예제 #1
0
def print_stats(fuzzer, parser):
    coverage, _ = population_coverage(fuzzer.inputs, my_parser)

    has_structure = 0
    for seed in fuzzer.inputs:
        # reuse memoized information
        if hasattr(seed, "has_structure"):
            if seed.has_structure:
                has_structure += 1
        else:
            if isinstance(seed, str):
                seed = Seed(seed)
            try:
                signal.setitimer(signal.ITIMER_REAL, 0.2)
                next(parser.parse(seed.data))
                signal.setitimer(signal.ITIMER_REAL, 0)
                has_structure += 1
            except (SyntaxError, Timeout):
                signal.setitimer(signal.ITIMER_REAL, 0)

    print("From the %d generated inputs, %d (%0.2f%%) can be parsed.\n"
          "In total, %d statements are covered." %
          (len(fuzzer.inputs), has_structure,
           100 * has_structure / len(fuzzer.inputs), len(coverage)))
예제 #2
0
        end - start, n)

if __name__ == "__main__":
    "During this fuzzing campaign, we covered %d statements." % len(
        runner.coverage())

if __package__ is None or __package__ == "":
    from Coverage import population_coverage
else:
    from .Coverage import population_coverage

if __name__ == "__main__":
    import matplotlib.pyplot as plt

if __name__ == "__main__":
    _, dict_cov = population_coverage(dict_fuzzer.inputs, my_parser)
    _, fuzz_cov = population_coverage(fuzzer.inputs, my_parser)
    line_dict, = plt.plot(dict_cov, label="With Dictionary")
    line_fuzz, = plt.plot(fuzz_cov, label="Without Dictionary")
    plt.legend(handles=[line_dict, line_fuzz])
    plt.xlim(0, n)
    plt.title('Coverage over time')
    plt.xlabel('# of inputs')
    plt.ylabel('lines covered')

# ## Fuzzing with Input Fragments

if __name__ == "__main__":
    print('\n## Fuzzing with Input Fragments')

# ### Parsing and Recombining JavaScript, or How to Make 50,000 USD in Four Weeks
예제 #3
0
    # create random fuzzer
    fuzzer = RandomFuzzer(min_length=1,
                          max_length=100,
                          char_start=32,
                          char_range=94)

    # create population of fuzz inputs
    population = []
    for i in range(trials):
        population.append(fuzzer.fuzz())

    # execute and measure trace coverage
    trace_timeseries = population_trace_coverage(population, my_parser)[1]

    # execute and measure code coverage
    code_timeseries = population_coverage(population, my_parser)[1]

    # plot trace coverage over time
    plt.figure(num=None, figsize=(12, 4), dpi=80, facecolor='w', edgecolor='k')
    plt.subplot(1, 2, 1)
    plt.plot(trace_timeseries)
    plt.xlabel('# of fuzz inputs')
    plt.ylabel('# of traces exercised')
    plt.title('Trace Coverage Over Time')

    # plot code coverage over time
    plt.subplot(1, 2, 2)
    plt.plot(code_timeseries)
    plt.xlabel('# of fuzz inputs')
    plt.ylabel('# of statements covered')
    plt.title('Code Coverage Over Time')
예제 #4
0
        if outcome == Runner.PASS and new_coverage not in self.coverages_seen:
            # We have new coverage
            self.population.append(self.inp)
            self.coverages_seen.add(new_coverage)

        return result


if __name__ == "__main__":
    seed_input = "http://www.google.com/search?q=fuzzing"
    mutation_fuzzer = MutationCoverageFuzzer(seed=[seed_input])
    mutation_fuzzer.runs(http_runner, trials=10000)
    mutation_fuzzer.population

if __name__ == "__main__":
    all_coverage, cumulative_coverage = population_coverage(
        mutation_fuzzer.population, http_program)

if __name__ == "__main__":
    import matplotlib.pyplot as plt

if __name__ == "__main__":
    plt.plot(cumulative_coverage)
    plt.title('Coverage of urlparse() with random inputs')
    plt.xlabel('# of inputs')
    plt.ylabel('lines covered')

# ## Synopsis

if __name__ == "__main__":
    print('\n## Synopsis')
예제 #5
0
    blackbox_fuzzer = MutationFuzzer([seed_input], Mutator(), PowerSchedule())

    start = time.time()
    blackbox_fuzzer.runs(FunctionCoverageRunner(crashme), trials=n)
    end = time.time()

    "It took the blackbox mutation-based fuzzer %0.2f seconds to generate and execute %d inputs." % (
        end - start, n)

if __package__ is None or __package__ == "":
    from Coverage import population_coverage
else:
    from .Coverage import population_coverage

if __name__ == "__main__":
    _, blackbox_coverage = population_coverage(blackbox_fuzzer.inputs, crashme)
    bb_max_coverage = max(blackbox_coverage)

    "The blackbox mutation-based fuzzer achieved a maximum coverage of %d statements." % bb_max_coverage

if __name__ == "__main__":
    [seed_input] + \
    [blackbox_fuzzer.inputs[idx] for idx in range(len(blackbox_coverage))
        if blackbox_coverage[idx] > blackbox_coverage[idx - 1]
    ]

# ### Greybox Mutation-based Fuzzer

if __name__ == "__main__":
    print('\n### Greybox Mutation-based Fuzzer')