Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support a group of seeds instead of only one seed #3

Open
xiaohuajiao opened this issue Jan 23, 2019 · 1 comment
Open

Support a group of seeds instead of only one seed #3

xiaohuajiao opened this issue Jan 23, 2019 · 1 comment

Comments

@xiaohuajiao
Copy link

In other fuzzer, like AFL, it supports to specify a seed dir, then we could do mutation on a bunch of seeds, and we could also have some seed combination mutation methods in this case, this may create more magics for fuzzing. However, in killerbeez, only one seed file in one fuzzer instance, do you have a plan to add supports for input a seed dir?
@anon8675309
Copy link

The short answer is yes, we will probably add this.

The longer answer is that the decision of which seed files to use and how often to use them should be handled by the server in our client server model. By doing this at the server level it allows taking into account the big picture, rather than trying to have each fuzzing node try to figure out what is best. This is why we went with a single seed file rather than a directory of them. It shouldn't be a problem once the server features are a little more mature.

However, my team and I keep getting busy with work and life, so the features have been pretty slow for the past couple months. Supporting a seed directory is an excellent suggestion and would be a lot quicker to implemented than the server features. I'm not sure when we will have time to add this, but I'm going to make it a high priority. I expect it should be quick, it will do wonders for the fuzzer in standalone mode, and the server can still use the single seed file of it wants. The only part that will cause some trouble is the question how much work we should do before switching to the next file. This question is best answered by a central server, but we can come up with something, even if it is not optimal in all situations.

My plan for implementing this is to keep the interface the same but if the seed file is a directory instead of a regular file, it will loop though all the files in the directory (weighting them evenly). If a number of iterations is specified, we might just make it do that number of iterations per file (since that should be easy to implement). It's just the "run forever" mode which gets a little awkward.

If you want to take a start at implementing it, I'd be happy to review a pull request and get it merged in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xiaohuajiao @anon8675309