Scripts and auxiliary files for fuzzing PHP's unserialize function. See https://sean.heelan.io/2017/08/12/fuzzing-phps-unserialize-function/ for details.
GNU screen
clang (optional)
get.sh
retrieves the source for PHP and afl.
build.sh
builds both PHP and afl. If you have clang
available then
afl-clang-fast
will also be built.
fuzz.sh
starts a master afl instance and multiple slaves inside a GNU screen
instance with the session name fuzz
.
A normal session might look as follows:
./get.sh
<...>
./build.sh
<...>
./fuzz.sh output_dir 3
<...>
The final command will start a master afl instance and 3 slaves, with
output_dir
used as the top level output directory for afl. You can run screen -r fuzz
to attach to the screen instance and view the progress of the fuzzing
session.