Closed fellair closed 3 years ago
TheShiftedBit
commented
3 years ago Atheris accepts most libFuzzer flags. The libFuzzer process will always exit on failure, but you can run multiple jobs simultaneously with -jobs=N to run multiple fuzz jobs simultaneously. The main process will only exit once they all fail.
If that isn't what you're looking for, you can easily restart on failure:
while true; do python3 fuzzer.py; done
msaboor35
commented
2 years ago so when doing:
while true; do python3 fuzzer.py; done
Does Atheris restart the fuzzing from the beginning or it resumes from the previous point, especially from the coverage/mutation point of view? If it restarts from the beginning, how can we resume the fuzzing? Sorry I am not familiar with the LibFuzzer way of doing it.
msaboor35
commented
2 years ago Just found the answer to my question. I am leaving it here in case anyone is also stuck on this. LibFuzzer can take directory of corpus as an argument. So if you run:
mkdir corpus; while true; do python3 fuzzer.py corpus; done
It will run Atheris with this corpus directory. It will keep putting new corpus inside this directory. Whenever it finds a crash, it will resume from fuzzing from the previous point.
For this to work, you must pass the arguments to LibFuzzer using:
atheris.Setup(sys.argv, TestOneInput)
caimaoy
commented
2 years ago I am also interested in how to keep the crashes to a directory not the working directory.
msaboor35
commented
2 years ago Maybe you want to look at exact_artifact_path argument in LibFuzzer docs.
I am interested in starting a fuzzing process that does not stop after coming across one bug and that just keep on running, looking for other possible defects. Is there a way to accomplish this?
I am not very familiar with python so if the answer I overlooked is fairly obvious, my apologies.