forked from AFLplusplus/AFLplusplus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest-custom-mutators.sh
executable file
·125 lines (112 loc) · 4.89 KB
/
test-custom-mutators.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/bin/sh
. ./test-pre.sh
$ECHO "$BLUE[*] Testing: custom mutator"
# normalize path
CUSTOM_MUTATOR_PATH=$(cd $(pwd)/../custom_mutators/examples;pwd)
test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUSTOM_MUTATOR_PATH}/example.py && {
unset AFL_CC
# Compile the vulnerable program for single mutator
test -e ../afl-clang-fast && {
../afl-clang-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
} || {
test -e ../afl-gcc-fast && {
../afl-gcc-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
} || {
../afl-gcc -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
}
}
# Compile the vulnerable program for multiple mutators
test -e ../afl-clang-fast && {
../afl-clang-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
} || {
test -e ../afl-gcc-fast && {
../afl-gcc-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
} || {
../afl-gcc -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
}
}
# Compile the custom mutator
cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator.so > /dev/null 2>&1
cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1
test -e test-custom-mutator -a -e ./libexamplemutator.so && {
# Create input directory
mkdir -p in
echo "00000" > in/in
# Run afl-fuzz w/ the C mutator
$ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds"
{
AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1
} >>errors 2>&1
# Check results
test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here
$ECHO "$GREEN[+] afl-fuzz is working correctly with the C mutator"
} || {
echo CUT------------------------------------------------------------------CUT
cat errors
echo CUT------------------------------------------------------------------CUT
$ECHO "$RED[!] afl-fuzz is not working correctly with the C mutator"
CODE=1
}
# Clean
rm -rf out errors core.*
# Run afl-fuzz w/ multiple C mutators
$ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 10 seconds"
{
AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1
} >>errors 2>&1
test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here
$ECHO "$GREEN[+] afl-fuzz is working correctly with multiple C mutators"
} || {
echo CUT------------------------------------------------------------------CUT
cat errors
echo CUT------------------------------------------------------------------CUT
$ECHO "$RED[!] afl-fuzz is not working correctly with multiple C mutators"
CODE=1
}
# Clean
rm -rf out errors core.*
} || {
ls .
ls ${CUSTOM_MUTATOR_PATH}
$ECHO "$RED[!] cannot compile the test program or the custom mutator"
CODE=1
}
}
test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && {
test -e test-custom-mutator && {
# Run afl-fuzz w/ the Python mutator
$ECHO "$GREY[*] running afl-fuzz for the Python mutator, this will take approx 10 seconds"
{
export PYTHONPATH=${CUSTOM_MUTATOR_PATH}
export AFL_PYTHON_MODULE=example
AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1
unset PYTHONPATH
unset AFL_PYTHON_MODULE
} >>errors 2>&1
# Check results
test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here
$ECHO "$GREEN[+] afl-fuzz is working correctly with the Python mutator"
} || {
echo CUT------------------------------------------------------------------CUT
cat errors
echo CUT------------------------------------------------------------------CUT
$ECHO "$RED[!] afl-fuzz is not working correctly with the Python mutator"
CODE=1
}
# Clean
rm -rf in out errors core.*
rm -rf ${CUSTOM_MUTATOR_PATH}/__pycache__/
rm -f test-multiple-mutators test-custom-mutator libexamplemutator.so libexamplemutator2.so
} || {
ls .
ls ${CUSTOM_MUTATOR_PATH}
$ECHO "$RED[!] cannot compile the test program or the custom mutator"
CODE=1
}
} || {
$ECHO "$YELLOW[-] no python support in afl-fuzz, cannot test"
INCOMPLETE=1
}
make -C ../utils/custom_mutators clean > /dev/null 2>&1
rm -f test-custom-mutator test-custom-mutators
. ./test-post.sh