https://github.com/tsundokul/pyradamsa

Python bindings for calling radamsa mutators
https://github.com/tsundokul/pyradamsa

fuzzing security

Last synced: 5 months ago
JSON representation

Python bindings for calling radamsa mutators

• Host: GitHub
• URL: https://github.com/tsundokul/pyradamsa
• Owner: tsundokul
• License: mit
• Created: 2020-07-06T06:30:10.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2021-10-07T18:57:56.000Z (over 4 years ago)
• Last Synced: 2025-09-03T13:25:11.161Z (10 months ago)
• Topics: fuzzing, security
• Language: Python
• Homepage:
• Size: 9.77 KB
• Stars: 26
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
pyradamsa

==========================

`pyradamsa` provides an interface for calling libradamsa methods from within Python, allowing one to perform mutations on byte blocks (aka fuzzing). For more details see [radamsa](https://gitlab.com/akihe/radamsa) (a general-purpose fuzzer) and [libradamsa](https://github.com/andreafioraldi/libradamsa) (precompiled radamsa library).

### NOTE

The master branch uses AFL++'s libradamsa. An alternative version created by [p1-olm](https://github.com/p1-olm) is available on [radamsa-upstream](https://github.com/tsundokul/pyradamsa/tree/radamsa-upstream) branch and is based on the [original](https://gitlab.com/akihe/radamsa) libradamsa upstream.

How is the `radamsa-upstream` different than the `master` version?

- The owl VM initialization uses different seeds, so result are different when mutating same bytes with the same seed

- Future updates from libradamsa creators will show up first in `radamsa-upstream`

## Usage

Install the package using `pip` (or [build](#building) it from source)

```bash

pip install pyradamsa

```

Do some fuzzing

```python

import pyradamsa

rad = pyradamsa.Radamsa()

mydata = b'GET /auth?pass=HelloWorld HTTP1.1'

fuzzed = rad.fuzz(mydata, seed=1337)

print(fuzzed)

> b'GET /auth?pass=HelloWorld HTTP\xc0\xb1.1'

# seed is randomly set if not provided

rad.fuzz(mydata)

> b'\tG\xf3\xa0\x81\x9c\xf7dLET \xe2\x81/aut\xf3\xa0\x80\xafHTTP2.rld HTTP2.rld HTTP3.2\xe1\xa0\x8e9'

rad.fuzz(mydata)

> b'GET /auth?pass=HelloWorld HTTP1.340282366920938463463374607431768211455'

etc.

# enforce static seed on initialization

rad = pyradamsa.Radamsa(seed=0)

# max_mut enforces a maximum length for returned data

# it defaults to (data length + an offset of 4096 bytes)

fuzzed = rad.fuzz(mydata, seed=1337, max_mut=10)

> b'GET /auth?'

# the offset may be overwritten on init

rad = pyradamsa.Radamsa(mut_offset=2048)

```

## Building

Currently wheels are available for linux i686 and x86_64

```sh

# Clone the repo

git clone --recurse-submodules https://github.com/tsundokul/pyradamsa.git

cd pyradamsa

# patch memory leak when reinitializing owl vm

patch libradamsa/libradamsa.c realloc.patch

# OPTIONAL: when using manylinux (https://github.com/pypa/manylinux)

docker run --rm -it -v `pwd`:/io quay.io/pypa/manylinux2010_x86_64 /bin/bash

cd /io && alias python='/opt/python/cp35-cp35m/bin/python3.5'

export PATH="/opt/python/cp35-cp35m/bin/:${PATH}"

# Install requirements

python -m pip install -r requirements.txt

# Build C extension (libradamsa.so)

python setup.py build_ext

# Run tests

./run_tests

# Build wheel

python setup.py bdist_wheel

```

## Contributing

* Fork the repo

* Check out a feature or bug branch

* Add your changes

* Update README when needed

* Submit a pull request to upstream repo

* Add description of your changes

* Ensure tests are passing

* Ensure branch is mergeable

_MIT License, 2020_ [@tim17d](https://twitter.com/tim17d)