E9AFL --- Binary AFL
E9AFL inserts American Fuzzy Lop
(AFL) instrumentation into
x86_64 Linux binaries.
This allows binaries to be fuzzed without the need for recompilation.
E9AFL uses E9Patch to insert the AFL instrumentation via static binary rewriting.
To build E9AFL, simply run the
$ sudo apt-get install afl
To use E9AFL, simply run the command:
$ ./e9afl /path/to/binary
This will generate an AFL-instrumented
binary.afl which can be
See the example below.
To fuzz the binutils
$ ./e9afl readelf $ mkdir -p input $ mkdir -p output $ head -n 1 `which ls` > input/exe $ afl-fuzz -m none -i input/ -o output/ -- ./readelf.afl -a @@
If all goes well the output should look something like this:
Some instrumented binaries may crash during AFL initialization:
PROGRAM ABORT : Fork server crashed ...
This is often caused by an insufficient memory limit.
-m option for more information.
- Xiang Gao, Gregory J. Duck, Abhik Roychoudhury, Scalable Fuzzing of Program Binaries with E9AFL, Automated Software Engineering (ASE), 2021
Please report bugs here.