Differential fuzzing for the masses!

Related tags

Deep Learningnezha
Overview

NEZHA

NEZHA is an efficient and domain-independent differential fuzzer developed at Columbia University. NEZHA exploits the behavioral asymmetries between multiple test programs to focus on inputs that are more likely to trigger logic bugs.

What?

NEZHA features several runtime diversity-promoting metrics used to generate inputs for multi-app differential testing. These metrics are described in detail in the 2017 IEEE Symposium on Security and Privacy (Oakland) paper - NEZHA: Efficient Domain-Independent Differential Testing.

Getting Started

The current code is a WIP to port NEZHA to the latest libFuzzer and is non-tested. Users who wish to access the code used in the NEZHA paper and the respective examples should access v-0.1.

This repo follows the format of libFuzzer's fuzzer-test-suite. For a simple example on how to perform differential testing using the NEZHA port of libFuzzer see differential_fuzzing_tutorial.

Support

We welcome issues and pull requests with new fuzzing targets.

You might also like...
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing

ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing ProFuzzBench is a benchmark for stateful fuzzing of network protocols. It includes a suite of

null 155 Jan 8, 2023
Emulation and Feedback Fuzzing of Firmware with Memory Sanitization
Emulation and Feedback Fuzzing of Firmware with Memory Sanitization

BaseSAFE This repository contains the BaseSAFE Rust APIs, introduced by "BaseSAFE: Baseband SAnitized Fuzzing through Emulation". The example/ directo

Security in Telecommunications 138 Dec 16, 2022
A fuzzing framework for SMT solvers
A fuzzing framework for SMT solvers

yinyang A fuzzing framework for SMT solvers. Given a set of seed SMT formulas, yinyang generates mutant formulas to stress-test SMT solvers. yinyang c

Project Yin-Yang for SMT Solver Testing 145 Jan 4, 2023
AntiFuzz: Impeding Fuzzing Audits of Binary Executables

AntiFuzz: Impeding Fuzzing Audits of Binary Executables Get the paper here: https://www.usenix.org/system/files/sec19-guler.pdf Usage: The python scri

Chair for Sys­tems Se­cu­ri­ty 88 Dec 21, 2022
Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-art fuzzing techniques

About Fuzzification Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-

gts3.org (SSLab@Gatech) 55 Oct 25, 2022
Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems

Hydra: An Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems Paper Finding Semantic Bugs in File Systems with an Extensible Fuzzin

gts3.org (SSLab@Gatech) 129 Dec 15, 2022
Fuzzing the Kernel Using Unicornafl and AFL++
Fuzzing the Kernel Using Unicornafl and AFL++

Unicorefuzz Fuzzing the Kernel using UnicornAFL and AFL++. For details, skim through the WOOT paper or watch this talk at CCCamp19. Is it any good? ye

Security in Telecommunications 283 Dec 26, 2022
Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Blazing fast x86-64 VM kernel fuzzing framework with performant VM reloads for Linux, MacOS an

Chair for Sys­tems Se­cu­ri­ty 541 Nov 27, 2022
QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing Environment Tested on Ubuntu 14.04 64bit and 16.04 64bit Installation # disabl

gts3.org (SSLab@Gatech) 581 Dec 30, 2022
Comments
  • Building WolfSSl and mbedTLS

    Building WolfSSl and mbedTLS

    Hi,

    I would like to test out Nezha on the WolfSSL and mbedTLS libraries. Could you share out the below files, please? Thanks!

    build_wolfssl_lf.sh build_mbedtls_lf.sh

    opened by ghost 0
  • Unable to install LibFuzzer (for Nezha v0.1)

    Unable to install LibFuzzer (for Nezha v0.1)

    Hi,

    I cloned nezha-0.1 and run the ./utils/build_helpers/setup.sh but the setup was terminated when I received an error message "FAILED" during the Installation of LibFuzzer.

    I opened the README.txt in the directory /nezha-0.1/examples/src/libs/libFuzzer/ and it says "libFuzzer was moved to compiler-rt in https://reviews.llvm.org/D36908"

    Did you encounter the same issue? thanks!

    opened by ghost 0
  • Problem in Tutorial

    Problem in Tutorial

    When I try to follow the tutorial by running mkdir -p out && ./a.out -diff_mode=1 -artifact_prefix=out/ I get the following error:

    INFO: Seed: 3228985162
a.out: ./FuzzerTracePC.cpp:52: void fuzzer::TracePC::InitializeDiffCallbacks(fuzzer::ExternalFunctions *): Assertion `EF->__sanitizer_update_counter_bitset_and_clear_counters' failed.
Aborted
    opened by ppashakhanloo 2
  • Problems found in nezha v-0.1

    Problems found in nezha v-0.1

    1

    In the file "/examples/bugs/boringssl-f0451ca3/README.md", the 27th line says "cmd:./test_boringssl ..." and the 43rd line says "cmd:./test_libressl ...". The "./test_boringssl ..." and "./test_libressl ..." were run in the directory "sslcert" but the bash said "./test_boringssl: No such file or directory" and "./test_libressl: No such file or directory".
    Do the "./test_boringssl" and "./test_libressl"point to "./test_boringssl.pem.dbg" or "./test_boringssl.der.dbg" or "./test_libressl.pem.dbg" or "./test_libressl.der.dbg" which are generated after executing "./make_all_tests.sh"? If not, how to generate them?

    2

    In the same file, the same line says "...18010_0_18010_..." and the 36th line says "openssl: 18010". Does the "18010" in the 36th line refer to the first "...18010_..." or the second "...0_18010..." in the 27th line?

    3

    In the same file, the 51st line says "libressl: 1 (ok)". Is the number "1" the return value of LibreSSL? If yes, why "18010_0_18010" instead of "18010_1_1801" in the 27th line?

    On the contrary, the 57th line of the file "examples/bugs/libressl-2.4.0/README.md" says "openssl: 1 (ok) and the 48th line ("1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN") starts with "1".

    4

    In the 48th line of the file "examples/bugs/libressl-2.4.0/README.md", "1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN" does not have the same format as in the 27th line of "/examples/bugs/boringssl-f0451ca3/README.md", i.e., "1_libressl_9010" vs "18010_1_1801".

    5

    (This problem has been deleted since it was solved.)

    6

    In the file "/examples/bugs/boringssl-f0451ca3/README.md", the "stdout" (from the 32nd line to the 35th line) is the output of "./test_openssl.der.dbg" instead of "./test_boringssl.der.dbg". The 36th line, i.e., "openssl: 18010" is not output by the "./test_boringssl.der.dbg". Similarly, the 51st line is not output by "./test_libressl.der.dbg".

    In the file "examples/bugs/libressl-2.4.0/README.md", the 57th line is not output by the "./test_openssl.der.dbg"; the 69th line is not output but the "[LSSL] [cert:0x62000000f080 sz:3494] ret=0 depth=2 err=13" is got; the 70th and 71st line are not output by "./test_openssl.der.dbg".

    Thanks a lot!

    opened by pyjavago 1
Releases(v0.1)
Owner
GitHub Repository
TANL: Structured Prediction as Translation between Augmented Natural Languages

TANL: Structured Prediction as Translation between Augmented Natural Languages Code for the paper "Structured Prediction as Translation between Augmen

98 Dec 15, 2022
Code accompanying "Learning What To Do by Simulating the Past", ICLR 2021.

Learning What To Do by Simulating the Past This repository contains code that implements the Deep Reward Learning by Simulating the Past (Deep RSLP) a

Center for Human-Compatible AI 24 Aug 07, 2021
Python implementation of "Multi-Instance Pose Networks: Rethinking Top-Down Pose Estimation"

MIPNet: Multi-Instance Pose Networks This repository is the official pytorch python implementation of "Multi-Instance Pose Networks: Rethinking Top-Do

Rawal Khirodkar 57 Dec 12, 2022
Caffe: a fast open framework for deep learning.

Caffe Caffe is a deep learning framework made with expression, speed, and modularity in mind. It is developed by Berkeley AI Research (BAIR)/The Berke

Berkeley Vision and Learning Center 33k Dec 28, 2022
Hyperbolic Image Segmentation, CVPR 2022

Hyperbolic Image Segmentation, CVPR 2022 This is the implementation of paper Hyperbolic Image Segmentation (CVPR 2022). Repository structure assets :

Mina Ghadimi Atigh 46 Dec 29, 2022
This repository contains a pytorch implementation of "HeadNeRF: A Real-time NeRF-based Parametric Head Model (CVPR 2022)".

HeadNeRF: A Real-time NeRF-based Parametric Head Model This repository contains a pytorch implementation of "HeadNeRF: A Real-time NeRF-based Parametr

294 Jan 01, 2023
Keyhole Imaging: Non-Line-of-Sight Imaging and Tracking of Moving Objects Along a Single Optical Path

Keyhole Imaging Code & Dataset Code associated with the paper "Keyhole Imaging: Non-Line-of-Sight Imaging and Tracking of Moving Objects Along a Singl

Stanford Computational Imaging Lab 20 Feb 03, 2022
Fuzzer for Linux Kernel Drivers

difuze: Fuzzer for Linux Kernel Drivers This repo contains all the sources (including setup scripts), you need to get difuze up and running. Tested on

seclab 344 Dec 27, 2022
MLP-Like Vision Permutator for Visual Recognition (PyTorch)

Vision Permutator: A Permutable MLP-Like Architecture for Visual Recognition (arxiv) This is a Pytorch implementation of our paper. We present Vision

Qibin (Andrew) Hou 162 Nov 28, 2022
Spectral Tensor Train Parameterization of Deep Learning Layers

Spectral Tensor Train Parameterization of Deep Learning Layers This repository is the official implementation of our AISTATS 2021 paper titled "Spectr

Anton Obukhov 12 Oct 23, 2022
An intelligent, flexible grammar of machine learning.

An english representation of machine learning. Modify what you want, let us handle the rest. Overview Nylon is a python library that lets you customiz

Palash Shah 79 Dec 02, 2022
Discord bot for notifying on github events

Git-Observer Discord bot for notifying on github events ⚠️ This bot is meant to write messages to only one channel (implementing this for multiple pro

ilu_vatar_ 0 Apr 19, 2022
Code for "LoRA: Low-Rank Adaptation of Large Language Models"

LoRA: Low-Rank Adaptation of Large Language Models This repo contains the implementation of LoRA in GPT-2 and steps to replicate the results in our re

Microsoft 394 Jan 08, 2023
Super-BPD: Super Boundary-to-Pixel Direction for Fast Image Segmentation (CVPR 2020)

Super-BPD for Fast Image Segmentation (CVPR 2020) Introduction We propose direction-based super-BPD, an alternative to superpixel, for fast generic im

189 Dec 07, 2022
FLAVR is a fast, flow-free frame interpolation method capable of single shot multi-frame prediction

FLAVR is a fast, flow-free frame interpolation method capable of single shot multi-frame prediction. It uses a customized encoder decoder architecture with spatio-temporal convolutions and channel ga

Tarun K 280 Dec 23, 2022
Official implementation of "Membership Inference Attacks Against Self-supervised Speech Models"

Introduction Official implementation of "Membership Inference Attacks Against Self-supervised Speech Models". In this work, we demonstrate that existi

Wei-Cheng Tseng 7 Nov 01, 2022
ML model to classify between cats and dogs

Cats-and-dogs-classifier This is my first ML model which can classify between cats and dogs. Here the accuracy is around 75%, however , the accuracy c

Sharath V 4 Aug 20, 2021
🏖 Keras Implementation of Painting outside the box

Keras implementation of Image OutPainting This is an implementation of Painting Outside the Box: Image Outpainting paper from Standford University. So

Bendang 1.1k Dec 10, 2022
The implementation of ICASSP 2020 paper "Pixel-level self-paced learning for super-resolution"

Pixel-level Self-Paced Learning for Super-Resolution This is an official implementaion of the paper Pixel-level Self-Paced Learning for Super-Resoluti

Elon Lin 41 Dec 15, 2022
Experimental code for paper: Generative Adversarial Networks as Variational Training of Energy Based Models

Experimental code for paper: Generative Adversarial Networks as Variational Training of Energy Based Models, under review at ICLR 2017 requirements: T

Shuangfei Zhai 18 Mar 05, 2022