{"id":13840094,"url":"https://github.com/andreafioraldi/weizz-fuzzer","last_synced_at":"2025-04-13T22:31:56.626Z","repository":{"id":50572396,"uuid":"261465542","full_name":"andreafioraldi/weizz-fuzzer","owner":"andreafioraldi","description":null,"archived":false,"fork":false,"pushed_at":"2020-10-19T08:35:30.000Z","size":50741,"stargazers_count":99,"open_issues_count":3,"forks_count":11,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-03-27T12:52:34.554Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://andreafioraldi.github.io/assets/weizz-issta2020.pdf","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andreafioraldi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-05T12:43:56.000Z","updated_at":"2025-03-10T01:06:38.000Z","dependencies_parsed_at":"2022-09-24T13:44:37.668Z","dependency_job_id":null,"html_url":"https://github.com/andreafioraldi/weizz-fuzzer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2Fweizz-fuzzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2Fweizz-fuzzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2Fweizz-fuzzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreafioraldi%2Fweizz-fuzzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andreafioraldi","download_url":"https://codeload.github.com/andreafioraldi/weizz-fuzzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248790649,"owners_count":21162068,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:00:41.887Z","updated_at":"2025-04-13T22:31:51.600Z","avatar_url":"https://github.com/andreafioraldi.png","language":"C","funding_links":[],"categories":["C (286)","Uncategorized","C"],"sub_categories":["Uncategorized"],"readme":"```\n  _      __    _          ____                   \n | | /| / /__ (_)_____   / __/_ ________ ___ ____\n | |/ |/ / -_) /_ /_ /  / _// // /_ /_ // -_) __/\n |__/|__/\\__/_//__/__/ /_/  \\_,_//__/__/\\__/_/   \n                                               v1.0\n\n  Written and maintained by Andrea Fioraldi \u003candreafioraldi@gmail.com\u003e\n  Based on American Fuzzy Lop by Michal Zalewski\n\n```\n\n## What\n\n*Weizz* is a fuzzer implementing a technique to automatically apply structural mutations without an input format model. It targets unknown chunk-based binary formats, so it is not a general purpose fuzzer.\n\nThe main idea is that as comparison instructions can be used to bypass fuzzing roadblocks (e.g. [Redqueen](https://github.com/RUB-SysSec/redqueen)), maybe we can use them too to collect insights about the parsed input format.\n\nSo the Weizz technique reason about comparisons for both roadblocks bypassing and structural mutations. Comparisons are used to guess input fields and other metadata collected during the tracing, like the timestamp of a comparison, are used to guess an approximate structure of the chunks on-the-fly while mutating.\n\nThe structural mutations are inspired by [AFLSmart](https://github.com/aflsmart/aflsmart).\n\n## Prepare and Build\n\nDownload Weizz with:\n\n```\n$ git clone https://github.com/andreafioraldi/weizz-fuzzer\n```\n\nBuild the fuzzer, the QEMU and the LLVM tracers with:\n\n```\n$ make\n```\n\n## Usage\n\nThe command line usage of Weizz is similar to AFL.\n\n```\n$ ./prepare_sys.sh # needed only one time each boot\n$ ./weizz -i seeds_dir -o findings_dir [ options ] -- ./program [ args... ]\n```\n\nUse `weizz --help` to show the all commands.\n\nNote that the llvm-tracer is experimental and lacks of the checksums pacthing\nand context-sensitive coverage.\n\n## Example\n\nDownload the lastest snapshot of the FFmpeg source.\n\n```\n$ wget https://ffmpeg.org/releases/ffmpeg-snapshot.tar.bz2\n$ tar xvf ffmpeg-snapshot.tar.bz2\n```\n\nBuild it without instrumentation:\n\n```\n$ cd ffmpeg\n$ ./configure\n$ make\n```\n\nFuzz FFmpeg with Weizz in QEMU mode enabling the structural mutations (-w -h)\nand a limit of 8k for each testcase to enter in getdeps:\n\n```\n$ mkdir INPUTS\n$ cp /path/to/weizz/testcases/5.7kb.avi INPUTS/\n$ WEIZZ_CTX_SENSITIVE=1 /path/to/weizz/weizz -i INPUTS -o OUTPUT \\\n  -d -w -h -Q -L 8k -- ./ffmpeg -y -i @@ -c:v mpeg4 -c:a out.mp4\n```\n\n![](assets/screenshot_ffmpeg.png)\n\n## Cite\n\nPreprint: https://andreafioraldi.github.io/assets/weizz-issta2020.pdf\n\nPresentation video: https://www.youtube.com/watch?v=67Bj1AaEECE\n\n```bibtex\n@inproceedings{weizz-ISSTA20,\n    author = {Fioraldi, Andrea and D'Elia, Daniele Cono and Coppa, Emilio },\n    title = {{WEIZZ}: Automatic Grey-box Fuzzing for Structured Binary Formats},\n    year = {2020},\n    isbn = {9781450380089},\n    publisher = {Association for Computing Machinery},\n    address = {New York, NY, USA},\n    url = {https://doi.org/10.1145/3395363.3397372},\n    doi = {10.1145/3395363.3397372},\n    booktitle = {Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis},\n    series = {ISSTA 2020}\n}\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreafioraldi%2Fweizz-fuzzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreafioraldi%2Fweizz-fuzzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreafioraldi%2Fweizz-fuzzer/lists"}