pyradamsa
provides an interface for calling libradamsa methods from within Python, allowing one to perform mutations on byte blocks (aka fuzzing). For more details see radamsa (a general-purpose fuzzer) and libradamsa (precompiled radamsa library).
The master branch uses AFL++'s libradamsa. An alternative version created by p1-olm is available on radamsa-upstream branch and is based on the original libradamsa upstream.
How is the radamsa-upstream
different than the master
version?
- The owl VM initialization uses different seeds, so result are different when mutating same bytes with the same seed
- Future updates from libradamsa creators will show up first in
radamsa-upstream
Install the package using pip
(or build it from source)
pip install pyradamsa
Do some fuzzing
import pyradamsa
rad = pyradamsa.Radamsa()
mydata = b'GET /auth?pass=HelloWorld HTTP1.1'
fuzzed = rad.fuzz(mydata, seed=1337)
print(fuzzed)
> b'GET /auth?pass=HelloWorld HTTP\xc0\xb1.1'
# seed is randomly set if not provided
rad.fuzz(mydata)
> b'\tG\xf3\xa0\x81\x9c\xf7dLET \xe2\x81/aut\xf3\xa0\x80\xafHTTP2.rld HTTP2.rld HTTP3.2\xe1\xa0\x8e9'
rad.fuzz(mydata)
> b'GET /auth?pass=HelloWorld HTTP1.340282366920938463463374607431768211455'
etc.
# enforce static seed on initialization
rad = pyradamsa.Radamsa(seed=0)
# max_mut enforces a maximum length for returned data
# it defaults to (data length + an offset of 4096 bytes)
fuzzed = rad.fuzz(mydata, seed=1337, max_mut=10)
> b'GET /auth?'
# the offset may be overwritten on init
rad = pyradamsa.Radamsa(mut_offset=2048)
Currently wheels are available for linux i686 and x86_64
# Clone the repo
git clone --recurse-submodules https://github.com/tsundokul/pyradamsa.git
cd pyradamsa
# patch memory leak when reinitializing owl vm
patch libradamsa/libradamsa.c realloc.patch
# OPTIONAL: when using manylinux (https://github.com/pypa/manylinux)
docker run --rm -it -v `pwd`:/io quay.io/pypa/manylinux2010_x86_64 /bin/bash
cd /io && alias python='/opt/python/cp35-cp35m/bin/python3.5'
export PATH="/opt/python/cp35-cp35m/bin/:${PATH}"
# Install requirements
python -m pip install -r requirements.txt
# Build C extension (libradamsa.so)
python setup.py build_ext
# Run tests
./run_tests
# Build wheel
python setup.py bdist_wheel
- Fork the repo
- Check out a feature or bug branch
- Add your changes
- Update README when needed
- Submit a pull request to upstream repo
- Add description of your changes
- Ensure tests are passing
- Ensure branch is mergeable
MIT License, 2020 @tim17d