image
Manul is a coverage-guided parallel fuzzer for open-source and black-box binaries on Windows, Linux and macOS (beta) written in pure Python. Quick Start pip3 install psutil git clone https://github.com/mxmssh/manul cd manul mkdir in mkdir out echo "AAAAAA" > in/test python3 manul.py -i in -o out -n 4 "linux/test_afl @@" Installing Radamsa sudo apt-get install gcc make git wget git clone https://gitlab.com/akihe/radamsa.git && cd radamsa && make && sudo make install There is no need to install radamsa on Windows, Manul is distributed with radamsa native library on this platform. List of Public CVEs CVE IDs | Product | Finder —|—|— CVE-2019-9631 CVE-2019-7310 CVE-2019-9959 | Poppler | Maksim Shudrak CVE-2018-17019 CVE-2018-16807 CVE-2019-12175 | Bro/Zeek | Maksim Shudrak If you managed to find a new bug using Manul please contact me and I will add you in the list. Dependencies psutil Python 2.7+ (will be deprecated after 1 Jan. 2020) or Python 3.7+ (preferred) Coverage-guided fuzzing Currently, Manul supports two types of instrumentation: AFL-based (afl-gcc, afl-clang and afl-clang-fast ) and DBI. Coverage-guided fuzzing (AFL instrumentation mode) Instrument your target with afl-gcc or afl-clang-fast and Address Sanitizer (recommended for better results). For example: CC=afl-gcc CXX=afl-g++ CFLAGS=-fsanitize=address CXXFLAGS=-fsanitize=address cmake <path_to_your_target> make -j 8 USE_ASAN=1…

Source