Differential fuzzing for the masses!

Related tags

Deep Learningnezha
Overview

NEZHA

NEZHA is an efficient and domain-independent differential fuzzer developed at Columbia University. NEZHA exploits the behavioral asymmetries between multiple test programs to focus on inputs that are more likely to trigger logic bugs.

What?

NEZHA features several runtime diversity-promoting metrics used to generate inputs for multi-app differential testing. These metrics are described in detail in the 2017 IEEE Symposium on Security and Privacy (Oakland) paper - NEZHA: Efficient Domain-Independent Differential Testing.

Getting Started

The current code is a WIP to port NEZHA to the latest libFuzzer and is non-tested. Users who wish to access the code used in the NEZHA paper and the respective examples should access v-0.1.

This repo follows the format of libFuzzer's fuzzer-test-suite. For a simple example on how to perform differential testing using the NEZHA port of libFuzzer see differential_fuzzing_tutorial.

Support

We welcome issues and pull requests with new fuzzing targets.

You might also like...
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing
ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing

ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing ProFuzzBench is a benchmark for stateful fuzzing of network protocols. It includes a suite of

Emulation and Feedback Fuzzing of Firmware with Memory Sanitization
Emulation and Feedback Fuzzing of Firmware with Memory Sanitization

BaseSAFE This repository contains the BaseSAFE Rust APIs, introduced by "BaseSAFE: Baseband SAnitized Fuzzing through Emulation". The example/ directo

A fuzzing framework for SMT solvers
A fuzzing framework for SMT solvers

yinyang A fuzzing framework for SMT solvers. Given a set of seed SMT formulas, yinyang generates mutant formulas to stress-test SMT solvers. yinyang c

AntiFuzz: Impeding Fuzzing Audits of Binary Executables

AntiFuzz: Impeding Fuzzing Audits of Binary Executables Get the paper here: https://www.usenix.org/system/files/sec19-guler.pdf Usage: The python scri

Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-art fuzzing techniques

About Fuzzification Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-

Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems

Hydra: An Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems Paper Finding Semantic Bugs in File Systems with an Extensible Fuzzin

Fuzzing the Kernel Using Unicornafl and AFL++
Fuzzing the Kernel Using Unicornafl and AFL++

Unicorefuzz Fuzzing the Kernel using UnicornAFL and AFL++. For details, skim through the WOOT paper or watch this talk at CCCamp19. Is it any good? ye

Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Blazing fast x86-64 VM kernel fuzzing framework with performant VM reloads for Linux, MacOS an

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing Environment Tested on Ubuntu 14.04 64bit and 16.04 64bit Installation # disabl

Comments
  • Building WolfSSl and mbedTLS

    Building WolfSSl and mbedTLS

    Hi,

    I would like to test out Nezha on the WolfSSL and mbedTLS libraries. Could you share out the below files, please? Thanks!

    build_wolfssl_lf.sh build_mbedtls_lf.sh

    opened by ghost 0
  • Unable to install LibFuzzer (for Nezha v0.1)

    Unable to install LibFuzzer (for Nezha v0.1)

    Hi,

    I cloned nezha-0.1 and run the ./utils/build_helpers/setup.sh but the setup was terminated when I received an error message "FAILED" during the Installation of LibFuzzer.

    I opened the README.txt in the directory /nezha-0.1/examples/src/libs/libFuzzer/ and it says "libFuzzer was moved to compiler-rt in https://reviews.llvm.org/D36908"

    Did you encounter the same issue? thanks!

    opened by ghost 0
  • Problem in Tutorial

    Problem in Tutorial

    When I try to follow the tutorial by running mkdir -p out && ./a.out -diff_mode=1 -artifact_prefix=out/ I get the following error:

    INFO: Seed: 3228985162
    a.out: ./FuzzerTracePC.cpp:52: void fuzzer::TracePC::InitializeDiffCallbacks(fuzzer::ExternalFunctions *): Assertion `EF->__sanitizer_update_counter_bitset_and_clear_counters' failed.
    Aborted
    
    opened by ppashakhanloo 2
  • Problems found in nezha v-0.1

    Problems found in nezha v-0.1

    1

    In the file "/examples/bugs/boringssl-f0451ca3/README.md", the 27th line says "cmd:./test_boringssl ..." and the 43rd line says "cmd:./test_libressl ...". The "./test_boringssl ..." and "./test_libressl ..." were run in the directory "sslcert" but the bash said "./test_boringssl: No such file or directory" and "./test_libressl: No such file or directory".
    Do the "./test_boringssl" and "./test_libressl"point to "./test_boringssl.pem.dbg" or "./test_boringssl.der.dbg" or "./test_libressl.pem.dbg" or "./test_libressl.der.dbg" which are generated after executing "./make_all_tests.sh"? If not, how to generate them?

    2

    In the same file, the same line says "...18010_0_18010_..." and the 36th line says "openssl: 18010". Does the "18010" in the 36th line refer to the first "...18010_..." or the second "...0_18010..." in the 27th line?

    3

    In the same file, the 51st line says "libressl: 1 (ok)". Is the number "1" the return value of LibreSSL? If yes, why "18010_0_18010" instead of "18010_1_1801" in the 27th line?

    On the contrary, the 57th line of the file "examples/bugs/libressl-2.4.0/README.md" says "openssl: 1 (ok) and the 48th line ("1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN") starts with "1".

    4

    In the 48th line of the file "examples/bugs/libressl-2.4.0/README.md", "1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN" does not have the same format as in the 27th line of "/examples/bugs/boringssl-f0451ca3/README.md", i.e., "1_libressl_9010" vs "18010_1_1801".

    5

    (This problem has been deleted since it was solved.)

    6

    In the file "/examples/bugs/boringssl-f0451ca3/README.md", the "stdout" (from the 32nd line to the 35th line) is the output of "./test_openssl.der.dbg" instead of "./test_boringssl.der.dbg". The 36th line, i.e., "openssl: 18010" is not output by the "./test_boringssl.der.dbg". Similarly, the 51st line is not output by "./test_libressl.der.dbg".

    In the file "examples/bugs/libressl-2.4.0/README.md", the 57th line is not output by the "./test_openssl.der.dbg"; the 69th line is not output but the "[LSSL] [cert:0x62000000f080 sz:3494] ret=0 depth=2 err=13" is got; the 70th and 71st line are not output by "./test_openssl.der.dbg".

    Thanks a lot!

    opened by pyjavago 1
Releases(v0.1)
Matlab Python Heuristic Battery Opt - SMOP conversion and manual conversion

SMOP is Small Matlab and Octave to Python compiler. SMOP translates matlab to py

Tom Xu 1 Jan 12, 2022
GNNAdvisor: An Efficient Runtime System for GNN Acceleration on GPUs

GNNAdvisor: An Efficient Runtime System for GNN Acceleration on GPUs [Paper, Slides, Video Talk] at USENIX OSDI'21 @inproceedings{GNNAdvisor, title=

YUKE WANG 47 Jan 03, 2023
Learning nonlinear operators via DeepONet

DeepONet: Learning nonlinear operators The source code for the paper Learning nonlinear operators via DeepONet based on the universal approximation th

Lu Lu 239 Jan 02, 2023
Towards Calibrated Model for Long-Tailed Visual Recognition from Prior Perspective

Towards Calibrated Model for Long-Tailed Visual Recognition from Prior Perspective Zhengzhuo Xu, Zenghao Chai, Chun Yuan This is the PyTorch implement

Sincere 16 Dec 15, 2022
This repo provides function call to track multi-objects in videos

Custom Object Tracking Introduction This repo provides function call to track multi-objects in videos with a given trained object detection model and

Jeff Lo 51 Nov 22, 2022
This is an implementation of Googles Yogi-Optimizer in Keras (tf.keras)

Yogi-Optimizer_Keras This is an implementation of Googles Yogi-Optimizer in Keras (tf.keras) The NeurIPS-Paper can be found here: http://papers.nips.c

14 Sep 13, 2022
Hide screen when boss is approaching.

BossSensor Hide your screen when your boss is approaching. Demo The boss stands up. He is approaching. When he is approaching, the program fetches fac

Hiroki Nakayama 6.2k Jan 07, 2023
3DMV jointly combines RGB color and geometric information to perform 3D semantic segmentation of RGB-D scans.

3DMV 3DMV jointly combines RGB color and geometric information to perform 3D semantic segmentation of RGB-D scans. This work is based on our ECCV'18 p

Владислав Молодцов 0 Feb 06, 2022
Simple Pose: Rethinking and Improving a Bottom-up Approach for Multi-Person Pose Estimation

SimplePose Code and pre-trained models for our paper, “Simple Pose: Rethinking and Improving a Bottom-up Approach for Multi-Person Pose Estimation”, a

Jia Li 256 Dec 24, 2022
Realtime micro-expression recognition using OpenCV and PyTorch

Micro-expression Recognition Realtime micro-expression recognition from scratch using OpenCV and PyTorch Try it out with a webcam or video using the e

Irfan 35 Dec 05, 2022
CoReNet is a technique for joint multi-object 3D reconstruction from a single RGB image.

CoReNet CoReNet is a technique for joint multi-object 3D reconstruction from a single RGB image. It produces coherent reconstructions, where all objec

Google Research 80 Dec 25, 2022
A package for "Procedural Content Generation via Reinforcement Learning" OpenAI Gym interface.

Readme: Illuminating Diverse Neural Cellular Automata for Level Generation This is the codebase used to generate the results presented in the paper av

Sam Earle 27 Jan 05, 2023
A framework to train language models to learn invariant representations.

Invariant Language Modeling Implementation of the training for invariant language models. Motivation Modern pretrained language models are critical co

6 Nov 16, 2022
Official implementation of deep Gaussian process (DGP)-based multi-speaker speech synthesis with PyTorch.

Multi-speaker DGP This repository provides official implementation of deep Gaussian process (DGP)-based multi-speaker speech synthesis with PyTorch. O

sarulab-speech 24 Sep 07, 2022
The codes of paper 'Active-LATHE: An Active Learning Algorithm for Boosting the Error exponent for Learning Homogeneous Ising Trees'

Active-LATHE: An Active Learning Algorithm for Boosting the Error exponent for Learning Homogeneous Ising Trees This project contains the codes of pap

0 Apr 20, 2022
Code for our ACL 2021 paper - ConSERT: A Contrastive Framework for Self-Supervised Sentence Representation Transfer

ConSERT Code for our ACL 2021 paper - ConSERT: A Contrastive Framework for Self-Supervised Sentence Representation Transfer Requirements torch==1.6.0

Yan Yuanmeng 478 Dec 25, 2022
GEP (GDB Enhanced Prompt) - a GDB plug-in for GDB command prompt with fzf history search, fish-like autosuggestions, auto-completion with floating window, partial string matching in history, and more!

GEP (GDB Enhanced Prompt) GEP (GDB Enhanced Prompt) is a GDB plug-in which make your GDB command prompt more convenient and flexibility. Why I need th

Alan Li 23 Dec 21, 2022
Deep Learning for humans

Keras: Deep Learning for Python Under Construction In the near future, this repository will be used once again for developing the Keras codebase. For

Keras 57k Jan 09, 2023
Code for PhySG: Inverse Rendering with Spherical Gaussians for Physics-based Relighting and Material Editing

PhySG: Inverse Rendering with Spherical Gaussians for Physics-based Relighting and Material Editing CVPR 2021. Project page: https://kai-46.github.io/

Kai Zhang 141 Dec 14, 2022
Populating 3D Scenes by Learning Human-Scene Interaction https://posa.is.tue.mpg.de/

Populating 3D Scenes by Learning Human-Scene Interaction [Project Page] [Paper] License Software Copyright License for non-commercial scientific resea

Mohamed Hassan 81 Nov 08, 2022