Differential fuzzing for the masses!

Related tags

Deep Learningnezha
Overview

NEZHA

NEZHA is an efficient and domain-independent differential fuzzer developed at Columbia University. NEZHA exploits the behavioral asymmetries between multiple test programs to focus on inputs that are more likely to trigger logic bugs.

What?

NEZHA features several runtime diversity-promoting metrics used to generate inputs for multi-app differential testing. These metrics are described in detail in the 2017 IEEE Symposium on Security and Privacy (Oakland) paper - NEZHA: Efficient Domain-Independent Differential Testing.

Getting Started

The current code is a WIP to port NEZHA to the latest libFuzzer and is non-tested. Users who wish to access the code used in the NEZHA paper and the respective examples should access v-0.1.

This repo follows the format of libFuzzer's fuzzer-test-suite. For a simple example on how to perform differential testing using the NEZHA port of libFuzzer see differential_fuzzing_tutorial.

Support

We welcome issues and pull requests with new fuzzing targets.

You might also like...
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing

ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing ProFuzzBench is a benchmark for stateful fuzzing of network protocols. It includes a suite of

null 155 Jan 8, 2023
Emulation and Feedback Fuzzing of Firmware with Memory Sanitization
Emulation and Feedback Fuzzing of Firmware with Memory Sanitization

BaseSAFE This repository contains the BaseSAFE Rust APIs, introduced by "BaseSAFE: Baseband SAnitized Fuzzing through Emulation". The example/ directo

Security in Telecommunications 138 Dec 16, 2022
A fuzzing framework for SMT solvers
A fuzzing framework for SMT solvers

yinyang A fuzzing framework for SMT solvers. Given a set of seed SMT formulas, yinyang generates mutant formulas to stress-test SMT solvers. yinyang c

Project Yin-Yang for SMT Solver Testing 145 Jan 4, 2023
AntiFuzz: Impeding Fuzzing Audits of Binary Executables

AntiFuzz: Impeding Fuzzing Audits of Binary Executables Get the paper here: https://www.usenix.org/system/files/sec19-guler.pdf Usage: The python scri

Chair for Sys­tems Se­cu­ri­ty 88 Dec 21, 2022
Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-art fuzzing techniques

About Fuzzification Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-

gts3.org (SSLab@Gatech) 55 Oct 25, 2022
Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems

Hydra: An Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems Paper Finding Semantic Bugs in File Systems with an Extensible Fuzzin

gts3.org (SSLab@Gatech) 129 Dec 15, 2022
Fuzzing the Kernel Using Unicornafl and AFL++
Fuzzing the Kernel Using Unicornafl and AFL++

Unicorefuzz Fuzzing the Kernel using UnicornAFL and AFL++. For details, skim through the WOOT paper or watch this talk at CCCamp19. Is it any good? ye

Security in Telecommunications 283 Dec 26, 2022
Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Blazing fast x86-64 VM kernel fuzzing framework with performant VM reloads for Linux, MacOS an

Chair for Sys­tems Se­cu­ri­ty 541 Nov 27, 2022
QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing Environment Tested on Ubuntu 14.04 64bit and 16.04 64bit Installation # disabl

gts3.org (SSLab@Gatech) 581 Dec 30, 2022
Comments
  • Building WolfSSl and mbedTLS

    Building WolfSSl and mbedTLS

    Hi,

    I would like to test out Nezha on the WolfSSL and mbedTLS libraries. Could you share out the below files, please? Thanks!

    build_wolfssl_lf.sh build_mbedtls_lf.sh

    opened by ghost 0
  • Unable to install LibFuzzer (for Nezha v0.1)

    Unable to install LibFuzzer (for Nezha v0.1)

    Hi,

    I cloned nezha-0.1 and run the ./utils/build_helpers/setup.sh but the setup was terminated when I received an error message "FAILED" during the Installation of LibFuzzer.

    I opened the README.txt in the directory /nezha-0.1/examples/src/libs/libFuzzer/ and it says "libFuzzer was moved to compiler-rt in https://reviews.llvm.org/D36908"

    Did you encounter the same issue? thanks!

    opened by ghost 0
  • Problem in Tutorial

    Problem in Tutorial

    When I try to follow the tutorial by running mkdir -p out && ./a.out -diff_mode=1 -artifact_prefix=out/ I get the following error:

    INFO: Seed: 3228985162
a.out: ./FuzzerTracePC.cpp:52: void fuzzer::TracePC::InitializeDiffCallbacks(fuzzer::ExternalFunctions *): Assertion `EF->__sanitizer_update_counter_bitset_and_clear_counters' failed.
Aborted
    opened by ppashakhanloo 2
  • Problems found in nezha v-0.1

    Problems found in nezha v-0.1

    1

    In the file "/examples/bugs/boringssl-f0451ca3/README.md", the 27th line says "cmd:./test_boringssl ..." and the 43rd line says "cmd:./test_libressl ...". The "./test_boringssl ..." and "./test_libressl ..." were run in the directory "sslcert" but the bash said "./test_boringssl: No such file or directory" and "./test_libressl: No such file or directory".
    Do the "./test_boringssl" and "./test_libressl"point to "./test_boringssl.pem.dbg" or "./test_boringssl.der.dbg" or "./test_libressl.pem.dbg" or "./test_libressl.der.dbg" which are generated after executing "./make_all_tests.sh"? If not, how to generate them?

    2

    In the same file, the same line says "...18010_0_18010_..." and the 36th line says "openssl: 18010". Does the "18010" in the 36th line refer to the first "...18010_..." or the second "...0_18010..." in the 27th line?

    3

    In the same file, the 51st line says "libressl: 1 (ok)". Is the number "1" the return value of LibreSSL? If yes, why "18010_0_18010" instead of "18010_1_1801" in the 27th line?

    On the contrary, the 57th line of the file "examples/bugs/libressl-2.4.0/README.md" says "openssl: 1 (ok) and the 48th line ("1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN") starts with "1".

    4

    In the 48th line of the file "examples/bugs/libressl-2.4.0/README.md", "1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN" does not have the same format as in the 27th line of "/examples/bugs/boringssl-f0451ca3/README.md", i.e., "1_libressl_9010" vs "18010_1_1801".

    5

    (This problem has been deleted since it was solved.)

    6

    In the file "/examples/bugs/boringssl-f0451ca3/README.md", the "stdout" (from the 32nd line to the 35th line) is the output of "./test_openssl.der.dbg" instead of "./test_boringssl.der.dbg". The 36th line, i.e., "openssl: 18010" is not output by the "./test_boringssl.der.dbg". Similarly, the 51st line is not output by "./test_libressl.der.dbg".

    In the file "examples/bugs/libressl-2.4.0/README.md", the 57th line is not output by the "./test_openssl.der.dbg"; the 69th line is not output but the "[LSSL] [cert:0x62000000f080 sz:3494] ret=0 depth=2 err=13" is got; the 70th and 71st line are not output by "./test_openssl.der.dbg".

    Thanks a lot!

    opened by pyjavago 1
Releases(v0.1)
Owner
GitHub Repository
Membership Inference Attack against Graph Neural Networks

MIA GNN Project Starter If you meet the version mismatch error for Lasagne library, please use following command to upgrade Lasagne library. pip insta

6 Nov 09, 2022
Implementation of Online Label Smoothing in PyTorch

Online Label Smoothing Pytorch implementation of Online Label Smoothing (OLS) presented in Delving Deep into Label Smoothing. Introduction As the abst

83 Dec 14, 2022
A Python library for unevenly-spaced time series analysis

traces A Python library for unevenly-spaced time series analysis. Why? Taking measurements at irregular intervals is common, but most tools are primar

Datascope Analytics 516 Dec 29, 2022
[RSS 2021] An End-to-End Differentiable Framework for Contact-Aware Robot Design

DiffHand This repository contains the implementation for the paper An End-to-End Differentiable Framework for Contact-Aware Robot Design (RSS 2021). I

Jie Xu 60 Jan 04, 2023
Code for our CVPR 2021 Paper "Rethinking Style Transfer: From Pixels to Parameterized Brushstrokes".

Rethinking Style Transfer: From Pixels to Parameterized Brushstrokes (CVPR 2021) Project page | Paper | Colab | Colab for Drawing App Rethinking Style

CompVis Heidelberg 153 Jan 04, 2023
A hybrid SOTA solution of LiDAR panoptic segmentation with C++ implementations of point cloud clustering algorithms. ICCV21, Workshop on Traditional Computer Vision in the Age of Deep Learning

ICCVW21-TradiCV-Survey-of-LiDAR-Cluster Motivation In contrast to popular end-to-end deep learning LiDAR panoptic segmentation solutions, we propose a

YimingZhao 103 Nov 22, 2022
TagLab: an image segmentation tool oriented to marine data analysis

TagLab: an image segmentation tool oriented to marine data analysis TagLab was created to support the activity of annotation and extraction of statist

Visual Computing Lab - ISTI - CNR 49 Dec 29, 2022
Train neural network for semantic segmentation (deep lab V3) with pytorch in less then 50 lines of code

Train neural network for semantic segmentation (deep lab V3) with pytorch in 50 lines of code Train net semantic segmentation net using Trans10K datas

17 Dec 19, 2022
ALIbaba's Collection of Encoder-decoders from MinD (Machine IntelligeNce of Damo) Lab

AliceMind AliceMind: ALIbaba's Collection of Encoder-decoders from MinD (Machine IntelligeNce of Damo) Lab This repository provides pre-trained encode

Alibaba 1.4k Jan 01, 2023
Dynamic View Synthesis from Dynamic Monocular Video

Towards Robust Monocular Depth Estimation: Mixing Datasets for Zero-shot Cross-dataset Transfer This repository contains code to compute depth from a

Intelligent Systems Lab Org 2.3k Jan 01, 2023
《DeepViT: Towards Deeper Vision Transformer》(2021)

DeepViT This repo is the official implementation of "DeepViT: Towards Deeper Vision Transformer". The repo is based on the timm library (https://githu

109 Dec 02, 2022
AI-UPV at IberLEF-2021 DETOXIS task: Toxicity Detection in Immigration-Related Web News Comments Using Transformers and Statistical Models

AI-UPV at IberLEF-2021 DETOXIS task: Toxicity Detection in Immigration-Related Web News Comments Using Transformers and Statistical Models Description

Angel de Paula 0 Jun 08, 2022
LSTM built using Keras Python package to predict time series steps and sequences. Includes sin wave and stock market data

LSTM Neural Network for Time Series Prediction LSTM built using the Keras Python package to predict time series steps and sequences. Includes sine wav

Jakob Aungiers 4.1k Jan 02, 2023
Compact Bidirectional Transformer for Image Captioning

Compact Bidirectional Transformer for Image Captioning Requirements Python 3.8 Pytorch 1.6 lmdb h5py tensorboardX Prepare Data Please use git clone --

YE Zhou 19 Dec 12, 2022
Exploring whether attention is necessary for vision transformers

Do You Even Need Attention? A Stack of Feed-Forward Layers Does Surprisingly Well on ImageNet Paper/Report TL;DR We replace the attention layer in a v

Luke Melas-Kyriazi 461 Jan 07, 2023
PyKale is a PyTorch library for multimodal learning and transfer learning as well as deep learning and dimensionality reduction on graphs, images, texts, and videos

PyKale is a PyTorch library for multimodal learning and transfer learning as well as deep learning and dimensionality reduction on graphs, images, texts, and videos. By adopting a unified pipeline-ba

PyKale 370 Dec 27, 2022
A Real-World Benchmark for Reinforcement Learning based Recommender System

RL4RS: A Real-World Benchmark for Reinforcement Learning based Recommender System RL4RS is a real-world deep reinforcement learning recommender system

121 Dec 01, 2022
OCR-D wrapper for detectron2 based segmentation models

ocrd_detectron2 OCR-D wrapper for detectron2 based segmentation models Introduction Installation Usage OCR-D processor interface ocrd-detectron2-segm

Robert Sachunsky 13 Dec 06, 2022
A very short and easy implementation of Quantile Regression DQN

Quantile Regression DQN Quantile Regression DQN a Minimal Working Example, Distributional Reinforcement Learning with Quantile Regression (https://arx

Arsenii Senya Ashukha 80 Sep 17, 2022
OpenGAN: Open-Set Recognition via Open Data Generation

OpenGAN: Open-Set Recognition via Open Data Generation ICCV 2021 (oral) Real-world machine learning systems need to analyze novel testing data that di

Shu Kong 90 Jan 06, 2023