error: You will need re2c 0.13.4 or later to generate PHP lexers.\ndownload re2c-1.0.1.tar.gz\ncd re2c-1.0.1\n./configure\nmake install\n\nconfigure: error: bison is required to build PHP/Zend when building a GIT checkout!\ndownload bison-3.2.tar.gz\ncd bison-3.2\n./configure\nmake install\n\nconfigure: error: libxml2 not found. Please check your libxml2 installation.\nsudo apt-get install libxml2-dev\n\nconfigure: error: Please reinstall the sqlite distribution from http://www.sqlite.org\nsudo apt-get install sqlite\nsudo apt-get install libsqlite3-dev\n\n./afl-fuzz -M f1 -m 1G -t 100+ -i ~/phpseeds/ -o ~/phpout/ ~/php-src-master/sapi/cli/php @@\n./afl-fuzz -S f2 -m 1G -t 100+ -i ~/phpseeds/ -o ~/phpout/ ~/php-src-master/sapi/cli/php @@\n./afl-fuzz -S f3 -m 1G -t 100+ -i ~/phpseeds/ -o ~/phpout/ ~/php-src-master/sapi/cli/php @@\n./afl-fuzz -S f4 -m 1G -t 100+ -i ~/phpseeds/ -o ~/phpout/ ~/php-src-master/sapi/cli/php @@\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreafioraldi%2Fsuperion","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreafioraldi%2Fsuperion","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreafioraldi%2Fsuperion/lists"}