search

google / AFL

american fuzzy lop - a security-oriented fuzzer
https://lcamtuf.coredump.cx/afl/
Apache License 2.0
3.67k stars 631 forks source link

Deduplicating "dumb" mode crashes #115

Open ianruh opened 4 years ago

ianruh commented 4 years ago

Sorry if I'm missing something from the documentation, but I couldn't figure this out. I'm trying to compare how much having the feedback from the instrumentation in AFL helps in finding unique crashes compared to dumb mode. Using AFL with instrumentation on a given program, it is reporting 114 unique crashes. However, running the same program with the -n flag, it reports 557,000 unique crashes (I'm assuming this is because it can't compare execution paths between crashes).

I'm wondering if there is a flag or tool (or some small changes I could make to the AFL source) to run the crashing input identified by AFL in dumb mode, but this time with instrumentation so I can find how many unique crashes were identified without instrumentation.

Thanks for any help.

Dor1s commented 4 years ago

One idea is to put all crash inputs into a single corpus directory and run the instrumented binary over it.