Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/angorafuzzer/angora
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
https://github.com/angorafuzzer/angora
afl data-flow-analysis fuzzer fuzzing security symbolic-execution taint-analysis
Last synced: 9 days ago
JSON representation
Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
- Host: GitHub
- URL: https://github.com/angorafuzzer/angora
- Owner: AngoraFuzzer
- License: apache-2.0
- Created: 2018-03-19T06:07:32.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2022-07-18T13:42:14.000Z (over 2 years ago)
- Last Synced: 2024-09-26T01:48:10.021Z (about 2 months ago)
- Topics: afl, data-flow-analysis, fuzzer, fuzzing, security, symbolic-execution, taint-analysis
- Language: C++
- Size: 13 MB
- Stars: 917
- Watchers: 41
- Forks: 168
- Open Issues: 41
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Angora
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Build Status](https://api.cirrus-ci.com/github/AngoraFuzzer/Angora.svg)](https://cirrus-ci.com/github/AngoraFuzzer/Angora)Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is
to increase branch coverage by solving path constraints without symbolic
execution.## Published Work
Arxiv: [Angora: Efficient Fuzzing by Principled Search](https://arxiv.org/abs/1803.01307), S&P 2018.
## Building Angora
### Build Requirements
- Linux-amd64 (Tested on Ubuntu 16.04/18.04 and Debian Buster)
- Rust stable (>= 1.31), can be obtained using [rustup](https://rustup.rs)
- [LLVM 4.0.0 - 12.0.1](http://llvm.org/docs/index.html) : run `PREFIX=/path-to-install ./build/install_llvm.sh`.### Environment Variables
Append the following entries in the shell configuration file (`~/.bashrc`, `~/.zshrc`).
```
export PATH=/path-to-clang/bin:$PATH
export LD_LIBRARY_PATH=/path-to-clang/lib:$LD_LIBRARY_PATH
```### Fuzzer Compilation
The build script will resolve most dependencies and setup the
runtime environment.```shell
./build/build.sh
```### System Configuration
As with AFL, system core dumps must be disabled.
```shell
echo core | sudo tee /proc/sys/kernel/core_pattern
```## Test
Test if Angora is builded successfully.
```
cd /path-to-angora/tests
./test.sh mini
```## Running Angora
### Build Target Program
Angora compiles the program into two separate binaries, each with their respective
instrumentation. Using `autoconf` programs as an example, here are the steps required.```
# Use the instrumenting compilers
CC=/path/to/angora/bin/angora-clang \
CXX=/path/to/angora/bin/angora-clang++ \
LD=/path/to/angora/bin/angora-clang \
PREFIX=/path/to/target/directory \
./configure --disable-shared# Build with taint tracking support
USE_TRACK=1 make -j
make install# Save the compiled target binary into a new directory
# and rename it with .taint postfix, such as uniq.taint# Build with light instrumentation support
make clean
USE_FAST=1 make -j
make install# Save the compiled binary into the directory previously
# created and rename it with .fast postfix, such as uniq.fast```
If you fail to build by this approach, try `wllvm` and `gllvm` described in [Build a target program](./docs/build_target.md#wllvm-or-gllvm).
Also, we have implemented taint analysis with libdft64 instead of DFSan ([Use libdft64 for taint tracking](./docs/pin_mode.md)).
### Fuzzing
```
./angora_fuzzer -i input -o output -t path/to/taint/program -- path/to/fast/program [argv]
```-----------
For more information, please refer to the documentation under the
`docs/` directory.- [Angora Overview](./docs/overview.md)
- [Build a target program](./docs/build_target.md)
- [Running Angora](./docs/running.md)
- [Use libdft64 for taint tracking](./docs/pin_mode.md)
- [Example - Fuzz program file by Angora](./docs/example.md)
- [Run Angora on LAVA](./docs/lava.md)
- [Exploit attack points](./docs/exploitation.md)
- [Usage](./docs/usage.md)
- [Configuration Files](./docs/configuration.md)
- [Environment variables](./docs/environment_variables.md)
- [UI Terminology](./docs/ui.md)
- [Troubleshoot](./docs/troubleshoot.md)
- [Related works](./docs/related_works.md)