Skip to content

Latest commit

 

History

History
89 lines (67 loc) · 2.85 KB

README.md

File metadata and controls

89 lines (67 loc) · 2.85 KB

pyradamsa

pyradamsa provides an interface for calling libradamsa methods from within Python, allowing one to perform mutations on byte blocks (aka fuzzing). For more details see radamsa (a general-purpose fuzzer) and libradamsa (precompiled radamsa library).

NOTE

The master branch uses AFL++'s libradamsa. An alternative version created by p1-olm is available on radamsa-upstream branch and is based on the original libradamsa upstream.

How is the radamsa-upstream different than the master version?

  • The owl VM initialization uses different seeds, so result are different when mutating same bytes with the same seed
  • Future updates from libradamsa creators will show up first in radamsa-upstream

Usage

Install the package using pip (or build it from source)

pip install pyradamsa

Do some fuzzing

import pyradamsa

rad = pyradamsa.Radamsa()

mydata = b'GET /auth?pass=HelloWorld HTTP1.1'
fuzzed = rad.fuzz(mydata, seed=1337)
print(fuzzed)

> b'GET /auth?pass=HelloWorld HTTP\xc0\xb1.1'

# seed is randomly set if not provided
rad.fuzz(mydata)
> b'\tG\xf3\xa0\x81\x9c\xf7dLET \xe2\x81/aut\xf3\xa0\x80\xafHTTP2.rld HTTP2.rld HTTP3.2\xe1\xa0\x8e9'
rad.fuzz(mydata)
> b'GET /auth?pass=HelloWorld HTTP1.340282366920938463463374607431768211455'
etc.

# enforce static seed on initialization
rad = pyradamsa.Radamsa(seed=0)

# max_mut enforces a maximum length for returned data
# it defaults to (data length + an offset of 4096 bytes)
fuzzed = rad.fuzz(mydata, seed=1337, max_mut=10)
> b'GET /auth?'

# the offset may be overwritten on init
rad = pyradamsa.Radamsa(mut_offset=2048)

Building

Currently wheels are available for linux i686 and x86_64

# Clone the repo
git clone --recurse-submodules https://github.com/tsundokul/pyradamsa.git
cd pyradamsa

# patch memory leak when reinitializing owl vm
patch libradamsa/libradamsa.c realloc.patch

# OPTIONAL: when using manylinux (https://github.com/pypa/manylinux)
docker run --rm -it -v `pwd`:/io quay.io/pypa/manylinux2010_x86_64 /bin/bash
cd /io && alias python='/opt/python/cp35-cp35m/bin/python3.5'
export PATH="/opt/python/cp35-cp35m/bin/:${PATH}"

# Install requirements
python -m pip install -r requirements.txt

# Build C extension (libradamsa.so)
python setup.py build_ext

# Run tests
./run_tests

# Build wheel
python setup.py bdist_wheel

Contributing

  • Fork the repo
  • Check out a feature or bug branch
  • Add your changes
  • Update README when needed
  • Submit a pull request to upstream repo
  • Add description of your changes
  • Ensure tests are passing
  • Ensure branch is mergeable

MIT License, 2020 @tim17d