{"id":13539015,"url":"https://github.com/lifting-bits/grr","last_synced_at":"2025-04-02T05:33:12.699Z","repository":{"id":83212612,"uuid":"69909305","full_name":"lifting-bits/grr","owner":"lifting-bits","description":"High-throughput fuzzer and emulator of DECREE binaries","archived":true,"fork":false,"pushed_at":"2019-09-04T16:41:15.000Z","size":1900,"stargazers_count":241,"open_issues_count":4,"forks_count":32,"subscribers_count":42,"default_branch":"master","last_synced_at":"2024-11-03T04:32:14.626Z","etag":null,"topics":["decree","emulator","fuzzer"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lifting-bits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-10-03T20:42:29.000Z","updated_at":"2024-10-26T01:10:49.000Z","dependencies_parsed_at":"2023-03-01T20:31:14.279Z","dependency_job_id":null,"html_url":"https://github.com/lifting-bits/grr","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lifting-bits%2Fgrr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lifting-bits%2Fgrr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lifting-bits%2Fgrr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lifting-bits%2Fgrr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lifting-bits","download_url":"https://codeload.github.com/lifting-bits/grr/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246763814,"owners_count":20829797,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decree","emulator","fuzzer"],"created_at":"2024-08-01T09:01:19.091Z","updated_at":"2025-04-02T05:33:12.284Z","avatar_url":"https://github.com/lifting-bits.png","language":"C++","funding_links":[],"categories":["C++","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["功能"],"readme":"GRR\n===\n\n[![Build Status](https://travis-ci.org/trailofbits/grr.svg?branch=master)](https://travis-ci.org/trailofbits/grr)\n[![Slack Chat](http://empireslacking.herokuapp.com/badge.svg)](https://empireslacking.herokuapp.com/)\n\n![GRR is pronounced with two fists in the air](grr-logo2.png)\n\nGRR is an x86 to amd64 binary translator. GRR was created to emulate and fuzz DECREE challenge binaries.\n\n#### Features\n\n  * Code cache persistence (avoids translation overheads across separate runs).\n  * Optimization of the code cache, including the persisted cache.\n  * Multi-processing support (allows multiple communicating, 32-bit processes to be emulated within a single 64-bit address space).\n  * Built-in fuzzing engine, which includes Radamsa.\n  * Support for self-modifying code (e.g. JIT compilers). Self-modified code can also be persisted.\n\n#### Anti-features\n\n  * Orchestration. GRR does not manage a fuzzing campaign. An external orchestration system can direct GRR to fuzz a program, and identify a minimal set of maximal coverage-producing inputs.\n\n### Compiling\n\n#### Install System dependcies\n```\nsudo apt-get install -y git build-essential\nsudo apt-get install -y clang llvm-dev libc++1 libc++-dev\n```\n\nThen we can build GRR. This script will create `grr-build` in the current\nworking directory, and download remaining dependencies.\n```\n./grr/scripts/build.sh\n```\n\n### Running\n\nThere are two steps to running GRR: snapshotting, and record/replaying. Snapshotting creates an initial image of the binary after `execve`. Record/replaying takes an input testcase and attempts to replay that testcase. The replay can be recorded or mutated as well.\n\n#### Snapshotting\n\nYou can run `grrshot` on a CGC challenge binary, or on a statically linked 32-bit ELF version of a CGC challenge binary.\n\n```sh\n./bin/debug_linux_user/grrshot --num_exe=1 --exe_dir=/path --exe_prefix=CADET_000 --snapshot_dir=/tmp/snapshot\n```\nThis will create a snapshot of `/path/CADET_00001` and store the snapshot into the `/tmp/snapshot` directory.\n\n#### Replaying\n```sh\n./bin/debug_linux_user/grrplay --num_exe=1 --snapshot_dir=/tmp/snapshot --persist_dir=/tmp/persist --input=/path/to/testcase \n```\n\n#### Replay + Recording\n```sh\n./bin/debug_linux_user/grrplay --num_exe=1 --snapshot_dir=/tmp/snapshot --persist_dir=/tmp/persist --input=/path/to/testcase --output_dir=/tmp/out \n```\n\n#### Replay + Recording + Mutating\n```sh\n./bin/debug_linux_user/grrplay --num_exe=1 --snapshot_dir=/tmp/snapshot --persist_dir=/tmp/persist --input=/path/to/testcase --output_dir=/tmp/out --input_mutator=inf_radamsa_spliced\n```\n\nThere are many mutators. Some of the mutators are deterministic, and therefore run for a period of time that is proportional to the number of `receive` system calls in the input testcase. Other mutators are non-deterministic and can run forever. These mutators are prefixed with `inf_`.\n\n\n### Dependencies\n\n#### Intel XED\n\nGRR depends on the [Intel XED](https://software.intel.com/en-us/articles/xed-x86-encoder-decoder-software-library) instruction encoder/decoder. XED is licensed under the [Apache License](https://github.com/intelxed/xed/blob/master/LICENSE).\n\n#### Radamsa\n\nGRR depends on [Radamsa](https://github.com/aoh/radamsa), a high-quality input mutation engine. GRR embeds a version of Radamsa that can be used as a kind of library. Radamsa is licensed under the [MIT license](third_party/radamsa/LICENSE).\n\n#### Other dependencies\n\nGRR depends on [gflags](https://github.com/gflags/gflags).\n\nGRR depends on Frank Thilo's C++ port of the the RSA Data Security, Inc. MD5 Message-Digest Algorithm.\n\nGRR uses Yann Collet's [xxHash](https://github.com/Cyan4973/xxHash) as part of its code cache index hash table.\n\n### History\n\nGRR, short for Granary Record/Replay, is the third iteration of the [Granary](https://github.com/Granary) series of dynamic binary translators. GRR is [pgoodman](https://github.com/pgoodman)'s third dynamic binary translator.\n\nGRR was created for the DARPA Cyber Grand Challenge. It was an essential component of Trail of Bit's CRS. The version of GRR in this repository differs from the CRS version in some important ways.\n\n![Don't tread on me!](grr-logo.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flifting-bits%2Fgrr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flifting-bits%2Fgrr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flifting-bits%2Fgrr/lists"}