Differential fuzzing for the masses!

Related tags

Deep Learningnezha
Overview

NEZHA

NEZHA is an efficient and domain-independent differential fuzzer developed at Columbia University. NEZHA exploits the behavioral asymmetries between multiple test programs to focus on inputs that are more likely to trigger logic bugs.

What?

NEZHA features several runtime diversity-promoting metrics used to generate inputs for multi-app differential testing. These metrics are described in detail in the 2017 IEEE Symposium on Security and Privacy (Oakland) paper - NEZHA: Efficient Domain-Independent Differential Testing.

Getting Started

The current code is a WIP to port NEZHA to the latest libFuzzer and is non-tested. Users who wish to access the code used in the NEZHA paper and the respective examples should access v-0.1.

This repo follows the format of libFuzzer's fuzzer-test-suite. For a simple example on how to perform differential testing using the NEZHA port of libFuzzer see differential_fuzzing_tutorial.

Support

We welcome issues and pull requests with new fuzzing targets.

You might also like...
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing

ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing ProFuzzBench is a benchmark for stateful fuzzing of network protocols. It includes a suite of

Emulation and Feedback Fuzzing of Firmware with Memory Sanitization
Emulation and Feedback Fuzzing of Firmware with Memory Sanitization

BaseSAFE This repository contains the BaseSAFE Rust APIs, introduced by "BaseSAFE: Baseband SAnitized Fuzzing through Emulation". The example/ directo

A fuzzing framework for SMT solvers
A fuzzing framework for SMT solvers

yinyang A fuzzing framework for SMT solvers. Given a set of seed SMT formulas, yinyang generates mutant formulas to stress-test SMT solvers. yinyang c

AntiFuzz: Impeding Fuzzing Audits of Binary Executables

AntiFuzz: Impeding Fuzzing Audits of Binary Executables Get the paper here: https://www.usenix.org/system/files/sec19-guler.pdf Usage: The python scri

Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-art fuzzing techniques

About Fuzzification Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-

Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems

Hydra: An Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems Paper Finding Semantic Bugs in File Systems with an Extensible Fuzzin

Fuzzing the Kernel Using Unicornafl and AFL++
Fuzzing the Kernel Using Unicornafl and AFL++

Unicorefuzz Fuzzing the Kernel using UnicornAFL and AFL++. For details, skim through the WOOT paper or watch this talk at CCCamp19. Is it any good? ye

Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Blazing fast x86-64 VM kernel fuzzing framework with performant VM reloads for Linux, MacOS an

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing Environment Tested on Ubuntu 14.04 64bit and 16.04 64bit Installation # disabl

Comments
  • Building WolfSSl and mbedTLS

    Building WolfSSl and mbedTLS

    Hi,

    I would like to test out Nezha on the WolfSSL and mbedTLS libraries. Could you share out the below files, please? Thanks!

    build_wolfssl_lf.sh build_mbedtls_lf.sh

    opened by ghost 0
  • Unable to install LibFuzzer (for Nezha v0.1)

    Unable to install LibFuzzer (for Nezha v0.1)

    Hi,

    I cloned nezha-0.1 and run the ./utils/build_helpers/setup.sh but the setup was terminated when I received an error message "FAILED" during the Installation of LibFuzzer.

    I opened the README.txt in the directory /nezha-0.1/examples/src/libs/libFuzzer/ and it says "libFuzzer was moved to compiler-rt in https://reviews.llvm.org/D36908"

    Did you encounter the same issue? thanks!

    opened by ghost 0
  • Problem in Tutorial

    Problem in Tutorial

    When I try to follow the tutorial by running mkdir -p out && ./a.out -diff_mode=1 -artifact_prefix=out/ I get the following error:

    INFO: Seed: 3228985162
    a.out: ./FuzzerTracePC.cpp:52: void fuzzer::TracePC::InitializeDiffCallbacks(fuzzer::ExternalFunctions *): Assertion `EF->__sanitizer_update_counter_bitset_and_clear_counters' failed.
    Aborted
    
    opened by ppashakhanloo 2
  • Problems found in nezha v-0.1

    Problems found in nezha v-0.1

    1

    In the file "/examples/bugs/boringssl-f0451ca3/README.md", the 27th line says "cmd:./test_boringssl ..." and the 43rd line says "cmd:./test_libressl ...". The "./test_boringssl ..." and "./test_libressl ..." were run in the directory "sslcert" but the bash said "./test_boringssl: No such file or directory" and "./test_libressl: No such file or directory".
    Do the "./test_boringssl" and "./test_libressl"point to "./test_boringssl.pem.dbg" or "./test_boringssl.der.dbg" or "./test_libressl.pem.dbg" or "./test_libressl.der.dbg" which are generated after executing "./make_all_tests.sh"? If not, how to generate them?

    2

    In the same file, the same line says "...18010_0_18010_..." and the 36th line says "openssl: 18010". Does the "18010" in the 36th line refer to the first "...18010_..." or the second "...0_18010..." in the 27th line?

    3

    In the same file, the 51st line says "libressl: 1 (ok)". Is the number "1" the return value of LibreSSL? If yes, why "18010_0_18010" instead of "18010_1_1801" in the 27th line?

    On the contrary, the 57th line of the file "examples/bugs/libressl-2.4.0/README.md" says "openssl: 1 (ok) and the 48th line ("1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN") starts with "1".

    4

    In the 48th line of the file "examples/bugs/libressl-2.4.0/README.md", "1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN" does not have the same format as in the 27th line of "/examples/bugs/boringssl-f0451ca3/README.md", i.e., "1_libressl_9010" vs "18010_1_1801".

    5

    (This problem has been deleted since it was solved.)

    6

    In the file "/examples/bugs/boringssl-f0451ca3/README.md", the "stdout" (from the 32nd line to the 35th line) is the output of "./test_openssl.der.dbg" instead of "./test_boringssl.der.dbg". The 36th line, i.e., "openssl: 18010" is not output by the "./test_boringssl.der.dbg". Similarly, the 51st line is not output by "./test_libressl.der.dbg".

    In the file "examples/bugs/libressl-2.4.0/README.md", the 57th line is not output by the "./test_openssl.der.dbg"; the 69th line is not output but the "[LSSL] [cert:0x62000000f080 sz:3494] ret=0 depth=2 err=13" is got; the 70th and 71st line are not output by "./test_openssl.der.dbg".

    Thanks a lot!

    opened by pyjavago 1
Releases(v0.1)
Draw like Bob Ross using the power of Neural Networks (With PyTorch)!

Draw like Bob Ross using the power of Neural Networks! (+ Pytorch) Learning Process Visualization Getting started Install dependecies Requires python3

Kendrick Tan 116 Mar 07, 2022
Tensorflow implementation and notebooks for Implicit Maximum Likelihood Estimation

tf-imle Tensorflow 2 and PyTorch implementation and Jupyter notebooks for Implicit Maximum Likelihood Estimation (I-MLE) proposed in the NeurIPS 2021

NEC Laboratories Europe 69 Dec 13, 2022
Composable transformations of Python+NumPy programs: differentiate, vectorize, JIT to GPU/TPU, and more

JAX: Autograd and XLA Quickstart | Transformations | Install guide | Neural net libraries | Change logs | Reference docs | Code search News: JAX tops

Google 21.3k Jan 01, 2023
Adversarial vulnerability of powerful near out-of-distribution detection

Adversarial vulnerability of powerful near out-of-distribution detection by Stanislav Fort In this repository we're collecting replications for the ke

Stanislav Fort 9 Aug 30, 2022
Implementation of Advantage-Weighted Regression: Simple and Scalable Off-Policy Reinforcement Learning

advantage-weighted-regression Implementation of Advantage-Weighted Regression: Simple and Scalable Off-Policy Reinforcement Learning, by Peng et al. (

Omar D. Domingues 1 Dec 02, 2021
Regression Metrics Calculation Made easy for tensorflow2 and scikit-learn

Regression Metrics Installation To install the package from the PyPi repository you can execute the following command: pip install regressionmetrics I

Ashish Patel 11 Dec 16, 2022
JudeasRx - graphical app for doing personalized causal medicine using the methods invented by Judea Pearl et al.

JudeasRX Instructions Read the references given in the Theory and Notation section below Fire up the Jupyter Notebook judeas-rx.ipynb The notebook dra

Robert R. Tucci 19 Nov 07, 2022
VOneNet: CNNs with a Primary Visual Cortex Front-End

VOneNet: CNNs with a Primary Visual Cortex Front-End A family of biologically-inspired Convolutional Neural Networks (CNNs). VOneNets have the followi

The DiCarlo Lab at MIT 99 Dec 22, 2022
On the model-based stochastic value gradient for continuous reinforcement learning

On the model-based stochastic value gradient for continuous reinforcement learning This repository is by Brandon Amos, Samuel Stanton, Denis Yarats, a

Facebook Research 46 Dec 15, 2022
DUE: End-to-End Document Understanding Benchmark

This is the repository that provide tools to download data, reproduce the baseline results and evaluation. What can you achieve with this guide Based

21 Dec 29, 2022
Repository for the NeurIPS 2021 paper: "Exploiting Domain-Specific Features to Enhance Domain Generalization".

meta-Domain Specific-Domain Invariant (mDSDI) Source code implementation for the paper: Manh-Ha Bui, Toan Tran, Anh Tuan Tran, Dinh Phung. "Exploiting

VinAI Research 12 Nov 25, 2022
Zero-Cost Proxies for Lightweight NAS

Zero-Cost-NAS Companion code for the ICLR2021 paper: Zero-Cost Proxies for Lightweight NAS tl;dr A single minibatch of data is used to score neural ne

SamsungLabs 108 Dec 20, 2022
A3C LSTM Atari with Pytorch plus A3G design

NEWLY ADDED A3G A NEW GPU/CPU ARCHITECTURE OF A3C FOR SUBSTANTIALLY ACCELERATED TRAINING!! RL A3C Pytorch NEWLY ADDED A3G!! New implementation of A3C

David Griffis 532 Jan 02, 2023
2.86% and 15.85% on CIFAR-10 and CIFAR-100

Shake-Shake regularization This repository contains the code for the paper Shake-Shake regularization. This arxiv paper is an extension of Shake-Shake

Xavier Gastaldi 294 Nov 22, 2022
Evaluating deep transfer learning for whole-brain cognitive decoding

Evaluating deep transfer learning for whole-brain cognitive decoding This README file contains the following sections: Project description Repository

Armin Thomas 5 Oct 31, 2022
Inflated i3d network with inception backbone, weights transfered from tensorflow

I3D models transfered from Tensorflow to PyTorch This repo contains several scripts that allow to transfer the weights from the tensorflow implementat

Yana 479 Dec 08, 2022
PyTorch implementation of Train Short, Test Long: Attention with Linear Biases Enables Input Length Extrapolation.

ALiBi PyTorch implementation of Train Short, Test Long: Attention with Linear Biases Enables Input Length Extrapolation. Quickstart Clone this reposit

Jake Tae 4 Jul 27, 2022
Meli Data Challenge 2021 - First Place Solution

My solution for the Meli Data Challenge 2021

Matias Moreyra 23 Mar 09, 2022
Python scripts performing class agnostic object localization using the Object Localization Network model in ONNX.

ONNX Object Localization Network Python scripts performing class agnostic object localization using the Object Localization Network model in ONNX. Ori

Ibai Gorordo 15 Oct 14, 2022
Script for getting information in discord

User-info.py Script for getting information in https://discord.com/ Instalação: apt-get update -y apt-get upgrade -y apt-get install git pkg install

Moleey 1 Dec 18, 2021