Expand description
A Stage
is a technique used during fuzzing, working on one crate::corpus::Corpus
entry, and potentially altering it or creating new entries.
A well-known Stage
, for example, is the mutational stage, running multiple crate::mutators::Mutator
s against a crate::corpus::Testcase
, potentially storing new ones, according to crate::feedbacks::Feedback
.
Other stages may enrich crate::corpus::Testcase
s with metadata.
Re-exports
pub use mutational::MutationalStage;
pub use mutational::StdMutationalStage;
pub use tmin::MapEqualityFactory;
pub use tmin::MapEqualityFeedback;
pub use tmin::StdTMinMutationalStage;
pub use tmin::TMinMutationalStage;
pub use tracing::ShadowTracingStage;
pub use tracing::TracingStage;
pub use calibrate::CalibrationStage;
pub use power::PowerMutationalStage;
pub use power::StdPowerMutationalStage;
pub use generalization::GeneralizationStage;
pub use stats::AflStatsStage;
pub use owned::StagesOwnedList;
pub use concolic::ConcolicTracingStage;
pub use concolic::SimpleConcolicMutationalStage;
pub use logics::*;
pub use tuneable::*;
pub use colorization::*;
pub use string::*;
pub use sync::*;
pub use dump::*;
Modules
- The calibration stage. The fuzzer measures the average exec time and the bitmap size.
- The colorization stage from
colorization()
in afl++ - This module contains the
concolic
stages, which can trace a target using symbolic execution and use the results for fuzzer input and mutations. - The
DumpToDiskStage
is a stage that dumps the corpus and the solutions to disk to e.g. allow AFL to sync - The tracing stage can trace the target and enrich a
crate::corpus::Testcase
with metadata, for example forCmpLog
. - Stage wrappers that add logics to stage list
- Mutational stage is the normal fuzzing stage. For the current input, it will perform a range of random mutations, and then run them in the executor.
- A dynamic collection of owned Stages
- The power schedules. This stage should be invoked after the calibration stage.
- While normal stages call the executor over and over again, push stages turn this concept upside down: A push stage instead returns an iterator that generates a new result for each time it gets called. With the new testcase, you will have to take care about testcase execution, manually. The push stage relies on internal mutability of the supplied
Observers
. Stage
Python bindings- Stage to compute/report AFL stats
- Stages which analysis common to Unicode-style mutations
- The
SyncFromDiskStage
is a stage that imports inputs from disk for e.g. sync with AFL - The
TMinMutationalStage
is a stage which will attempt to minimize corpus entries. - The tracing stage can trace the target and enrich a testcase with metadata, for example for
CmpLog
. - A
crate::stages::MutationalStage
where the mutator iteration can be tuned at runtime
Structs
- A
Stage
that will call a closure - Allows us to use a
push::PushStage
as a normalStage
Traits
- A stage is one step in the fuzzing process. Multiple stages will be scheduled one by one for each input.
- A tuple holding all
Stages
used for fuzzing.