Everything you need to glue honggfuzz and python 3.
cd /path/to/honggfuzz/sources/
git clone https://github.com/thebabush/python-hfuzz.git python
cd python
python setup.py install
Important: do not use pip
. Right now I'm using relative paths to link
honggfuzz' static libraries to python-hfuzz and pip
doesn't like that.
Feel free to create a PR to improve the build system.
Normal execution:
honggfuzz -f ./corpus -F 8 -- ./examples/cmp.py ___FILE___
Persistent mode:
honggfuzz -f ./corpus -F 8 -P -- ./examples/persistent.py
Well, the main reasons are these:
- There are DBIs out there that can be scripted in python. While it's not the best idea performance-wise, sometimes your dev-speed/run-speed trade-off makes it worth it in the short term (e.g.: one-off custom feedback implementations, research, CTFs, etc...)
- Fuzzing python programs. Coupled with some nice bytecode-level instrumentation, this could be interesting.
- Reimplement AFL-unicorn without
patching unicorn's QEMU (hello
UC_HOOK_BLOCK
).