AFL++
Installation
Running pastis-aflpp requires installing AFL++ as it uses afl-fuzz binary found
in the PATH or through an environment variable. It thus has to be installed before the Python
module.
Compiling the AFL++ (with QEMU support) is as simple as:
$ git clone https://github.com/AFLplusplus/AFLplusplus.git
$ cd AFLplusplus
$ make distrib
$ cd qemu_mode/
$ ./build_qemu_support.sh
$ echo "export AFLPP_PATH=$PWD" >> ~/.profile
The only tricky part is the export of the AFL++ directory as environment
variable to make it discoverable by pastis-aflpp. At the moment the
module does not intent to find automatically the afl-fuzz binary.
Running pastis-aflpp
The program pastis-aflpp is the main binary using the pastis-aflpp library
to interact with the broker. It can either be launched locally in offline
mode or with the broker in an online mode.
Online mode
Launching the pastis-aflpp in online mode is as simple as:
$ pastis-aflpp online
Without further argument the binary the server reached is localhost on port
5555. Otherwise one can specify -h and -p respectively for the host
and port. There is no other parameters as all of them will be received
through the broker.
Offline mode
In offline mode, all parameters normally received by the broker have to be specified on the command line. Options are:
$ pastis-aflpp offline --help
Usage: pastis-aflpp offline [OPTIONS] PROGRAM [PARGVS]...
Options:
-r, --sast-report FILE SAST report to use
-s, --seed PATH Seed or directory of seeds to give to the exploration
-x, --exmode [SINGLE_EXEC|PERSISTENT] Execution mode
-chk, --chkmode [CHECK_ALL|ALERT_ONLY] Check mode
-i, --seedinj [STDIN|ARGV] Location where to inject input
--logfile TEXT Log file of all messages received by the broker
--help Show this message and exit.
The only mandatory argument is the binary itself. One can provide binary argvs as argv on the command line. Optional arguments allows providing a SAST report, one or multiple initial seed files and tuning parameters to run the fuzzer.