Differential fuzzing for the masses!

Last update: Dec 05, 2022

Related tags

Overview

NEZHA

NEZHA is an efficient and domain-independent differential fuzzer developed at Columbia University. NEZHA exploits the behavioral asymmetries between multiple test programs to focus on inputs that are more likely to trigger logic bugs.

What?

NEZHA features several runtime diversity-promoting metrics used to generate inputs for multi-app differential testing. These metrics are described in detail in the 2017 IEEE Symposium on Security and Privacy (Oakland) paper - NEZHA: Efficient Domain-Independent Differential Testing.

Getting Started

The current code is a WIP to port NEZHA to the latest libFuzzer and is non-tested. Users who wish to access the code used in the NEZHA paper and the respective examples should access v-0.1.

This repo follows the format of libFuzzer's fuzzer-test-suite. For a simple example on how to perform differential testing using the NEZHA port of libFuzzer see differential_fuzzing_tutorial.

Support

We welcome issues and pull requests with new fuzzing targets.

You might also like...

ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing

ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing ProFuzzBench is a benchmark for stateful fuzzing of network protocols. It includes a suite of

155 Jan 8, 2023

Emulation and Feedback Fuzzing of Firmware with Memory Sanitization

BaseSAFE This repository contains the BaseSAFE Rust APIs, introduced by "BaseSAFE: Baseband SAnitized Fuzzing through Emulation". The example/ directo

138 Dec 16, 2022

A fuzzing framework for SMT solvers

yinyang A fuzzing framework for SMT solvers. Given a set of seed SMT formulas, yinyang generates mutant formulas to stress-test SMT solvers. yinyang c

145 Jan 4, 2023

AntiFuzz: Impeding Fuzzing Audits of Binary Executables

AntiFuzz: Impeding Fuzzing Audits of Binary Executables Get the paper here: https://www.usenix.org/system/files/sec19-guler.pdf Usage: The python scri

88 Dec 21, 2022

Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-art fuzzing techniques

About Fuzzification Fuzzification helps developers protect the released, binary-only software from attackers who are capable of applying state-of-the-

55 Oct 25, 2022

Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems

Hydra: An Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems Paper Finding Semantic Bugs in File Systems with an Extensible Fuzzin

129 Dec 15, 2022

Fuzzing the Kernel Using Unicornafl and AFL++

Unicorefuzz Fuzzing the Kernel using UnicornAFL and AFL++. For details, skim through the WOOT paper or watch this talk at CCCamp19. Is it any good? ye

283 Dec 26, 2022

Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Blazing fast x86-64 VM kernel fuzzing framework with performant VM reloads for Linux, MacOS an

541 Nov 27, 2022

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing Environment Tested on Ubuntu 14.04 64bit and 16.04 64bit Installation # disabl

581 Dec 30, 2022

Comments

Building WolfSSl and mbedTLS

Hi,

I would like to test out Nezha on the WolfSSL and mbedTLS libraries. Could you share out the below files, please? Thanks!

build_wolfssl_lf.sh build_mbedtls_lf.sh

opened by ghost 0
Unable to install LibFuzzer (for Nezha v0.1)

Hi,

I cloned nezha-0.1 and run the ./utils/build_helpers/setup.sh but the setup was terminated when I received an error message "FAILED" during the Installation of LibFuzzer.

I opened the README.txt in the directory /nezha-0.1/examples/src/libs/libFuzzer/ and it says "libFuzzer was moved to compiler-rt in https://reviews.llvm.org/D36908"

Did you encounter the same issue? thanks!

opened by ghost 0

Problem in Tutorial

When I try to follow the tutorial by running mkdir -p out && ./a.out -diff_mode=1 -artifact_prefix=out/ I get the following error:

INFO: Seed: 3228985162
a.out: ./FuzzerTracePC.cpp:52: void fuzzer::TracePC::InitializeDiffCallbacks(fuzzer::ExternalFunctions *): Assertion `EF->__sanitizer_update_counter_bitset_and_clear_counters' failed.
Aborted

opened by ppashakhanloo 2

Problems found in nezha v-0.1

1

In the file "/examples/bugs/boringssl-f0451ca3/README.md", the 27th line says "cmd:./test_boringssl ..." and the 43rd line says "cmd:./test_libressl ...". The "./test_boringssl ..." and "./test_libressl ..." were run in the directory "sslcert" but the bash said "./test_boringssl: No such file or directory" and "./test_libressl: No such file or directory".
Do the "./test_boringssl" and "./test_libressl"point to "./test_boringssl.pem.dbg" or "./test_boringssl.der.dbg" or "./test_libressl.pem.dbg" or "./test_libressl.der.dbg" which are generated after executing "./make_all_tests.sh"? If not, how to generate them?

2

In the same file, the same line says "...18010_0_18010_..." and the 36th line says "openssl: 18010". Does the "18010" in the 36th line refer to the first "...18010_..." or the second "...0_18010..." in the 27th line?

3

In the same file, the 51st line says "libressl: 1 (ok)". Is the number "1" the return value of LibreSSL? If yes, why "18010_0_18010" instead of "18010_1_1801" in the 27th line?

On the contrary, the 57th line of the file "examples/bugs/libressl-2.4.0/README.md" says "openssl: 1 (ok) and the 48th line ("1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN") starts with "1".

4

In the 48th line of the file "examples/bugs/libressl-2.4.0/README.md", "1_libressl_9010_0689e3080ef6eedb9fee46e0bf9ed8fe__MIN" does not have the same format as in the 27th line of "/examples/bugs/boringssl-f0451ca3/README.md", i.e., "1_libressl_9010" vs "18010_1_1801".

5

(This problem has been deleted since it was solved.)

6

In the file "/examples/bugs/boringssl-f0451ca3/README.md", the "stdout" (from the 32nd line to the 35th line) is the output of "./test_openssl.der.dbg" instead of "./test_boringssl.der.dbg". The 36th line, i.e., "openssl: 18010" is not output by the "./test_boringssl.der.dbg". Similarly, the 51st line is not output by "./test_libressl.der.dbg".

In the file "examples/bugs/libressl-2.4.0/README.md", the 57th line is not output by the "./test_openssl.der.dbg"; the 69th line is not output but the "[LSSL] [cert:0x62000000f080 sz:3494] ret=0 depth=2 err=13" is got; the 70th and 71st line are not output by "./test_openssl.der.dbg".

Thanks a lot!

opened by pyjavago 1

Releases(v0.1)

v0.1(Aug 3, 2017)

This is the version of the code used in our NEZHA paper.
Source code(tar.gz)
Source code(zip)

Owner

GitHub Repository

PyTorch Implementation of CvT: Introducing Convolutions to Vision Transformers

CvT: Introducing Convolutions to Vision Transformers Pytorch implementation of CvT: Introducing Convolutions to Vision Transformers Usage: img = torch

193 Jan 03, 2023

This repository provides data for the VAW dataset as described in the CVPR 2021 paper titled "Learning to Predict Visual Attributes in the Wild"

Visual Attributes in the Wild (VAW) This repository provides data for the VAW dataset as described in the CVPR 2021 Paper: Learning to Predict Visual

36 Dec 30, 2022

Meandering In Networks of Entities to Reach Verisimilar Answers

MINERVA Meandering In Networks of Entities to Reach Verisimilar Answers Code and models for the paper Go for a Walk and Arrive at the Answer - Reasoni

271 Dec 13, 2022

DeepLM: Large-scale Nonlinear Least Squares on Deep Learning Frameworks using Stochastic Domain Decomposition (CVPR 2021)

DeepLM DeepLM: Large-scale Nonlinear Least Squares on Deep Learning Frameworks using Stochastic Domain Decomposition (CVPR 2021) Run Please install th

130 Dec 02, 2022

A Kernel fuzzer focusing on race bugs

Razzer: Finding kernel race bugs through fuzzing Environment setup $ source scripts/envsetup.sh scripts/envsetup.sh sets up necessary environment var

328 Dec 26, 2022

Source code for our paper "Do Not Trust Prediction Scores for Membership Inference Attacks"

Do Not Trust Prediction Scores for Membership Inference Attacks Abstract: Membership inference attacks (MIAs) aim to determine whether a specific samp

[email protected]"> 3 Oct 25, 2022

[NeurIPS 2020] Code for the paper "Balanced Meta-Softmax for Long-Tailed Visual Recognition"

Balanced Meta-Softmax Code for the paper Balanced Meta-Softmax for Long-Tailed Visual Recognition Jiawei Ren, Cunjun Yu, Shunan Sheng, Xiao Ma, Haiyu

65 Dec 21, 2022

Easy Parallel Library (EPL) is a general and efficient deep learning framework for distributed model training.

English | 简体中文 Easy Parallel Library Overview Easy Parallel Library (EPL) is a general and efficient library for distributed model training. Usability

185 Dec 21, 2022

[NeurIPS2021] Code Release of K-Net: Towards Unified Image Segmentation

K-Net: Towards Unified Image Segmentation Introduction This is an official release of the paper K-Net:Towards Unified Image Segmentation. K-Net will a

423 Jan 02, 2023

Boosted CVaR Classification (NeurIPS 2021)

Boosted CVaR Classification Runtian Zhai, Chen Dan, Arun Sai Suggala, Zico Kolter, Pradeep Ravikumar NeurIPS 2021 Table of Contents Quick Start Train

4 Feb 15, 2022

AdaFocus (ICCV 2021) Adaptive Focus for Efficient Video Recognition

AdaFocus (ICCV 2021) This repo contains the official code and pre-trained models for AdaFocus. Adaptive Focus for Efficient Video Recognition Referenc

115 Dec 21, 2022

A pytorch implementation of faster RCNN detection framework (Use detectron2, it's a masterpiece)

Notice(2019.11.2) This repo was built back two years ago when there were no pytorch detection implementation that can achieve reasonable performance.

1.8k Jan 01, 2023

OpenDelta - An Open-Source Framework for Paramter Efficient Tuning.

OpenDelta is a toolkit for parameter efficient methods (we dub it as delta tuning), by which users could flexibly assign (or add) a small amount parameters to update while keeping the most paramters

386 Dec 26, 2022

A collection of Google research projects related to Federated Learning and Federated Analytics.

Federated Research Federated Research is a collection of research projects related to Federated Learning and Federated Analytics. Federated learning i

483 Jan 05, 2023

Atomistic Line Graph Neural Network

Table of Contents Introduction Installation Examples Pre-trained models Quick start using colab JARVIS-ALIGNN webapp Peformances on a few datasets Use

91 Dec 30, 2022

Code of Adverse Weather Image Translation with Asymmetric and Uncertainty aware GAN

Adverse Weather Image Translation with Asymmetric and Uncertainty-aware GAN (AU-GAN) Official Tensorflow implementation of Adverse Weather Image Trans

36 Dec 26, 2022

Multi-Scale Aligned Distillation for Low-Resolution Detection (CVPR2021)

MSAD Multi-Scale Aligned Distillation for Low-Resolution Detection Lu Qi*, Jason Kuen*, Jiuxiang Gu, Zhe Lin, Yi Wang, Yukang Chen, Yanwei Li, Jiaya J

115 Dec 23, 2022

FluidNet re-written with ATen tensor lib

fluidnet_cxx: Accelerating Fluid Simulation with Convolutional Neural Networks. A PyTorch/ATen Implementation. This repository is based on the paper,

50 Jun 07, 2022

Flickr-Faces-HQ (FFHQ) is a high-quality image dataset of human faces, originally created as a benchmark for generative adversarial networks (GAN)

Flickr-Faces-HQ Dataset (FFHQ) Flickr-Faces-HQ (FFHQ) is a high-quality image dataset of human faces, originally created as a benchmark for generative

2.9k Dec 28, 2022

toroidal - a lightweight transformer library for PyTorch

toroidal - a lightweight transformer library for PyTorch Toroidal transformers are of smaller size and lower weight than the more common E-I types. Th

64 Jan 07, 2023