711922db91
|
||
|---|---|---|
| .github/workflows | ||
| examples | ||
| lain | ||
| lain_derive | ||
| testsuite | ||
| .clog.toml | ||
| .gitignore | ||
| CHANGELOG.md | ||
| Cargo.lock | ||
| Cargo.toml | ||
| LICENSE | ||
| README.md | ||
| SECURITY.md | ||
| crates-io.md | ||
README.md
NOTE: As of September 2022, this repository is no longer maintained.
To continue using lain, please use the lain repository at https://github.com/landaire/lain.
lain
This crate provides functionality one may find useful while developing a fuzzer. A recent nightly Rust build is required for the specialization feature.
Please consider this crate in "beta" and subject to breaking changes for minor version releases for pre-1.0.
Documentation
Please refer to the wiki for a high-level overview.
For API documentation: https://docs.rs/lain
Installation
Lain requires rust nightly builds for specialization support.
Add the following to your Cargo.toml:
[dependencies]
lain = "0.5"
Example Usage
extern crate lain;
use lain::prelude::*;
use lain::rand;
use lain::hexdump;
#[derive(Debug, Mutatable, NewFuzzed, BinarySerialize)]
struct MyStruct {
field_1: u8,
#[lain(bits = 3)]
field_2: u8,
#[lain(bits = 5)]
field_3: u8,
#[lain(min = 5, max = 10000)]
field_4: u32,
#[lain(ignore)]
ignored_field: u64,
}
fn main() {
let mut mutator = Mutator::new(rand::thread_rng());
let mut instance = MyStruct::new_fuzzed(&mut mutator, None);
let mut serialized_data = Vec::with_capacity(instance.serialized_size());
instance.binary_serialize::<_, BigEndian>(&mut serialized_data);
println!("{:?}", instance);
println!("hex representation:\n{}", hexdump(&serialized_data));
// perform small mutations on the instance
instance.mutate(&mut mutator, None);
println!("{:?}", instance);
}
// Output:
//
// MyStruct { field_1: 95, field_2: 5, field_3: 14, field_4: 8383, ignored_field: 0 }
// hex representation:
// ------00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
// 0000: 5F 75 00 00 20 BF 00 00 00 00 00 00 00 00 _u...¿........
// MyStruct { field_1: 160, field_2: 5, field_3: 14, field_4: 8383, ignored_field: 0 }
A complete example of a fuzzer and its target can be found in the examples
directory. The server is written in C and takes data over a TCP socket, parses a message, and
mutates some state. The fuzzer has Rust definitions of the C data structure and will send fully
mutated messages to the server and utilizes the Driver object to manage fuzzer threads and
state.
Contributing
This repo is no longer maintained, and therefore is not accepting new contributions.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
License: MIT