{"id":13538939,"url":"https://github.com/mykter/afl-training","last_synced_at":"2025-05-16T11:04:18.587Z","repository":{"id":40444295,"uuid":"95681864","full_name":"mykter/afl-training","owner":"mykter","description":"Exercises to learn how to fuzz with American Fuzzy Lop","archived":false,"fork":false,"pushed_at":"2022-10-12T11:23:26.000Z","size":541,"stargazers_count":1228,"open_issues_count":6,"forks_count":195,"subscribers_count":31,"default_branch":"main","last_synced_at":"2024-10-29T22:32:48.001Z","etag":null,"topics":["afl","fuzzing","training","workshop"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mykter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-06-28T15:03:43.000Z","updated_at":"2024-10-29T16:15:42.000Z","dependencies_parsed_at":"2023-01-19T19:43:24.549Z","dependency_job_id":null,"html_url":"https://github.com/mykter/afl-training","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mykter%2Fafl-training","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mykter%2Fafl-training/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mykter%2Fafl-training/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mykter%2Fafl-training/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mykter","download_url":"https://codeload.github.com/mykter/afl-training/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254518384,"owners_count":22084374,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["afl","fuzzing","training","workshop"],"created_at":"2024-08-01T09:01:17.960Z","updated_at":"2025-05-16T11:04:18.565Z","avatar_url":"https://github.com/mykter.png","language":"C","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Resources","Uncategorized","Tools"],"sub_categories":["功能","By Purpose","Uncategorized","Fuzzing Tools"],"readme":"# Fuzzing with AFL workshop\n\nMaterials of the \"Fuzzing with AFL\" workshop by Michael Macnair (@michael_macnair).\n\nThis workshop introduces fuzzing and how to make the most of using American Fuzzy Lop, a popular and powerful fuzzer,\nthrough a series of challenges where you rediscover real vulnerabilities in popular open source projects.\n\nThe first public version of this workshop was presented at SteelCon 2017 and it was revised for each of BSides London\n2019, BSides Bristol 2019, and GrayHat 2020 (most notable change in this revision was a switch to\n[afl++](https://github.com/AFLplusplus/AFLplusplus)).\n\n# Presentation\n\nVia\n[Google slides](https://docs.google.com/presentation/d/1Ap3eUIo4RrI_9GAGfn2Q0RKtBPNmGhI1DZlivdcFKPo)\nand [as a PDF](https://github.com/mykter/afl-training/files/5454345/Fuzzing.with.AFL.-.GrayHat.2020.pdf). There is extra\ninformation in the speaker notes.\n\nGrayHat published [a recording of a remote version of the workshop](https://www.youtube.com/watch?v=6YLz9IGAGLw) on\nYouTube - this was created for a real-time workshop audience, but you can follow along at your own pace as long as you\ndon't mind skipping a few pauses and ignoring references to Discord.\n\nThe presentation suggests when to attempt the different challenges in this repository, and the video provides a\nwalk-through of `quickstart` and `harness`.\n\n# Pre-requisites\n\n- 3-4 hours (more to complete all the challenges)\n- Linux machine\n- Basic C and command line experience - ability to modify and compile C programs.\n- Docker, or the dependencies described in `quickstart`.\n\n# Contents\n\n- quickstart - Do this first! A tiny sample program to get started with fuzzing, including instructions on how to setup\n  your machine.\n- harness - the basics of creating a test harness. Do this if you have any doubts about the \"plumbing\" between afl-fuzz\n  and the target code.\n- challenges - a set of known-vulnerable programs with fuzzing hints\n- docker - Instructions and Dockerfile for preparing a suitable environment, and hosting it on GCP if you wish. A\n  prebuilt image can be pulled from [ghcr.io/mykter/fuzz-training](https://ghcr.io/mykter/fuzz-training).\n\nSee the other READMEs for more information.\n\n# Challenges\n\nChallenges, roughly in recommended order, with any specific aspects they cover:\n\n- libxml2 - an ideal target, using ASAN and persistent mode.\n- heartbleed - infamous bug, using ASAN.\n- sendmail/1301 - parallel fuzzing\n- ntpq - fuzzing a network client; coverage analysis and increasing coverage\n- date - fuzzing environment variable input\n- cyber-grand-challenge - an easy vuln and an example of a hard to find vuln using afl\n- sendmail/1305 - persistent mode difficulties\n\nThe challenges have HINTS.md and ANSWERS.md files - these contain useful information about fuzzing different targets\neven if you're not going to attempt the challenge.\n\nMost of the challenges also have an ANSWERS-libFuzzer.md file, for if you want to try out using LLVM's libFuzzer. These\nare brief descriptions of the differences for libFuzzer, and should be read alongside the afl docs (.md files).\n\nAll of the challenges use real vulnerabilities from open source projects (the CVEs are identified in the descriptions),\nwith the exception of the Cyber Grand Challenge extract, which is a synthetic vulnerability.\n\nThe chosen bugs are all fairly well isolated, and (except where noted) are very amenable to fuzzing. This means that you\nshould be able to discover the bugs with a relatively small amount of compute time - these won't take core-days, most of\nthem will take core-minutes. That said, fuzz testing is by definition a random process, so there's no guarantee how long\nit will take to find a particular bug, just a probability distribution.\n\n# Links\n\n- The afl [docs/](https://github.com/AFLplusplus/AFLplusplus/tree/stable/docs) directory\n- Ben Nagy’s “Finding Bugs in OS X using AFL” [video](https://vimeo.com/129701495)\n- The [afl-users mailing list](https://groups.google.com/forum/#!forum/afl-users)\n- The smart fuzzer revolution (talk on the future of fuzzing): [video](https://www.youtube.com/watch?v=g1E2Ce5cBhI) /\n  [slides](https://docs.google.com/presentation/d/1FgcMRv_pwgOh1yL5y4GFsl1ozFwd6PMNGlMi2ONkGec/edit#slide=id.g13a9c1bce4_6_0)\n- A [categorized collection of recent fuzzing papers](https://github.com/wcventure/FuzzingPaper) (there are a lot!)\n- [The Fuzzing Book](https://www.fuzzingbook.org/) - broad coverage of fuzzing\n- [libFuzzer](http://llvm.org/docs/LibFuzzer.html)\n  - [libFuzzer workshop](https://github.com/Dor1s/libfuzzer-workshop)\n  - [libFuzzer tutorial](https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md)\n- [More challenges](https://github.com/antonio-morales/EkoParty_Advanced_Fuzzing_Workshop) from an EkoParty workshop\n- Introduction to [triaging crashes](https://trustfoundry.net/introduction-to-triaging-fuzzer-generated-crashes/)\n- Google's [ClusterFuzz](https://github.com/google/clusterfuzz) and Microsoft's\n  [OneFuzz](https://github.com/microsoft/onefuzz)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmykter%2Fafl-training","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmykter%2Fafl-training","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmykter%2Fafl-training/lists"}