Home | History | Annotate | only in /external/honggfuzz
Up to higher level directory
NameDateSize
.gitmodules21-Aug-20180
Android.bp21-Aug-20182K
arch.h21-Aug-20181.1K
CHANGELOG21-Aug-20184K
cmdline.c21-Aug-201826.2K
cmdline.h21-Aug-20181K
CONTRIBUTING21-Aug-20181.4K
COPYING21-Aug-201811.1K
display.c21-Aug-201811.1K
display.h21-Aug-2018919
Dockerfile21-Aug-2018340
docs/21-Aug-2018
examples/21-Aug-2018
fuzz.c21-Aug-201824.6K
fuzz.h21-Aug-20181.1K
hfuzz_cc/21-Aug-2018
honggfuzz.c21-Aug-20186.5K
honggfuzz.h21-Aug-20189.2K
includes/21-Aug-2018
input.c21-Aug-20188.5K
input.h21-Aug-20181.1K
libcommon/21-Aug-2018
libhfuzz/21-Aug-2018
LICENSE21-Aug-201811.1K
linux/21-Aug-2018
mac/21-Aug-2018
Makefile21-Aug-201816.4K
mangle.c21-Aug-201820.6K
mangle.h21-Aug-2018888
METADATA21-Aug-2018413
MODULE_LICENSE_APACHE221-Aug-20180
NOTICE21-Aug-201811.1K
posix/21-Aug-2018
README.md21-Aug-20188.8K
report.c21-Aug-20184.1K
report.h21-Aug-2018866
sancov.c21-Aug-201823.8K
sancov.h21-Aug-2018913
sanitizers.c21-Aug-20188.4K
sanitizers.h21-Aug-20181.1K
subproc.c21-Aug-201813.2K
subproc.h21-Aug-20181.3K
third_party/21-Aug-2018
tools/21-Aug-2018

README.md

      1 # honggfuzz #
      2 
      3 **Description**
      4 
      5 A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See [USAGE](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md) for more data on the usage.
      6 
      7   * It's __multi-threaded__ and __multi-process__: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores. The file corpus is shared between threads (and fuzzed instances)
      8   * It's blazingly fast (esp. in the [persistent fuzzing mode](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md)). A simple _LLVMFuzzerTestOneInput_ function can be tested with __up to 1mo iterations per second__ on a relatively modern CPU (e.g. i7-6700K)
      9   * Has a nice track record of uncovered security bugs: e.g. the __only__ (to the date) __vulnerability in OpenSSL with the [critical](https://www.openssl.org/news/secadv/20160926.txt) score mark__ was discovered by honggfuzz. See the Throphies paragraph for the summary of findings to the date
     10   * Uses low-level interfaces to monitor processes (e.g. _ptrace_ under Linux). As opposed to other fuzzers, it __will discover and report hidden signals__ (caught and potentially hidden by signal handlers)
     11   * Easy-to-use, feed it a simple input corpus (__can even consist of a single, 1-byte file__) and it will work its way up expanding it utilizing feedback-based coverage metrics
     12   * Supports several (more than any other coverage-based feedback-driven fuzzer) hardware-based (CPU: branch/instruction counting, __Intel BTS__, __Intel PT__) and software-based [feedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md) methods known from other fuzzers (libfuzzer, afl)
     13   * Works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md)
     14   * Supports __persistent fuzzing mode__ (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that can be found [here](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md)
     15   * [Can fuzz remote/standalone long-lasting processes](https://github.com/google/honggfuzz/blob/master/docs/AttachingToPid.md) (e.g. network servers like __Apache's httpd__ and __ISC's bind__), though the [persistent fuzzing mode](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md) is suggested instead: as it's faster and multiple instances of a service can be fuzzed at once in this mode
     16   * It comes with the __[examples](https://github.com/google/honggfuzz/tree/master/examples) directory__, consisting of real world fuzz setups for widely-used software (e.g. Apache and OpenSSL)
     17 
     18 **Code**
     19 
     20   * Latest stable version: [1.2](https://github.com/google/honggfuzz/releases), but using the __master__ branch is highly encouraged
     21   * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG)
     22 
     23 **Requirements**
     24 
     25   * **Linux** - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev), clang-4.0 or higher for software-based coverage modes
     26   * **FreeBSD** - gmake, clang-3.6 or newer (clang-devel/4.0 suggested)
     27   * **Android** - Android SDK/NDK. Also see [this detailed doc](https://github.com/google/honggfuzz/blob/master/docs/Android.md) on how to build and run it
     28   * **Windows** - CygWin
     29   * **Darwin/OS X** - Xcode 10.8+
     30   * if **Clang/LLVM** is used to compile honggfuzz - link it with the BlocksRuntime Library (libblocksruntime-dev)
     31 
     32 **Trophies**
     33 
     34 Honggfuzz has been used to find a few interesting security problems in major software packages; An incomplete list:
     35 
     36   * [Pre-auth remote crash in __OpenSSH__](https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737)
     37   * __Apache__
     38     * [Remote crash in __mod\_http2__  CVE-2017-7659](http://seclists.org/oss-sec/2017/q2/504)
     39     * [Use-after-free in __mod\_http2__  CVE-2017-9789](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9789)
     40     * [Memory leak in __mod\_auth\_digest__  CVE-2017-9788](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788)
     41   * __SSL__
     42     * [Remote OOB read in __OpenSSL__  CVE-2015-1789]( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789)
     43     * [Remote Use-after-Free (potential RCE, rated as __critical__) in __OpenSSL__  CVE-2016-6309](https://www.openssl.org/news/secadv/20160926.txt)
     44     * [Remote OOB write in __OpenSSL__  CVE-2016-7054](https://www.openssl.org/news/secadv/20161110.txt)
     45     * [Remote OOB read in __OpenSSL__  CVE-2017-3731](https://www.openssl.org/news/secadv/20170126.txt)
     46     * [Uninitialized mem use in __OpenSSL__](https://github.com/openssl/openssl/commit/bd5d27c1c6d3f83464ddf5124f18a2cac2cbb37f)
     47     * [Crash in __LibreSSL__](https://github.com/openbsd/src/commit/c80d04452814d5b0e397817ce4ed34edb4eb520d)
     48     * [Invalid free in __LibreSSL__](https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.2-relnotes.txt)
     49     * [Uninitialized mem use in __BoringSSL__](https://github.com/boringssl/boringssl/commit/7dccc71e08105b100c3acd56fa5f6fc1ba9b71d3)
     50   * [Adobe __Flash__ memory corruption  CVE-2015-0316](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316)
     51   * [Multiple bugs in the __libtiff__ library](http://bugzilla.maptools.org/buglist.cgi?query_format=advanced;emailreporter1=1;email1=robert@swiecki.net;product=libtiff;emailtype1=substring)
     52   * [Multiple bugs in the __librsvg__ library](https://bugzilla.gnome.org/buglist.cgi?query_format=advanced;emailreporter1=1;email1=robert%40swiecki.net;product=librsvg;emailtype1=substring)
     53   * [Multiple bugs in the __poppler__ library](http://lists.freedesktop.org/archives/poppler/2010-November/006726.html)
     54   * [Multiple exploitable bugs in __IDA-Pro__](https://www.hex-rays.com/bugbounty.shtml)
     55   * [Remote DoS in __Crypto++__  CVE-2016-9939](http://www.openwall.com/lists/oss-security/2016/12/12/7)
     56   * Language interpreters
     57     * [__PHP/Python/Ruby__](https://github.com/dyjakan/interpreter-bugs)
     58     * [PHP WDDX](https://bugs.php.net/bug.php?id=74145)
     59     * [PHP](https://bugs.php.net/bug.php?id=74194)
     60   * [Double-free in __LibXMP__](https://github.com/cmatsuoka/libxmp/commit/bd1eb5cfcd802820073504c234c3f735e96c3355)
     61   * [Heap buffer overflow in SAPCAR  CVE-2017-8852](https://www.coresecurity.com/blog/sapcar-heap-buffer-overflow-crash-exploit)
     62   * [Crashes in __libbass__](http://seclists.org/oss-sec/2017/q4/185)
     63   * __FreeType 2__:
     64     * [CVE-2010-2497](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2497)
     65     * [CVE-2010-2498](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2498)
     66     * [CVE-2010-2499](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2499)
     67     * [CVE-2010-2500](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2500)
     68     * [CVE-2010-2519](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2519)
     69     * [CVE-2010-2520](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2520)
     70     * [CVE-2010-2527](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2527)
     71   * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420)
     72   * ... and more
     73 
     74 **Projects utilizing Honggfuzz**
     75   * [__QuickFuzz__ by CIFASIS](http://quickfuzz.org)
     76   * [__OSS-Fuzz__](https://github.com/google/oss-fuzz)
     77   * [__Frog And Fuzz__](https://github.com/warsang/FrogAndFuzz/tree/develop)
     78   * [dyjakan's __interpreters fuzzing__ project](https://github.com/dyjakan/interpreter-bugs)
     79   * [__riufuzz__: honggfuzz with AFL-like UI](https://github.com/riusksk/riufuzz)
     80   * [__h2fuzz__: fuzzing of Apache's HTTP/2 implementation](https://github.com/icing/h2fuzz)
     81   * [__honggfuzz-dharma__: honggfuzz with dharma grammar fuzzer](https://github.com/Sbouber/honggfuzz-dharma)
     82   * [__Owl__: a system for finding concurrency attacks](https://github.com/hku-systems/owl)
     83   * [__honggfuzz-docker-apps__](https://github.com/skysider/honggfuzz_docker_apps)
     84   * [__FFW - Fuzzing For Worms__](https://github.com/dobin/ffw)
     85 
     86 **Examples**
     87 
     88 The [examples](https://github.com/google/honggfuzz/tree/master/examples/)
     89 directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the
     90 [OpenSSL](https://github.com/google/honggfuzz/tree/master/examples/openssl)
     91 library and in the [Apache](https://github.com/google/honggfuzz/tree/master/examples/apache-httpd)
     92 HTTPD web server.
     93 
     94 **Other**
     95 
     96   * User mailing list: [honggfuzz (a] googlegroups.com](mailto:honggfuzz (a] googlegroups.com), sign up with [this link](https://groups.google.com/forum/#!forum/honggfuzz).
     97 
     98 __This is NOT an official Google product__
     99