Crate peacock_fuzz
source ·Expand description
This library contains everything you need to setup a grammar-based fuzzer.
It consists of
-
frontend: Load grammars of different formats. Currently, the Gramatron and Peacock format are supported.
-
backend: Use the loaded grammar to do whatever you want. Current backends are
C
: Generate a grammar-based mutator in Cjson
: Convert loaded grammar(s) into peacock formatinterpreter
: Generate inputs by interpreting a grammar
but you can easily write your own.
-
runtime: LibAFL components that you can use in your fuzzer to realize grammar-based mutations.
§Grammars
This library supports grammar files in two formats:
- Gramatron format for backwards compatibility
- Its own “peacock format”, which is documented in the README of this project
§Getting Started
The first step always is to load grammars. To do this use the ContextFreeGrammar::builder()
method
that will give you access to a GrammarBuilder
like this:
// Load multiple grammars by joining their rules:
let grammar = ContextFreeGrammar::builder()
// Load a grammar in peacock format
.peacock_grammar("my-grammar.json").unwrap()
// Or a grammar in gramatron format
.gramatron_grammar("my-old-grammar.json").unwrap()
// Set the entrypoint
.entrypoint("MY-ENTRYPOINT")
.build().unwrap();
Then, you can plug the grammar into one of the provided backends:
backends::C::CGenerator::new().generate("output-file.c", &grammar);
// or
backends::json::JsonGenerator::new().generate("output-file.json", &grammar);
// or
GrammarInterpreter::new(&grammar).interpret(&mut stdout());
And that’s it.
§Feature Flags
components
: Include LibAFL components in this library. On by default.static-loading
: Activate this if you want to compile the generated C code into the fuzzer. For more details see the documentation of thecomponents
.debug-codegen
: This affects the C backend and inserts calls to printf() at the beginning of every generated function to help troubleshooting.
Modules§
- This module has all the available backends.
- This module contains LibAFL components that can interact with the generated code of the C backend.
- This module contains various error types.
- This is the frontend that loads grammars.