AFLTriage: triage crashing input files using a debugger

by do son · November 20, 2021

AFLTriage

AFLTriage is a tool to triage crashing input files using a debugger. It is designed to be portable and does not require any run-time dependencies, besides libc and an external debugger. It supports triaging crashes generated by any program, not just AFL, but recognizes AFL directories especially, hence the name.

Some notable features include:

Multiple report formats: text, JSON, and raw debugger JSON
Parallel crash triage
Crash deduplication
Sanitizer report parsing
Supports binary targets with or without symbols/debugging information
Source code and variables will be annotated in reports for context

Currently, it only supports GDB and has only been tested on Linux C/C++ targets. Note that AFLTriage does not classify crashes by potential exploitability. Accurate exploitability classification is very target and scenario-specific and is best left to specialized tools and expert analysts.

Use

Usage of AFLTriage is quite straightforward. You need your inputs to triage, an output directory for reports, and the binary and its arguments to triage.

Example

$ afltriage -i fuzzing_directory -o reports ./target_binary --option-one @@

AFLTriage v1.0.0



[+] GDB is working (GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1 - Python 3.6.9 (default, Jan 26 2021, 15:33:00))

[+] Image triage cmdline: "./target_binary --option-one @@"

[+] Reports will be output to directory "reports"

[+] Triaging AFL directory fuzzing_directory/ (41 files)

[+] Triaging 41 testcases

[+] Using 24 threads to triage

[+] Triaging   [41/41 00:00:02] [####################] CRASH: ASAN detected heap-buffer-overflow in buggy_function after a READ leading to SIGABRT (si_signo=6) / SI_TKILL (si_code=-6)

[+] Triage stats [Crashes: 25 (unique 12), No crash: 16, Errored: 0]

Similar to AFL the @@ is replaced with the path of the file to be triaged. AFLTriage will take care of the rest.