T-Fuzz: fuzzing tool based on program transformation
T-Fuzz
T-Fuzz consists of 2 components:
- Fuzzing tool (TFuzz): a fuzzing tool based on program transformation
- Crash Analyzer (CrashAnalyzer): a tool that verifies whether crashes found transformed programs are true bugs in the original program or not (coming soon).
Installing
Installing radare2
$ git clone https://github.com/radare/radare2.git
$ cd radare2
$ ./sys/install.sh
installing pip and setting up virtualenv & wrapper
$ sudo apt-get install python-pip python-virtualenv
$ pip install virtualenvwrapper
Add the following lines to your shell rc file (~/.bashrc or ~/.zshrc).
export WORKON_HOME=$HOME/.virtual_envs
source /usr/local/bin/virtualenvwrapper.sh
Creating a virtual environment
$ mkvirtualenv tfuzz-env
Installing dependent libraries
$ workon tfuzz-env
$ git clone https://github.com/HexHive/T-Fuzz.git
$ pip install -r req.txt
Fuzzing target programs
$ ./TFuzz --program <path_to_target_program> --work_dir <work_dir> --target_opts <target_opts>
Where
- <path_to_target_program>: the path to the target program to fuzz
- <work_dir>: the directory to save the results
- <target_opts>: the options to pass to the target program, like AFL, use @@ as a placeholder for files to mutate.
Examples
Fuzzing base64 with T-Fuzz
$ ./TFuzz --program target_programs/base64 --work_dir workdir_base64 --target_opts "-d @@"
Fuzzing uniq with T-Fuzz
$ ./TFuzz --program target_programs/uniq --work_dir workdir_uniq --target_opts "@@"
Fuzzing md5sum with T-Fuzz
$ ./TFuzz --program target_programs/md5sum --work_dir workdir_md5sum --target_opts "-c @@"
Fuzzing who with T-Fuzz
$ ./TFuzz --program target_programs/who --work_dir workdir_who --target_opts "@@"
Source: https://github.com/HexHive/
