You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is
to increase branch coverage by solving path constraints without symbolic
execution.
The build script will resolve most dependencies and setup the
runtime environment.
./build/build.sh
System Configuration
As with AFL, system core dumps must be disabled.
echo core | sudo tee /proc/sys/kernel/core_pattern
Test
Test if Angora is builded successfully.
cd /path-to-angora/tests
./test.sh mini
Running Angora
Build Target Program
Angora compiles the program into two separate binaries, each with their respective
instrumentation. Using autoconf programs as an example, here are the steps required.
# Use the instrumenting compilers
CC=/path/to/angora/bin/angora-clang \
CXX=/path/to/angora/bin/angora-clang++ \
LD=/path/to/angora/bin/angora-clang \
PREFIX=/path/to/target/directory \
./configure --disable-shared
# Build with taint tracking support
USE_TRACK=1 make -j
make install
# Save the compiled target binary into a new directory
# and rename it with .taint postfix, such as uniq.taint
# Build with light instrumentation support
make clean
USE_FAST=1 make -j
make install
# Save the compiled binary into the directory previously
# created and rename it with .fast postfix, such as uniq.fast
If you fail to build by this approach, try wllvm and gllvm described in Build a target program.
